privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

add ipfs to the self contained networks section #361

Merged
emanresusername merged 3 commits from master into master 2017-11-30 20:46:08 +00:00
Conversation 14 Commits 3 Files Changed 1 +1
emanresusername commented 2017-11-14 02:51:13 +00:00 (Migrated from github.com)
Copy Link

Description

add ipfs to the self contained networks section

HTML Preview

http://htmlpreview.github.io/?https://github.com/emanresusername/privacytools.io/blob/master/index.html

### Description add ipfs to the self contained networks section ### HTML Preview http://htmlpreview.github.io/?https://github.com/emanresusername/privacytools.io/blob/master/index.html
ghost commented 2017-11-14 21:17:30 +00:00 (Migrated from github.com)
Copy Link

@kewde @beardog108

@kewde @beardog108
ghost commented 2017-11-14 22:02:31 +00:00 (Migrated from github.com)
Copy Link

@IPFS, while being open source, and utilizing encryption for traffic, was not designed with anonymity or privacy in mind (unlike Freenet, which is kind of similar in that they're both data store programs).

You can kind of form a darknet with IPFS if you set IPFS to only bootstrap with friends, (and your friends do the same) but this is not as good as Retroshare or Freenet when it comes to anonymity & privacy. This requires some technical knowledge so we shouldn't expect normal users to do this This can also be done with traditional torrenting to an extent, since private trackers and disabled DHT with enabled encryption would essentially do this.

Like Bittorrent, you can see who is seeding/sharing any given file on the public IPFS network, although VPNs can help with this to an extent. I don't believe IPFS supports Tor very well, but I could be wrong. I know OpenBazaar ended up creating an addon for onion support, but this was for OpenBazaar only.

Important Supercookie notice (privacy warning)

In addition to traditional torrent-like concerns, IPFS also includes a web gateway to access files from your browser. This is enabled by default, but I believe it can be disabled. Using an "attack" (not really an attack so much as it is an abuse of features) I came up with early this year websites (inside or outside of IPFS) can create supercookies which persist even if your browser is wiped or a different browser is used. Link to this attack, here.

I realize not everyone's threat model includes complete anonymity, so I guess it would be fine to add IPFS (as you are) to a worth mentioning, but I think we should put a warning.

To summarize:

  • IPFS is not much better than open source Bittorrent clients (in terms of privacy)
  • IPFS was not really designed with privacy in mind (although it does use encryption for traffic)
  • Some features can be abused to actually harm user privacy, even when they're not actively using IPFS.

edit: Should clarify that I think IPFS is great as a project, but not so good when it comes to privacy.

@IPFS, while being open source, and utilizing encryption for traffic, was not designed with anonymity or privacy in mind (unlike Freenet, which is kind of similar in that they're both data store programs). You can kind of form a darknet with IPFS if you set IPFS to only bootstrap with friends, (and your friends do the same) but this is not as good as Retroshare or Freenet when it comes to anonymity & privacy. **This requires some technical knowledge so we shouldn't expect normal users to do this** This can also be done with traditional torrenting to an extent, since private trackers and disabled DHT with enabled encryption would essentially do this. Like Bittorrent, you can see who is seeding/sharing any given file on the public IPFS network, although VPNs can help with this to an extent. I don't believe IPFS supports Tor very well, but I could be wrong. I know OpenBazaar ended up creating an [addon](https://github.com/OpenBazaar/go-onion-transport) for onion support, but this was for OpenBazaar only. ## Important Supercookie notice (privacy warning) In addition to traditional torrent-like concerns, IPFS also includes a web gateway to access files from your browser. This is enabled by default, but I believe it can be disabled. Using an "attack" (not really an attack so much as it is an abuse of features) I came up with early this year **websites (inside or outside of IPFS) can create supercookies which persist even if your browser is wiped or a different browser is used**. [Link to this attack, here.](https://www.chaoswebs.net/blog/tracking-ipfs-users-via-cache-probing.html) I realize not everyone's threat model includes complete anonymity, so I guess it would be fine to add IPFS (as you are) to a worth mentioning, but I think we should put a warning. To summarize: * IPFS is not much better than open source Bittorrent clients (in terms of privacy) * IPFS was not really designed with privacy in mind (although it does use encryption for traffic) * Some features can be abused to actually harm user privacy, even when they're not actively using IPFS. edit: Should clarify that I think IPFS is great as a project, but not so good when it comes to privacy.
👍 10
kewde commented 2017-11-14 22:13:46 +00:00 (Migrated from github.com)
Copy Link

I'm checking this out.

IPFS is indeed not made for anonymity but I have seen moves towards Tor support.
Browser issue is a real privacy threat tho.

Some interesting GitHub issues & repos that are about IPFS & Tor.
https://github.com/ipfs/notes/issues/37
https://github.com/OpenBazaar/go-onion-transport

I'm checking this out. IPFS is indeed not made for anonymity but I have seen moves towards Tor support. Browser issue is a real privacy threat tho. Some interesting GitHub issues & repos that are about IPFS & Tor. https://github.com/ipfs/notes/issues/37 https://github.com/OpenBazaar/go-onion-transport
👍 2
emanresusername commented 2017-11-15 02:48:08 +00:00 (Migrated from github.com)
Copy Link

😲 whoa! y'all are way more knowledgable here than i, i defer
relevant thread before i disappear
disappear

:astonished: whoa! y'all are **way** more knowledgable here than i, i defer [relevant thread](https://github.com/ipfs/faq/issues/18) before i disappear ![disappear](https://dujrsrsgsd3nh.cloudfront.net/img/emoticons/disappear-1417754650.gif)
kewde commented 2017-11-16 21:53:39 +00:00 (Migrated from github.com)
Copy Link

@beardog108

IPFS makes use of an node keypair and it persist across reboots. This key is used in the protocol to identify itself & maintain a reputation with other nodes through an internal ledger.

A silly implementation of IPFS and Tor together, would still result in a persistent node keypair, essentially serving as a fingerprint.
I wonder if the current Tor implementation of IPFS makes use of ephemeral (temporary) keys in those cases.

@beardog108 IPFS makes use of an node keypair and it persist across reboots. This key is used in the protocol to identify itself & maintain a reputation with other nodes through an internal ledger. A silly implementation of IPFS and Tor together, would still result in a persistent node keypair, essentially serving as a fingerprint. I wonder if the current Tor implementation of IPFS makes use of ephemeral (temporary) keys in those cases.
ghost commented 2017-11-17 22:55:24 +00:00 (Migrated from github.com)
Copy Link

Not private by default, though. Are we closing @kewde @beardog108?

Not private by default, though. Are we closing @kewde @beardog108?
ghost commented 2017-11-19 21:57:05 +00:00 (Migrated from github.com)
Copy Link

What about Worth Mentioning with a warning @kewde?

What about Worth Mentioning with a warning @kewde?
kewde commented 2017-11-26 15:38:26 +00:00 (Migrated from github.com)
Copy Link

@Shifterovich

A worth mentioning with a warning seems more appropriate.

@Shifterovich A worth mentioning with a warning seems more appropriate.
👍 1
ghost commented 2017-11-26 17:07:34 +00:00 (Migrated from github.com)
Copy Link

@emanresusername

@emanresusername
👍 1
emanresusername commented 2017-11-27 05:58:15 +00:00 (Migrated from github.com)
Copy Link

how's that last commit for the warning? (just linked to the convo here) @Shifterovich @kewde @beardog108

how's that last commit for the warning? (just linked to the convo here) @Shifterovich @kewde @beardog108
ghost commented 2017-11-27 06:14:45 +00:00 (Migrated from github.com)
Copy Link

I would say something along the lines of "important warning regarding privacy" or just "important warning" and specifically link to #issuecomment-344414022

I would say something along the lines of "important warning regarding privacy" or just "important warning" and specifically link to #issuecomment-344414022
👍 1
emanresusername commented 2017-11-27 06:49:06 +00:00 (Migrated from github.com)
Copy Link

@beardog108 hows that?

@beardog108 hows [that](https://github.com/privacytoolsIO/privacytools.io/pull/361/commits/016fc0167f7e11ad2e198c0e5aa407002d0b4def)?
ghost commented 2017-11-27 19:13:52 +00:00 (Migrated from github.com)
Copy Link

Yeah looks good to me, thanks.

Yeah looks good to me, thanks.
ghost commented 2017-11-27 19:45:10 +00:00 (Migrated from github.com)
Copy Link

@kewde

@kewde
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels   
🔍🤖 Search Engines

   
approved

approved, waiting for a PR

  
dependencies

Pull requests that update a dependency file

  
duplicate

   
feedback wanted

   
high priority

   
I2P

The Invisible Internet Project (I2P)

  
iOS

   
low priority

   
OS

Operating Systems

  
Self-contained networks

   
Social media

   
stale

A label for stalebot if it gets added

  
streaming

Anything related to media streaming.

  
todo

   
Tor

Anything covering the Tor network

  
WIP

active work in progress, do not merge or PR (yet)!

  
wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

  
XMPP

Extensible Messaging and Presence Protocol

  
[m]

Matrix protocol

  
₿ cryptocurrency

   
ℹ️ help wanted

   
↔️ file sharing

   
⚙️ web extensions

Browser Extension related issues

  
enhancement

   
software removal

   
💬 discussion

   
🤖 Android

   
🐛 bug

   
💢 conflicting

   
📝 correction

Correction of content on the website

  
🆘 critical

   
📧 email

   
🔒 file encryption

   
📁 file storage

   
🦊 Firefox

Firefox & forks, about:config etc.

  
💻 hardware

   
🌐 hosting

   
🏠 housekeeping

Anything primarily related to site cleanup.

  
🔐 password managers

   
🧰 productivity tools

   
🔎 research required

   
🌐 Social News Aggregators

   
🆕 software suggestion

   
👥 team chat

   
🔒 VPN

Virtual Private Network

  
🌐 website issue

*Technical* issues with the website.

  
🚫 Windows

   
👁️ browsers

   
🖊️ digital notebooks

   
🗄️ DNS

Domain Name System

  
🗨️ instant messaging (im)

   
🇦🇶 translations

Anything covering a translated version of the site

No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
enhancement
software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#361
No description provided.
Delete Branch "master"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?