Reliable, decentralized, and verified retrieval of CIDs in browsers

What this is

Browsers can reliably fetch CIDs (both as assets of a page as well as whole appss) in a verifiable and trustless manner without being vulnerable to centralized chokepoints. For example, the CID of a dapp frontend or wikipedia article that is provided on public content routing networks like the Amino DHT can then be fetched and verified with a browser.

Why this is a good idea

  • Reliability, resilience & censorship resistance: by having multiple copies of a dapp’s CID on the IPFS network, you can be sure that even if multiple providers are unavailable or censored, the frontend is still retrievable and usable. In the most extreme case, it’s enough for there to be a single provider for content to be retrievable.
  • End-to-end integrity: as long as users of a dapp have the correct CID, they can be sure they are running the exact code that published by verifying locally. Local verification is crucial since Dapps interact with a blockchain and malicious code can lead to loss of user funds. Integrity is adjacent to trustlessness — because verification eliminates the need to trust the source of data.

What we need to do

  • @helia/verified-fetch npm package to enable verified retrieval of CIDs in browser from trustless gateways
  • helia-service-worker-gateway is deployed to inbrowser.link and provides an alternative to trusted gateways for loading dapps and other web apps published to IPFS (See )
  • Browsers are able to fetch from peers directly
    • WebTransport problems in Chromium are resolved
    • Helia leverages delegated routing endpoint to find providers and supports sessions
    • WebRTC is enabled in Kubo
    • See )
  • ServiceWorker-like protocol handlers for WebExtensions
    • This would provide a longer term solutio

What would success look like?

What would “good impact” look like?

  • Helia service worker gateway reaches feature parity with trusted gateways, i.e. you can load dapps using inbrowser.link as a subdomain gateway
  • Developer are able to use Helia to fetch CIDs directly from providers with the help of the hosted delegated routing endpoint, thereby circumventing the need to fetch from a gateways.

Relevant resources