►
From YouTube: Protecting IPFS gateways at scale - Matt Ober
Description
IPFS gateways are an important portal into the IPFS network, but running publicly accessible IPFS gateways comes with great risk and responsibility. In this talk Matt will discuss common challenges that IPFS gateway operators will encounter and how Pinata has solved for them.
A
Alrighty,
this
is
a
talk
called
protecting
ipfs
gateways
at
scale
to
start
off
with
who
am
I.
My
name
is
Matt
I'm,
one
of
the
co-founders
of
pinata
and
am
the
CTO
of
the
company
as
well.
A
If
you
don't
know
pinata,
we
are
a
pinning
service
that
offers
ipfs
storage
service
and
a
lot
of
other
features
as
well.
We're
constantly
growing
that
feature
stack,
but
the
one
I'll
be
focusing
in
in
on
today
is
our
Gateway
product,
as
it'll
probably
relate
to
a
lot
of
you
out
there.
That
may
be
looking
to
run
your
own
ipfs
gateways.
A
So
for
those
of
you
that
don't
know
what
is
an
ipfs
Gateway
I,
imagine
many
of
you
in
the
room
probably
know
the
answer
to
this,
but
hopefully
this
will
be
helpful
for
the
people
on
the
recording,
an
ipfs
Gateway
is
simply
an
ipfs
node.
A
Excuse
me,
an
ipfs
Gateway
is
a
node
that
operates
as
a
portal
into
the
ipfs
network.
So
not
everybody
is
capable
of
running
an
ipfs
node
on
their
machines
right
now,
or
they
may
not
want
to
whether
it's
for
resource
constraints
or
whether
it's
for
cost
purposes
efficiency.
What
have
you
either
way?
An
ipfs
Gateway
essentially
acts
as
a
portal
into
the
network
for
these
people.
You
can
access
it
via
a
URL,
similarly
to
how
you
would
just
access
a
normal
website.
So
in
the
diagram
here
we
see
a
user.
A
That's
going
to
be
you
accessing
content,
you
ask
the
ipfs
Gateway,
you
say:
hey
I
want
this
content
and
it's
going
to
go
out
and
it's
going
to
go
search
the
ipfs
network
for
that
content
for
you
and
it's
going
to
return
it
in
the
case.
Here
we
have
a
node
with
that
content,
it's
going
to
first
go
to
the
gateway.
Then
it's
going
to
go
to
the
user
and
that's
how
content
gets
served
through
ipfs
gateways.
A
So
there's
a
lot
of
well-known
public
gateways
out
there
in
the
ipfs
network
and
if
you
go
to
GitHub,
you
can
search
for
this
thing
called
the
public
Gateway
Checker.
This
is
a
tool
that
monitors
public
gateways
that
are
available
for
public
usage
and
their
current
status,
whether
they
are
online
or
not,
and
if
you
notice
here
at
the
bottom
of
the
list,
we
have
a
lot
of
gateways
that
are
offline
and
actually
the
slide
doesn't
show
this.
But
if
you
scroll
down,
you
would
see
an
even
bigger
list.
A
A
These
are
going
to
be
challenges
that
pretty
much
anybody
looking
to
run
their
Gateway
is
going
to
run
into
so
the
first
one
is
just
going
to
be
huge
costs
of
operations
running
an
ipfs
Gateway
at
scale
is,
is
very
expensive
and
you
may
think
to
yourself
you
say:
oh
well,
my
Gateway
is
not
going
to
be
at
scale
we'll
see.
So
how
we
kind
of
see
this
playing
out
a
lot
of
times
is
a
public
Gateway
works.
Great
people
start
using
it
to
retrieve
data
everybody's
happy.
A
A
Okay,
public
Gateway
is
working
great,
again,
everybody's
happy,
and
now
we
have
a
continuous
loop
and
we
call
this
the
tragedy
of
the
Gateway
Commons
effectively.
What
I
mean
by
this
is
just
public
gateways
kind
of
suffer
from
this
tragedy
of
the
commons,
where
the
more
people
that
use
them
the
more
congested
they
get
and
then,
as
more
people
use
them
right,
you
need
to
throw
more
resources
at
it,
which
in
turn
makes
it
more
reliable,
which
means
that
more
people
want
to
use
it
again
and
pretty
soon
you're
operating
the
world's
largest
free
CDN.
