Future of a SAFE Browser and node/webAPIs

I just look at the general usage from time to time, never per app for the simple reason that I know that the only app that uses significantly more data than any other is YouTube. What I do monitor more frequently is battery usage, because that’s a resource where there sometimes is significant difference between different apps and sometimes there’s a single app quickly draining the battery. If I topped up a wallet in the browser, but it got emptied suspiciously fast, I would check per app usage to see if I could find the culprit, but apart from this I would probably never check.

It might be worth having a look at Brave Payments also. In Brave you can fill up a wallet with BATs and it will give the money to sites based on how much you use them.

Antoher thing that I’ve mentioned before in the other forum is that there’s a few HTML5 features that could use specific implementations for SAFE. I wonder how that might work with the different options. Not stuff needed from day one, but something to keep in mind.

An example is the HTML5 Geo API. To make this work with SAFE in a way that is completely anonymous and private, there would need to be database of IP to country mappings located on the SAFE network. Since the browser application knows the ip address of a user, the location of the user would be looked up by the browser fetching the relevant part of the database from the SAFE network, maybe there would be a single MD for a single IP range or something like that, and then return the country code to the JavaScript API method. In Chrome, and I think also Firefox, this works by sending the IP address to Google to lookup the location, that’s obviously not ideal.

I would like the benevolent dictator, @dirvine to put the foot down and give the directive of Safe: only development from here out regardless of the tech utilized.

My view is that SAFE Browser is a way for Devs to kick the tires and should be maintained as such through to launch…end of mission.

If there is a budget to go beyond a dev browser, then I really think Maidsafe should be looking to capitalize/ monetize the effort and maybe concentrate on mobile app development.

Use the marketing outreach to invite the big browser companies to build for SAFE. They are going to be here eventually anyhow, give them a heads up technology briefing.

I look at battery usage per app very regularly. But data usage per app, never. This is because battery is scarce (for me) but data is not. And I also know roughly the data use for each app anyhow (and have fortunately never had a rogue data-consuming app).

The main difference I see with safe vs mobile is that replacing used credit may be harder than just with recharging phone credit / battery. Maybe not…?

Also the motivation for attackers to drain a safe account is (slightly) higher since they (slightly) benefit from that draining action (by increasing demand for safecoin), whereas draining mobile phone data / battery does not benefit them.

Still, I agree with you that mobile pre/postpaid model is a good one and should fit the safe network nicely.

A lot to think about.

However, IMO, a SAFE// only browser with no clearnet seems the SAFE way to go. Let other teams external to MAIDSAFE develop plugins/extensions for other browsers allowing clearnet access - it will happen if MAIDSAFE doesn’t provide it AND it will both increase the security perceptions of people regards to the SAFE network while reducing the burden of maintaining browser compatibility with everything clearnet related. To my mind that seems a win-win for MAIDSAFE and SafeNet.

Tyler, I agree with most of this but there’s one downside I see. Not having the option of a well designed security conscious (ie MaidSafe designed) option pushes people towards less secure solutions to this issue.

That’s bad because 1) it puts more people at risk, which means more bad experiences and more stories of bad experiences 2) bad experiences with SAFE will tarnish SAFE regardless of which tool was used, 3) We can’t say, "to keep yourself SAFE you should use the official SAFE Browser even for clearnet access"which means it is our / MaidSafe’s fault really.

So I’m not convinced yet.

but we could say :
“What were you doing in clearnet ? To keep yourself SAFE you were warned to only use the official SAFE Browser and stay within the Safe network.”

This applies within the safe network I think. I don’t think Safe is a solution to fix the old rotten web. If other people / companies try to do that and fail, that will be their responsability.

@nice I appreciate the arguments here but I don’t think they help address the issues I’ve raised. People need to use the internet, you and I will continue to need it for a long time so we have to look at what the effects will be and the usefulness of saying “what were you doing on the clearnet?” Its not helpful to them and doesn’t solve the problem. Same goes for saying you’re only safe using SAFE Browser. It doesn’t solve the issues I raised.

Sorry if I expressed it too vaguely or a harsh way again…
What I mean is that I do not think a well designed, security conscious option exists that mixes Safe and the clearnet in the same window / program.
The base is so large that there will inevitably be a point were is leaks and conducts to bad experience.

As you point it out, some people will certainly try to develop solutions that do put more people at risk, and that will create bad experience and tarnish the Safe network.
My point is that I think it would be worse if Maidsafe tries to provide such a tool, fails, creates bad experience, and has to endorse the reponsability, than if Maidsafe clearly states that they keep away from this, and leaves the responsability to others. I think it would even be important that when it happens, Maidsafe can oppose their clear stance as not being involved / endorsing mixed networks solutions.

