I agree, and looking at their site, they don't seem to have taken steps to avoid this problem.
I wonder if we could have a standard api, like window.requestAPI('ipfs' or 'eth' or whatever) returns a Promise, and the user gets a 'page is requesting' bar like we do with location requests.
That way, you wouldn't be leaking information about your browser capabilities to pages that you don't wish to use those capabilities on.
The reason why window.ipfs is so great is that it opens up for a very easy migration path for when IPFS is embedded directly in the browsers.
So as a application developer, you would check if window.ipfs exists on the page, and if it doesn't, load js-ipfs and then the rest of the page can function the same way, no matter how ipfs was loaded on the page.
Unless we can be sure that when browsers implement IPFS, window.requestAPI('ipfs') would be the API, going the route we're taking now is the safest bet, unfortunately.
It's a pity that people aren't more concerned about the problems of leaking information to potentially hostile websites and polluting the window object with their project specific objects.
As the earlier poster mentioned, Metamask had this exact problem and it's been widely commented on. Of course the metamask problem is worse than the IPFS problem, as it marks a user as a potential target, whereas IPFS by itself probably doesn't do more than mark them as someone interested in the distributed web.
Your argument for why you do it seems to be a non-sequitur. Whatever you choose for how IPFS Companion exposes the api can be exactly the same as how the future browser exposes it. In fact as an early mover, you have an opportunity to do something positive and set a good direction for the built in functionality that comes later.
It's not a problem that there is consensus on how to solve yet, but I believe a standard solution built into browsers for exposing apis with capabilities we may not wish some sites to observe is needed. Polluting the window object with a host of api objects is likely to be a bad idea long term.
This is a interesting point and I agree, pretty important privacy feature that we should discuss more.
Off the top of my head, there could be some things we could do to help this, but the async/sync nature of `window.ipfs` makes it harder. If variable access was async, we could prompt before exposing it, but since we want to enable the browser extension to be a migration path to having native IPFS support in the browser, it becomes harder.
lide went ahead and opened a issue (https://github.com/ipfs-shipyard/ipfs-companion/issues/451), so if you're reading this and have ideas, we'd love to hear from you! We care deeply about this issue but was not required for the initial prototype we have now.
Thank you for bringing this up. I have a sticky task on my wall for this feature to bearded to metamask for this exact reason. Right now you're only protected by obscurity, the user needs to be able to whitelist domains or accept domain/dapp public keys.
Dat+Beaker is way ahead of IPFS in tooling, developer mindshare, consumer friendly UI, etc. With $250 million it's pretty shocking they don't seem more worried/focused on that.
Interestingly I've heard of IPFS many many times and this is the first I've heard of Dat+Beaker. Do you have a starting point you suggest to get an idea of what it is or does?
I might have visited those sites before, but thought it was some kind of new token bullshit.
Got a white paper link up at the top and some graphics of some decentralized nodes, so probably hit the back button faster than I delete spam from my inbox.
Dat and Beaker seems to be more focused on building products than us currently (I work on IPFS) so the more consumer friendly UIs does not surprise me. However, we're (Protocol Labs) are trying to build standardized protocols that can be shared across projects rather than just for us, hence it's currently more focused on lower-level technologies. With that said, we also have higher-level projects, most of them can be found over here: https://github.com/ipfs-shipyard/
It's interesting to point out that in addition to Dat support, Beaker initially had support for IPFS as well, but dropped it.
Currently Dat's browser integration model requires the use of a specific browser (Beaker). Not that Beaker isn't awesome; I think Dat would garner more mindshare if it moved to browser-extension-based model like IPFS and didn't require a full installation of a new browser.
How about adoption, e.g. Dat+Beaker vs IPFS+existing browser? Arguably, for these use cases, adoption matters more than all of the other items combined.
Hashbase exists, and in theory most Dat web apps could do a read-only version for legacy browsers, but since the tooling isn't there, you'd have to work out something by hand. The Dat ecosystem has pretty bad support for polyfills and bridging to the HTTP web right now. Many Dat demos I see today just fail hard over HTTP, maybe with a best-viewed-in message if the dev took some effort, but in principle it doesn't need to be that way.
Neither of these services are going to work to solve our current dilemna until we can drop a .framework in and use it from a mobile app.. this is really the space that needs adoption strategies.
Yes, this is definitely something we're planning to once we get closer to a v1 of all the parts. Today it's probably a bit too early but specifications are a core part of our general pipeline (but we can still get better)
The goal is to end up with standardized implementations so we can have multiple implementations and a open protocol.
Keep in mind that HTTP gateways are provided just for convenience.
Due to WebExtension API limitations embedded node can't act as a local HTTP gateway and extension falls back to public gateway. I imagine it was what you were experiencing.
Use window.ipfs property to play with pure IPFS (without HTTP gateway):
window.ipfs.id(console.log)
window.ipfs.add(Buffer.from('hello')).then(console.log)
window.ipfs.cat('/ipfs/QmWfVY9y3xjsixTgbd9AorQxH7VtMpzfx2HaWtsoUYecaX').then((data) => console.log(new String(data)))
More info: https://github.com/ipfs-shipyard/ipfs-companion/blob/master/...
I think you can click "switch to local node" or something like that. At least that's what I did with my external gateway and it worked and started to redirect locally.
Or does this extensions have the same issues as Metamask[0], which means there's no way to hide the fact that one has the extension installed?
This is a pretty important privacy feature, because I'm pretty sure the presence of such an extension massively increases the accuracy of targeting.