Poll: MN Operators, please respond

Should we compel the core team to implement an anonymizing layer (i2p, tor etc)


  • Total voters
    72

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
This subject has come up before but, for several reasons, I think now is a good time to bring it up again.

As you know, we offer an anonymous service to our end users yet with very little protection to the identity and location of MN operators themselves. Yes, some advanced users run through VPNs and so on but, in reality, I'm sure very few MNOs actually do so (convenience, technical ability etc).

Elsewhere, it has been argued - and I think with some validity - that MNOs could be considered complicit in any illegal activity. Right now, we're probably not big enough to be a nuisance to law makers, but it seems to me MNOs could at some point become public enemy number one.. the softest target.

As an MNO, I don't want a target on my back... well, not an easy target. Maybe these anonymizing layers simply delay an inevitable unveiling, but it would at least buy us some time to react to adverse circumstances.

It seems the main argument against an anonymizing layer is performance. While this may be true (though I'm not entirely convinced), it should be balanced against the possible risk of end users losing trust in our MN network. Must we sacrifice MNO anonymity - and therefore trust in our network - simply because all transactions MUST BE INSTANT?

One possible solution might be to run two parallel networks and simply let MNOs, merchants or end users decide the transaction path (instant vs anonymous).

Right now, we're pushing for fiat gateways, but where is the counterbalance?

The way I see it, if we can vote for block size increases then we can also vote for anonymity. Yes, we've discussed this in forums before but we've never formally voted on it. Maybe now is the time to do so?
 

jpr

Active Member
May 11, 2014
493
393
133
Sooner or later when dash gets a lot bigger, there will be no such thing as anon Masternode or darksend mixing. One way or another guys. Dash will have to cooperate with the gov or it will be shut down. Of course it can stay as it is but then it will never be as big as paypal.
 

AndyDark

Well-known Member
Sep 10, 2014
353
705
163
one issue with this is it's really reducing the already limited channels for access to the Dash network for end-user devices. For example, in Evolution any user on a browser or mobile can access the p2p network natively (via HTTP) and do SPV without a single-point-of-failure web server in the middle - without public HTTP services how will mainstream users connect to it? That's not to say it couldn't be implemented at a lower level, but then the public services could still be targeted. Another issue is a lot of Evolution is IP based - IPs are used to discover masternode (web) quorums to interact with and lots of other stuff - masternode IP are really the public endpoints that lets us connect the Dash network to the web.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
one issue with this is it's really reducing the already limited channels for access to the Dash network for end-user devices. For example, in Evolution any user on a browser or mobile can access the p2p network natively (via HTTP) and do SPV without a single-point-of-failure web server in the middle - without public HTTP services how will mainstream users connect to it? That's not to say it couldn't be implemented at a lower level, but then the public services could still be targeted. Another issue is a lot of Evolution is IP based - IPs are used to discover masternode (web) quorums to interact with and lots of other stuff - masternode IP are really the public endpoints that lets us connect the Dash network to the web.
In which case, it's better this is addressed now rather than later when things are more embedded. Technical obstacles, yes, but not impossible. Tbh, we should of addressed this earlier. We should not wait for disaster before we do something about it. Right now we have 52.58% of MNs operating on four centralised cloud services.. this proposal wouldn't change that but it would make it harder to trace and block.

For the end user on mobile (which I'm hoping is priority for the core team), they would have the option to install i2p and then enable it in the client.

