• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Poll: MN Operators, please respond

Should we compel the core team to implement an anonymizing layer (i2p, tor etc)


  • Total voters
    72
I'm completely for MN anonymization in principle but I'm not sure if this is actually doable. Imo to do so we'd have to move the whole network to i2p (not sure if tor is applicable for this purpose at all). I mean not only (some of) masternodes but every single node/wallet out there because otherwise hidden part of the network will not be reachable by normal users (i.e. it will be useless for them) afaik. Of course we could use some bridges sitting on the edge of two networks and relaying messages back and forth but that would weaken network imo - instead of heaving 3500 connection points you'd end up with.. how many? 20? 200? Who will maintain them and why? You can't run them on masternodes because this will make no sense in terms of MNs' anonymization so there should be some volunteers who run them. Or should they be "sponsored" via blockchain maybe? Anyway, having that small number of reachable nodes... You know what will happen then? "DASH IS CENTRALIZED!!" and all that kind of stuff :wink:
I don't know of any good solution so far.

With that being said, how about finding someone else who is willing to do this work instead of compelling the core team to do something? Because you know, trying to compel someone to do smth in an Open Source project... :rolleyes:

Yes, tha's a fair point, but you know, when I said "compel", I didn't actually think of sticks. Not a great choice of words, I just want the core team to see that this probably deserves more attention than it currently gets. We can put a price on this and try to encourage people to work on it, core or otherwise. Because, you know, the alternative could be that we don't do this, dash takes off and then becomes the bad guy for facilitating crime. Then we'd have huge costs for legal defence and damage limitation.

As for implementation, I was thinking two separate networks; public IPs and i2p. They don't have to talk to each other, the end user would decide which one they wanted to use; fast InstantX or increased privacy. The market would decide what the balance would be. Some MNOs might, for example, accept smaller rewards in return for the privacy... or maybe the i2p MNs would get more traffic, who knows, I think the market can decide that.
 
I can't vote on this because either ALL Masternodes must be anonymous, or none.
Everything in between weakens the network.
To have all Masternodes anonymized would need first some investigations about the consequences (reliability, speed, etc.), then a proper estimation of the efforts, and then a POC implementation to see how the reality looks like.
Sounds interesting, and if I _would_ have the spare time I certainly would give it a go just out of curiosity, without any payment.
But right now I don't have the time.

Can you explain how it weakens the network? I was thinking two networks, both performing the same tasks on the same blockchain, just that they function within their own set (public ip or i2p). As a MNO, I decide which network I want to be in. As a user, I decide which network I use. Maybe I'm missing something so please explain.
 
Guys, I think I've come up with a good idea. We could put this down as R&D with the goal of creating micronodes... that is, to get more nodes onto the i2p network, to compensate for the slower throughput and lower rewards. For example, i2p nodes would only require 100 dash, thus increasing and diversifying participation without taking away from the function of the main MNs (instantX).
 
This is the revised proposal....


Dash offers an anonymous service to it's end users yet with very little protection to the identity and location of MN operators themselves. Because MNs operate over public IPs, they are potentially exposing themselves to complicity in any illegal activity occurring over the network. Very few MNs run through VPNs. In fact, more than 52% of MNs are operating on just four centralised cloud services. This creates potential liabilities that could stunt end user adoption.

This proposal is to give the core team extra funds to research and develop micronodes that would operate over i2p. This would be a separate set of nodes running in parallel to the main MN network, offering the same services on the same blockchain. End users would choose between InstantX or increased privacy over i2p.

Because i2p throughput is slower, it is proposed that micronodes are introduced to increase the node count on the i2p network. This would help to increase and diversify participation without taking away from the function of the main MNs (instantX). A micronode would require, for example, just 100 dash in collateral.

This work is likely to have an impact on Evolution development, but it is felt this issue should be dealt with now rather than later as the work required to retrofit such modifications would be a lot higher / complex.

Dash is aggressively pursuing fiat gateways - and this is welcomed - but this work would function as a counterbalance. re-enforcing dash's privacy credentials.
 
I forgot to add that despite I can create this proposal I don't agree with it personally. I think that DASH moving its paradigm from anonymous payment system to digital cash is a good shift which allows to bring a lot new people to the network. But next shift, IMO, should be about DASH being network for DAOs with decentralized reputation system which helps to build real businesses and startups inside the system and boost self-governance, self-funding and decentralization of power mechanisms. Without powerful organization which is backing up a monetary system this system is way to weak to compete with current financial whales like FED.

Here are my thoughts: https://dashtalk.org/threads/governance-based-on-decentralized-reputation.8296/
 
Last edited by a moderator:
This is the revised proposal....


