Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
add ipfs to the self contained networks section #361
add ipfs to the self contained networks section
@ipfs, while being open source, and utilizing encryption for traffic, was not designed with anonymity or privacy in mind (unlike Freenet, which is kind of similar in that they're both data store programs).
You can kind of form a darknet with IPFS if you set IPFS to only bootstrap with friends, (and your friends do the same) but this is not as good as Retroshare or Freenet when it comes to anonymity & privacy. This requires some technical knowledge so we shouldn't expect normal users to do this This can also be done with traditional torrenting to an extent, since private trackers and disabled DHT with enabled encryption would essentially do this.
Like Bittorrent, you can see who is seeding/sharing any given file on the public IPFS network, although VPNs can help with this to an extent. I don't believe IPFS supports Tor very well, but I could be wrong. I know OpenBazaar ended up creating an addon for onion support, but this was for OpenBazaar only.
Important Supercookie notice (privacy warning)
In addition to traditional torrent-like concerns, IPFS also includes a web gateway to access files from your browser. This is enabled by default, but I believe it can be disabled. Using an "attack" (not really an attack so much as it is an abuse of features) I came up with early this year websites (inside or outside of IPFS) can create supercookies which persist even if your browser is wiped or a different browser is used. Link to this attack, here.
I realize not everyone's threat model includes complete anonymity, so I guess it would be fine to add IPFS (as you are) to a worth mentioning, but I think we should put a warning.
edit: Should clarify that I think IPFS is great as a project, but not so good when it comes to privacy.
IPFS makes use of an node keypair and it persist across reboots. This key is used in the protocol to identify itself & maintain a reputation with other nodes through an internal ledger.
A silly implementation of IPFS and Tor together, would still result in a persistent node keypair, essentially serving as a fingerprint.