I suspect there's general support for this though I fear the core team will try their best to down vote it. But I want to try anyway. If someone could submit this proposal for me, I'll gladly reimburse the five dash. Please, anyone?
 

nmarley

Administrator
Core Developer
Dash Core Team
Moderator
Jun 28, 2014
369
427
133
I suspect there's general support for this though I fear the core team will try their best to down vote it. But I want to try anyway. If someone could submit this proposal for me, I'll gladly reimburse the five dash. Please, anyone?
What is stopping you from submitting it yourself? Why do you ask someone else to do it for you?
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
I've not done it before
I don't want to trip up on calculations, timing and conflicts
And I don't want to trust any keys to dash whale, whatever they say about security
 

nmarley

Administrator
Core Developer
Dash Core Team
Moderator
Jun 28, 2014
369
427
133
I've not done it before
I don't want to trip up on calculations, timing and conflicts
And I don't want to trust any keys to dash whale, whatever they say about security
You don't trust keys to Dash Whale. It just has a tool which makes it about 10x easier than manually creating the proposal. You still have to submit it to the Dash network yourself.
 

nmarley

Administrator
Core Developer
Dash Core Team
Moderator
Jun 28, 2014
369
427
133
No one wants to do it for me?
Putting your name on a proposal is putting your reputation on the line.

If it's your proposal you should really own it, and that means doing all the work that goes with it.

You're asking people to put their name/reputation on there line for you, as well as doing all the calculation/timing work that you don't want to do.

Personally I wouldn't do it even if you paid me because I don't think it's a great idea.

By suggesting that *you* submit it, I was trying to help you get started and running on your own steam if you really believe in the idea. Don't expect someone to do it for you.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
Putting your name on a proposal is putting your reputation on the line.

If it's your proposal you should really own it, and that means doing all the work that goes with it.

You're asking people to put their name/reputation on there line for you, as well as doing all the calculation/timing work that you don't want to do.

Personally I wouldn't do it even if you paid me because I don't think it's a great idea.

By suggesting that *you* submit it, I was trying to help you get started and running on your own steam if you really believe in the idea. Don't expect someone to do it for you.
Bollocks, that's the biggest pile shit I ever heard. I never once said I cared for the credit or shame that someone may or may not associate. I aint here to keep you or anyone else happy. You don't want to do it that's fine, but you don't need to be telling me how I must be feeling just because I wasn't confident doing it myself / wanted some assistance for the first time. You asked me why I didn't do it myself and my answer wasn't good enough for you.
 

nmarley

Administrator
Core Developer
Dash Core Team
Moderator
Jun 28, 2014
369
427
133
If someone could submit this proposal for me, I'll gladly reimburse the five dash. Please, anyone?
This statement from you seems to imply that it's just a matter of someone else just submitting a proposal for you, and getting reimbursed. I was explaining that it's a bit more complicated than that, and thus by extension, your request is also asking more than you may have realised.

You don't want to do it that's fine, but you don't need to be telling me how I must be feeling just because I wasn't confident doing it myself / wanted some assistance for the first time. You asked me why I didn't do it myself and my answer wasn't good enough for you.
Every one who's ever submitted a proposal had to do it for the first time. I didn't have assistance my first (only) time. But I didn't ask for someone else to do it for me either. And I'm pretty sure that instead of asking for "some assistance for the first time", you flat-out asked if someone would do it for you.

Good luck with your idea.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
This statement from you seems to imply that it's just a matter of someone else just submitting a proposal for you, and getting reimbursed. I was explaining that it's a bit more complicated than that, and thus by extension, your request is also asking more than you may have realised.



Every one who's ever submitted a proposal had to do it for the first time. I didn't have assistance my first (only) time. But I didn't ask for someone else to do it for me either. And I'm pretty sure that instead of asking for "some assistance for the first time", you flat-out asked if someone would do it for you.

Good luck with your idea.
First you asked me why I couldn't do it myself and then you went on to preach that I couldn't hold that much conviction if I didn't do it myself ("if you really believe in the idea. Don't expect someone to do it for you"). So why did you ask me then because, whatever I said, you was going to tell me to do it myself anyway, right? You never stopped to think beyond your nose that someone's personal circumstances might be more than you see on the page... if only I gave you a good enough reason, wow is me.

I'm not wasting my time any more arguing with you . It will help to re-enforce your world view that I don't have enough conviction.
 

