Crowdnode Trusted/Trustless Voting Discussion

vazaki3

Active Member
Jul 1, 2019
628
299
133
34
apogee.dynu.net
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
I am just relaying what QE told us about the voting power of the Super MNs, if the collateral is 10k, they will have 10 votes, if it is 4k, then 4 votes and so on. regarding the votes of clusters like Crowdnode, they are so transparent, we even capture them here https://mnowatch.org/crowdnode/ if anything went awry there, we would see it and call it out instantly, in the case their votes keys got lose, which might happen since by definition they need to be online, then they can quickly re-key the MNs with new keys, the threat of their votes being used nefariously is minuscule.
Crownode is not as transparent in voting as I would like it to be.
They do not publish their mechanism which decides why a crowdnode voted for the specific proposals.
They do not publish a list of the votes of the numerous individual dash addresses that are composing each crowdnode.
We dont have that information, do we?
 
Last edited:

vazaki3

Active Member
Jul 1, 2019
628
299
133
34
apogee.dynu.net
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
Also since 26 May 2020 Crowdnode stopped publishing transparency reports which included, among other stats, and some obscure clues about their voting procedure.
For example, what is this voting amplification factor mentioned in the stats? Where is it documented? If it is a top secret, are at least the crowdnode voters informed about what this factor is when they vote?

There is also a voting app https://app.crowdnode.io/Voting that uses the closedsource app google authenticator (apparently Crowdnode.io reveals the phone numbers of the crowdnode voters to google) but it is not transparent to the outsiders (who do not want to be tracked by google) of what is really happening inside the voting app. The latest open-source release of google authenticator was in 16 May 2020, then it became closed source / propriatery. The same month and year the transparency reports of Crowdnode stopped. Coincidence?

Crowdnode's voting procedure seems a black box to me.
#31
 
Last edited:

ndrezza

New Member
Apr 17, 2018
16
24
3
40
Of course, we don’t reveal phone numbers to Google – that would be illegal (GDPR), and we would get fined heavily – we would probably go tits up on that account.

Yes, we stopped doing transparency reports – and it has been discussed on several occasions on Discord. When discussed, we have written on almost any occasion, that we want to give easy access to overviews and aggregated data again, but time and priorities have favored other deliverables. I would love to find time to build something that provides aggregated overviews automatically <3

The information that went into the transparency reports is publicly available. The OpenFunds page and OpenVoting page (and API) provides the data. And we reveal dirty laundry on Discord, like when the Hotwallet took a nosedive recently. And we share good news as well. Also, we do videos, which we did not in 2018-2020. Basically, all information that used to go into the manually created Transparency Report has been made (is) publicly available.

When signing in, a large percentage have chosen to use Google Auth for their MFA, but there is no refence to the different pages in the platform and Google Auth. Interaction with MFA (Google Auth, Microsoft Auth, etc.) is only when logging in.
The Voting page, well, it’s just a page, not an App in itself. We do want to improve the UX on the Voting-page, but that is a different topic :)
 
  • Like
Reactions: thephez and xkcd

ndrezza

New Member
Apr 17, 2018
16
24
3
40
Regarding Trustless on CrowdNode – just to make sure the facts are clear to everyone. When our members Dash have been moved to P2SH addresses, it is Trustless, funds are completely out of our control.

We have no interest in being or becoming a huge and centralized custodial entity – with Trustless we will be the advanced matchmaker that also enables seamless voting. The more Dash that is not in the custodial service, the better – for everyone.

Trustless has been live on Testnet for a while now – please take the opportunity to test it, so it can be deployed to Mainnet asap.
 
  • Like
Reactions: thephez and xkcd

qwizzie

Grizzled Member
Aug 6, 2014
2,019
1,200
1,183
Crowdnode

Send Dash collateral to Crowdnode, giving up control over that Dash collateral : Trusted
Trust Crowdnode to send that Dash collateral in the future through to P2SH addresses (Multisig) : Trusted
After Crowdnode has moved that Dash collateral through to a P2SH address or after Crowdnode allows its users to send Dash collateral directly to P2SH addresses : Trustless

Dash Masternode

Send Dash collateral to your own hardware/software Dash address, while keeping full control over that Dash collateral : Trustless

That is pretty much the difference between setting up a masternode through a hosting service provider like Crowdnode and setting up a masternode yourself.
Untill Crowdnode sends the Dash collateral in the future through to a P2SH address or in the future allows its users to send Dash collateral directly to a P2SH address, it acts as a custodial hosting service provider, using what i assume are custodial wallets.