A
It's
not
a
very
profitable
Venture.
In
fact,
it's
a
very
bad
business,
so
pinata
from
our
very
beginning
has
operated
a
public
Gateway
gateway.pinata.cloud.
We
still
are
operating
this
Gateway
and
we
solved
for
this
on
gateway.pinata.cloud
with
rate
limits.
It's
it's
pretty
simple:
we've
we've
very
limited
our
Gateway.
So
if
you
want
to
use
it
right,
there's
going
to
be
a
limit
to
how
much
you
can
use
it
for
free.
A
A
Now,
how
did
we
solve
for
this
with
dedicated
gateways?
So
for
those
of
you
that
don't
know,
dedicated
gateways
are
a
product
that
pinata
offers
basically
as
an
alternative
to
a
public
Gateway.
A
If
you
don't
want
rate
limits,
and
you
want
performance
well,
if
you
want
to
pay
for
it
right
we're
here
to
support
you
we're
here
to
support
your
Enterprise
use
case,
as
is
the
track
name
today,
so
yeah
we
offer
these
up,
you
can
pay
for
them,
pay
for
your
bandwidth
usage,
your
your
requests
right,
a
lot
of
other
nice
functionality
that
comes
with
them.
You
know
you
can
put
your
brand
name
in
it
stuff
like
that,
but
again
yeah.
We
don't
want
to
rate
limit
these
right.
A
That's
a
bad
user
experience,
especially
when
you're
paying
for
it
so
rate
limits,
don't
really
work
there
and
and
kind
of
how
we
monitored
for
started
with
this
was
manual
monitoring
of
abnormalities.
A
So,
if
you
know
we're
looking
at
our
analytics-
and
we
see
one
one
particular
Gateway,
just
all
of
a
sudden
rocketed
up
a
thousand
percent
usage
in
a
day
right-
we
may
want
to
reach
out
to
that
team
and
let
them
know
like
hey
guys
like
something
might
be
going
on
here,
and
we
still
kind
of
do
this
to
this
day,
not
not
like
at
a
deep
level,
but
just
at
an
overall
system
level
to
see
if
anything's
going
wrong
and
work
with
our
customers
to
make
sure
that
their
usage
is
lining
up
with
their
expectations,
and
we
actually
do
have
a
lot
of
things
kind
of
coming
down
the
line
that
should
help
with
this
in
a
more
automated
fashion.
A
So
phase
two
right
is
planned
limits
right
this.
This
may
be
a
little
unpopular,
but
we
actually
view
this
as
a
feature.
One
of
the
first
things
we
got
when
we
came
out
with
these
dedicated
gateways
was
hey,
can
I
have
some
limits
that
prevent
me
from
basically
just
getting
hit
with
huge
overage
charges
and
yeah
with
plans
that
have
set
expectations?
You
know
that
you're
never
going
to
be
charged
an
astronomical
amount
of
money
because
something
unforeseen
happened.
A
It
allows
you
to
kind
of
plan
your
usage
a
little
bit
more
and
for
those
people
that
are
looking
for
truly
uncapped
right.
Then
we
can
work
with
you
at
an
Enterprise
level
to
make
sure
that
that
doesn't
happen.
We're
never
going
to
cap
people
that
truly
don't
want
it
and
then
the
third
thing
is
we
have
these
things
called
Gateway
controls.
This
is
in
beta.
So
if
anybody
watching
this
or
here
today
wants
access,
let
us
know
we'd
be
happy
to
add
you
to
the
beta
program,
get
your
feedback
on.
A
What's
working
and
what's
not
so
this
is
kind
of
what
we
say:
you're
in
control
of
what
you're
serving
all
of
the
content
that
we
are
now
serving
through.
Our
new
gateways
is
going
to
be
restricted
by
default.
So
what
this
means
is,
you
have
to
have
it
pinned
to
your
account
to
serve
it.
This
is
kind
of
forced
upon
you
and
that
if
you
want
to
access
content,
that
is
not
pinned
to
your
account.
A
If
you
want
to
pull
content
from
the
rest
of
the
network,
we
require
you
to
have
a
security
control
in
place.