TroyDASH

Well-known Member
Jul 31, 2015
1,254
797
183
Are there any instructions available on how to create a budget proposal *outside* of Dashwhale?
 

SnowHater

Active Member
Dec 25, 2015
299
221
113
I can do it through DashWhale if you want). I've already made one proposal about changing X11 algo, so I have nothing to lose in terms of reputation :D

Text of the proposal and 5 DASH burn is up to the community though.

Are there any instructions available on how to create a budget proposal *outside* of Dashwhale?
Here is some info.
 
Last edited by a moderator:
  • Like
Reactions: moocowmoo

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
I can do it through DashWhale if you want). I've already made one proposal about changing X11 algo, so I have nothing to lose in terms of reputation :D

Text of the proposal and 5 DASH burn is up to the community though.


Thank you. I'm going to suggest a slightly updated version of the original post; that the core team should allow MNOs to choose which network they operate through (public IPs or i2p). If anyone here has something to add or specify to this proposal then please let it be known. Also, I'm unsure how much to put for this proposal and the duration so I'd really appreciate some feedback. At the very least, I want this proposal to send a very clear message that there is (or is not) demand for this.
 

UdjinM6

Official Dash Dev
Core Developer
Dash Core Team
May 20, 2014
3,639
3,537
1,183
I'm completely for MN anonymization in principle but I'm not sure if this is actually doable. Imo to do so we'd have to move the whole network to i2p (not sure if tor is applicable for this purpose at all). I mean not only (some of) masternodes but every single node/wallet out there because otherwise hidden part of the network will not be reachable by normal users (i.e. it will be useless for them) afaik. Of course we could use some bridges sitting on the edge of two networks and relaying messages back and forth but that would weaken network imo - instead of heaving 3500 connection points you'd end up with.. how many? 20? 200? Who will maintain them and why? You can't run them on masternodes because this will make no sense in terms of MNs' anonymization so there should be some volunteers who run them. Or should they be "sponsored" via blockchain maybe? Anyway, having that small number of reachable nodes... You know what will happen then? "DASH IS CENTRALIZED!!" and all that kind of stuff ;)
I don't know of any good solution so far.

With that being said, how about finding someone else who is willing to do this work instead of compelling the core team to do something? Because you know, trying to compel someone to do smth in an Open Source project... :rolleyes:
 

crowning

Well-known Member
May 29, 2014
1,414
1,997
183
Alpha Centauri Bc
I can't vote on this because either ALL Masternodes must be anonymous, or none.
Everything in between weakens the network.
To have all Masternodes anonymized would need first some investigations about the consequences (reliability, speed, etc.), then a proper estimation of the efforts, and then a POC implementation to see how the reality looks like.
Sounds interesting, and if I _would_ have the spare time I certainly would give it a go just out of curiosity, without any payment.
But right now I don't have the time.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
I'm completely for MN anonymization in principle but I'm not sure if this is actually doable. Imo to do so we'd have to move the whole network to i2p (not sure if tor is applicable for this purpose at all). I mean not only (some of) masternodes but every single node/wallet out there because otherwise hidden part of the network will not be reachable by normal users (i.e. it will be useless for them) afaik. Of course we could use some bridges sitting on the edge of two networks and relaying messages back and forth but that would weaken network imo - instead of heaving 3500 connection points you'd end up with.. how many? 20? 200? Who will maintain them and why? You can't run them on masternodes because this will make no sense in terms of MNs' anonymization so there should be some volunteers who run them. Or should they be "sponsored" via blockchain maybe? Anyway, having that small number of reachable nodes... You know what will happen then? "DASH IS CENTRALIZED!!" and all that kind of stuff ;)
I don't know of any good solution so far.

