Ipfs and privacy

I see Ipfs as a great architecture to beat the trend of centralization that is killing the Internet.

I the centralization of the Internet closely related to the business model of selling personal data.

I wonder if Ipfs is aiming to fix that problem too, or if by snooping Ipfs traffic personal profiles can also be built.

Is there any analysis written about IPFS and privacy?

Is there any privacy road map?


So far (and I could be wrong), the only way to ensure privacy when using IPFS is to create a private IPFS network.

Here is an article written on the pros and cons of having a private IPFS network:

Hope this helps.


1 Like

That seems very useful for enterprise or even special communities.

But I was more thinking in a p2p social networking alternative to twitter or Facebook.

It should be possible to use ipfs without any network operator learning about its users, just because they are using ipfs.

whether is it possible to snoop ipfs traffic or not, weather the ipfs network is formed by nodes properly identified, or one can pretend being all nodes, etc.

I just don’t know if there’s a discussion about this at all.

Ipfs and metadata leakage?

Maybe check and participate here:

And here:

I have no ideas specifically relating to metadata occlusion though. Except for Tor and HTTPS encryption.

There seems to be a lot of discussion lately about anti-censorship usage of IPFS for instant messaging and chat. Personally I think that instant messaging would be better served by something older fashioned like IRC. Something that just sends messages from one computer to another and doesn’t worry about storing them long term. But that’s just to me. I get people wanting a more modern solution that works as a proper social network.

The privacy abuses that we are suffering are unprecedented. Any protocol that aspires to mass adoption should take this very seriously.

It really does not matter which kind of app you are going to implement with ipfs, leaking personal metadata is not acceptable.

Thanks for pointing me to those conversations, will follow up!

1 Like

I have been recently obsessed by one question: How to completely decentralize not just the web (that’s the goal of IPFS), but the whole Internet (no registrars, no ISPs, noone to maintain the wired network,…). That leaves many questions, like “Is it possible to have an IPFS equivalent of HTTPS without trusted third parties?” To replace TLS/SSL electronic certificates we can use a blockchain to reach consensus (though I’m not really a fan of it).
Another problem, maybe more on topic this time, how do we have private data given that all the data on IPFS is public (provided that you have its CID — content identifier)? We can encrypt it using a secret key. Everybody has access to the encrypted data, but not everybody can decrypt it. I agree, it is less secure than not having access to the data at all like with the client-server architecture used by HTTP, but it is still very secure. A private network will in fact be a group of peers who possess this secret key and who can share data only between themselves. To sell data, you can just sell the secret key to someone.

1 Like

We are building a privacy and security focused social network on top of IPFS called Peergos. The main thing we haven’t implemented yet is Tor usage, but OpenBazaar maintain a fork of IPFS with a Tor transport.

1 Like

Very interesting! I will check out Peergos.

I am not sure TOR is the answer to this problem. I think that IPFS must deal with privacy too.

Most protocols today leak private information because privacy/security is left off to other protocol layers, that often require complex configuration, and that in practice, most users are not using.

Also, we have reached the point in which surveillance state/corporations have unlimited resources.

I think IPFS should marry Monero and make babies. The most beautiful one would be the ideal protocol to create a social network.

1 Like

Are you sure that you aren’t confusing the means and the end?
In principle, I agree with the idea that “centralization is killing the internet”, and that “centralization is closely related to monetization (esp. advertising)”, but I don’t believe that encumbering seldom-used protocols with privacy guarantees is a convincing way to solve the problem even for those who do care about privacy.

Privacy parallels with the concept of “herd immunity”–if enough of your friends are private, then so are you. Conversely, if your friends aren’t private, then neither are you.

Then, the solution to centralization is to build compelling decentralized alternatives to popular centralized services. Because the user is in control of their own data by design, privacy rides shotgun alongside the user’s self-awareness of their control over their personal information.

If services become increasingly decentralized, while there is potentially a “free ocean” of data to mine, it is no longer economically viable for advertising giants to do so, because there are no centralized services in which to advertise.

1 Like

encumbering seldom-used protocols with privacy guarantees

To make a simil with traditional post, what you are saying is the equivalent to: why wasting paper on envelopes?
Yes, the government reads all our post but they are going to read your incoming post anyway.

I think it is this mentality the one that created our internet centralization problem today.

Decentralized apps alone will not fix the problem. In fact the Internet is already decentralized, we just happen to visit the same 4 sites, as to say.

We have empowered the 4-5 key actors with all our personal data and they monetize it better to no one else, gaining more resources that no one else and they create better apps than any decentralized app we could come up with.

We have to cut the leak for personal information, new protocols like IPFS could be key for it.

Is it possible to have an IPFS equivalent of HTTPS without trusted third parties?

I think it is possible if you marry IPFS with blockchain concepts. And I would use monero for its privacy orientation.

Using a blockchain to decentralize trust, identity, even right to access content, handle bad actors, etc.

the government

A threat model that includes the government is an unsustainable one, and never relevant to your friends

we just happen to visit the same 4 sites

And there wouldn’t be any problem changing it to “using the same 4 decentralized services.” Open source decentralized services are a better foundation to start with, than closed source centralized services.

and they monetize it better than no one else […] and they create better apps than any decentralized app we could come up with.

Sounds like you’re stuck between a rock and a hard place then. You cannot defeat a global passive adversary, and you apparently can’t defeat giant corporations for some reason, so you might as well give up.

You forget that your friends are the most important aspect of privacy. If you have no friends, building any protocol of any kind is meaningless. The absolute most important concern is building applications your friends want to use. Remember that corporations having a first-mover advantage does not mean that their applications are actually any good.

trust […] right to access content […] bad actors

This is meaningless because you are no longer under control of your own content once you release it outside of your node. Your friends can easily strip any DRM you attempt to add.

You can racionalize the current status quo as much as you like and in any possible direction.

Good engineering is the key to the problem as blockchain is already proving.

As appealing as it is, IPFS, in its current form, won’t contribute to fix the problem.