Hacker News new | ask | show | jobs
by clueless404 3527 days ago
It's ironic that IPFS plans on using a central service to censor and purge it's distributed system.

Not that this central authority will solve this issue either. It just opens another can of worms.

Who will review claims and reports? Who will be authorized to add hashes to the blacklist? How will counternotices be handled? How will different juridistictions and conflicting laws be handled? Who will be liable for content that makes it past the filters? Who will pay for all this?

The world is a messy place and IPFS does nothing to protect its users.
1 comments
fizzbatter 3527 days ago
> The world is a messy place and IPFS does nothing to protect its users.

I'm a bit confused, why is it the job of IPFS to "protect its users"? IPFS has no liability here, it's simply trying to make IPFS a law-abiding software as a whole. So it is not outlawed.

IPFS doesn't have any reason to "protect" me from things i download anymore than HTTP or TPC does. It's a technology for localizing data. What makes you feel IPFS has to protect its users?

It sounds like you think IPFS somehow spreads files onto your system without your consent. You only download what you choose to, just like with HTTP/TPC/UPD and the whole tech stack.

IPFS changes nothing for your personal security. It's not intended to. It's a technology to lower bandwidth usage from the production of mass data in the current age. And in regards to it being ironic for having a central authority, - sure - but the problem is bandwidth that IPFS is aiming to solve is, not law and/or DMCAs.

IPFS must have some seriously bad marketing (i blame the whole "good for humanity angle"), because i feel like you and a lot of people have the entirely wrong idea about IPFS. It's a technology, nothing more.. especially in it's current form. The only thing it might "save the world" from is bandwidth, lol.

link
clueless404 3526 days ago
IPFS needs to protect its users, if it is to have any users.

The creators of IPFS may not have any liability, but they open up its users to severe issues of liability due to the way it operates.

IPFS will become toxic real quick, if it becomes know that IPFS can make you an unintentional distributor of kiddy porn and pirated content.

The core problem is that IPFS' default mode of operation is actively user hostile. This is a big problem, and the reason IPFS needs to protect its users. IPFS not only leaks what you retrieve, it also makes you an (unknowing) distributior of everything you retrieve. All it takes for you to commit a crime and/or copyright infringement, not only as a consumer but also a as a distributor, is to be tricked into retrieving one hash.

In conclusion, IPFS needs not only to not be outlawed, it also needs to be safe to use. As it is IPFS is not safe to use. Hence IPFS needs to do something to become safe to use, i.e. to protect its users.

link
fizzbatter 3526 days ago
> IPFS will become toxic real quick, if it becomes know that IPFS can make you an unintentional distributor of kiddy porn and pirated content.

Yea, this is where you're mistaken. It cannot make you distribute anything! You only distribute what you download. Don't download kiddy porn, and you won't distribute kiddy porn.

> All it takes for you to commit a crime and/or copyright infringement, not only as a consumer but also a as a distributor, is to be tricked into retrieving one hash.

That is fair - but the same could be said for every p2p system on the planet. Has anyone solved this problem? How does BitTorrent protect me from unknowingly downloading kiddy porn?

link
clueless404 3525 days ago
> Yea, this is where you're mistaken. It cannot make you distribute anything!

Oh, really?

"In some cases, nodes must work for their blocks. In the case that a node has nothing that its peers want (or nothing at all), it seeks the pieces its peers want, with lower priority than what the node wants itself. This incentivizes nodes to cache and disseminate rare pieces, even if they are not interested in them directly."

https://github.com/ipfs/papers/blob/master/ipfs-cap2pfs/ipfs...

What's to say BitSwap won't proactively decide to download and start seeding some rare pieces of kiddy porn?

> You only distribute what you download.

As if that wasn't bad enough.

> Don't download kiddy porn, and you won't distribute kiddy porn.

How are you to know if a hash contains kiddy porn or not?

You need to know if the hash contains kiddy porn before you download it, but to know if it contains kiddy porn you have to download it. Classic Catch-22.

The only rational response to a system like this is not to use it.

> How does BitTorrent protect me from unknowingly downloading kiddy porn?

By not randomly downloading stuff from the Internet. By only downloading torrents, I have explicitly chosen to retrieve (hopefully from vetted and reputable sources). By giving me complete control and feedback on what I'm seeding.

Obviously not ideal, but far better than what IPFS does.

I also don't get how this central censorship authority is going to work. I very much doubt IPFS wants to become the Internet Police for Saudi Arabia.

The whole thing is a futile attempt to appease lawmakers and dictators, since any filtering will be done clientside. Nothing is stopping the client from ignoring any blacklists.

Any great or small firewall will just find it easier to block the whole thing than do some silly whack-a-mole deep packet inspection.

How is IPFS not going to become a haven for kiddy porn aficionados?

If the censorship authority publishes a list of blacklisted hashes, that's the same as publishing a directory of all the available kiddy porn. Oops!

If the censorship authority requires each hash to be queried individually, it becomes a real honeypot for the state surveillance machinery.

Not exactly great choices.

link
fizzbatter 3525 days ago
> What's to say BitSwap won't proactively decide to download and start seeding some rare pieces of kiddy porn?

Nice catch, that is interesting. Granted, i feel like this could be tweaked as it is simply a mechanic to attempt to reduce leeching on the network.

> You need to know if the hash contains kiddy porn before you download it, but to know if it contains kiddy porn you have to download it. Classic Catch-22.

How do you know if that link to a pdf from a friend contains kiddy porn? You need to download it to check the md5 / contents.

I'm really lost on how this is any different than HTTP/BitTorrent/etc. Any link on the web can be kiddy. Any bittorrent link can be kiddy. Any IPFS link can be kiddy. They're all equally dangerous on that front as i see it.

The only argument i feel like can be made on this front, is that the hash can make for a hard to visually decipher file. Ie, `foo.com/bar.pdf` is inherently more "trust worthy" than `/ipfs/d3b07384d113edec49eaa6238ad5ff00`. With that said though, that's a better reason to not use `/ipfs/d3b07384d113edec49eaa6238ad5ff00` than it is to use `/ipns/foo.com/bar.pdf` (fake domain/example for easy discussion).

Again, stay away from random hashes just like you stay away from sketchy torrents and random http files.

link
clueless404 3525 days ago
> Granted, i feel like this could be tweaked as it is simply a mechanic to attempt to reduce leeching on the network.

How do you propose tweaking it without either publishing a directory of all the kiddy porn on IPFS or creating a bottleneck which incidentally is ideal for tracking and surveillance?

> How do you know if that link to a pdf from a friend contains kiddy porn?

You don't, but at least your browser won't shout out to the world: "Hey, everybody! This guy is downloading kiddy porn! IPFS does that and to add insult to injury then automatically goes on to seed it.

On the web you also have a sense of where you are. With IPFS you don't, it's all a bunch of hashes. There is no there there. There are no clues to tell you that you are in a seedy neighborhood. Everything is just available, one hash away, from kiddy porn to fine art. That makes navigating IPFSpace such a minefield, the next hash could take you anywhere.

> I'm really lost on how this is any different than HTTP/BitTorrent/etc.

Let me recap:

- BitSwap

- metadata leakage

- automatic seeding

- opacity and lack of control

> Again, stay away from random hashes just like you stay away from sketchy torrents and random http files.

How? Is there some kind of sniff test I don't know about?

link