With that being said, how about finding someone else who is willing to do this work instead of compelling the core team to do something? Because you know, trying to compel someone to do smth in an Open Source project... :rolleyes:
Yes, tha's a fair point, but you know, when I said "compel", I didn't actually think of sticks. Not a great choice of words, I just want the core team to see that this probably deserves more attention than it currently gets. We can put a price on this and try to encourage people to work on it, core or otherwise. Because, you know, the alternative could be that we don't do this, dash takes off and then becomes the bad guy for facilitating crime. Then we'd have huge costs for legal defence and damage limitation.

As for implementation, I was thinking two separate networks; public IPs and i2p. They don't have to talk to each other, the end user would decide which one they wanted to use; fast InstantX or increased privacy. The market would decide what the balance would be. Some MNOs might, for example, accept smaller rewards in return for the privacy... or maybe the i2p MNs would get more traffic, who knows, I think the market can decide that.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
I can't vote on this because either ALL Masternodes must be anonymous, or none.
Everything in between weakens the network.
To have all Masternodes anonymized would need first some investigations about the consequences (reliability, speed, etc.), then a proper estimation of the efforts, and then a POC implementation to see how the reality looks like.
Sounds interesting, and if I _would_ have the spare time I certainly would give it a go just out of curiosity, without any payment.
But right now I don't have the time.
Can you explain how it weakens the network? I was thinking two networks, both performing the same tasks on the same blockchain, just that they function within their own set (public ip or i2p). As a MNO, I decide which network I want to be in. As a user, I decide which network I use. Maybe I'm missing something so please explain.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
Guys, I think I've come up with a good idea. We could put this down as R&D with the goal of creating micronodes... that is, to get more nodes onto the i2p network, to compensate for the slower throughput and lower rewards. For example, i2p nodes would only require 100 dash, thus increasing and diversifying participation without taking away from the function of the main MNs (instantX).
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
This is the revised proposal....


Dash offers an anonymous service to it's end users yet with very little protection to the identity and location of MN operators themselves. Because MNs operate over public IPs, they are potentially exposing themselves to complicity in any illegal activity occurring over the network. Very few MNs run through VPNs. In fact, more than 52% of MNs are operating on just four centralised cloud services. This creates potential liabilities that could stunt end user adoption.

This proposal is to give the core team extra funds to research and develop micronodes that would operate over i2p. This would be a separate set of nodes running in parallel to the main MN network, offering the same services on the same blockchain. End users would choose between InstantX or increased privacy over i2p.

Because i2p throughput is slower, it is proposed that micronodes are introduced to increase the node count on the i2p network. This would help to increase and diversify participation without taking away from the function of the main MNs (instantX). A micronode would require, for example, just 100 dash in collateral.

This work is likely to have an impact on Evolution development, but it is felt this issue should be dealt with now rather than later as the work required to retrofit such modifications would be a lot higher / complex.

Dash is aggressively pursuing fiat gateways - and this is welcomed - but this work would function as a counterbalance. re-enforcing dash's privacy credentials.
 

SnowHater

Active Member
Dec 25, 2015
299
221
113
I forgot to add that despite I can create this proposal I don't agree with it personally. I think that DASH moving its paradigm from anonymous payment system to digital cash is a good shift which allows to bring a lot new people to the network. But next shift, IMO, should be about DASH being network for DAOs with decentralized reputation system which helps to build real businesses and startups inside the system and boost self-governance, self-funding and decentralization of power mechanisms. Without powerful organization which is backing up a monetary system this system is way to weak to compete with current financial whales like FED.

Here are my thoughts: https://dashtalk.org/threads/governance-based-on-decentralized-reputation.8296/
 
Last edited by a moderator:
  • Like
Reactions: TroyDASH

UdjinM6

Official Dash Dev
Core Developer
Dash Core Team
May 20, 2014
3,639
3,537
1,183
This is the revised proposal....


Dash offers an anonymous service to it's end users yet with very little protection to the identity and location of MN operators themselves. Because MNs operate over public IPs, they are potentially exposing themselves to complicity in any illegal activity occurring over the network. Very few MNs run through VPNs. In fact, more than 52% of MNs are operating on just four centralised cloud services. This creates potential liabilities that could stunt end user adoption.