Dash offers an anonymous service to it's end users yet with very little protection to the identity and location of MN operators themselves. Because MNs operate over public IPs, they are potentially exposing themselves to complicity in any illegal activity occurring over the network. Very few MNs run through VPNs. In fact, more than 52% of MNs are operating on just four centralised cloud services. This creates potential liabilities that could stunt end user adoption.

This proposal is to give the core team extra funds to research and develop micronodes that would operate over i2p. This would be a separate set of nodes running in parallel to the main MN network, offering the same services on the same blockchain. End users would choose between InstantX or increased privacy over i2p.

Because i2p throughput is slower, it is proposed that micronodes are introduced to increase the node count on the i2p network. This would help to increase and diversify participation without taking away from the function of the main MNs (instantX). A micronode would require, for example, just 100 dash in collateral.

This work is likely to have an impact on Evolution development, but it is felt this issue should be dealt with now rather than later as the work required to retrofit such modifications would be a lot higher / complex.

Dash is aggressively pursuing fiat gateways - and this is welcomed - but this work would function as a counterbalance. re-enforcing dash's privacy credentials.

Lowering masternode requirements for some network segments is a bad idea imo, few points right out of my head:
- more complex payout logic (you wouldn't like to pay smaller hidden nodes the same reward as to normal nodes, need to balance this somehow) -> higher fork risk;
- much lower requirements -> much more nodes -> much more mem usage + much more network traffic.

The problem is not how/why to run hidden service, the problem is that "normal" users/miners/masternodes will not be able to verify the one who is hidden. We can drop that check ("connect to masternode ip to verify it's available") for hidden nodes and start to rely only on pings from such masternodes but without having PoSe this would weaken network even more. We need to have a new improved PoSe or smth like that in place (tested and working) and then build hidden networks support on top of it, not the other way around imo.
 
Lowering masternode requirements for some network segments is a bad idea imo, few points right out of my head:
- more complex payout logic (you wouldn't like to pay smaller hidden nodes the same reward as to normal nodes, need to balance this somehow) -> higher fork risk;
- much lower requirements -> much more nodes -> much more mem usage + much more network traffic.

The problem is not how/why to run hidden service, the problem is that "normal" users/miners/masternodes will not be able to verify the one who is hidden. We can drop that check ("connect to masternode ip to verify it's available") for hidden nodes and start to rely only on pings from such masternodes but without having PoSe this would weaken network even more. We need to have a new improved PoSe or smth like that in place (tested and working) and then build hidden networks support on top of it, not the other way around imo.

From what I read, i2p has limited throughput, that's why I suggested a lower dash requirement; to increase the overall number of i2p nodes available. The rewards would need to be different, of course, but I don't think that part is insurmountable.

As for verifying transactions between normal and hidden nodes, is that really necessary if both sides of a transaction agree to route over i2p?

I'm not technical enough to solve this, I'm just firing ideas in the hope of spurring something. IMO, if dash sticks to public IPs then we might as well transform into Dash plc and operate like any other company.
 
...
As for verifying transactions between normal and hidden nodes, is that really necessary if both sides of a transaction agree to route over i2p?
...
No, no, I'm not talking about composing/verifying a mixing transaction, I'm talkin about masternode list as a whole - everyone on the network have to agree on that list more or less to have the same masternode winners for each block. Without having a full masternode list new blocks are not verifiable, having list of only visible part of the network is not that helpful because then you can't really compute and/or verify masternode payout for a hidden masternode i.e. you can't compute and/or verify blocks with such payouts.
 
No, no, I'm not talking about composing/verifying a mixing transaction, I'm talkin about masternode list as a whole - everyone on the network have to agree on that list more or less to have the same masternode winners for each block. Without having a full masternode list new blocks are not verifiable, having list of only visible part of the network is not that helpful because then you can't really compute and/or verify masternode payout for a hidden masternode i.e. you can't compute and/or verify blocks with such payouts.

hmm, I see, ok
 
I suspect there's general support for this though I fear the core team will try their best to down vote it. But I want to try anyway. If someone could submit this proposal for me, I'll gladly reimburse the five dash. Please, anyone?

No disrespect intended, but regardless of the passage of a proposal, you cannot compel another person/group to write code.
 
No disrespect intended, but regardless of the passage of a proposal, you cannot compel another person/group to write code.

Yeah I guess, but they didn't mind asking to up the block size.. if we had said no, could we of forced them not to?
 
Yeah I guess, but they didn't mind asking to up the block size.. if we had said no, could we of forced them not to?

