• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Which Masternode model should we implement?

eduffield

Core Developer
There's a couple of competing ideas that have been floating around and I'm not sure which one is superior. The basic question is, should the masternodes show their IPS or not? The answer everyone immediately comes up with is "No", but there are some trade offs to both systems.

Keep in mind, the masternodes individually MUST be able to respond to requests within a few seconds, therefore a anonymity solution such as TOR/I2P is impossible.

1.) One node per IP.
-Higher cost to run a node
-Network will support more computing power
-Zero anonymity for masternode operators
-Much faster response time for Masternode tasks
-Support tasks on direct connection to masternode (Greater security for DS and other tasks like that).
-Highly resistant to DDOS (thousands of machines)
-Less centralization
-Supports Masternode Blinding

2.) Removal of IPS
-Some basic level of anonymity for masternode operators
-Hosts can still be found, it'll just require slightly more work
-Less cost to operate masternodes
-Network as a whole is more slightly more resistant to DDOS
-Will support outbound only masternodes. I.e: How do you attack a node you can't connect to?
-No direct connection to masternodes (DS will be slightly less secure)
-Supports Masternode Blinding

I'm personally leaning toward #1. I don't want Masternode operators to believe their anonymous when they are in fact not at all. They're also incredibly important to the network, so the service must be fast and robust as possible.
 
I'm with #1 too. The only real advantage of #2 is about anonymity for masternode owners, but if it is only basic it doesn't make much sense. We are already very resistant to DDOS with around 2.2k masternodes and the cost of running MS is not a big issue atm.
 
# 1
sound more solid for network and security
MN operators have nothing to hide as we are not doing anything illegal
 
Difficult decision to make.....
I'd still like to see Masternodes be able to have invisible IPs and at the same time able to do all the wonderful tasks...
Decision decision...
 
I also vote for 1. Stick with what we know until we can properly hide the masternodes.
 
Last edited by a moderator:
I vote for #1, with the caveat that we should be ready to change it if Darkcoin eventually becomes Public Enemy #1 in the future. I don't need CIA coming to Canada and beating down my door!

There is no way to provide total anonymity to Masternode owners I gather?
 
It's kinda ironic right now that Masternodes help Darksend transactions to be anonymous but Masternodes themselves can't be anonymous. I hope they will have this chance in the future. :)
 
2.) Removal of IPS
-No direct connection to masternodes (DS will be slightly less secure)

I think this can be fixed by using a bitmessage-like system where communication between mixing participants and the masternode is broadcast to everyone on the network. This communication can be encrypted with a public key only that specific masternode has the private key to. It then answers with an encrypted message only the participant as the private key to.
Since this kind of communication happens just-in-time, no blockchain is needed for it because after a timeout, the whole process has to start over again anyway.

I have not decided if I am for #1 or #2, but I think if we fix the above mentioned, #2 is the better choice


Edit:
OK, #1 it is! Thanks everyone

I think we should think about how we can fix the different disadvantages of the 2 options before deciding =/
 
I think this can be fixed by using a bitmessage-like system where communication between mixing participants and the masternode is broadcast to everyone on the network. This communication can be encrypted with a public key only that specific masternode has the private key to. It then answers with an encrypted message only the participant as the private key to.
Since this kind of communication happens just-in-time, no blockchain is needed for it because after a timeout, the whole process has to start over again anyway.

I have not decided if I am for #1 or #2, but I think if we fix the above mentioned, #2 is the better choice


Edit:


I think we should think about how we can fix the different disadvantages of the 2 options before deciding =/

That doesn't make the masternode owners anonymous. It just makes the communication a more secure. It doesn't protect the source of the communication at all, just the contents.

Here's how you de-anonymize the masternodes in a system like that:
http://arxiv.org/pdf/1405.7418v1.pdf

Any technology that protects the source of the communication will be very slow.
 
Well it's just a suggestion I came up with on the fly since this was about to be decided. I might be totally wrong but I thought it was worth bringing this up.
It is no secret that my tech knowledge is limited, so in a very real sense I am not qualified to vote (besides the decision has been made:wink:). However, Aswan's comment that IF the referenced problem could be solved, he would vote for option two, AND the fact that our intrepid leader seems to agree that it could, I think the door needs to be left open. Clearly the need today is for stability and speed, and as tungfa pointed out, legality is not an issue at this point. The caveat of course is that "this point" is likely to change. I hope we will be prepared when it does.
 
Assuming the vast majority (ever) of MN Ops are already out in the open, their anonymity is already compromised. IF they are worried about it, they should use anonymous VPS providers like Flokinet that accepts DRK, or other providers that accept cryptos.

I'm not in the US, so I am in a proviledged position to absolutely not care a damn thing what crazy excuse the FED would have to implicate me with illegal activity, which is ridiculously easy to alegate against anyway, before any hearing committee.

We are earning minted coins from an absolutely legitimate business. Ross Ulbricht ran a centralizes websites and earned millions in dirty money. Shreem helped dirty money. We mint coins and do any coins going around MN's are totally uknown to us.

I vote #1 as it clearly improves performance, which is key here.
 
Last edited by a moderator:
For those of you advocating the IP's shouldn't shown, try to view it in the context of the existing network. While some owners are certainly willing to setup new masternodes under different IPs (now hidden), the far more probable scenario is the majority of the network stays on the same IP's they already use either due to the fact they are A) lazy or B) committed to their providers for months/years for getting a better rate. This means that even with the masternode network no longer showing IP addresses of the masternodes, the lists of existing masternodes with IP's are already out there. You could dump the whole list from DRK.MN and probably connect to 80% after the IPs are no longer shown. Just some food for thought.

Or, as Evan already mentioned to me--what happens if someone sits on the network long enough to monitor where the nodes are anyway or creates some sort of deanonymizer to show the IP addresses--it would look as though Darkcoin is vulnerable/hacked/weak.

There is nothing inherently illegal (and I say this from a US standpoint) about running a masternode.
 
Back
Top