Hi,
I am thinking about building a photo sharing app similar to google photos upon IPFS.
Now I am considering privacy: The simplest way to send a photo to someone is to just send its CID. At first glance it seems to be safe for me since nobody should be able to guess the shared photo’s CID. However when the receiver wants to get my photo via IPFS, he will share the CID of my photo with his neighbors, right? So the photo is no more private.
Do I see this issue correctly? If yes what are common ways to solve it?
I know people suggest using an encryption layer and just sharing the CID of encrypted photos. However there are multiple ways to do this. Using an encryption key per person seems annoying to me if you want to share a photo with multiple persons. Another option is to use one key per photo. However just using random keys for each photo essentially breaks the nice concept of content addressing. That’s why I have thought of another way:
You compute the hash of a photo, encrypt it with that hash as the key and then share the CID of that encrypted photo as well as the key with your friends. If another person has the exact same image, it will be encrypted identically so he can serve the photo as well.
What do you think about it?
Can you keep CID private?
No you can’t, your node broadcast all CIDs you host or search to random nodes on the internet because of the DHT.
Do I see this issue correctly?
Yes mostly, it’s worst than you think because it’s not only the neighbors, it’s really just random nodes on internet.
If yes what are common ways to solve it?
Encrypt your file, share the CID of the encrypted file as well as the encryption key on whatever private communication channel you have.
However just using random keys for each photo essentially breaks the nice concept of content addressing.
If you encrypt files content addressing is kinda dead already.
I really belive one key per photo is way better because it avoids most SCA attacks, such as watching the network and seeing that I’m downloading all of your photos. With a key per photo someone would just see I download lots of things, but maybe not all have created by you or this kind of stuff. This breaks most links between your files.
You compute the hash of a photo, encrypt it with that hash as the key and then share the CID of that encrypted photo as well as the key with your friends. If another person has the exact same image, it will be encrypted identically so he can serve the photo as well.
I think it’s a bad idea, not because it wouldn’t work, but because you are giving away the information that we have the same photo.
However other peoples probably disagree.
Content addressing isn’t very privacy friendly.
Thanks for the info!
What’s the issue of people knowing that? Doesn’t the internet know that sender and receiver are connected anyways because the sender has the info the receiver is looking for?
Doesn’t the internet know that sender and receiver are connected anyways because the sender has the info the receiver is looking for?
No because all IPFS connections are encrypted.
And IPFS connects for random reasons, so looking at a connection you don’t know if that just a DHT search or an actual download (note this falls appart if you download large amount of data, the DHT is never gonna download 1Gig from a single node).
Plus in the future you might want to support Tor or i2p networks. (once they get stable it’s really just adding a new option to your build).