add ipfs to the self contained networks section #361
No reviewers
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#361
Loading…
Reference in New Issue
No description provided.
Delete Branch "master"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
add ipfs to the self contained networks section
HTML Preview
http://htmlpreview.github.io/?https://github.com/emanresusername/privacytools.io/blob/master/index.html
@kewde @beardog108
@IPFS, while being open source, and utilizing encryption for traffic, was not designed with anonymity or privacy in mind (unlike Freenet, which is kind of similar in that they're both data store programs).
You can kind of form a darknet with IPFS if you set IPFS to only bootstrap with friends, (and your friends do the same) but this is not as good as Retroshare or Freenet when it comes to anonymity & privacy. This requires some technical knowledge so we shouldn't expect normal users to do this This can also be done with traditional torrenting to an extent, since private trackers and disabled DHT with enabled encryption would essentially do this.
Like Bittorrent, you can see who is seeding/sharing any given file on the public IPFS network, although VPNs can help with this to an extent. I don't believe IPFS supports Tor very well, but I could be wrong. I know OpenBazaar ended up creating an addon for onion support, but this was for OpenBazaar only.
Important Supercookie notice (privacy warning)
In addition to traditional torrent-like concerns, IPFS also includes a web gateway to access files from your browser. This is enabled by default, but I believe it can be disabled. Using an "attack" (not really an attack so much as it is an abuse of features) I came up with early this year websites (inside or outside of IPFS) can create supercookies which persist even if your browser is wiped or a different browser is used. Link to this attack, here.
I realize not everyone's threat model includes complete anonymity, so I guess it would be fine to add IPFS (as you are) to a worth mentioning, but I think we should put a warning.
To summarize:
edit: Should clarify that I think IPFS is great as a project, but not so good when it comes to privacy.
I'm checking this out.
IPFS is indeed not made for anonymity but I have seen moves towards Tor support.
Browser issue is a real privacy threat tho.
Some interesting GitHub issues & repos that are about IPFS & Tor.
https://github.com/ipfs/notes/issues/37
https://github.com/OpenBazaar/go-onion-transport
😲 whoa! y'all are way more knowledgable here than i, i defer
relevant thread before i disappear
@beardog108
IPFS makes use of an node keypair and it persist across reboots. This key is used in the protocol to identify itself & maintain a reputation with other nodes through an internal ledger.
A silly implementation of IPFS and Tor together, would still result in a persistent node keypair, essentially serving as a fingerprint.
I wonder if the current Tor implementation of IPFS makes use of ephemeral (temporary) keys in those cases.
Not private by default, though. Are we closing @kewde @beardog108?
What about Worth Mentioning with a warning @kewde?
@Shifterovich
A worth mentioning with a warning seems more appropriate.
@emanresusername
how's that last commit for the warning? (just linked to the convo here) @Shifterovich @kewde @beardog108
I would say something along the lines of "important warning regarding privacy" or just "important warning" and specifically link to #issuecomment-344414022
@beardog108 hows that?
Yeah looks good to me, thanks.
@kewde