Vectors for attack by making the SAFE Network illegal?

There was a similar topic about this time last year that now resides in the “off-topic” category. I’m initiating this one as it relates to cybersecurity, external threats, etc. I’m working on something and want the community input to help really examine the possibilities more deeply.

There are a lot of very good reasons why it will be difficult to outlaw the use and maintenance of the SAFE Network.

Amongst those reasons:

Open Source - so there is no proprietary point of attack, other than to take down git-hub feed. Even then, there is no point of central attack once the network is running. Software could be hosted on the SAFE Network and downloaded via a browser plug-in possibly. (Or will the software need to be installed on the machine for the plug-in to work?)

Completely distributed: No central servers means no central attack point, so enforcement of a ban in any area is on a machine by machine, person to person basis, and even if many shut down, wouldn’t hinder the use by those remaining as long as they can connect to the network.

Traffic analysis: It is my understanding that it will be difficult to isolate users by traffic analysis due to scatter-gather and other obfuscation features being built in. This warrants consideration because ISPs could be empowered to quash anything that could be determined to be SAFE traffic.

The list of this sort of points can be expanded a lot, I’m sure.

So now let’s also examine steps that would have to be taken to make any stab at making use illegal and enforcing such a ban:

Demonization and ban: This could be done in any jurisdiction which could muster the political leeway to do so. Dictatorial and tyrannical states could be partially effective in suppressing wide adoption, perhaps.

Laws allowing and even mandating corporate cooperation: Using spyware/snoopware in Microsoft and Apple products to detect SAFE software or activity and rat on users.

Harsh penalties: this sort of technology, which allows for unsnooped action, could be declared a terrorist tool and anyone found using it could be served with severe penalties to discourage its use.

I don’t have time at the moment to flesh this out further, but I’d really like help fleshing out both sides of this.

I’m a real believer in the SAFE Network, as I think is obvious, and so it’s easy for me to dismiss these sort of attack vectors. The resistance level of the approach is one of the reasons I’m so sold. But let’s really dig in and look this over for real.

Let’s look at what the threat levels are and then also look at what can be done to mitigate them, including technical, social, PR, killer app that would be unpopular to ban, etc.

I won’t be around for a while to monitor the responses, so have fun and I’ll catch up when I can.

I think an important question is whether it makes sense to talk of making SAFE Network illegal. You don’t have to look far to see that it is almost impossible to outlaw technology - governments know this, and end up having to outlaw something else, a use etc.

Their problem is as follows:

• make SAFE Network illegal - network changes name
• make some aspect of the technology illegal - oops, we just made all this good stuff illegal (e.g. roads)

Legal threats are unrealistic I think, at least in this way. Normally there are central points they can target. Look at how the copyright industry goes after these. They have tried to go after individuals too, but its much harder and they are increasingly finding themselves rebuffed. Once you have to target large numbers of people, using the law becomes very tricky because you end up having to criminalise too many people, too harshly, for doing something rather innocuous. To achieve this, they really have to make the network - or any decentralised computer system - a very very evil thing indeed, and it simply isn’t.

I’m not saying they won’t try, but before we spend too much time worrying how to defend against these attacks I think it would be worth checking if they have any chance at all.

Thanks, Mark.

I agree with you. I guess I’m not looking for “what we have to do to avoid it being made illegal”. As I said, I’m working on something and want to examine the vectors. What you are saying is true and I don’t think it’s a real threat. But I’m wanting to examine it.

I don’t mean to take up a lot of time or controversy. If it goes that way, I vote now to delete the thread.

Perhaps, rather than say “illegal” I’m looking at attack vectors, including legal, social, media, etc., that might be waged by those whose vested interests might be threatened by something of the scope of the SAFE Network. It is actually my opinion that any attack would be way too early until the time it’s way too late. But I’m hoping to be indulged here with a close examination.

I have a certain concern about Traffic analysis. The encrypted data are the same for the same file. So if I’m currently be spied and they know that all the chunks that come to me are related to that file. I’m busted. Any explanation?

One of the best ways to understand these vectors is to look at past behaviour. This is why I give up, because I can’t think of a situation where this approach has worked! If you can, you’ll have a career teaching oppressive regimes

Considering the threat of the government declaring SAFE a terrorist tool or other such thing and outlawing its use. In many respects this is not a ban/outlawing of the technology as such, but the outlawing of a system made up of technology that may be OK in other systems (eg encryption for banking)

EDIT: will be interesting to see what the idiotic UK government does with their attempt to attempt to ban encryption as declared by whathisname prime minister.

One way to fight off this type of ban in countries that at least claim to be “free” is to get it adopted as far and as wide as possible before the government sees it on their radar.

Imagine banning facebook and or twitter. Very few countries have attempted this and usually with mixed success. But they are 1000’s times easier to ban, yet they fail to fully succeed.

Now with a system that is widely adopted before any government attempts to ban it would see major players using it in a way that would be difficult to reverse and so the government would find it difficult. It would be like saying lets ban the internet. Even that is difficult to completely do. Look at the country(s) that have tried.

But wait, in a couple of years arn’t we supposed to have internet using low orbit satellites, so even more difficult then.