So
what
that
looks
like
in
practice
is
going
to
be
either
either
an
access,
token
restrictions
to
IP
addresses
or
like
host
Origins
kind
of
in
the
form.
Of
course,
we'll
probably
have
some
more
of
these
in
the
future,
but
this
is
a
good
starting
point
that
fits
probably
that
90
95
percent,
that
a
lot
of
people
have
been
asking
for
so
and
the
whole
thing
here
is.
A
We
want
to
make
sure
that
anytime,
somebody
is
requesting
content,
that's
like
not
default
on
their
account,
they're,
the
ones
that
are
actually
requesting
that
content,
and
it's
not
just
some
person
out
on
the
internet,
that's
using
their
Gateway
as
a
free,
CDN,
okay,
so
another
problem,
that's
facing
ipfs
gateways
is
going
to
be
illegal
content
distribution.
This
is
a
fun
one.
There's
like
a
common
quote
out
there:
it's
like
you,
either
die
a
hero
or
live
long
enough
to
implement
content
moderation
and
even
in
decentralized
land
right.
A
This
is
still
very
true,
so
there's
things
that
are
legally
risky
for
your
platform
here
we
have,
like
dmca,
requests,
think
illegal
movies,
music,
pirating
stuff,
like
this
right.
You
guys
are
aware
of
this.
You
look
through
the
Napster
days
or
right.
This
isn't
new.
A
A
They
come
after
you,
so
as
a
Gateway
provider,
you
are
responsible
for
making
sure
that
that
content
is
not
served
or
again,
you
can
be
sued
and
that's
not
fun,
and
then
these
are
what
we
call
risks
to
your
entire
platform
right.
This
is
like
that
treacherous
stuff
that
is
not
only
illegal
but
also
like
malicious.
A
So
this
is
going
to
be
things
like
malware
viruses
csam
this.
This
is
like
horrific
content
that
you
do
not
want
served
through
your
platform.
Fishing
content,
this
one
in
particular
I'm
going
to
go
into
a
little
bit
deeper,
so
story
time.
A
This
year
earlier,
around
March
I'm
going
to
call
this
the
day
of
chaos
right
this.
This
is
probably
one
of
the
most
stressful
days
that
I've
ever
encountered
in
my
life,
so
around
3,
A.M
I
get
woken
up
to
some
alerts
and
our
website
is
entirely
offline
and
we
soon
find
out
that
our
entire
API
is
offline.
A
Basically,
what
we've
figured
out
soon
is
that,
like
pinata.cloud
as
a
domain,
name
is
no
longer
resolving
on
the
internet,
so
nothing
like
we're
wiped
off
the
face
of
the
internet.
We
have.
We
have
no
idea.
What's
happened,
there's
nothing
in
our
email!
There's
nothing!
You
know
in
our
our
provider
so
like
we
had
like
namecheap
at
the
time.
It's
like
okay
nothing's
in
there
nothing's
in
cloudflare.
A
We
have
no
information,
so
all
we
know
is
like
we're
offline
and
then
eventually
we
just
start
Panic,
calling
like
every
point
of
contact
every
email
we
can
find-
and
this
lasts
for
about
like
an
hour
and
a
half-
and
this
is
this
has
been-
is
like
very
stressful
right,
so
name,
sheep
gets
back
to
us
and
they're
like
okay.
Also
for
you
guys
that
are
hosting
things
out
there
on
the
internet,
unless
you
have
some
like
dedicated
Enterprise
support
line,
getting
fast
action
for
things
like
DNS
is
borderline
impossible.
A
You
get
sent
to
some
cue.
A
support
agent
will
eventually
get
to
it
and
unless
you
have
again
like
kind
of
pre-made,
this
expensive
contract,
it's
going
to
be
slow
to
resolve
so
so
be
aware
of
this.
So
namecheap
gets
back
to
us
and
they
say
yeah.
You
guys
have
been
blocked
at
the
DNS
level,
but
it's
not
us
that
blocked
you.
This
happened
at
the
dot
Cloud
level,
so
the
dot
cloud
provider
took
us
off
the
internet
and
we're
like
okay.
Well,
why
did
this
happen?
Namecheap
had
no
idea
so
again.
