I’ve got some questions regarding privacy and IPFS:
- How easy is it to track someone’s browser habits assuming you know their node identifier?
- How easy is it to get a list of all nodes who currently have a given content hash?
- What can be done to preserve individual user/device privacy and still participate in a distributed system like IPFS?
- What can publishers do to improve the privacy of their users when distributing content on IPFS?
- What can publishers do to violate the privacy of their users when distributing content on IPFS?
The design of IPFS is clearly focused on the distributed nature of the network, and that is also what makes the system appealing. However, users want to read embarrassing articles and watch naughty content that they don’t want to be associated with on the network.
To my knowledge, that’s currently not possible right out of the gate, because there doesn’t seem to be a command that says: “show me all the files that are pinned or cached on a given node”.
ipfs dht findprovs <hash> … shows you all nodes that are seeding a file, whether pinned or temporarily cached.
Can’t say anything (yet) with regard to the other points, except that when content is published, it is by definition of the word “public”, out of the hands of the publisher, and anyone who accesses that content participates in that public sphere, and since this is the internet, he (or rather his current IP address and node’s PeerID) is detectable as someone who accessed said content at some time in the past.
As for avoiding this, a user could always have two or more nodes on his local computer, one for the default content, one for the “naughty” content. An outside observer, if he’s lucky, might still be able to correlate some aspects of a user’s browsing habits across local nodes by way of the IP address, but that wouldn’t cover all of his browsing habits.
What about Sybil attacks like in the BitTorrent DHT? You enumerate a list of hashes, then constantly request the peers for them.