Despite having been participating here for some time, I am still not really clear about what appears to me to be the biggest security threat for the individual legitimate user - isn’t this the user themselves and how well they manage security on their own hardware? It seems to me you can have all the sophisticated network encryption and security you like but if the the end-user has an easily hackable device that is visible and accessible from the old Internet then all the SAFE Network security is a waste of time? Am I missing something?
The user login is a weak point. There will always be a weakest link in every chain.
The big advantage that SAFE brings is that it makes the user the easiest point of hack vs. the server… So instead of getting the credentials of everybody on yahoo for example, you have to pick each one off individually, watching one login at a time - at risk of being caught…
Definitely an area of improvement would be figuring out anti-keylogger measures etc. None of these are very easy, and it is amplified by the fact that the network has no knowledge of user credentials.
In the first instance, it depends on your use case and the security you require. For most people SAFE will be a vast improvement, effectively eliminating censorship, mass surveillance, many exploits and general purpose attack vectors.
This will cause attackers to stay on the old web while it is still worthwhile because it will be much more work to attack via SAFE content. And to focus much more, as you suggest, on attacking the end users machine. So yes, this risk remains, but it is not being ignored. This will be the focus of later work. Step 1 is creating a secure network. If you search older topics you’ll find this has been discussed and that David and the team have plenty if ideas on it. (Search for SAFE OS, bare metal operating system, client security etc should turn up something.)
Those who require protection from personally targeted attacks, and very easy ways to communicate or publish securely and anonymously will benefit greatly from SAFE.
Thanks for that - what you say makes sense and confirms what I was thinking but I will look up the old discussions anyway and see if I have any more questions and comments - I am glad that the issues have already been considered at least.
I think there is more, but can’t be sure. Other search terms might be keyloggers and malware but I think those will pull in many threads, not necessarily so focussed.
That’s why an integration with a hardware OTP token is necessary. If we add an out of band authentication, we remove the possibility of stealing credentials.
Although that may still leave open to proxy attacks and session hijacking in compromised machines.
I think the ideal platform would be a read-only OS, allowing writing only to the SafeNet.
I think that is a good idea and would be useful for many situations but it would not work for me - at least not initially - it would probably take me some years to get to the stage of moving my entire digital life to the SAFE Network - but that is probably going to be the final objective of course (as long as the performance issues I am concerned about turn out to be trivially solved) . .
If the SafeNet drives are efficient enough as seen here: - YouTube
I don’t think there will be much difficulty. Basically we need ChromeOS with its backend being in SafeNet instead of Google’s data centers.
