Privacy Policy for IPFS Monitoring

Who are you?

We are a team of researchers from the Weizenbaum Institute for the Networked Society in Berlin, Germany. Our team focuses on trust in distributed systems.

What data are you collecting?

As part of our ongoing research, we are collecting data requests on the IPFS network. These requests are broadcast by nodes participating in the network to their immediate peers as part of their normal operation. The requests are broadcast to a large number of randomly chosen nodes in the network and thus, in principle, public. What we did is to set up the necessary infrastructure to collect requests from a large portion of the network simultaneously.

In detail, we collect this data:

1. Bitswap request traces. These are records of the following form:

   peer ID, CID, timestamp, request flags, potential origin addresses

   Where the request flags contain properties of the request, such as its type or priority. The origin addresses are a list of multiaddresses of the sending peer, which in turn usually contain IP addresses.

2. Connectivity information of our monitoring nodes. This is essentially a list of peers we are connected to, of this format:

   peer ID, multiaddress(es)

   We collect these lists periodically.

Why are you doing this?

We started this research as an explorative thesis project on what could be learned from monitoring data requests on IPFS. We are currently working on a research project funded by Protocol Labs to conduct measurements on the activity and structure of IPFS using our passive monitoring methodology.

Our overarching goal is to derive general, non-personalized insights and statistics about the state of IPFS and activity on BitSwap. We plan to make the results of our research public but will not make our raw collected data public at any point.

We are also actively developing better methods for gathering and processing data about the IPFS network and displaying synthesized results. For example, we are developing an analysis and data processing methodology which can run in real-time on our monitoring nodes, potentially making the longer-term storage of collected data obsolete. We use collected data for testing purposes during the development of new methods and their implementations.

We will use the collected data only for furthering the goals outlined above. We will use collected data only for purposes that are explicitly stated in this document and purposes that are permissible with respect to Art. 6 (4) GDPR.

On what legal basis are you collecting and storing this data?

We operate within the bounds of European data protection law, specifically Art. 5 (1) (e) GDPR.

For how long are you going to keep this data?

We are storing this data for up to 24 months or until we do not need it anymore to complete our research, whichever comes sooner. We are constantly reflecting on our data storage practices. If we conclude that some data fields or whole data sets are no longer needed for our intended purpose, we will delete them accordingly.

Who are you sharing this data with?

We are sharing this data, on request, with researchers working on thematically similar topics, only after we are convinced that our data helps them in their research and that the goals of their research overlap with our own purposes for collecting and storing the shared data. In each individual case, we determine the minimal subset of data that is necessary to hand out. We also notify the receiving researchers of the delicate nature of this data and ask them to handle it responsibly and in line with our own privacy policy.

I have questions. Can I contact you?

Of course! You can contact us via email. You can also contact us via mail at

Research Group 17 - Trust in Distributed Environments 
Weizenbaum-Institut e. V. 
Hardenbergstraße 32
10623 Berlin
Germany

What are my rights?

You have the right to be informed about the data we collect about you. If you have the right by law, you can correct, delete or limit the data we collect about you.