True...but the block size hasn't yet been increased. They haven't written and deployed the code yet. When they do, the masternode network essentially votes again: they either update, or they don't. So to answer your question: yes, an overall "no" vote would effectively have been binding (not through voting, but through not updating).

In any event, this topic has been discussed at length previously, and Evan said it was effectively impossible to run the MN network over Tor/I2P:

https://dashtalk.org/threads/which-masternode-model-should-we-implement.4115/

Tech may have changed since then, but at least at the time, it was a non-starter technically.

P.S. I agree with you in principle...I wish it was possible (and hope it one day will be) for masternodes to be completely anonymous. Feds knocking on the doors of people running Tor exit servers...that's some scary stuff.
 
The best way not to have a target on your back is for lots and lots of other people to be doing the same thing you're doing.

There are 3700+ masternode instances around the world on public IPs. The best way to protect yourself is for that number to grow, not shrink.

Dash on a slow anonymizing network will be the end of digital cash. Anything which slows down payments will end much of Dash's competitive advantage.

If you're not willing to take on some risk to bring digital cash to the world -- and to profit massively from it in return -- you needn't run a masternode at all.
 
The best way not to have a target on your back is for lots and lots of other people to be doing the same thing you're doing.

There are 3700+ masternode instances around the world on public IPs. The best way to protect yourself is for that number to grow, not shrink.

Dash on a slow anonymizing network will be the end of digital cash. Anything which slows down payments will end much of Dash's competitive advantage.

If you're not willing to take on some risk to bring digital cash to the world -- and to profit massively from it in return -- you needn't run a masternode at all.

3700 MNs but 52% are sitting on just four cloud services.. that's centralisation.

For me, it's not a matter of risk, I simply wanted a better system for all of us. I'm not particularly bothered if dash does transform into a plc, goes legal, starts to do AML, blocking transactions and so on.. if that's the way it goes then so be it because I still have choice. But I am pointing out that dash is at risk of selling out and forgetting it's roots.
 
3700 MNs but 52% are sitting on just four cloud services.. that's centralisation.

For me, it's not a matter of risk, I simply wanted a better system for all of us. I'm not particularly bothered if dash does transform into a plc, goes legal, starts to do AML, blocking transactions and so on.. if that's the way it goes then so be it because I still have choice. But I am pointing out that dash is at risk of selling out and forgetting it's roots.

Please read the link I posted above. Dash isn't selling anything out--what you are wanting, while it would be wonderful to have, is technologically impossible (or at least it was a year and a half ago).
 
3700 MNs but 52% are sitting on just four cloud services.. that's centralisation.

For me, it's not a matter of risk, I simply wanted a better system for all of us. I'm not particularly bothered if dash does transform into a plc, goes legal, starts to do AML, blocking transactions and so on.. if that's the way it goes then so be it because I still have choice. But I am pointing out that dash is at risk of selling out and forgetting it's roots.

I would not call this centralised
http://178.254.23.111/~pub/Dash/Dash_Info.html
 
Try selecting the "Distr. per ISP" tab...

17.48 + 15.67 + 11.92 + 7.40 = 52.47%
Choopa, OVH SAS, Amazon Technologies, Digital Ocean are all cloud services

Four providers for more than half of all MNs

sure but that is the chicken / egg thing
cheapest best providers will get most , this changes by time as we have seen over the last year , back in the day it was all Amazon and everybody screamed centralised (good reason) , now we have 4 (you are saying) , give it another year and it will be 8 and so on ... tech catches up and hosting gets cheaper :rolleyes: and so more distributed
 
sure but that is the chicken / egg thing
cheapest best providers will get most , this changes by time as we have seen over the last year , back in the day it was all Amazon and everybody screamed centralised (good reason) , now we have 4 (you are saying) , give it another year and it will be 8 and so on ... tech catches up and hosting gets cheaper :rolleyes: and so more distributed

That's not really the point. Even if you distribute between 8 cloud services, they're all sitting on public IPs and mostly on US soil. What would it take to effectively take 3700 servers offline? - not much. If they were operating over tunnelled services then at least it wouldn't be immediately obvious which servers they were coming from; we'd be buying some valuable time. It's no different when people say bitcoin mining is centralised in China.. so here we have a critical network doing pretty much the same thing.

Don't misunderstand me, I'm not anti-dash, I'm hoping for a better system for all involved. And I don't particularly care if dash takes this direction. I made this suggestion in the hope we can balance out our goals and not forget out roots, because right now it seems we sold our soul to fiat. At this point, I think there's a real chance that dash really will become Dash plc; putting profits before principles.

Anyway, regardless, it seems it's not technically possible so unfortunately we'll just have to make do with what we have.
 
Back
Top