Boundary Nodes as Censors

After giving it some thought I think the best way to solve this dilemma is to have 2 types of nodes: KYC/NNS approved and anonymous ones.

KYC nodes:

  • Work as they currently do (have to be approved by NNS, flat ICP rewards, etc…)
  • Have to follow NNS imposed guidelines for both HW/network requirements and content hosted.
  • Best for 90% use cases as they have lower costs and best performance.

Anonymous nodes:

  • Lower HW requirements (not necessarily a rasperberry, but a consumer grade workstation with an I7, 32GBs of RAM, etc…)
  • Requires staked ICPs to run a node.
  • Stake can be slashed.
  • Rewards are paid based on amount of computation/bandwidth provided.
  • It doesn’t follow any guidelines, but boundary nodes providers can decide to blacklist specific canisters they don’t want to serve.
  • Only follows NNS when it comes to technical proposals.
  • Slower and more expensive but more resilient to censorship.

What do you think?


Thank you for your answer. That’s what I thought.

So part 2 of my question then would be…

What if someone posts legitimately illegal content? Would there be no way to remove it? Does it just get roped off into some type of “dark web” on the Internet Computer?

Great discussion to be having.

I’m not quite clear on the benefit of moving liability from a storage node (or the underlying data centre) to a boundary node. If anything, it seems like it could make the situation more murky. Those with grievances will surely quickly understand that a single boundary node blocking their content from being accessed doesn’t solve their problem, and so will feel compelled to go after storage nodes / data centres / dfinity (whatever the best attack vector is).

I do agree with the principle of keeping the IC protocols censorship-resistant, and then building community-governed features on top that deal with these issues.

I keep coming back to the idea of filter-lists that nodes can subscribe to, that make the node compliant with certain governance rules automatically. This allows the majority of the community to create a “global” list with rules that deal with commonly agreed issues (and how to resolve them), as well as lists with more specific rules that might apply to certain sub-communities. It also allows for sub-communities who want to take on all the risk themselves and subscribe to no rules whatsoever (in which case, node and canister operators should be 100% liable).

An ICP dapp version of something like could be created to deal with the submission of grievances, as well as the creation, management of and subscribing to filter-lists (including things like voting on new rules, amendments and giving permission to groups of people to administer rules on behalf of subscribers).

1 Like

Interesting concept, probably the best yet. It’s a way of ‘suspending’ the canister from the public, without removing the original canister, in a decentralized way. I suppose you could say it is outsourcing moderation to external gatekeepers, but keeping that open so the power is not centralized. It still leaves many questions as to how a complaint could be effectively filed/verified/resolved and what to do with extreme situations, if the first line of defence is swiss cheese. Dealing with real issues by playing wackamole is not a great look. I kind of like what codi0 is talking about here ^ that could help.

Some artists are already upset with Opensea, I saw this tweet with 30k likes: and this person organizing action … even if opensea deletes the NFTs, they are still out there, probably on IPFS. I feel this story will get worse for all chains, as the creators are exploited by grifters that reap all the rewards of the creators work. This narrative may not have gone mainstream yet, but it’s a slow moving snowball going downhill gaining speed.


plot twist: IC becomes the go to address for artists because of it’s strong stance on IP protection.


I’ve come up with a variation on this proposal, I’m curious to hear people’s thoughts: DNS as Censor (variation on Boundary Nodes as Censors)

1 Like

Presently, if someone were to post illegal content, the NNS has the ability to delete the canister with the offending material. Doing so would require putting a proposal up for vote, and then receive adequate votes. There are diverse views on the use of this capability expressed in this thread. I am only answering narrowly to your question…

My 2 cents:

The challenge as I see it is this: in order to use the IC, people need to trust the IC. But in order to continue to exist and be useful, the IC must not allow illegal content to the extent that states start taking it down either by removing nodes or coercing node providers.

I don’t believe this issue can be resolved with a clever hack. The IC may be in the world of bits, but we live in the world of people, and those people can break things and imprison people or make their lives otherwise unpleasant. If “someone” is making material unavailable - whether it be the NNS or boundary node operators, it needs to be perceived as just or there will be blowback.

The only solution is to devise a process that ensures the material removed from the IC is widely perceived as being respectful of the law. Clearly, the NNS voting on proposals does not meet this requirement. It is a subset of people with unequal power and no obvious competence to make such decisions.