Knipsel.JPG


It is important that people understand the difference between trusted and trustless and the difference between custodial and non-custodial, not just with Crowdnode, but with other masternode hosting service providers as well.

I do support Crowdnode's budget proposals as i see benefits for Dash and for Dash users, but i also think people should be aware of the risks involved with trusted and/or custodial solutions in general.
 
Last edited:
  • Sad
  • Like
Reactions: xkcd and ndrezza

vazaki3

Active Member
Jul 1, 2019
628
299
133
34
apogee.dynu.net
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
Of course, we don’t reveal phone numbers to Google – that would be illegal (GDPR), and we would get fined heavily – we would probably go tits up on that account.
Of course you indirectly reveal the phone numbers of the Dash voters to Google, because you decided to use their closedsource software.
Google stores in their databases all the phone numbers of the Dash voters, and when asked by the agents they reveal the information and get paid a lot for that.
This is how google makes money.
Change your authentication method now. Stop authenticating the crowdnode dash voters by asking them to reveal their cell phone numbers. Use an opensource authentication method.
When signing in, a large percentage have chosen to use Google Auth for their MFA, but there is no refence to the different pages in the platform and Google Auth. Interaction with MFA (Google Auth, Microsoft Auth, etc.) is only when logging in.
You should not use multi factor authentication for the dash voters.
Your authentication method should be based on the dash address.
Because only that way you preserve the secrecy of the vote.

The Voting page, well, it’s just a page, not an App in itself. We do want to improve the UX on the Voting-page
I really dont care about all your other transparency reports, do whatever you like, its ok with me.
I only care about transparency (and secrecy of course) in voting. I asked some questions about it.
Crownode is not as transparent in voting as I would like it to be.
They do not publish their mechanism which decides why a crowdnode voted for the specific proposals.
They do not publish a list of the votes of the numerous individual dash addresses that are composing each crowdnode.
We dont have that information, do we?
After MNOwatch.org I would also like to start coding CrowdNodeWatch.org , but you dont give me the appropriate information for that.
...but that is a different topic :)
Yes it is. If I open a new thread, will you answer to my questions?
 
Last edited:

ndrezza

New Member
Apr 17, 2018
16
24
3
40
Of course you indirectly reveal the phone numbers of the Dash voters to Google, because you decided to use their closedsource software.
Google stores in their databases all the phone numbers of the Dash voters, and when asked by the agents they reveal the information and get paid a lot for that.
This is how google makes money.
Change your authentication method now. Stop authenticating the crowdnode dash voters by asking them to reveal their cell phone numbers. Use an opensource authentication method.

You should not use multi factor authentication for the dash voters.
Your authentication method should be based on the dash address.
Because only that way you preserve the secrecy of the vote.


I really dont care about all your other transparency reports, do whatever you like, its ok with me.
I only care about transparency (and secrecy of course) in voting. I asked some questions about it.

After MNOwatch.org I would also like to start coding CrowdNodeWatch.org , but you dont give me the appropriate information for that.

Yes it is. If I open a new thread, will you answer to my questions?
We had a good long discussion on Discord :)

It is possible to remain 100% private just by using the API.
When you signup with the UI, you select your OTP provider of choice.
When you fill out your Profile, phone is 100% optional, but you may want to put it in there for various reasons.
At no point is CrowdNode sending any personal data to Google.
There is transparancy into transaction (also known on chain), deposits, withdrawals, etc.
There is transparancy into which address votes on whichs proposals (just like MNs on chain).
All is good - I hope this clears up any confusion this thread may have caused.

Have a great weekend :cool:

1664557195191.png

https://knowledge.crowdnode.io/en/articles/5963880-blockchain-api-guide
 
  • Like
Reactions: vazaki3 and xkcd

vazaki3

Active Member
Jul 1, 2019
628
299
133
34
apogee.dynu.net
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
It is possible to remain 100% private just by using the API.
When you signup with the UI, you select your OTP provider of choice.
When you fill out your Profile, phone is 100% optional, but you may want to put it in there for various reasons.
At no point is CrowdNode sending any personal data to Google.
There is transparancy into transaction (also known on chain), deposits, withdrawals, etc.
There is transparancy into which address votes on whichs proposals (just like MNs on chain).
All is good - I hope this clears up any confusion this thread may have caused.
https://knowledge.crowdnode.io/en/articles/5963880-blockchain-api-guide
Thanks for the link!

