ipfs-companion icon indicating copy to clipboard operation
ipfs-companion copied to clipboard
verified publisher icon ipfs

Read-Only Mode (Disabling Content Reproviding)

Open lidel opened this issue 7 years ago • 3 comments

In the advent of Tor tabs in Brave, Ongoing work on Tor transport for IPFS we started thinking about user privacy. First step was to add an option to opt-out from window.ipfs (https://github.com/ipfs-shipyard/ipfs-companion/issues/451).

Another low hanging fruit is to provide configuration setting to disable/limit content reproviding:

flyingzumwalt: could you get read-only mode added to the ipfs-companion wish list? whyrusleeping: a read-only mode would not reprovide data we read, and also not re-host data we receive; the important part here is that it prevents people from doing confirmation attacks on us to see if we’ve been on a particular site

Feature Characteristics

  • An option on Preferences screen to control Reprovider setting of active IPFS node:
    • Interval: 0 will result in other nodes on the network not being able to discover that you have the objects that you have. There should be one-click toggle to set/unset that.
    • (Optional): Strategy – tells reprovider what should be announced. Valid strategies are:
      • "all" (default) - announce all stored data
      • "pinned" - only announce pinned data
      • "roots" - only announce directly pinned keys and root keys of recursive pins
  • When Interval: 0 we disable "Share files via IPFS" and "window.ipfs", only "read-only" functions remain.

Open Questions

  • What type of UI should we use?
    • Should it be a simple on/on (switching Interval to 0 and 12h) on Preferences screen?
    • Perhaps we could make this smarter and add a select list named "Content Reproviding Policy" with options:
      • "All (Default)" – sets Interval: >0 and Strategy: all
      • "Only Pinned" – sets Interval: >0 and Strategy: pinned
      • "None (Read-Only Mode)" – sets Interval: 0
    • Or maybe it is better to keep is as a toggle, but make Read-Only mode set Interval: >0 and Strategy: pinned ? This way user's node will annouce only content that was explicitly pinned.

cc @whyrusleeping @flyingzumwalt

lidel avatar Jun 28 '18 19:06 lidel

This mode is also important for a bunch of other purposes, especially

  • for users who pay per MB/GB for data.
  • for low-power situations

It also reduces a bunch of surfaces for potential surveillance. Read only users should be able to operate roughly as quietly as a web browser interacting with a centralized server.

flyingzumwalt avatar Jun 28 '18 20:06 flyingzumwalt

FWIW, i've recently done some work with the go-onion-transport. it is admittedly in pretty bad shape, but i've got plans to rebuild it atop a newer tor library, bine. bine enables a lot of things, such as statically linking tor into a go binary (so you don't have to run a daemon), full tor control support, etc.

bigs avatar Jun 29 '18 13:06 bigs

Note to self: "Privacy Mode" may be a better term for feature

lidel avatar Nov 09 '18 20:11 lidel