Privacy

Cross-IPFS-site scripting

IPFS vs same-origin policy

Introduction These days, browsers are pretty secure, and some are even privacy conscious (Firefox, Brave) that block third party trackers by default. But today’s browsers are ultimately designed for HTTP, not IPFS. And they have a different threat model in mind. All the sites on IPFS are served from the same origin as the gateway, which has some interesting implications for privacy and security. How IPFS gateway works IPFS gateway is a web server that connects to some IPFS node daemon.

Privacy Issues and Concerns on Ethereum Network Layer

Or, why not to use Metamask (with default settings)

Introduction Ethereum’s network layer, or more precisely devp2p (or libp2p) while providing encryption and authentication, does not necessarily give user anonymity or privacy. In this post I will point out some of the privacy issues, and potential attacks to de-anonymize Ethereum account owners (i.e. associating an Ethereum account address with the IP address of its owner). For simplicity we do not consider anonymity networks during attack like Tor or I2P, although they will be discussed in the Mitigation section.