But there does need to be a process in the medium term. Fortunately, people have been working on decentralised justice for some time and as some people have already mentioned, Kleros already has a working model. In a nutshell, people pay to take a dispute to the court (e.g. Nintendo makes a copyright claim). The dispute is farmed out semi-randomly to the community, who pay to sit on the jury. They review the evidence and make a verdict. The big twist is that if they do not vote with the majority, they lose their money. This makes it costly for jurors to insert their own prejudices into their evaluation.

I see this as the only way to create a trustworthy system.

1 Like

This is just not the reality.
I see people responding with far fetched hypotheticals as if this was a new problem no one had to face before, that’s incorrect and it doesn’t help. We don’t need to call Socrates to discuss, as other web3 protocols have already resolved the issue and have been adopted successfully by the community (IPFS, Filecoin, Arweave).


What is perceived as just varies greatly all around the planet. Let local enforcement happen on layers above. They can disappear things in the localities using other tools available to them.

@MotoshiNakasato, this is my perception too.

1 Like

But this does nothing to protect the node providers. If the regulatory authorities go after them the IC has a problem in that region.

I’m okay with a wait and see approach but I also think the IC needs to have a backup plan if states start to go after it. The IC is not just a protocol, it can store all kinds of stuff, and it will attract negative attention if it starts to violate laws on a large enough scale. Imagine a decentralised Youtube with no way to remove the violating material. I find it hard to believe there would be no pushback.

1 Like

Here’s the link @harrison provided to IPFS’s legal pages Legal | IPFS

IMO it is an enlightening read.

Edit: the IPFS approached is based upon the following Digital Millennium Copyright Act - Wikipedia

Also, enlightening. Specifically, " The DMCA’s principal innovation in the field of copyright is the exemption from direct and indirect liability of Internet service providers and other intermediaries…"


This is interesting but it leaves me with three questions:

  1. What happens if they receive thousands of requests?
  2. How do they remove stuff - surely not take it off the blockchain.
  3. What happens if the issue is not copyright infringement but other kinds of illegality like child porn?

Figured this thread may be interested:

the 1-pager on the Boundary Nodes R& team was just posted by @yotam : Long Term R&D: Boundary Nodes (proposal) - #16 by yotam

From my perspective (more than 5 years working as a senior leader in state education with responsibility for safeguarding vulnerable children and families - some of it really nasty stuff) the problem is that too few people realise the solution we are looking for is a framework for resolving issues, not an answer to every imaginable issue.


Can you expand a bit. What would that look like?

TBH, it would look a lot like the IPFS approach, ie a system for reporting issues that declares an intention to resolve the issues by implementing a tried and tested legal framework.

The main problem is that real life is plain old messy. Dealing with it requires a complex decision tree; if A, consider B, if B consider C, if not C, consider D.This is what Laws provide. I understand that other participants on these threads have issues with the sources of Laws. It is not my intention to suggest one over the other because of a cultural, or ethnic leaning, but because the creation of a brand new framework will take years as it wont be recognised in any jurisdiction and will therefore be costly proving it is fit for purpose time and time again in legal challenges across the globe.

It is, of course, vital to point out that no system is perfect, so the choice becomes does one use a Nation State’s legal framework, or (my preference) a document from the United Nations, which will suggest an ideal towards which all Nation States should aspire. This would seem as reasonable an approach as is possible for counteracting the activity of rogue, or authoritarian states.

The UN is working on the inclusion of free access to the internet as a Human Right (UN declares online freedom to be a human right that must be protected | The Independent | The Independent). As an example, the child safeguarding framework I used was derived from National Law by Counties, but the fundamental principles we worked with were taken from the UN Children’s Charter, which states “The Rights of the Child are Paramount”.

IMO, Dfinity needs to clearly define the role of different node provider types using language existing systems recognise. As a consequence of this definition it should become clear that node providers enjoy at least the same level of protection afforded to existing internet infrastructure providers. Most importantly, this should then enable the most vulnerable members of our global society, e.g. slaves, to
know that if their plight comes to light on the internet, or internet computer, there is a reasonable chance society will be able to act in their best interest.

This is at the heart of my personal politics and approach to daily living, society must be able to protect the most vulnerable.

I think I have gone off the reservation a bit here, but hope the answer you are looking for is apparent.


Hear, hear! A path to resolution like IPFS is needed IMO as well