This is how you vote in crowdnode.


Provided that the OTP authentication method used to login to app.crowdnode.io does not require for you to be binded to one hardware machine (is there any OTP provider that allows that?) this is good.

But where is the transparancy report that reveals which address votes on whichs proposals?
I could not discover it.
 
Last edited:

ndrezza

New Member
Apr 17, 2018
16
24
3
40
But where is the transparancy report that reveals which address votes on whichs proposals?
I could not discover it.
You are welcome :)
I didn't write that there was a "report". I wrote "... we want to give easy access to overviews and aggregated data again, but time and priorities have favored other deliverables ..."
and
"There is transparancy into which address votes on whichs proposals (just like MNs on chain) ".

Check this section in the guide on how you can get the transparancy, whilst there is no overview.
Cumbersome, yes. Transparant, yes. Could it be better, yes!
1664643695884.png


Have a great weekend.
 
  • Like
Reactions: xkcd

vazaki3

Active Member
Jul 1, 2019
628
299
133
34
apogee.dynu.net
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
I didn't write that there was a "report". I wrote "... we want to give easy access to overviews and aggregated data again, but time and priorities have favored other deliverables ..." and "There is transparancy into which address votes on whichs proposals (just like MNs on chain) ".
Check this section in the guide on how you can get the transparancy, whilst there is no overview.
Cumbersome, yes. Transparant, yes. Could it be better, yes!

I know my crowdnode dash voting address, I also know what this dash addres voted.
How do I know that whatever I voted with my crowdnode dash voting address has been counted in the voting outcome of a specific crowdnode masternode?
You should publish a list of all crowdnode dash voting addresses that participate in the voting of a crowdnode masternode, and what each one address voted.
Thats how I can be sure that whatever I voted has been counted in the final outcome.
I will simply look at the list, and discover my address and my vote.

Otherwise you may discard my vote, and I cannot prove that you did it.

Provided that the OTP authentication method used to login to app.crowdnode.io does not require for you to be binded to one hardware machine (is there any OTP provider that allows that?) this is good.
I repeat my question, in order to clarify it. You are using OTP in the crownode voting application, I assume an open source OTP is also allowed.
Is there any OTP provider that allows for the user to be authenticated without being forced to bind the authentication with a specific hardware machine?
If not, then this kind of authentication is against voting privacy and secrecy. You know the unique hardware I am using for voting, you know who owns this hardware (or at least the agents know it), so you know who I am and what I voted. A remedy for this is to authenticate me by only using my crowdnode dash voting address and nothing else, and to allow me to vote from whatever hardware I like. Thats how my privacy is respected, thats how the agents will be unable to corelate my real life identity to my crowdnode one, and they will lose my tracks.

We are offtopic of course, but the above questions are important to be answered, in order for the people to understand how private and calculable their voting in crowdnode is.
 
Last edited:
  • Like
Reactions: GrandMasterDash

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
3,320
1,399
1,183
The Lightning Network hijacks / steals transaction fees originally intended for miners. It substitutes the Proof of Work network for something prone to censorship.

The Proof of Stake network that is Crowdnode et al hijacks / steals votes originally intended for masternode owners. It substitutes the Proof of Service network for something prone to censorship.

To be clear, Crowdnode users are not earning dash for useful work done, they do not perform Proof of Service tasks and should, therefore, not be entitled to voting. I am going to try and correct this in an upcoming proposal.
 

vazaki3

Active Member
Jul 1, 2019
628
299
133
34
apogee.dynu.net
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
The Lightning Network hijacks / steals transaction fees originally intended for miners. It substitutes the Proof of Work network for something prone to censorship.

The Proof of Stake network that is Crowdnode et al hijacks / steals votes originally intended for masternode owners. It substitutes the Proof of Service network for something prone to censorship.

To be clear, Crowdnode users are not earning dash for useful work done, they do not perform Proof of Service tasks and should, therefore, not be entitled to voting. I am going to try and correct this in an upcoming proposal.
Crowdnode users are doing a useful work. They have a percentage of a running masternode, so they deserve a percentage of vote.
I think thats fair.
 