This proposal is to give the core team extra funds to research and develop micronodes that would operate over i2p. This would be a separate set of nodes running in parallel to the main MN network, offering the same services on the same blockchain. End users would choose between InstantX or increased privacy over i2p.

Because i2p throughput is slower, it is proposed that micronodes are introduced to increase the node count on the i2p network. This would help to increase and diversify participation without taking away from the function of the main MNs (instantX). A micronode would require, for example, just 100 dash in collateral.

This work is likely to have an impact on Evolution development, but it is felt this issue should be dealt with now rather than later as the work required to retrofit such modifications would be a lot higher / complex.

Dash is aggressively pursuing fiat gateways - and this is welcomed - but this work would function as a counterbalance. re-enforcing dash's privacy credentials.
Lowering masternode requirements for some network segments is a bad idea imo, few points right out of my head:
- more complex payout logic (you wouldn't like to pay smaller hidden nodes the same reward as to normal nodes, need to balance this somehow) -> higher fork risk;
- much lower requirements -> much more nodes -> much more mem usage + much more network traffic.

The problem is not how/why to run hidden service, the problem is that "normal" users/miners/masternodes will not be able to verify the one who is hidden. We can drop that check ("connect to masternode ip to verify it's available") for hidden nodes and start to rely only on pings from such masternodes but without having PoSe this would weaken network even more. We need to have a new improved PoSe or smth like that in place (tested and working) and then build hidden networks support on top of it, not the other way around imo.
 
  • Like
Reactions: tungfa and JGCMiner

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
Lowering masternode requirements for some network segments is a bad idea imo, few points right out of my head:
- more complex payout logic (you wouldn't like to pay smaller hidden nodes the same reward as to normal nodes, need to balance this somehow) -> higher fork risk;
- much lower requirements -> much more nodes -> much more mem usage + much more network traffic.

The problem is not how/why to run hidden service, the problem is that "normal" users/miners/masternodes will not be able to verify the one who is hidden. We can drop that check ("connect to masternode ip to verify it's available") for hidden nodes and start to rely only on pings from such masternodes but without having PoSe this would weaken network even more. We need to have a new improved PoSe or smth like that in place (tested and working) and then build hidden networks support on top of it, not the other way around imo.
From what I read, i2p has limited throughput, that's why I suggested a lower dash requirement; to increase the overall number of i2p nodes available. The rewards would need to be different, of course, but I don't think that part is insurmountable.

As for verifying transactions between normal and hidden nodes, is that really necessary if both sides of a transaction agree to route over i2p?

I'm not technical enough to solve this, I'm just firing ideas in the hope of spurring something. IMO, if dash sticks to public IPs then we might as well transform into Dash plc and operate like any other company.
 

UdjinM6

Official Dash Dev
Core Developer
Dash Core Team
May 20, 2014
3,639
3,537
1,183
...
As for verifying transactions between normal and hidden nodes, is that really necessary if both sides of a transaction agree to route over i2p?
...
No, no, I'm not talking about composing/verifying a mixing transaction, I'm talkin about masternode list as a whole - everyone on the network have to agree on that list more or less to have the same masternode winners for each block. Without having a full masternode list new blocks are not verifiable, having list of only visible part of the network is not that helpful because then you can't really compute and/or verify masternode payout for a hidden masternode i.e. you can't compute and/or verify blocks with such payouts.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,969
1,143
1,183
No, no, I'm not talking about composing/verifying a mixing transaction, I'm talkin about masternode list as a whole - everyone on the network have to agree on that list more or less to have the same masternode winners for each block. Without having a full masternode list new blocks are not verifiable, having list of only visible part of the network is not that helpful because then you can't really compute and/or verify masternode payout for a hidden masternode i.e. you can't compute and/or verify blocks with such payouts.
hmm, I see, ok