Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add ipfs to the self contained networks section #361

Merged
3 commits merged into from Nov 30, 2017

Conversation

@emanresusername
Copy link
Contributor

@emanresusername emanresusername commented Nov 14, 2017

Description

add ipfs to the self contained networks section

HTML Preview

http://htmlpreview.github.io/?https://github.com/emanresusername/privacytools.io/blob/master/index.html

@ghost
Copy link

@ghost ghost commented Nov 14, 2017

@beardog108
Copy link
Contributor

@beardog108 beardog108 commented Nov 14, 2017

@ipfs, while being open source, and utilizing encryption for traffic, was not designed with anonymity or privacy in mind (unlike Freenet, which is kind of similar in that they're both data store programs).

You can kind of form a darknet with IPFS if you set IPFS to only bootstrap with friends, (and your friends do the same) but this is not as good as Retroshare or Freenet when it comes to anonymity & privacy. This requires some technical knowledge so we shouldn't expect normal users to do this This can also be done with traditional torrenting to an extent, since private trackers and disabled DHT with enabled encryption would essentially do this.

Like Bittorrent, you can see who is seeding/sharing any given file on the public IPFS network, although VPNs can help with this to an extent. I don't believe IPFS supports Tor very well, but I could be wrong. I know OpenBazaar ended up creating an addon for onion support, but this was for OpenBazaar only.

Important Supercookie notice (privacy warning)

In addition to traditional torrent-like concerns, IPFS also includes a web gateway to access files from your browser. This is enabled by default, but I believe it can be disabled. Using an "attack" (not really an attack so much as it is an abuse of features) I came up with early this year websites (inside or outside of IPFS) can create supercookies which persist even if your browser is wiped or a different browser is used. Link to this attack, here.

I realize not everyone's threat model includes complete anonymity, so I guess it would be fine to add IPFS (as you are) to a worth mentioning, but I think we should put a warning.

To summarize:

  • IPFS is not much better than open source Bittorrent clients (in terms of privacy)
  • IPFS was not really designed with privacy in mind (although it does use encryption for traffic)
  • Some features can be abused to actually harm user privacy, even when they're not actively using IPFS.

edit: Should clarify that I think IPFS is great as a project, but not so good when it comes to privacy.

@kewde
Copy link
Contributor

@kewde kewde commented Nov 14, 2017

I'm checking this out.

IPFS is indeed not made for anonymity but I have seen moves towards Tor support.
Browser issue is a real privacy threat tho.

Some interesting GitHub issues & repos that are about IPFS & Tor.
ipfs/notes#37
https://github.com/OpenBazaar/go-onion-transport

@emanresusername
Copy link
Contributor Author

@emanresusername emanresusername commented Nov 15, 2017

😲 whoa! y'all are way more knowledgable here than i, i defer
relevant thread before i disappear
disappear

@kewde
Copy link
Contributor

@kewde kewde commented Nov 16, 2017

@beardog108

IPFS makes use of an node keypair and it persist across reboots. This key is used in the protocol to identify itself & maintain a reputation with other nodes through an internal ledger.

A silly implementation of IPFS and Tor together, would still result in a persistent node keypair, essentially serving as a fingerprint.
I wonder if the current Tor implementation of IPFS makes use of ephemeral (temporary) keys in those cases.

@ghost
Copy link

@ghost ghost commented Nov 17, 2017

Not private by default, though. Are we closing @kewde @beardog108?

@ghost
Copy link

@ghost ghost commented Nov 19, 2017

What about Worth Mentioning with a warning @kewde?

@kewde
Copy link
Contributor

@kewde kewde commented Nov 26, 2017

@Shifterovich

A worth mentioning with a warning seems more appropriate.

@ghost
Copy link

@ghost ghost commented Nov 26, 2017

@emanresusername
Copy link
Contributor Author

@emanresusername emanresusername commented Nov 27, 2017

how's that last commit for the warning? (just linked to the convo here) @Shifterovich @kewde @beardog108

@emanresusername emanresusername force-pushed the emanresusername:master branch from d3d1b36 to 8300e05 Nov 27, 2017
@beardog108
Copy link
Contributor

@beardog108 beardog108 commented Nov 27, 2017

I would say something along the lines of "important warning regarding privacy" or just "important warning" and specifically link to #issuecomment-344414022

@emanresusername
Copy link
Contributor Author

@emanresusername emanresusername commented Nov 27, 2017

@beardog108
Copy link
Contributor

@beardog108 beardog108 commented Nov 27, 2017

Yeah looks good to me, thanks.

@ghost
Copy link

@ghost ghost commented Nov 27, 2017

@ghost ghost merged commit e07813e into privacytools:master Nov 30, 2017
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.