What do you think about Safing Portmaster and SPN?

They have a FOSS firewall product, “Portmaster”, and you can subscribe to their VPN analog, “Safing Privacy Network (SPN)”. They will rename SPN to “Portmaster Unlimited” (or maybe already have done so).

Portmaster is supposedly working in alpha; though, the new release will be beta or V1. Anyway, is it working well, or is it too soon to tell?

1 Like

This is a project/product that we’re definitely aware of and have our eyes on.

I personally believe that it is still way too early to tell seeing that there is still a lot of work to be done for what I consider basic features (such as cross-platform support, which is planned, but not there yet. It currently only works on Windows and Linux).

When the project has matured a bit more, I think we can properly evaluate it and decide whether it is something that we would want to recommend, and which use cases/threat models it would address.

3 Likes

Thanks for replying.

It occurs to me that Portmaster and SPN on a computer will run independent of whatever firewall and VPN products you use on a mobile device. The only interaction is that a subscription covers several devices, and you can’t currently run Safing products on mobile devices. Still, if you can afford two separate VPN/SPN solutions, SPN has nice features for Windows and Linux.

1 Like

Portmaster is working very well, no issues so far. I have paid for one month of SPN and will start testing it in the next few days.

1 Like

I started to use SPN yesterday with triple-hop and it works amazingly well. Despite only having around 20 SPN nodes it’s very fast.

1 Like

Community nodes and compatibility issues across apps and OSes, I guess?

IMO, decentralized VPN or SPN(partial decentralized) is a better alternative to centralized network, as the risk/trust is not put into one basket. However, there are some valid concerns too. For example, there’s no telling whether the exit node is logging the traffic. And from my experience with Mysterium Dark, the connection is not very stable too. I don’t think this kind of tech is going to replace our trust-based centralized VPN services soon.

1 Like

Is it time to re-analyze Portmaster for suggestion on the site? SPN has been working flawlessly for me for a few weeks now. It can be run parallel to a VPN for P2P applications. They are still missing a Mac app, but are looking to add support when they can. You can also self host SPN nodes to expand the network.
I think that this would be a good recommendation to open up local DNS control on Windows.

2 Likes

what does “partially decentralized” mean?
IVPN has bought safing.io, any ideas as to whether this is a bad thing?

no it’s a good thing, why would you think it’s a bad thing?

1 Like

It meant just that. That’s an old post. At that time, Safing has both the servers that they managed and the voluntary community nodes together providing the service.

What do you mean by “It can be run parallel to a VPN for P2P applications.” ???

You’re saying you’re running a bit torrent client app which has a different IP address to the rest of the apps on your PC?? :flushed:

This sounds impossible?

SPN isn’t very good for P2P applications, such as matchmaking in games like Elden Ring, so you can use a VPN with Split Tunnel to route your game traffic through and exclude it from the SPN for better performance.

As to bittorrent clients, just using bittorrent through SPN would do that. The SPN gives literally every single network connection a different IP, an example would be every tab in your browser will show a different location. There are apparently issues with torrenting while using it, but it seems maybe doable from what I’ve seen in the Portmaster chats.

1 Like

I just tested Portmaster on Windows and Reddit reply sums up my experience.

Stop calling things that are not true, Portmaster is NOT FOSS. Paywalling features goes against the spirit and philosophy of FOSS… Even GNOME has removed Portmaster as FOSS and put it under proprietary for that reason. I think they paywalled features because they are not funded anymore. The app looks good, but I’ve no confidence in this app, whatsoever. Lots of spaghetti code, bloated, uses tons of ram and cpu, 3 executables to run, one of which is just a tray icon that is bugged for years, needs kernel permission, but devs have no idea what to do against bsods. It’s very easy to bsod someone running portmaster, not going to tell you how, but I’ve tested this with another machine with an easy overflow attack. If developers do not master and can’t fix bugs in the realm of security, kernel space and the mechanics of firewall, then I’ve zero faith, period. This app should not run in the kernel space, AT ALL. It also uses WFP, so it’s totally dependent on Windows, yet it asks full system control, restricting user freedom. Also exaggerating itself vs other products on dedicated comparison websites (heaviliy biased). All of this, you still call it FOSS and best practice?

Can’t confirm the technical claims of BSOD etc.

It is indeed paywalled very hard. Most features require subscription even when you expect to see some basic data like the amount of traffic processes consumes, are paywalled.

When shutting down the app from in-app options, doesn’t terminate any processes it is using, it is still running in the background.

EDIT: if you guys knows a good firewall with a lot of capabilities and secure for windows let me know.

3 Likes

I appreciate your reply!

I’ve contact the Safing company and they’ve always been helpful in answering my questions.

This is also very active and may be of help to you: Reddit - The heart of the internet