Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Correct me if i'm wrong, but if accessing some content through IPFS makes you a provider for that content doesn't that mean that you are essentially announcing to the world that you accessed the content, which in turn can be used by those who do not want you to access it for targeting you?

In other words, if someone from Turkey (or China or wherever) uses IPFS to bypass censored content, wouldn't it be trivial for the Turkish/Chinese/etc government to make a list with every single person (well, IP) that accessed that content?



Yes; IPFS is essentially Freenet with the obscuring-content-origin bits turned off. If you want anonymous IPFS, use Freenet.


Well, there are more differences but the most important one is that with Freenet, you get content pushed to you, you help the entire network host whatever is there. Someone can push content to your node, that you might not want to host.

While with IPFS, the only data shared from your node, is data you explicitly agreed to share. So data is not implicitly available on the network, people have to agree to help share it.


For traffic analysis resistance, Tahoe-LAFS over I2P


As far as I understand the protocol itself is detectable and censorable both passively and actively, so it's not real anti-censorship in any way. Just a tool that hasn't been added to censoring DPIs yet.


IPFS can work just fine peer-to-peer over Websockets though, which pretty much look like a regular HTTPS connection. Other applications can make use of this too thanks to go-libp2p and js-libp2p.


Is there a feasible alternative to the standard bootstrapping method? What's the plan for when bad actors block access to the bootstrap nodes?


Right now it's just a static list of addresses, but there's definitely more planned. One of the current discussions: https://github.com/ipfs/go-ipfs/issues/3908


I wouldn't call this trivial, but yes it's certainly possible. Well, it's possible for network traveling over the public internet in the first place. One of the main benefits of IPFS is that it's decentralized. If your friend has the content, and you connect directly to his machine and access it, the record of that access never left those two devices. A government would have to inspect them manually to detect the content in that case.

In simpler terms, it's every bit as traceable as traffic over the network it travels. Its primary advantage is, thus, not being tied to any particular network.


It is trivial, the command ipfs dht findprovs <hash> will list all the peer ids that do have the content in their repo so unless you blacklist every one but your friend (and he does the same) then the fact that you have accessed <hash> is public knowledge. You could also gc your repo as soon as you have downloaded that content but both of these methods defeat the whole point of IPFS.


IPFS doesn't host content you access, it uses a manual, opt-in policy.


Anything you access, you also provide (until it gets garbage collected), unless you turn on the `--routing=dhtclient` or `--routing=none` options.

Pinning prevents garbage collection, and is opt-in per piece of content.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: