Is CID a sensitive data?

I’m new in IPFS moreover not sure knowing about blockchain technology itself

I wonder if there’s CIDs list in public that show CIDs of users, since content cannot be deleted because of decentralized system unless everyone (every nodes) deleted its content in their storage.

What if someone upload illegal stuff and distributed its CID to everyone, who can handle it?

Is CID is a sensitive data if i upload my private stuff at there?

What is different of node and peer?

Yes / No
It’s possible to get a list of most CIDs on the network however it’s a non trivial task that requires crawlling large part of the DHT with many nodes and prey to get lucky.

You should assume that CID are public information (even tho there is no list I can just send you to, someone could make one maybe).

What if someone upload illegal stuff and distributed its CID to everyone, who can handle it?

No one, if illegal things exists on the network, just don’t download it ? IPFS doesn’t take initiative, IPFS isn’t gonna download random files like that.

The same thing can be said about HTTP, illegal things exists on HTTP but you don’t visit thoses websites so this doesn’t bother you, same for IPFS. :slight_smile:

What is different of node and peer?

Pear are fruits I belive. (nothing we use them interchangeably).

Is CID is a sensitive data if i upload my private stuff at there?

If you want to upload private things you need to encrypt it first.

I don’t think you can crawl DHT. There is no DHT query - give me all keys node knows about.

True but you can spam the DHT with 5000 nodes (probably less I’ve just picked a conservative number) and logs all request done to you, you will catch many if not all provider requests.

The nodes will want to register the fact that they host the file and they will send the CID trying to register it.

So do you think can a computer brute force CIDs?

Consider theres someone who just want brute force CIDs for seeing another people files for fun, do u think it’s possible?

What i mean with sensitive is, we shouldn’t gave CID to everyone unless we think it’s for public. or only give to some allowed people

5000 nodes is too little, I did scan and over 14 days I captured about 800k unique node ID.

Unless it changed IPFS broadcasting requests for CID to all connected peers. You can play with log levels to log them.

only ~11k runs the DHT, all other are not because they are behind nats or have disabled the dht server

I suspect that the real reason the vast majority of people who use IPFS run it in client mode is because they use IPFS Desktop and its own default configuration forces the daemon to run in client mode. Most people just don’t realize it. Maybe it should ask the first time it runs instead of doing that. Of course, a lot of people would then run against the NAT issue and probably have no clue how to set up port mapping…

It’s better than running in startup