  • Like
Reactions: xkcd

ndrezza

New Member
Apr 17, 2018
16
24
3
40
I know my crowdnode dash voting address, I also know what this dash addres voted.
How do I know that whatever I voted with my crowdnode dash voting address has been counted in the voting outcome of a specific crowdnode masternode?
You should publish a list of all crowdnode dash voting addresses that participate in the voting of a crowdnode masternode, and what each one address voted.
Thats how I can be sure that whatever I voted has been counted in the final outcome.
I will simply look at the list, and discover my address and my vote.

Otherwise you may discard my vote, and I cannot prove that you did it.
Anyone can extract votes cast by members. If one does that for all members, calculates the votes, and compares to what CrowdNodes nodes have voted - it will match. Is it easy to do, no. Does it take a lot of time, yes. Is it transparent, yes.
We want to find time to publish something that make it easier, but it is not currently prioritized.
Let me stress: "Not easy" does not mean "Not transparent". It is transparant, but it takes work to control it.

I repeat my question, in order to clarify it. You are using OTP in the crownode voting application, I assume an open source OTP is also allowed.
Is there any OTP provider that allows for the user to be authenticated without being forced to bind the authentication with a specific hardware machine?
If not, then this kind of authentication is against voting privacy and secrecy. You know the unique hardware I am using for voting, you know who owns this hardware (or at least the agents know it), so you know who I am and what I voted. A remedy for this is to authenticate me by only using my crowdnode dash voting address and nothing else, and to allow me to vote from whatever hardware I like. Thats how my privacy is respected, thats how the agents will be unable to corelate my real life identity to my crowdnode one, and they will lose my tracks.

We are offtopic of course, but the above questions are important to be answered, in order for the people to understand how private and calculable their voting in crowdnode is.
Several providers allow you to use multiple devices.
You can even import the same OTP on multiple devices.
Also basically any password vault on the market has OTP feature; Zoho Vault, 1Password, etc.
This means that OTP is not bound to a specific hardware device, unless you want it to, and you would be able access it from anywhere, e.i., in a browser in the local library or net cafe, etc. :) I think you get the point.

You can even write a small shell, script, etc. to get the OTP. I have one in PowerShell myself. Very handy.

So please, no more talk about privary related to OTP - you end up confusing people or even worse, scaring people away from using Dash.
 

vazaki3

Active Member
Jul 1, 2019
628
299
133
34
apogee.dynu.net
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
Anyone can extract votes cast by members. If one does that for all members, calculates the votes, and compares to what CrowdNodes nodes have voted - it will match. Is it easy to do, no. Does it take a lot of time, yes. Is it transparent, yes.
We want to find time to publish something that make it easier, but it is not currently prioritized.
Let me stress: "Not easy" does not mean "Not transparent". It is transparant, but it takes work to control it.
Ok...And how can extract the votes cast by crowdnode members?
Can you give me some more technical information?

Several providers allow you to use multiple devices.
You can even import the same OTP on multiple devices.
Also basically any password vault on the market has OTP feature; Zoho Vault, 1Password, etc.
This means that OTP is not bound to a specific hardware device, unless you want it to, and you would be able access it from anywhere, e.i., in a browser in the local library or net cafe, etc. :) I think you get the point.
You can even write a small shell, script, etc. to get the OTP. I have one in PowerShell myself. Very handy.
Yet I am still not tottaly satisfied with your answer.
I am not talking about the ability to use multiple OTP devices.
I am talking about the ability to use ANY RANDOM device, and the right for these random devices not to be accosiated each other.
In order to vote for crowdnode, can I use ANY RANDOM device, and can I have the right these random devices not to be accosiated eachother?
This is the only way to protect my voting secrecy and privacy.

I do have this right when I vote in the Dash budget system as a delegate voter, so I expect the same right when I vote in crowdnode.
 
Last edited:

ndrezza

New Member
Apr 17, 2018
16
24
3
40
Ok...And how can extract the votes cast by crowdnode members?
Can you give me some more technical information?


