Hacker News new | past | comments | ask | show | jobs | submit login

IPFS is not an anonymity network.



Indeed not.

In fact, IPFS via the DHT, tells the network of your whole network topology, including internal address you may have, and VPN endpoints too.

There's still talks in how to handle Tor connections. Because right now, if you were to use a Tor connection with IPFS, it will tell the whole network your public, private, and .onion addresses all.


Why would it do that though? I don't really care for Tor, but private network? That's a bit strange to me. Can you or someone explain? Seems like it has no regard for privacy by the sound of it.


Sure can.

What IPFS does, is looks at network topology to determine 'closeness' of nearby IPFS nodes. It then prefers 'closer' nodes, to speed up transactions and requests.

For example, if we take Gangnam Style video, it spread to something like 100M views rapidly. With Youtube, that's 100M individual downloads. With IPFS, it would be 1 or 2 downloads per local network. And then those machines would provide the local network with the content, rather than hitting the 'net at large.

The only good way to do this, is to include all the adapters in the DHT to where all machines are. It also allows IPFS to seamlessly work across NATs and other junky applications of IPv4 (and egads, already seeing ipv6 nat).


That's neat, though I think in some cases, say Intellectual Property on your LAN, or other things, you may want those services ignored I would think? Sounds like setting up IPFS has to become a rather isolated process for some? Which I find kind of limiting if you're forced to go through hoops for something that could be opt-in / configurable at the very least?


Well, all I can defend against that, is that it's still "Alpha Software". There's stuff that's very much not for private or secure networks.

But for working with data that's intended to be open, it's wonderful.


> Seems like it has no regard for privacy by the sound of it.

IPFS is an infrastructure building block. You are judging it by throwing out "privacy" like all things need to implement privacy without regards to the fact it's the application layer that should be responsible for the "security" of the "private" communication.

I could seed an encrypted file on IPFS and then put a bounty out on it for people to cache it aggressively. I'll increase bounty if you've cached for me before and I'll increase bounty for anyone caching it around a particular timeframe. Any agent looking for my contact who is downloading that file doesn't know if they know the file is for my contact or not.


There's going to be support for private networks, and for various ways of encrypting data. We just haven't gotten to it yet :)

You can of course already encrypt the data yourself before adding it to ipfs.


I'm thinking about creating a gateway for IPFS from clearnet to OnionCat IPv6. So other onion servers can participate without revealing public IPs.


You WILL have to hack on IPFS software, as to not release all your adapter information. Even if you tunnel all the IPFS datastream through .onion , the datastream inside will tell everyone your IP adresses, internal (unroutable) and external.


I've been playing with Freenet, and it does the same. So the IPFS peer would be a VM with no public IP address, which connects through a Tor gateway VM. I'm guessing that IPFS needs a reachable IP:port, so I'd use a throwaway VPS as a clearnet proxy.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: