What does Safing do?

You might know Safing as being a sponsor of PTIO, but I hope you check out what we are actually trying to solve.

We just recently launched our Kickstarter campaign explaining our Safing Privacy Network (SPN) in plenty of detail. It’s about protecting meta-data from mass surveillance:

Feel free to check it out. Ask me anything.

4 Likes

I skimmed through your Kickstarter and everything looks great, now I can understand a bit better how it works. I swear that if I get money I will give you some, you work is great.

Are you going to be able to see your users traffic? Will each node be yours or people can host their own to help the network? Will I still need my VPN or you are going to completely replace it? Are you going to keep selling lifetime subscription after the kickstarter?

2 Likes

Glad to hear! No worries regarding the backing, just as it works for you. And one can support without money too :wink:


Short answer, nothing. Daniel gave a longer answer to that question over on our reddit.

To start things off all nodes will be ours. But we will change that early in our alpha phase, to truly become a decentralized network. And yes, everyone will be able to contribute. We will also share our revenue with community hosts a bit later in process.

Good question. To be honest, I have not thought about that yet. We’ll discuss it.

3 Likes

You didn’t answer this question.

Also:

Will it be possible to use SPN along with Tor? Would it be recommended?

How are you going to troubleshoot at first? I’m thinking on saving some money to buy a couple of months, but if the product is kinda buggy I don’t know if I want to do this, my economical resources are very limited and I don’t want to pay a lot (the currency exchange from where I live is really high) to not be able to use it. Are there going to be some kind of free sample of alpha versions to help with that?

How do you think internet connection is going to be affected when using it?

Will I be able to choose the exit node?

When the feature to host your own is launched, how are you going to control the possible raise of malicious exit nodes? This has recently been an issue with the Tor network which could be avoided if certain information is asked to people who host nodes.

How are you going to handle payment? Will information be needed to pay for your services?

I’m also interested to know if Safing is compatible with Tor, it looks really similar in fact, but does it also provide some protection against browser fingerprint? If not then websites could still very well build a profile of their visitors.

On the other hand however, since a lot of services block Tor, I like the idea of having all of its benefits and let me worry about having a regular browser fingerprint.

@a553d43c-f7fa-483a-8 you’re digging deep - I like it :smile::+1:

We have two blog posts about how the SPN compares both to Tor as well as VPNs. I’d recommend reading them to better understand what every solution has to offer.

I’m confident in saying I believe - after our solution has matured into beta - VPNs will become a far inferior alternative when it’s about protecting your privacy. But still, always look at your personal threat model & financial situation, one solution will fit better than the other.

Chaining SPN with Tor or VPNs

This is not recommended, since generally, a chain will always break at its weakest point. If you want to protect your identity, the SPN will provide that, but chaining a VPN after renders that solution useless, since you are required to authenticate with a username / password to any VPN. If you first connect to a VPN, and then to the SPN the VPN will only know that you connect you the SPN, but nothing is gained except a slower Internet connection.

One of our advantages compared to Tor is that the SPN handles every connection individually (read the blog for more) and therefore reduces visibility to the ‘open’ web. Chaining Tor would again revert that benefit and slow down your Internet connections.

So yeah, the TLDR is: In general, a chain will always break at its weakest point. This is also the reason why many discourage chaining with VPNs with Tor or vice versa.


Yes, further down the road this will be a feature, so you can chose the exit node on a per app/domain basis. This will get really exciting. But we are keeping it simple & automatic at first :wink:


We will force all http connections to exit on a trusted SPN node. Community nodes will cover entry or middle hops while also being able to exit https connections. This way we mitigate community nodes of becoming malicious.


Our roadmap starts with a pre-alpha where early adopters will test the network and gain access for its entire period. Currently access is only available via a KS backer tier.

The pre-alpha is expected to take a few months to fix all drastic errors and troubles. Only after the network has become stable enough we will continue to the alpha stage. In alpha, we will sadly not be able to offer free trials - this would not work since we do not link network connections with specific users. So free trials could easily be abused without us having ways to prevent it.

I hear you on the exchange rate. Personally speaking, I dislike how one hour of honest work is considered less dollars than in another country. But it being the way it is, we have to sustain our development in an ‘expensive’ part of the world. Hence, we have to charge accordingly. We also have to cover thrice the bandwidth-costs of normal VPNs.


However, the application firewall that is going to be implemented alongside will be absolutely free to use. We want everyone to enjoy a certain level of privacy for free, and those who like what we do and are able to support us, can then subscribe to the SPN. I hope this to happen soon, but it will probably take a while.


The short answer is we will offer credit cards and cash as payment options to start off with. Later, we plan to also offer payment via crypto currencies. We are trying to mitigate as much information as possible and do not link network connections with users in our payment system, so privacy is guaranteed. There will be a longer blog post covering this in detail in the future.

4 Likes

Please look at my previous comment in regards to compatibility. It does have similarities, but lots of differences too. You can read all about them in our comparison blog post

Yes, there are so many pieces to the puzzle - many others are so important.

We decided to focus on solving one at a time. Our first step is protecting Internet connections on their way through the Internet. Our second step will be including a free, integrated application firewall, enabling users to block unwanted connections on a kernel level. Think of uMatrix for your computer. Since we already intercept network connections for the SPN (open source), this is a natural second step.

