Here is short and very technical overview of the three components that make Safing awesome.


Portmaster is an application firewall that enforces application profiles on processes.

Being an application firewall means tightly integrating with the kernel of the underlying OS (via network filter APIs or kernel modules) to gain needed information (associate network packets to processes) and control (block or deny network connections).

Application profiles describe an application’s behavior in the sense of how it interacts with the Internet: Does it connect to a fixed set of domains? Is it a peer to peer application? Does it interact with the local network? Should TLS be enforced and checked? etc.

Profiles represent an application as experienced by the user, not as defined by technology - making them easy to understand and superior to other common application classification approaches. They can be either created by users themselves or - most of the times - obtained through Stamp (explained later).


Port17 brings together several state of the art network technologies and gives them a new spicy twist 🌶️.
The goal of Port17 is to protect connection data as well as metadata from surveillance capitalism.

Adapted core concepts:

  • To protect your privacy, we use newest proven encryption technology: a double ratchet 1 based protocol to provide perfect forward and backward secrecy which can change used algorithms on demand through configuration.
  • The onion-encrypted multi-hop architecture 2 protects your identity and makes you anonymous online.
  • Zero roundtrip connection establishment enable blazing fast connections.
  • Paid community nodes are highly welcome to build a huge, capable and trustless network.

The new spicy twist 🌶️:

  • To protect network data and metadata as long as possible, Port17 selects exit nodes 3 in proximity to the destination server.
  • Routes are calculated for maximum speed by default and use a minimum of 3 nodes. This behavior changes based on the active security level, providing slower, but tougher routes with more nodes.
  • Exit node 3 selection can be influenced up to application/domain pairs.
  • Unencrypted connections are only handled by trusted nodes run by Safing. In this sense we act as a trusted anchor until all the web is encrypted. There is no room for MITM-ing 4 nodes.
  • As soon as the network has a good share of community nodes, routing will diversify routes by node ownership to further reduce needed trust on single parties (us).
  • Tunnels are layer 5 5 and up to reduce unnecessary metadata and improve speed (similar to SOCKS proxies).
  • Clients always know about the full network. (will require improved method for better scaling at some point)
  • Authentication is decoupled from network nodes - they only know that someone is allowed to use the network, but not who.
  • Payment via cryptocurrencies allows unblockable payment access.
  • Tight integration with Portmaster ensures that no data will ever leak should a tunnel break. (unlike VPNs)

A final note: You may have noted that Port17 is, in some aspects, similar to the Tor Project. The key difference is, that Port17 focuses on speed and usability, but does not claim to match Tor’s level of security. We will provide a in-depth comparison in the future.


Stamp is an online community where participants “stamp” (ie. tag, categorize) domains and applications (used by Portmaster for application profiles) to serve as a data source for any kind of network filter. Contributions are rewarded with reputation that gives them more influence on the platform. This reputation system will be blockchain-based in the future. Stamp is a separate project that is backed by Safing.

Further Reading

  • Find the full docs: coming soon
  • Find our source code on Github.
  1. Double Ratchet Algorithm 

  2. Onion routing 

  3. final network node from which the connection is made to the destination server  2

  4. Man-in-the-Middle Attack 

  5. OSI network model