Introduction These days, browsers are pretty secure, and some are even privacy conscious (Firefox, Brave) that block third party trackers by default. But today’s browsers are ultimately designed for HTTP, not IPFS. And they have a different threat model in mind. All the sites on IPFS are served from the same origin as the gateway, which has some interesting implications for privacy and security.
How IPFS gateway works IPFS gateway is a web server that connects to some IPFS node daemon.
Introduction Ethereum’s network layer, or more precisely devp2p (or libp2p) while providing encryption and authentication, does not necessarily give user anonymity or privacy. In this post I will point out some of the privacy issues, and potential attacks to de-anonymize Ethereum account owners (i.e. associating an Ethereum account address with the IP address of its owner).
For simplicity we do not consider anonymity networks during attack like Tor or I2P, although they will be discussed in the Mitigation section.
A little fun fact about this site This blog is a static site generated by Hugo, hosted on IPFS. I personally run an IPFS node, and the files are pinned on my node. If you came here though your own IPFS gateway, then congrats! You already know where this is going. Otherwise, keep reading and I’ll explain the entire setup of the site.
The site lives permanently by the IPNS name /ipns/QmTctHYiuy3LXguP5jBP4DJAmnCD22gQbBAV24wH394vSs https://push32.