But there are a lot of other problems that needs an adequate solution. Protecting users from browser fingerprinting is super important, but a completely different field. We’re grateful for everyone involved in finding solutions, however our focus lies on the SPN and then the firewall. This will probably have our focus for the next years to come. Maybe one day we’ll grow enough to be able to let teams tinker with other areas, but that is currently only dreams of the future.

3 Likes

Extra Mileage

After a connection arrives at the VPN server it still has to travel to the desired website. Depending on where your VPN is located, this may lead to a slower Internet experience. As an example, a person who is located in Europe may be connected to a US VPN server while loading a European website. This means the connection has to cross the Atlantic twice (EU -> US -> EU).

With the SPN however, every connection is calculated individually and leaves the network as near to the destination as possible. This means:

  • your connections are spread across the globe
  • visibility in the ‘open web’ is minimized
  • connections are not slowed down by having to go extra miles

Can’t this lead to a correlation attack? Since the servers will be close to where you live an approximate location can be triangulated.


I have to agree, I think we are going to start seeing a rise of SPNs when you become popular.


Mullvad does not require neither a username nor password, but you are right, there’s no gain with chaining a VPN in either of both sides.

Does handling every connection individually mean that there are 3 different nodes for each website?

Leaving aside internet speed, what problems could bring chaining the SPN and then Tor, if you can’t see our traffic and keep no logs?


:heart:


Still, I think some sort of other information should be asked, or some form of contact method to see if they are humans. This article talks about what I mean and which has happened recently with Tor (https://medium.com/@nusenu/the-growing-problem-of-malicious-relays-on-the-tor-network-2f14198af548), basically, one single entity controlled a lot of nodes which can lead to de-anonymization.


I understand you and I do not pretend that the costs for something like this are going to be paid magically, but keeping in mind my economical status, I can’t afford to spend so much on something not so stable, I will do it if I could. I wanted to know if it was a good idea to save some money. I’ll try to help you people by promoting your service.

It’s good to hear about the firewall, I would love to try that when it comes out!


:green_heart:

I would imagine it wouldn’t, because it’s a multi-hop network (similar-ish to Tor). So, your entry server would be close to where you live, and your exit server would be close to the website you are visiting, and then one (or more?) server(s) in the middle would exist so that your entry and exit servers don’t know where each other are. But that is just speculation on my part.

1 Like

If I didn’t understand wrongly, all of the hops are close to where you live, or at least the entry and exit ones, but maybe it’s not like that.

Sorry for answering late, my last days were rather full.


I’d suggest you take a look at this graph: The servers will be spread out across the globe.

If you are just referring to entry nodes. Yes, your connections will start out in servers near you, but what correlation are you suggesting one could derive from that? The SPN entry server would know nothing else than any ISP in this scenario, only your ip address is known, but not your destination.

We will start with one middle hop. And true, this makes it very difficult to re-couple the person with the destination.


Fingers crossed :crossed_fingers: :slight_smile:


Yes, they are a great VPN provider - there is a lot of inspiration to be found how they set things up!


Not always, but very often, the aforementioned graph displays this adequately.


Well it depends. Fully understanding both networks is required to understand where each would be considered the ‘weakest’ chain.

One example is malicious exit nodes. Since we only allow http to run over our servers you have to decide for yourself if that is better than having a ‘random’ exit Tor server. If you trust the SPN, then chaining Tor behind it would revise your decision.

This is a very interesting subject in general, but it also has so many facets. I think we’ll need to cover more and more as we go. If you have specific questions Daniel or I will be sure to follow up.


Good call! There will be some registration process, but I do not know many details. I’ll ask Daniel (our CTO) to chime in on this one.


All good - do as it works for you! We appreciate all support!


And yes, excitied about the firewall too :slight_smile:

2 Likes

Here I am :wink:
Thanks for the interesting read!

There will be quite a chunk of information that we’d like node operators to share. This is list is not yet final and will be finalized in the coming months. Here is a first impression:

  • Node Name (given by operator, for easy reference, must be unique)
  • Owner (name / nickname / org name)
  • Contact (email address)
  • Hosters (every company involved in providing the node - ie. everyone that has access at any layer)
  • Datacenter (owner + datacenter ID given by owner)

Additionally, some information will be extracted from the node’s IP address:

  • ASN
  • IP Owner

All this information will be used to (1) detect and mitigate malicious actors and (2) privacy-optimize routing within the network. Every Owner and Hoster would optimally only be used once in any route.

1 Like

Finally read through these, very interesting material thank you. I like the concept of handling each connection individually, it reminds me of the compartmentalization approach of QubesOS and similar.

Another question came to mind, will it be possible to choose which traffic to route through SPN? So for example send Firefox through SPN but let Spotify use its regular route.

1 Like

Hey @LOK_48SEAL, glad you find it interesting.

The compartmentalization approach is truly powerful, it will make “you” (your connections) be spread across the whole globe.

Yes, later down the road this will be a feature. In combination with an application firewall you will be able to fully control your connections on a per app basis. Want an app to always exit in a certain country? Want an app to never go online? Want an app to block certain ports? Want an app to just use the “normal” routes? We’ll have you covered.

We still have a long way to go to offer all of this, but we’re unlocking it step by step. Our first MVP app will actually launch pretty soon to offer a DNS resolver and a local “Pi-Hole” like privacy filter.