I have no ideas specifically relating to metadata occlusion though. Except for Tor and HTTPS encryption.
There seems to be a lot of discussion lately about anti-censorship usage of IPFS for instant messaging and chat. Personally I think that instant messaging would be better served by something older fashioned like IRC. Something that just sends messages from one computer to another and doesn’t worry about storing them long term. But that’s just to me. I get people wanting a more modern solution that works as a proper social network.
I have been recently obsessed by one question: How to completely decentralize not just the web (that’s the goal of IPFS), but the whole Internet (no registrars, no ISPs, noone to maintain the wired network,…). That leaves many questions, like “Is it possible to have an IPFS equivalent of HTTPS without trusted third parties?” To replace TLS/SSL electronic certificates we can use a blockchain to reach consensus (though I’m not really a fan of it).
Another problem, maybe more on topic this time, how do we have private data given that all the data on IPFS is public (provided that you have its CID — content identifier)? We can encrypt it using a secret key. Everybody has access to the encrypted data, but not everybody can decrypt it. I agree, it is less secure than not having access to the data at all like with the client-server architecture used by HTTP, but it is still very secure. A private network will in fact be a group of peers who possess this secret key and who can share data only between themselves. To sell data, you can just sell the secret key to someone.
We are building a privacy and security focused social network on top of IPFS called Peergos. The main thing we haven’t implemented yet is Tor usage, but OpenBazaar maintain a fork of IPFS with a Tor transport.
Are you sure that you aren’t confusing the means and the end?
In principle, I agree with the idea that “centralization is killing the internet”, and that “centralization is closely related to monetization (esp. advertising)”, but I don’t believe that encumbering seldom-used protocols with privacy guarantees is a convincing way to solve the problem even for those who do care about privacy.
Privacy parallels with the concept of “herd immunity”–if enough of your friends are private, then so are you. Conversely, if your friends aren’t private, then neither are you.
Then, the solution to centralization is to build compelling decentralized alternatives to popular centralized services. Because the user is in control of their own data by design, privacy rides shotgun alongside the user’s self-awareness of their control over their personal information.
If services become increasingly decentralized, while there is potentially a “free ocean” of data to mine, it is no longer economically viable for advertising giants to do so, because there are no centralized services in which to advertise.
encumbering seldom-used protocols with privacy guarantees
To make a simil with traditional post, what you are saying is the equivalent to: why wasting paper on envelopes?
Yes, the government reads all our post but they are going to read your incoming post anyway.
I think it is this mentality the one that created our internet centralization problem today.
Decentralized apps alone will not fix the problem. In fact the Internet is already decentralized, we just happen to visit the same 4 sites, as to say.
We have empowered the 4-5 key actors with all our personal data and they monetize it better to no one else, gaining more resources that no one else and they create better apps than any decentralized app we could come up with.
We have to cut the leak for personal information, new protocols like IPFS could be key for it.
A threat model that includes the government is an unsustainable one, and never relevant to your friends
we just happen to visit the same 4 sites
And there wouldn’t be any problem changing it to “using the same 4 decentralized services.” Open source decentralized services are a better foundation to start with, than closed source centralized services.
and they monetize it better than no one else […] and they create better apps than any decentralized app we could come up with.
Sounds like you’re stuck between a rock and a hard place then. You cannot defeat a global passive adversary, and you apparently can’t defeat giant corporations for some reason, so you might as well give up.
You forget that your friends are the most important aspect of privacy. If you have no friends, building any protocol of any kind is meaningless. The absolute most important concern is building applications your friends want to use. Remember that corporations having a first-mover advantage does not mean that their applications are actually any good.
trust […] right to access content […] bad actors
This is meaningless because you are no longer under control of your own content once you release it outside of your node. Your friends can easily strip any DRM you attempt to add.