Maybe it’s just my own experiences here, but no matter what browser MAIDSAFE uses ultimately … I will still use it ONLY for SAFENet and I will use my normal browser solutions for the clearnet. I believe that the way I go about it is probably common amoung techie people, but not so much amoung others. In the next couple of years however, it will only be techie people using SAFENet so IMO, not sure how important it is for MAIDSAFE to devote time/energy to a solution that isn’t needed. I’m not saying that they should never build such a multi-purpose browser, but right now, I don’t see why it ought to be a priority.

Also, I don’t really see/understand your point about more people being at risk if MAIDSAFE doesn’t develop a strong solution … because having any solution (strong or not) will not preclude bad solutions that look good. Assuming that SAFENet becomes popular, then it will be inevitable that plugins will be developed for major browsers – the only hope here IMO is that there is someone to vet these projects and insure they are properly coded.

Personally, no matter what, I will still always be looking for a SAFE// only browser option as to my mind that will always be the most secure tech.

My point is that if MaidSafe provide what people need, which will be most people’s first means of accessing SAFE, far less people will end up using alternatives which we both expect will not be as secure as a MaidSafe solution.

Your argument was already addressed here:

Too much energy would be required to create both a great UX and airtight security that caters to people who will likely adopt the technology months after its release. It is during THAT time expansion of the browsers’ capabilities should be considered and coded with the help of a much larger enthusiastic and capable community.

After reading a recent post on the general forum about a safe site opening clearnet links, I put together a little safe site to showcase why I think allowing the Safe browser to handle http requests is a very bad idea :

safe://http-trap

Please note that this will really leak your IDs and IP on clearnet, in clear http text: please do not use any important IDs for this test ! Stay assured that I don’t log anything, though.

The code is in index.hml

EDIT : if you want to check what it does, without triggering the trap, open safe://httptrap in your safe browser, and deny container permission when asked by the authenticator. Then you can safely browse the code sources in the console.

I think being able to open http:// links is a necessary feature for it’s wide adoption. If you look at the bigger picture, no one will be motivated to download and use safebrowser otherwise besides the developers or maybe the 5000 people in the forums.

The browser just have to be more secure regarding when opening http links. The example outlined by @nice could be an issue that can be updated in a security patch. Maybe even if the browser can not open any http, there could still be security exploits which people can do to collect browsers IP addresses.

Not so sure really, if you look at weechat for instance, a whole economy + app ecosystem in a single app. It is huge and others follow, like facebook + messenger (no out side calls to other systems AFAIK), or signal again no outside calls or whatsapp or …

All very well spawning an OS association for HTTP traffic, but it is not necessary inside a secure ecosystem (app/platform) for a secured app to allow a data/access API that can be abused from an insecure network.

[EDIT] Perhaps the confusion is the word browser, a SAFE browser is for browsing SAFE only, a web browser browses http (+ some other limited protocols) traffic which is a different network really. People have their own web browser and are happy with it, we don’t necessarily need to get in their way or demand our apps / platforms work in that browser. I n many ways it is much better to keep these distant.

Coming from a Chinese background i often use the app, especially when in China and I know how it started and what it does, it’s not the same as SAFE, at all, so you can’t infer SAFE’s success based on Wechat’s success, SAFE may be successful, but it definitely is not related to Wechat.

When phone companies were charging for calls and texts, Wechat came out as an alternative, people quickly downloaded and used it so that they don’t have to pay. Privacy-wise, People in China could give less of a fuck if government ‘spied’ on their conversations, unless they’re anti-government, but honestly, growing up in China, i can definitely tell you the people there care a lot less about ‘privacy’ than the western world. As long as it does them no harm, they don’t care if government monitor everyone, they know the government is doing that to maintain control.

When the government blocked Facebook in China, the company quickly saw the demand for social media and lack of supply, and since so many people use Wechat, they then introduced ‘moments’ which is almost like Facebook and instagram combined. People can share status updates and other people can like and comment. So it grew more, but, when people shared those updates, it basically always linked to current http websites, it faired very well because it interfaced with the current world very well, it gave supply to the a sector in demand. Then it quickly spawned digital payments where you can scan a QR code and pay for things immediately, now, even 70 year old rural grandmas who sell their homegrown crops use it, but guess what though? It’s simply digitalising the Chinese Yuan and when you click withdraw, you get a bank transfer in less than 10 seconds to your bank account and it clears instantly, again, interfaced with existing currency system very well.