A
Panic
call
in
email
and
ensues.
Q
me
call
in
some
random
Italian,
like
I
found
out.
Some
Italian
company
runs
the
dot
Cloud
domain
and
I
call
their
support
line
and
they're
like
well.
Are
you
a
customer
I'm
like
well
kind
of,
but
not
really?
And
it's
just
some
support
agent?
That's
they
think
that
I'm
using
this,
this
company's
email
service.
They
have
no
idea
that,
like
deep
under
the
hood
of
their
organization,
they
run
the
entire
dot
Cloud
domain
for
the
entire
internet.
A
It's
not
the
fault
of
the
support
agent,
but
it
is
one
of
those
things
we're
kind
of
reaching
like
deep
levels
of
the
internet
and
eventually
what
happened
is
I
found
some
email
contact
for
I
think
there
was
like
their
head
of
operations,
I
found
it
on
like
LinkedIn
or
whatever
sent
him
an
email
thank
God.
A
He
was
looking
and
he
eventually
starts
talking
to
us
and
they
got
to
send
some
information
over
to
the
United
States
and
eventually,
all
this
resolves
at
like
around
6
50,
where
our
DNS
records
are
resolving
again.
So
this
is
about
a
four
hour
outage,
where
our
entire
service
is
offline.
Okay,
so
what
happened?
And
how
can
you
prevent
this
meet
the
Fisher?
For
those
of
you
that
don't
know
what
fishing
is
I'm
going
to
talk
about
it?
A
Fishers
are
basically
people
that
they
want
to
steal
your
email
credentials,
so
they
make
these
fake
websites
here's
an
example
of
the
Microsoft
login
and
they
create
a
fake
website.
That
looks
like
the
Microsoft,
login
and
they're
going
to
send
it
out
and
they're
going
to
try
and
trick
people
into
logging
into
this
fake
website,
so
they
can
get
your
credentials.
A
This
is
how
a
ton
of
hacks
happen.
A
ton
of
data
breaches,
it's
really
just
social
engineering
and
phishing.
So
this
is
a
big
problem
just
globally
in
general,
but
the
Fishers
discovered
that
you
can
use
ipfs
to
host
websites
and
then
they
also
discovered
that
you
can
use
gateways
to
serve
these
websites
and
it's
not
associated
with
your
domain.
So
you
basically
have
no
link
back
to
you
as
the
Fisher
and
you
can
continually
pump
out
these
phishing
websites
with
effectively
zero
cost
Fisher's
Paradise.
A
A
If
you're
a
service
provider,
chances
are
you're,
probably
listed
there
too
I
don't
really
troll
the
dark
web,
so
I
don't
know,
but
there's
a
hunch
yeah,
so
they
send
out
these
fake
emails,
tricking
people
to
log
in
and
the
victims,
don't
realize
it's
fake
and
they
actually
provide
the
credentials
to
the
Fisher
okay.
So
how
did
this
get
pinata
taken
offline?
A
So
there's
a
bunch
of
these
scanning
Services
out
there
on
the
internet
that
they
they
monitor
for
reports
of
phishing
content
and
when
they
find
it
they
they
go
and
take
action
right.
So
all
these
Enterprise
companies,
your
microsofts,
your
your
Googles,
your
health
care
providers,
right
A,
lot
of
them
subscribe
to
these
like
email
services
that
scan
emails
and
they're
like
all
right.
Here's
a
phishing
link
report,
it
right
and
then
block
it.
So
when
that
happens,
the
phishing
contents
encountered
an
automatic
takedown
requests
are
sent
out.
A
These
get
sent
out
eventually
to
your
top
level
domain
provider.
In
the
case
of
pinata.cloud
again,
our
top
level
domain
provider
received
a
takedown
request
and
then
just
locked
us.
They
blocked
us
down.
They're
like
all
right
this.
This
domain's
serving
fishing
content,
you're
gone
and
the
pain
point
of
this
is
like
we
have
abuse
contact
information
listed
on
our
website.
This
was
not
contacted
at
all.
We
received
zero
communication
from
any
of
our
service
providers.
A
It
was
up
to
us
to
figure
out
who
to
contact
and,
like
all
of
our
official
contacts,
we
tried
namecheap
cloudflare
sorry
Tebow
had
no
idea
like
who
to
contact
for
resolution.
We
were
kind
of
in
the
dark
and
expected
to
figure
this
out
on
our
own
and
I
want
to
stress
this
enough,
like
we
ended
up
getting
lucky
here,
that
some
high-level
employee
at
the
dot
Cloud
domain
was
checking
his
email
and
had
enough
knowledge
and
access
to
to
know
what
was
happening
and
who
to
contact.
A
So
we
ended
up
getting
really
lucky
here,
and
this
is
why
I'm
giving
this
talk
is
because
the
whole
point
here
is
that
proactivity
is
what's
going
to
protect
you
here.
Being
reactive
is
not
enough
to
protect
you
from
these
kind
of
scenarios.
So
how
did
we
protect
our
systems?
We
found
and
subscribed
to
scanners,
that
our
domain
providers
were
using
to
identify
this
content,
so
we
now
have
a
direct
like
feed
to
all
the
things
that
our
providers
are
seeing
and
identifying
bad
content
with.
A
So
if
we
see
something
right
that
gets
insta-blocked,
which
then,
when
the
provider
checks
it
they're
like?
Oh,
it's
been
blocked,
they're,
good
right,
it's
kind
of
like
a
race
against
the
band
Hammer
you
you
want
to
win
that
race,
and
then
we
also
worked
with
our
domain
providers
to
establish
us
as
what
are
known
as
hosting
providers.
So
this
is
kind
of
like
a
special
designation
that
they
can.
They
can
put
up
there.
That
says:
okay,
this
guy
is
a
host
they're,
an
internet
provider.
It's
probably
one
of
their
users.
A
That's
misbehaving:
not
the
platform
itself,
send
them
an
email,
send
them
an
abuse,
email
and
they'll.
Take
it
down,
give
them
a
time
frame
whatnot.
So
this
is
what
we
had
hoped
would
have
happened
in
the
beginning.
But
apparently
that's
not
the
case
unless
you
kind
of
get
this
special
designation
and
then
lastly,
we
deployed
and
continually
improve
like
a
lot
of
these
automatic
detection
toolins
in
our
system
now
so
specifically
like
HTML
content,
we're
scanning
it
as
it
kind
of
flows
through
our
system
and
just
goes
good
bad.
Okay.
A
Yeah.
So
and
then
we
create
this
Global
CID
block
list
for
all
pinata
Gateway
products,
so
our
our
public
domain
and
our
dedicated
gateways
all
share
this
same
list,
which
means
that
everybody,
that's
using
our
dedicated
gateways,
gets
this
protection.
So
if
you're
using
like
a
custom
domain
right,
you
don't
have
to
worry
about
your
domain
getting
taken
offline
because
we're
providing
that
protection
for
you,
yeah.
A
Okay.
So
to
summarize
up
here,
operating
an
ipfs
Gateway,
a
public
one
that
can
pull
content
from
the
network
at
large.
It
really
comes
with
risks,
both
Financial
risks,
as
I
talked
about
in
the
beginning,
with
kind
of
massive
CDN
abuse,
and
then
also
legal
risks,
particularly
like
dmca,
and
you
know
that
malicious
content
that
we
also
just
talked
about,
so
all
it
takes
is
one
bad
user
and
you
can
knock
down
your
entire
domain,
like
your
entire
service
is
taken
off
the
internet.
This
wasn't
just
our
gateways
that
got
taken
offline.
A
Our
API
also
shared
the
same
root
level
domain
as
our
Gateway,
which
was
a
cascading
effect,
and
this
this
has
not
just
happened
to
us.
Ipfs
IO
got
taken
offline
earlier
this
year
as
well,
as
some
of
you
may
remember,
I'm
sure,
there's
a
few
others
in
the
space
that
have
encountered
this
as
well
right.
This
is
this
is
a
problem
you
probably
will
encounter
if
you
reach
any
level
of
scale
and
it's
something
you
guys
you
need
to
be
proactive
about
so
being
reactive
is
not
enough.
A
You
really
need
to
have
a
preventative
approach
to
this.
This
content
and
this
these
risks,
if
you
want
to
protect
your
domain,
so
that's
my
talk.