IPFS and Digital Asset protection

Hello to everybody,
Please excuse me if this is not the correct place where I can ask this question, but It’s quite struggling me since I don’t find a clear answer… I’m a developer and I’ve been asked to evaluate some aspect of NFT/Digital Assets…
I’ve seen that usually digital assetts (for example opensea sold one) are stored on IPFS network and they can be reached via an url… But I was wondering in this case anyone having the full URL can reach the content and download it…is this so? I know that IPFS has nothing directly to do on NFT minting but what I’m not able to understand is how protection of the content is assured



IPFS is a public network everything on it can be downloaded by anyone (who know the CID).

As such NFTs metadata (NFT are smart contact not images) on IPFS are not “protected” in any way.

Blockchain can “anchor” the IPFS CID of whatever you want, making that something inherit the properties of the blockchain (public, distributed and immutable)

Hope it help!

1 Like

In general, ownership of an NFT is enforced by the smart contract, not IPFS or a server. Nowadays, most NFTs are links to an image, and a popular way to link to this image is via an IPFS CID. If you use a centralized service for this storage part, you may use additional protection measures (password, etc). Of course, the point is to have a decentralized asset, so it is often on IPFS. Then, anybody with the CID can access the file. So the only option I know to protect your file/image is to encrypt it and require people wanting to display it to provide a piece of information known to them only (password, wallet key, etc).

That being said, almost all the images representing an art NFT and which IPFS CID is publicly displayed on smart contract are non-encrypted. So they are not protected at all. In fact, not only can I see almost all the NFTs thanks to their CID, but I have the list readily available on the Ethereum blockchain.
So basically, the smart contract says: “Everybody can download this image at this address in an uncensorable way, make it their wallpaper, share it with friend, make it a meme, mint a new NFT by changing a pixel, or do with it whatever you can normally do with an image, but just remember that this guy over here paid for this ad. Also, it is ‘theirs’, so please don’t do any of the things listed previously, coz they paid .2M$ for it. Thanks.”

I see no way to use art NFTs (meaning paying an artist for a digital piece of art, then publicly displaying on a blockchain the fact that you paid for it, how much, and where anyone can download it for free) as anything else than art patronage in favor of the artist.

If you figure it out, please ping me.

NB: NFTs can have a lot of useful use cases. The craze for the main current use-case (buying a now-public digital image/video) is beyond me.

Anyway, protecting the record that you have paid for the asset is done in the smart contract. Protecting against access to the thing is done by centralization (defeating the point), or by encryption. Either way, IPFS is not the place where this takes place.


NFTs have often been compared to “name-a-star” services. Everyone can look at the sky and see the star. However, in the service’s database, the star is associated with the name of the person who paid to put their name in the database.

The star is not the asset, the database entry that says it has your name is the asset.

Ok… Just when I wrote that IPFS can’t do anything for limiting access, Peergos released a way to do access control…

Note that they are running their own forked IPFS clients (still open-source), so if you try to talk with regular IPFS clients, my understanding is that it would work except for this feature (Am I right @ianopolous ?). They are trying to upstream the feature to regular IPFS.

Yes, the authed bitswap extension is backwards compatible, so we are still on the main IPFS DHT. Legacy IPFS clients can retrieve public blocks from us and vice versa.