So governments would be left to rooting out people one by one who are using SAFE, a bit like China rooting out people using VPN through the GFC

I can’t remember the details, but there are several measures planned to thwart traffic analysis. IIRC data isn’t transported over the network in it’s base encrypted form. Scatter-gather is used I believe, and maybe also another layer of encryption for transport only. Don’t quote me on this though.

SAFE is first and foremost a secure network. It ought to be marketed that way…

33.5 people had their records exposed in the Ashley Madison Hack.

22.1 million government Employees had their records exposed.

Target 40 million people

Home Depot 53 million…

Many many more too small to mention but too big to be inconsequential

More added nearly daily… https://www.privacyrights.org/data-breach-asc

So yes, it can be used for some unsavory things… But the organized crime that happens on a daily basis will be totally thwarted by SAFE… All that money is going to fund further crime, terrorism and whatever else.

That is the way you re-frame that question.

You don’t have to make the SAFE Network illegal, to attack it. What if you can just attack it, through the Firefox plugin. Like http: and https:, safe: should be built into browsers as a web standard instead of a plugin. If you can trick people into using a fraudulent SAFE Network, it will be enough to never make them, make use of the real SAFE Network anymore.

When I think about attack, I think about letting http: look like safe: in the browser and the user not even knowing he/she is on the old internet instead of the SAFE Network. What if the NSA can make the old internet act as the SAFE Network? Browser vendors might become our enemy, especially when you read about this article of Mozilla from a while back. The old internet shoulden’t be the bridge to the SAFE Network. You should be able to access it from the get go, that way a middle wo/men can’t do anything.

If Mozilla is really serious about privacy and security, they should be the first to tattoo the SAFE: on Firefox. I think if they do this, who knows they might become the SAFEst browser. If browser vendors could get paid SAFEcoins if they include the real SAFE Network, then they would have an incentive to do so.

IMHO the SAFE Network is way to serious to become just another browser plugin. So maybe if the browser vendors don’t take it serious, we the SAFE community should have a SAFE Certified Browser developed. Maybe the SAFE Network should also payout SAFEcoins to whoever can Pwn2Own the browser every month. The browser could come on our own version of Qubes/Tails Linux on a usb/cd.

i definitely think a safe ‘browser’ will come as part of the installers. it would be ridiculous to rely just on plugins for other browsers

I really hope so, if not? I’m ready to invest money to see it happen.

Oups! …

I think @neo is right when stating

I believe this is the most effective way to avoid any endeavours to ban SAFE, which is why I believe it´s very valuable to stress individual privacy over general critcism of political systems.

Of course, with current net regulations in most western countries it is hard to ban the network itself.
Instead policies will focus on nodal points: people who are related to the network, exchanges, github and any kind of media exposure etc. I wonder why some people tend to play down this issue so much, because it´s really not about the possibility to perfectly ban a tool or an activity (has never been with anything else that is framed illegal), it´s only about containing effects. So I have any doubts the SAFE network will run, but once industries start to suffer under its use there will be measures and most of them will focus on public discourse an access points. So PR is important and networking with actors who are active in this sector crucial.

Anyway, with the apparent willingness of the mainstream to give up on privacy to a large extent I wouldn´t wonder much if in the not so distant future people need to have monitoring programs preinstalled to be able to connect to their ISP.

There is no explanation. Just download random crap in addition to other crap that you download. A script or proggie can be made to do that automatically.

I appreciate everyone’s input on this, and we may want to continue on the topic. I wanted to get some various perspectives on it before I did my interview with Max Hernandez. Our discussions in this direction didn’t make it into the podcast (yet), but we’ll be talking some more along this line, I’m sure.

My own opinion on this: It will probably be way to early to do any concerted attack on the network on any PR or legal front, right up to the moment that it will be way to late.

But, we’ll see.

I assume that from a traffic shape perspective, the looks of data being stored in a vault on your machine and the looks of data being drawn down for your actual use would be identical. There’s no way of knowing if you are getting a file.

If you make a point of not linearly drawing the file down too - so with a minor duplication of read effort you could read the last 30% first, etc. and prevent analysis of the order of the packets.

I’m aware that at this moment in time an aggressive litigating party would still be saying, “But you had some of the file - that makes you in receipt!”. What remains to you is two options - 1) Flee to the highlands, it’s nice, there are sheep and it snows enough to ski. 2) Create some form of additional stream encryption negotiated at go-time to alter the looks of any inbound blocks from one retrieve to the next.

I’d go for 1… its less work, and there’s haggis.

It’s the “weirdess” answer I never seen (except mine). My point here is to find if it has any peer to peer encryption added to that while transferring the chunk.

Each hop is encrypted between nodes at the connection layer… An ISP or any other relayer or snooper could not identify any chunk as it is encrypted between network nodes.

So, assuming that one of the network nodes along the way was sniffing for particular chunks that had been identified as being part of a secret or illicit file, it could tell that it was receiving that chunk from a node with an IP address in its routing table and was passing it on to another node in its routing table. It wouldn’t be able to determine where it was stored or who requested it.

Even if it sent it to you and you had requested it, the snooper node couldn’t tell whether you were the destination or a relay.

I believe it is even more impenetrable than that but don’t have time to run it down right now. Check out this post on layers of encryption:

How successful has China been in suppressing VPN-s?

Most are blocked or frequently interrupted so you have to reconnect. There’s probably just 2-3 that kind of work well.