Resistance of IPFS to censorship by local filtering software

This is a more concrete and technical question I had, regarding the resistance of IPFS to government censorship. It addresses a method which, though thankfully not widespread at this day, we risk seeing more of in the future if states continue approaching the internet the way they have been up until this point. I believe it’s helpful to know how the software can handle itself in these kinds of situations.

To start off with some background: Almost all internet censorship today is carried out in one of two ways: Either by constraining website owners (typically companies) to moderate their platforms as the government sees fit under threats of being fined, either by making it mandatory for every ISP in the country to block a list of websites. The decentralized internet is coming, and tools such as IPFS or Substratum or Zeronet will render both of the two approaches impossible: You can no longer associate content to a specific owner or IP address which you can immediately look up and then block… computers worldwide host bits and pieces from all sorts of sites so who do you go after?

With this knowledge, we can assume that control obsessed regimes are left one final option, which can theoretically be used to silence the decentralized web as well: Mandatory censorship software installed on all devices. Already there’s been a crazy proposal in America, suggesting that every smartphone and laptop and computer sold in a shop should come with censorship filters that block porn (apparently that’s still a thing). South Korea went a step further a few years ago, deeming it illegal for teenagers to own smartphones that don’t contain government surveillance software installed on them. As crime will inevitably rise too on the decentralized internet and people will start screaming the usual “something must be done” rhetoric, I don’t doubt governments will in time end up pushing for the disgusting principle of “all your devices must have our filtering software installed and it’s illegal to own an unlocked device any longer”.

The purpose of this thread isn’t to discuss the politics behind those decisions but to ask a clear question: How resistant is this software to content filtering processes installed on the same machine and trying to interact with it? To be more specific:

  • When the IPFS process sends or receives requests for content to other devices around the world, can another process on the system see that content and snoop on your real activity?
  • If so, can another process on the machine do anything to stop the IPFS node from sending or receiving that data? For instance, killing the IPFS process or cutting its internet access.
  • What can our code do to prevent either of the two? Can the process sandbox the data being sent and received, so that other applications on the system can’t have access to it… obviously not including what’s being networked, but that’s encrypted so it shouldn’t be a problem. Otherwise can we prevent other applications from killing the process or temporarily filtering the IP addresses it can communicate with?

I believe this is a legitimate and interesting question: Conventional filtering software (like so called parental controls on routers) work at networking level, by blocking access to IP addresses or DNS names known to contain an unwanted website… it’s easy to understand how they’re doing it and there’s nothing any application can do to prevent it (other than using a proxy, VPN, or anything that reroutes the data). Here such a system would be tricky, because you’d have to block virtually every IP address at any moment to be sure, so attempting to filter any specific site is the equivalent of disabling internet access entirely; Their only solution would be to detect and attempt filtering individual files before they make it on your hard drive, possibly by cutting off the process when the content is detected… but for that to work the filtering software must first have access the unencrypted content of what IPFS is transferring, then filter only that content without bringing down the whole network. I’m optimistic as this doesn’t sound easy to do (would lead to things worse than Meltdown / Spectre) but I’d like to know more educated opinions on the matter.