I’m wondering whether the following is possible: can I put something on IPFS, and make it so that the file cannot be discovered or downloaded by anyone unless they have the hash?
(I’m still learning my way around IPFS and I apologize for what is probably a basic question.)
If you add something to your local IPFS node the data will stay only your local IPFS node. It only moves when someone else requests the correct hash. And they only learn that hash if you tell them or publish it.
However, your node will publish that hash to the DHT, which means it will send the hash and metadata to other nodes in the network so it can be indexed and located.
So data isn’t automatically propagated or published in some kind of public index, but it would be possible to write a “noisy” node that examined all hashes that get published to look for something. And if I were a 3-letter government agency then I could focus on any data being published by your IP address.
Also, I understand there is some support in the code for private IPFS networks where you can have a disconnected cloud of machines, but IPFS doesn’t include encryption so if you put this on the open internet then it is possible for people to discover it and connect to your private cloud.
IPFS doesn’t include encryption yet. So if it’s private data, encrypt it before adding it to your node, and if necessary, obfuscate the filename, or don’t use the -w option with individually added files.
At any rate, any object on the IPFS can be discovered—even by chance, I assume.