Hello, won't you tell me your name?: Investigating Anonymity Abuse in IPFS

TL;DR

This paper investigates how malicious actors can exploit IPFS's anonymity features to upload and spread harmful content, highlighting the limitations of pinning services and public gateways in content moderation.

Contribution

It systematically evaluates the vulnerabilities of IPFS's anonymity features and pinning services in preventing malicious content dissemination.

Findings

Pinning services and gateways lack mechanisms to restrict malicious content.

Malicious actors can exploit IPFS's anonymity for harmful content dissemination.

Current IPFS infrastructure does not effectively mitigate abuse.

Abstract

The InterPlanetary File System~(IPFS) offers a decentralized approach to file storage and sharing, promising resilience and efficiency while also realizing the Web3 paradigm. Simultaneously, the offered anonymity raises significant questions about potential misuse. In this study, we explore methods that malicious actors can exploit IPFS to upload and disseminate harmful content while remaining anonymous. We evaluate the role of pinning services and public gateways, identifying their capabilities and limitations in maintaining content availability. Using scripts, we systematically test the behavior of these services by uploading malicious files. Our analysis reveals that pinning services and public gateways lack mechanisms to assess or restrict the propagation of malicious content.