Brave bets on the decentralized web with IPFS browser support for a more peer-to-peer approach

Peer-to-peer protocol promises availability and resilience, but awaits proof of speed and resource thrift

Brave Software on Tuesday plans to release an update of its Brave browser that implements support for the InterPlanetary File System (IPFS), a peer-to-peer hypermedia protocol for storing and sharing data over a distributed network.

IPFS support, which arrives in v1.19, allows Brave users to access IPFS resources using an ipfs:// URI, either through its embedded gateway service or by installing a full IPFS node, which enables the hosting of IPFS-accessible content.

Brave claims to be the first widely used browser to implement native IPFS support; Opera for Android did so in March, 2020, though it relies on a gateway – a cloud service, like Cloudflare's IPFS Gateway, that handles IPFS in the absence of built-in browser support.

Previously, those interested in using IPFS in browsers have had to rely on browser extensions and a separate desktop installation.

This is the blockchain. Yes, THE blockchain

Cloudflare invites folk to dabble in the 'distributed web' with InterPlanetary File System gateway


"We’re thrilled to be the first browser to offer a native IPFS integration with today’s Brave desktop browser release," said Brave CTO and co-founder Brian Bond in a statement.

"Providing Brave’s nearly one million verified content creators with the power to seamlessly serve content to millions of new users across the globe via a new and secure protocol, IPFS gives users a solution to the problem of centralized servers creating a central point of failure for content access."

Running an IPFS node has some potential consequences. “If Brave is configured to use a local IPFS node, when accessing IPFS content, it also makes you a temporary host of that content,” said Bondy in an email for The Register. “IPFS nodes have a PeerID which can be looked up in a distributed hash table (DHT), and that DHT can be observed by others.”

“On the other hand, if Brave is configured to use a public IPFS gateway, the privacy risks are different,” he said. “For example, that gateway can see the content you’re asking it to load through IPFS requests. The gateway could potentially also lie about the content it is serving you.”

IPFS is an open source project supported by Protocol Labs, a company focused on similar distributed technology initiatives like Filecoin, a cryptocurrency-funded distributed storage service. IPFS and Filecoin are intended to complement one another, with IPFS offering transport and Filecoin offering a monetized storage scheme by which clients pay for availability and cyptominers get paid for providing storage.

Already, there are a few IPFS-oriented services available, like publishing platform Textile and e-commerce site OpenBazaar.

Hypercore (formerly DAT), implemented in the Beaker browser, and Swarm are rival protocols that are similar to IPFS.

All about the content

IPFS files are requested using a content address rather than a location address, a Content Identifier (CID) that's a cryptographic hash instead of a server address and file path.

Such files get distributed, split into blocks and stored on different network nodes, a process used by BitTorrent. These blocks are linked through a data structure known as a Merkle directed acyclic graph.

IPFS, it's claimed, has advantages over traditional web protocols, specifically in terms of bandwidth economy and censorship resistance.

"Today, Web users across the world are unable to access restricted content, including, for example, parts of Wikipedia in Thailand, over 100,000 blocked websites in Turkey, and critical access to COVID-19 information in China," said Molly Mackinlay, project lead at IPFS, in a statement. "Now anyone with an internet connection can access this critical information through IPFS on the Brave browser."

But not everyone will be able to do so quickly – IPFS has been dogged by complaints that it's slow. And those who choose to run IPFS nodes may find it taxing on their local computing resources.

Then there's the issue of how content-based addressing tracks content changes – when a content hash is how you find a file, you need a way to point people to updates that have a different hash. IPFS has naming system called IPNS for that, but it too has its critics.

Back in 2019, developer Tom MacWright concluded that IPFS still wasn't usable for websites.

" still has a web-centric message and promises that it’s useful here and now," he wrote. "It promises ‘fast performance’, and support for ‘huge datasets’. These are goals, not realities. An effort to put 300TB of data was met with mixed results and notes about adding and retrieving data being extremely slow."

Brave looks brave for taking a chance on technology that may need a bit more time in the oven. Mainstream browsers like Chrome, Edge, Firefox, and Safari haven't yet made the leap, even though Mozilla has been talking about IPFS support for years. Perhaps there's a reason for that.

The decentralized web has a lot of support but it also has to meet fairly high expectations. ®

Other stories you might like

  • Millions of people's info stolen from MGM Resorts dumped on Telegram for free
    Meanwhile, Twitter coughs up $150m after using account security contact details for advertising

    Miscreants have dumped on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief.

    The vpnMentor research team stumbled upon the files, which totaled 8.7 GB of data, on the messaging platform earlier this week, and noted that they "assume at least 30 million people had some of their data leaked." MGM Resorts, a hotel and casino chain, did not respond to The Register's request for comment.

    The researchers reckon this information is linked to the theft of millions of guest records, which included the details of Twitter's Jack Dorsey and pop star Justin Bieber, from MGM Resorts in 2019 that was subsequently distributed via underground forums.

    Continue reading
  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading

Biting the hand that feeds IT © 1998–2022