Yet I am still not satisfied with your answer.
I am not talking about the ability to use multiple devices.
I am talking about the ability to use ANY RANDOM device.
Can I use ANY RANDOM device, in order to vote ?
I don't mean to be rude, but I have already answered that, if you please care to read through all my previous answers and read the KB I have linked to regarding API.
Whether or not you are satisfied is a different matter than me being right.
I cannot continue this discussion - it is not productive, meaningfull or relevant for the Dash Forum.

I also do not mean any disrespect, but do not expect me to answer unless new information or questions are brought to the table, and other members on the forum also demand answers.

Have a great evening.
 
  • Like
Reactions: xkcd

vazaki3

Active Member
Jul 1, 2019
628
299
133
34
apogee.dynu.net
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
I don't mean to be rude, but I have already answered that, if you please care to read through all my previous answers and read the KB I have linked to regarding API.
Whether or not you are satisfied is a different matter than me being right.
I cannot continue this discussion - it is not productive, meaningfull or relevant for the Dash Forum.

I also do not mean any disrespect, but do not expect me to answer unless new information or questions are brought to the table, and other members on the forum also demand answers.

Have a great evening.
In this KB BlockChain API Guide | CrowdNode Knowledge Base I cannot find any way to discover all the voting addresses of crowdnode.
Maybe I cannot see it, so maybe someone else who is not blind can help.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
3,320
1,399
1,183
It seems many people are happy with Crowdnode voting so long as they are transparent and this misses the point entirely. It's like saying, you trust banks so long as they maintain transparency. In which case, why bother with blockchain, we can just wait for the faithful day that trust is destroyed and then complain bitterly about it. At which point, you may wake up to find that unwanted entities have taken over governance, then what?

Crowdnode and others are providing a Proof of Stake service to their customers. Not your keys, not your vote. So why are we encouraging and facilitating such bad behavior?
 
  • Sad
Reactions: xkcd

vazaki3

Active Member
Jul 1, 2019
628
299
133
34
apogee.dynu.net
Dash Address
XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
It seems many people are happy with Crowdnode voting so long as they are transparent and this misses the point entirely. It's like saying, you trust banks so long as they maintain transparency. In which case, why bother with blockchain, we can just wait for the faithful day that trust is destroyed and then complain bitterly about it. At which point, you may wake up to find that unwanted entities have taken over governance, then what?
You have a point on this.
So lets reduce the masternode collateral, in order for more people to be incentivized to set up masternodes, and thus the blockchain will become stronger.
 

ndrezza

New Member
Apr 17, 2018
16
24
3
40
It seems many people are happy with Crowdnode voting so long as they are transparent and this misses the point entirely. It's like saying, you trust banks so long as they maintain transparency. In which case, why bother with blockchain, we can just wait for the faithful day that trust is destroyed and then complain bitterly about it. At which point, you may wake up to find that unwanted entities have taken over governance, then what?

Crowdnode and others are providing a Proof of Stake service to their customers. Not your keys, not your vote. So why are we encouraging and facilitating such bad behavior?
It may not be our members voting-keys explicitly, because we maintain the private keys, but it is our members funds and when members vote, we vote accordingly - which anyone can audit if they like.

Gather the votes for any addresses that deposited to CrowdNode:

Get the active voting-addresses, may vary from our actual masternodes depending on if any members have delegated voting-keys to the platform:

Compare to the blockchain votes or use:

I get the general idea of distrust, but please don't try to inject any distrust on CrowdNode when it is unspoken for.
 
  • Like
Reactions: xkcd and vazaki3

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
3,320
1,399
1,183
It may not be our members voting-keys explicitly, because we maintain the private keys, but it is our members funds and when members vote, we vote accordingly - which anyone can audit if they like.

Gather the votes for any addresses that deposited to CrowdNode:

Get the active voting-addresses, may vary from our actual masternodes depending on if any members have delegated voting-keys to the platform:

Compare to the blockchain votes or use:

I get the general idea of distrust, but please don't try to inject any distrust on CrowdNode when it is unspoken for.
I could say the same about banks. Should I allow them to be transparent and not inject distrust?

But just to be clear, I am not saying Crowdnode can not be trusted at this point in time, only that the possibility exists with little friction to prevent it from occurring. Crowdnode can be viewed as a L2 solution, potentially skipping L1 consensus with the possibility to rearrange votes to favor or minimize some proposals over others.

Additionally, I do not point my finger solely at Crowdnode but to all possible L2 voting scenarios.
 
  • Like
Reactions: ndrezza and vazaki3