The Safe Network is a secure, autonomous, data-centric, peer-to-peer network. Files stored on the network are split up into pieces, encrypted and spread throughout the network, rather than residing on a central server or data centre.

The following components and features represent key aspects of the Network:


Before writing data to the Safe Network, users need to create an account via the Safe Authenticator daemon. The Authenticator daemon enables users to securely authenticate themselves onto the Safe Network, and protects network login credentials from apps. It also manages application authorisations - applications must be authorised by the user - to be able to connect to the Safe Network, on behalf of the user. The user can revoke the granted access at any time from the Authenticator.

On desktop, the Authenticator daemon is bundled with the Safe Network App. It enables IPC communication via the QUIC protocol. The process for authentication used to be as follows (needs to be updated):

Application requests access

The application authorises with the Authenticator with the needed access permissions. The application can create its own container and request access to default containers or other applications' containers through the authorisation request.

User grants access

When the user approves the request, application specific encryption keys are generated. The application will be identified in the network using its keys. When the user grants or denies authorisation, the application will receive a URI.

Application connects to the Network

Applications can connect to the Safe Network on behalf of the user by using the URI received.

Network Types

Applications can be developed on the Network using one of the three network types depending on development stages.

Mock Routing

When a website or application is built with mock-routing enabled, it does not connect to a live network. Instead, it interfaces with a local database, created on your system, to simulate network operations.

This saves a great deal of time and provides a safe space for you to initially test operations.

Local Network

A local Safe Network can be created by running a node on your computer, which any application can then be configured to connect to.

This is also a good way to save time when testing and debugging applications before they are ready to connect to the actual network.

Learn more

Actual Routing

The Safe Browser or any other application can also use the public testnets.

This may not be the best option for initial tests or debugging when developing a Safe app, as you would be limited in the number of mutations allowed per test account.


When a user uploads (or saves) a file to the Network, via one of the Safe Network apps, the file is automatically broken up into chunks. These chunks are then encrypted (encoded so that only authorised parties can read it), randomised and stored on the nodes of other Safe Network users. These encrypted chunks are completely unreadable and inaccessible to anyone other than the owner.

The Node software is a small executable file that connects the user’s machine to the Safe Network. It manages the storage of data chunks on the user’s computer and in that way, it provides storage capacity to the network. It also routes and caches encrypted data chunks over the network making use of fully encrypted connections to other Nodes.

Default Containers

The Safe Network follows a common pattern of providing default containers for storing different types of users' data. For example _documents is used to store document related data; _downloads is the container for downloaded content; _music is the place to store music files, and so on. Two special cases are _public which is used to store unencrypted data (the container is encrypted even if its content is not), and _publicNames which is used to store references to the Public IDs owned by the account.

Default containers can be shared by applications when the user grants the needed permission. The default containers are: