AMA with Brave and IPFS

by Feb 8, 2021AMA, Community

Welcome to the latest post in our series of BAT Community-run AMAs. 

The ongoing AMA series is an opportunity for our users and fans to get to know the Brave team, and, as of recently, guests from Brave’s partners.  

Brian Bondy, Brave’s CTO & Co-Founder, and Dietrich Ayala, Ecosystem Lead at IPFS, participated in the latest Ask Me Anything on r/IAmA, a sub-community of Reddit (known to Redditors as “subreddits”) made up of over twenty million members and dedicated to interactive question-and-answer interviews (AMAs) of all varieties. The AMA received 4.6K upvotes and 17 awards from Redditors, ranging from “Helpful” to “Platinum”.

Recently, Brave and IPFS announced a partnership, and together unveiled a native IPFS implementation in the Brave desktop browser. IPFS, or InterPlanetary File System, is a peer-to-peer network and protocol designed to make the web faster, safer, and more open. With this integration, Brave is the first web browser to offer native IPFS Support to its users, which it considers a key milestone in its quest to make the Web more transparent, decentralized, and resilient. 

Brian and Dietrich marathoned well past the AMA’s scheduled end time, fielding questions from Redditors about how the native IPFS integration works in Brave, the ways IPFS can inhibit data manipulation and censorship on the web, and future capabilities that could integrate IPFS and Basic Attention Token (BAT). Highlights can be found below, with a link to the full AMA at the bottom of this post.

Trojen-horse: I joined Brave over the privacy aspect, how would you explain IPFS to a total newbie?

Dietrich: IPFS is a content access and distribution protocol that addresses content by *what* it is instead of *where* it is. A website domain today is the "where" your browser finds the URL you asked for, and then asks for the content, and renders it. IPFS can be used similarly, but also enables a lot more privacy/security models than HTTP does—so looks *very* different in comparison.

Here are some things IPFS does that affect everyday web usage:

  • Accessing content you've already been to—revisitation dominates browser navigation tasks for regular users. With IPFS content, the content you've already browsed is fetched from your local node EVEN IF YOU'RE OFFLINE.
  • Websites or pages offline: Maybe it's a DDOS. Maybe they forgot to renew their SSL cert. Maybe they got the Reddit hug of death. Maybe the company was bought by Facebook/Twitter/Google/whatever. If you went there, you can still go there with IPFS—either you or someone else can still access and serve that content.
  • Offline local network collaboration: IPFS nodes discover each other over local subnets, so you can be in Brave working over IPFS with other people even if the network isn't connected to the internet.

Brian: Today's web is expensive for publishers, it's lossy, unversioned, centralized and easily censored. URLs contain mutable data which isn’t ideal for the future of blockchains and oracles. IPFS gives users a new way to solve these problems and Brave allows you to load content now that uses IPFS.

BlutterfiesFutterBly: Found Brave a few months ago and just wanted to thank you. Between native crypto, VPN, and now IPFS integration, it’s much more than just a browser. You’re seriously saving people who don’t even realize they’re victims.

What led you to decide to create a new browser? Have you had any legal pushback? Anything I can do to help as a consumer?

Brian: Thanks, some other cool things we have is Tor support and WebTorrent support as well.

Browsers have continued innovating but have been stagnant in a lot of ways. Several browsers have been saying they'd add Tor and IPFS support for years, but they just haven't done it yet.

Brave is by far the most private and innovative browser that is built off of Chromium. Chromium is great, but I don't want to sign into my browser and have my data synced to Google's servers.

I don't want to be tracked across the internet, and I enjoy being paid for my attention for opt-in user private ads. So that's why we have Brave.

No we haven't had any legal pushback.

Illbefinewithoutem: Isn't using chromium a privacy liability though?

Brian: No, we deviate significantly from Chromium in areas that involve user privacy and for things that call out to Google's server. See here for more information.

Also see here for a lot of ways that we're innovating in the user privacy area.

Pete Snyder and his team are leading a lot of great work in this area.

Btw, our Sync is pretty awesome too and works cross platform.

Hat tip to Jocelyn, Anthony, and Alexey from Brave.

Client side encrypted data with keys that never leave your computer. You can transfer them via a QR code or BIP39 keywords. [Enjoy!]

Xtze12: How is IPFS different from torrents? As a layman, why should I be interested in this?

Dietrich: With IPFS, data is addressed at the block level, not just at the file level. For example, with BitTorrent you have to choose whether to zip up those 10,000 files into one huge torrent, or in smaller groups by category or individually. With IPFS, you can link all those files and share addresses for all or parts in different ways. The swarming network behavior is similar, but in IPFS things like metadata and chunks do not need to be contained in a separate manifest like Bittorrent.

Brian: I don't believe different torrents share swarms, but IPFS has a global DHT and network. We do have support for WebTorrent as well built in.

Mainly we just want to make sure that we can provide the content users want to access in Brave.

Zuntinen: Hi! Thanks for your AMA! I'd like to ask you, is IPFS really private and/or anonymous? I've been following their Github for some time in the past: back then they refused to implement private mode and Tor support. Does your IPFS implementation leak local network info to the swarm?

Brian: There's definitely a different privacy model to be aware of. We highlight that here and when the user chooses to install a local node or Gateway.

I also get into it more here.

We'd like to adopt Tor transport in the future for when a user is using a local node.

For Tor windows in Brave, we currently don't allow ipfs: and ipns:

For private windows, we currently disable it, but we're discussing how best to accomplish that here.

Dietrich: Out of the box, IPFS has transport encryption so network-level snooping is mitigated. However, the IPFS public network is exactly that: public. People can see what you're serving and what you're requesting on the network. Many applications encrypt at the app layer. But you also don't need to use the public network—some applications use IPFS between exclusive sets of nodes, making dynamic private networks or purpose-specific networks. IPFS is a protocol that encompasses a lot more privacy/security models than HTTP does—so looks *very* different in comparison. You can read more about IPFS privacy defaults and approaches here: ipns://docs.ipfs.io/concepts/privacy/

I don't think there was a refusal to implement privacy features, so much as that a privacy-preserving DHT is something that is still an unsolved problem. There have been a few efforts at a Tor transport for libp2p—the Berty project is working on one now. You can implement private networks today in IPFS, without using the public DHT. The barrier here is that ensuring user privacy in a peer-to-peer way is very difficult and the harms are real. P3Lib looks promising.

CuriousTitmouse: What is the most exciting thing to you both about Brave?

Dietrich: The web, architecturally speaking, has been static for a long time—decades. The presentation layer has grown, but the network, security and trust models haven't — and those are the most pressing issues we face today. The most exciting thing about Brave for me is to have a browser that is pushing *hard* on bringing new models of interaction to the web, not just privacy but with the IPFS integration the barriers to entry are far lower to experiment with new models of trust, exchange of value, cooperative computing and network resilience.

Brian: Since the start it's been the ambition of Brave for me. Our culture is centered around being a user's agent and we are not afraid to innovate for the user's benefit.

We can innovate in a way that’s not beholden or influenced by a major search engine. The opt-in ads system gives Brave a way to get revenue to maintain itself in a way that many browsers can't.

Whatstevedid: For those who would rather use a minimalist browser, is it possible to get a version of Brave (Brave Lite if you want) that has core functionality only? Keep the ad and tracker blocking in, but forego the BAT, Crypto, VPN, sponsored images etc etc. I know you guys need to make money but it’s honestly starting to feel a bit like Brave is heading in the same way as other browsers have done—bloated. Just an opinion of course, I still love the product!

Brian: We try to build everything in a way that's configurable. For example for this IPFS feature you can completely strip it away in brave://flags.

We're happy to consider it a bug for any major aspect that you can't disable.

Performance and user privacy is paramount. If something is affecting either of those, it won't be shipped.

FaustusC: How concerned are you about data manipulation on the internet? [Other browser] Not just filtering, but removing things from the index to control what people can see. What can we, as citizens, do to prevent this and protect free data sharing?

Dietrich: We're all in the crucible of free speech and public safety right now. The content-addressed approach of IPFS means that you can trust that the data you requested has not been tampered with. This is a step towards trust that the web today doesn't have. Regarding content controls - right now we cede those decisions to corporations like Twitter, Facebook and others, which isn't serving the needs of most people. Tools for individuals to control their experience online are key to reducing harassment and abuse. While peer-to-peer networking can help keep data available, node operators are also subject to the laws created in the societies they live in, just like any other method of publishing online.

Brian: I think it's a valid concern for many things, not so much a concern for other things.

But that's the nice thing about IPFS, you know that the URI you're loading is the immutable data that was first put there.

With Brave having the ability to host and manage a local node, you can be certain your local node is verifying the content correctly before it is served to you.

JustinMurray007: Will BAT be taking advantage of IPFS capabilities in any way? I see smart contracts can be programmed to use IPFS and Filecoin for storage and such. I'm curious as to what partnerships or capabilities/features may arise out of this integration.

Brian: Regarding BAT and IPFS, I was thinking of at least 3 opportunities for integration. If a website is opened via DNSLink (which we'll support later this year) then we can already use their domain info to allow tips to that creator's content.

It'd also be neat to allow the creators site to "prove" they own certain IPNS content using their libp2p-key. They would basically add content they own and prove they own it in the creator’s portal. They could later collect tips that way.

Another idea is relating to the publishing of content while browsing the web. We could allow users to pin any content that they’re browsing to another IPFS node and to pay using BAT for that pinning. This could be done both with virtual BAT before it is withdrawn to an exchange, or with user wallet funds inside Brave’s Crypto Wallets, or using another Ethereum remote client like Metamask.

We’re also exploring ideas relating to decentralized extension installation and NFTs, and possibly as an alternate option for ENS resolution.

I'd love to hear other ideas if people have them too!

Semtex94: The decentralization of web content seems to place a lot of faith in the ability of participants to always provide online access to their storage and not modify the contents while it is there. How do you plan to prevent that?

Brian: Well, they can change the content, but it would be at a different URI. Not all content will move to IPFS, it's for different use cases than HTTPS. So mainly it can co-exist and we don't need to put all our faith in a single protocol.

Menticherelereit: Are there legal risks of being an IPFS node in Brave? IIUC that means I might be treated as "seeder" of a file if it's copyrighted etc? How does IPFS deal with bad actors hosting (and thus making trivially easily publicly accessible) illegal/harmful content? Doing nothing might lead to crackdowns from the regulators. Thanks for fantastic work!

Dietrich: As a node operator you are responsible for content you host under the laws of the country you're operating the node in, the same as running any kind of server.

The IPFS protocol itself gives the node operator the control over what content to host or block—already a big difference from participating in networks that individuals do not control when and where they're faced with harmful content. Content moderation right now is decided by corporations. Legislation and good tools for individual control of content are both key to creating spaces online which balance free speech with public safety.

Brian: Re 1. If you're using a local node for IPFS option in Brave, then content that you access can be served from your node afterwards. We outlined this here: https://support.brave.com/hc/en-us/articles/360051406452-How-does-IPFS-Impact-my-Privacy- and mention it before the user picks to use a local node.

Re 2. I see this working in a way similar to how our ad blocking works in Brave. In the future you could subscribe to different blocking lists that you'd like and we'd default some on but allow you to pick.

Ihaveskittles: Hi Brian, I love Brave's mobile browser and have been using it for a year! However, I was not a fan of Brave's desktop browser, when I tried it a year ago. Why should I switch from Firefox with Ublock Origin, Privacy Badger, HTTPS Everywhere, and containers?

Brian: Extensions can't save you from these types of problems in Chrome, but Brave can.

You mentioned Firefox though. I like Firefox, I worked for Mozilla for a long time. I think they're beholden to their search partner though.

We're innovating in privacy in many ways that Firefox hasn't gotten to yet.

Do a search for "What’s Brave Done For My Privacy Lately?" Pete Snyder has been doing a great job blogging about some of these efforts.

You should try giving Brave desktop another chance. Sync is pretty great with desktop and mobile and you might have tried it a long time ago before we did a rewrite that made everything work much better. https://brave.com/download

JustinMurray007: What are some of your favorite dApps or websites that currently take advantage of the Brave browser's integration of IPFS?

Dietrich: The IPFS blog of course: ipns://blog.ipfs.io/

Wikipedia: ipns://en.wikipedia-on-ipfs.org/wiki/

I love finding cool presentation experiments like this art book: ipfs://bafybeidp2vzltxyqdivfuaqcwya2yjklonub2isqdrgqxap3guf4my5esy/Proveloop/SPL01_111.html#p=1

TiddlyWiki on IPFS! ipns://bluelightav.eth/

Vault74 is an amazing and beautifully designed collaboration space: ipfs://bafybeic53mvs3qwvyrf77qtfnhntekrk3jgunzgbmv4e7r326bkltin6x4/

My favorite: ipfs://bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi/

One of the challenges of the dWeb thus far is that until now there hasn't been a way to easily access content - at least as easy as a modern web browser. So lots of IPFS content is behind or embedded in other systems. Now that native IPFS content is accessible directly in a major browser, I think we're going to see a lot more content and apps publishing with the web browser as a target, instead of native apps, etc.

Brian: I think Origin Protocol is pretty cool. We've used them for our Brave Swag Store. They basically create a site on IPFS with some smart contracts that has no server side component. You can read more about that here.

I was an early user of Crypto Kitties even before they launched and I met the team at ETHWaterloo. My wife even used them to buy virtual kitties. Kudos to them for getting so widespread.

Read the full AMA here.

Listen to Brian and Dietrich’s recent interview on the BAT Community Podcast: https://www.youtube.com/watch?v=W6aBrmmJKgo&t=5s 

See our recent AMA with Brian Clifton, VP of Engineering at Brave, here

Follow the BAT Community’s Updates here: https://www.reddit.com/r/BATProject/

Related Articles

Continue reading for news on ad blocking, features, performance, privacy and Basic Attention Token related announcements.

Ready to Brave the new internet?

Brave is built by a team of privacy focused, performance oriented pioneers of the web. Help us fix browsing together.
Download Brave