SAFE browser, if it does not support http links, will do NONE of that, it’s starting from complete scratch - First, all the websites have to be built by people and/or paid to be migrated by people to SAFE, otherwise there is simply no good websites in SAFE, hence browser is very limited to it’s usefulness to everyday people. Second, it’s native currency, even if you have it in a easy to use and easy to transact mobile app(which BTW is essential to it’s adoption), you have no fiat backing it, for all China is concerned, as long as the government there reigns, not many will get safecoin if you have no guaranteed, easy hassle free and instant conversions to Yuan at a rate that doesn’t fluctuation 20% every week, which, with safecoin or crypto, you can’t have that. It may just be like Bitcoin there currently more or less(although if it’s less fees and more transactional, MAYBE it’ll be used a little more than BTC)

So anyway, point I’m trying to make is, yes, Wechat is successful, but it’s based on completely different dynamics to what safe is doing. The second point i mentioned in the previous paragraph, you can’t do, as it’s a completely new currency system that’s not fiat, people just have to get used to it. But the first point, you can, restricting safe browsers to http will make the interface with the current world even harder and hence rate of adoption will definitely be slower. It is possible given enough time, though, but if you can fix the security issues, why not make do so so that the adoption will be faster rather than slower. And one more thing, if there could be an app created, that is a VPN service someone is hosting to access to clear net from the safebrowser, that’ll be also fine wouldn’t it?

(This is off topic but informative : Some people from the West think Safe is going to be big in China, sorry to break it but most likely, it won’t be. Just like Tor and VPN, most Chinese could give less of a fuck, although, it is important to those who do(which is maybe 0.01% or less of the population in China), and for tourists, but just not the majority of people, unfortunately.

mmm, not sure.
TVs didn’t allow you to tune radio stations when they appeared, but they introduced a new dimension to broadcasting and were massively adopted.
Mobile phones didn’t access internet when they appeared, but they offered a new dimension in 2 points communications, and were massively adopted.
Satellites don’t let you access underseas wires communications, but they introduced a new dimension in overseas communication, and were massively adopted.

The guys at the wire companies told Marconi wireless radio communication was worthless and would never be adopted, too.

Thing is, Safe is not a vpn or another ToR. The aim is not to allow people to use http under cover.
It expands the concept of “internet” in many new dimensions, including but non exclusive : autonomy, decentralization, data breach resistance , immutability, censorship resistance, self healing, self balancing. Small details…

While the Safe network may well take longer to get mass adoption than Pokemon go, I have a feeling only one of both will still be there in 30 years, and widely adopted.

My point with the IP and ID http leak was that a script kiddy can , in 15 minutes, defeat the whole privacy and security aspects of the project , if an application exists that allows said script kiddy to run code inside of it and make http calls.

I would suggest following the Unix philosophy. Do one thing and do it well.

There are plenty of browsers for the oldnet. There needs to only be one for the safenet when it launches, and the faster and safer and more stable it is the better. You are making it open source so people will be able to contribute as it gains broader adoption, and variants will arise for any cute features you don’t think of. To keep efforts centralized I hope you would consider bringing on board a plugin system like firefox, which you kind of already have via the “apps”. Current oldnet plugin developers will come on board and port their projects to the safenet as long as there is a well documented api and a lot of users. Security concerns are important too, in order to block malicious code being run on the clients computer (No-script plugin anyone?).

Some people might have an emotional attachment to their oldnet browser, but browsers come and go. We’ve had aol, netscape, ie, firefox, chromium, safari, etc. Its been an evolution. Remember that the oldnet will not really be relevant or will cease to exist if safenet is successful. Nothing wrong with forking an existing browser code base, just make sure all the nonsense and garbage is completely stripped off it, including license restrictions.

" Do not do anything that anyone else can do readily. "
— Edwin Herbert Land

Oh, one more thing. I can only offer a big NO-WAY vote to HTTP. The browser should only allow native secure/SAFE protocol.

we definitely need HTTP too in the browsers to trigger earlier adoption I.e even if it’s just a redirect to the safe protocol alternatives. As long as this is optional it should be ok for everyone then

You have this backwards. A safe browser would redirect any traditional http/https/ssh/ftp hyperlinks to one of the standard oldnet browsers on the user’s system. Eventually as the oldnet content enters safenet, popularity would demand that devs/maintainers of firefox/chrome etc work to bring their projects into compliance with SAFE on their own. No need for MaidSafe to work on conforming, which would make SAFE become unsafe.