Write up the security + privacy implications of running IPFS Service Worker

[flyingzumwalt]

In order to be confident about deploying the IPFS service worker we want to ensure security + privacy for users running the service worker.

1. Document all of the implications of running the service worker:
   • possible exploits
   • what information might get leaked, when it might get leaked
   • scenarios where users are fine with doing things publicly and non-anonymously
   • etc.
2. Identify possible strategies for mitigating any security or privacy concerns
3. Seek review from security-minded collaborators

[samholmes]

First thought. IPFS uses content-address to verify that the content is the content for which you are looking. This means that SSL certificates are not needed in order to prevent man-in-the-middle attacks.

The only time when I can see a sort of man-in-the-middle attack is when a resource (web page) includes a dependency for which it doesn't have control over (3rd-party IPNS addressed library). In this case, the application would need to trust this IPNS address to not be malicious. Ultimately, control over what the dependency could access would be preferable.

Not much else to comment at the moment.

[lidel]

Worth being aware that in event of HTTP gateway misconfiguration, ServiceWorker could take control over all /ipfs/* and /ipns/* gateway responses.

Details: ipfs/kubo#4025 + additional explanation in ipfs/kubo#4025 (comment)