Implications of running IPFS (Companion) with Tor Browser

My understanding is that currently IPFS is mainly usable either through public gateways that have to be explicitly linked or through running own node and installing IPFS Companion on the browseŗ (unless I happened to be running IPFS on the default port 8080 instead of having something else there?). I get the impression that if I wish to get most of the benefits of IPFS I should pick the later.

I am able to find issues about Tor support for IPFS, but I don’t see Tor Browser and the current security implications mentioned/documented anywhere.

My assumption is that if I installed IPFS companion on Tor Browser, my Tor traffic would go anonymously through Tor as usual, but anything attempting to access IPFS would go through my local node sending my IP addresses to IPFS/clearnet network and thus deanonymize me if something was only linked within Tor hidden services or was very seldom accessed. Is this correct? Are there other things that I am not thinking about?

I am wrong.

I thought about this some more and realized that by default IPFS Companion would be unable to access the local IPFS nodę but because Iam also using ZeroNet in Tor always mode, it has annoyed me into using Tor Browser with ZeroNet which is also blocked by default, so I have followed their instructions and opened this hole by myself. I opened an issue towards their documentation about this.

I strongly recommend you don’t do this for anything privacy sensitive at the moment, as you noted, all IPFS traffic would be in the clear. We have, in the past, worked on TOR transports for IPFS but those are far from production ready (well, the transports seem to work, it’s just that go-ipfs wasn’t built with TOR in mind so we’re leaking information left and right).

1 Like