Thank you for launching this initiative. As operating 42 nodes myself, I have long been concerned about the lack of genuine oversight regarding who operates these nodes. In my view, this is a critical issue because the Internet Computer Protocol (ICP) cannot function without Node Providers (NPs). They form the very core of the ICP network.
To address this, I fully agreed with the following propostions :
This initiative must encompass all Node Providers, past, present, and future.
A thorough Know Your Customer (KYC) and Anti-Money Laundering (AML) process should be mandatory. ICP must ensure that its foundational infrastructure is not linked to criminal organizations, terrorist groups, fraudulent entities, or influential actors that could orchestrate an attack or arm, take advantage in anyway the ICP.
The Ultimate Beneficial Owners (UBOs), primary shareholders, and financiers of these nodes must be identified and verified by a regulated third party.
Additionally, the hardware utilized and the data centers hosting these nodes should, in my opinion, undergo scrutiny to ensure compliance and integrity.
Implementing these measures will foster genuine decentralization (42 Nodes max) and safeguard the ICP network from criminal or illicit affiliations at its core. Some may raise concerns about anonymity, but this need not be an issue. A regulated third party can maintain confidentiality, keeping sensitive information non-public. The objective is not to compromise the anonymity of ICP holders or stakers, who represent 99.9% of users, but to ensure transparency for Node Providers. These providers operate tangible hardware in real-world jurisdictions, not in an abstract cloud, and thus must be held to a clear standard.
This initiative will bolster ICPâs reputation significantly. As ICP grows in scale and influence, governments and regulators will find reassurance in knowing that the Network Nervous System (NNS) has endorsed such a proactive measure. As someone who holds multiple financial regulatory licenses, I fully appreciate the importance of these steps. I strongly support this effort and believe it will fortify the trust and resilience of the ICP ecosystem.
Thank you for driving this much-needed initiative. We fully support the proposal and agree with its direction to strengthen the integrity and decentralization of the ICP network. Establishing clear standards for ownership independence, robust KYC/AML procedures, and third-party verification is critical to ICPâs future. We fully endorse this initiative and are prepared to support its implementation.
as someone who maintains dfinity nodes, as an icp developer, and as a fan of the ecosystem in general, i can only agree with all of this. Itâs a step in the right direction.
The future is bright for dfinity.
I fully support the initiative because itâs a step in the right direction to strengthen network transparency. Moreover, the crypto sector is also moving in this direction with increasing regulations to ensure ever-increasing adoption.
Thanks for the work. I really think this is a step in the right direction and all the changes to the current self-declaration form incorporate what in my opinion itâs the best way to avoid speculation, provide transparency, while maintaining the subnets decentralized.
Currently links between nodes have been done with clusters in the business rules of the proposals although no business penalties have been attributed since this isnât yet official in a IC Target Topology. My question is whether each type of linkage between any nodes will have the same penalty amount (e.g Q1: UBO Ownership & Control, Q3: Family Ties).
Also regarding this I previously suggested some sort of public discussion when even the community would have the opportunity to suggest possible auditors which would then be subject of voting before deciding on which one will be performing the audits for some amount of time defined in a contract. Is that being considered or is DFINITY taking this responsibility?
Hey @bjoernek would you please clarify the purpose of questions 2 - 5 and what reviewers should do with the information when it comes to future decisions on Subnet Management, Node Admin, and Participant Management proposals? In the event that the node provider declares that there is an overlap of UBOs with other node providers, or they establish family ties, or their corporate structure suggests an overlap in stakes with other node providers, then it would make sense to consider the associated node providers as a cluster and treat them as one node provider inclusive of the 42 node limit. Are there any exceptions to this clustering that you have been able to identify, or should they be clustered in all cases?
Presumably you are asking question 5, which is focused on the overlap of financing, because the lender/borrower relationship should also be clustered. However, a lender is not the beneficial owner of property. Beneficial ownership rights belong to the borrower, and does not belong in any way to the lender. So why does it matter if another node provider provides financing? If we are just asking the question for information, then does that mean that there are some answers to these 4 questions that may not necessarily result in clustering? It seems we should explicitly clarify those situations before asking the NNS to vote on these extensions.
I would agree that if a borrower defaults on their loan, that the lender has the legal right to repossess the property. However, that doesnât give the lender the right to deploy the nodes on the IC and receive the remunerationâŠespecially if they already have 42 nodes. In fact, I would argue that node transfer should not result in the right for the new node provider to deploy the node on the internet computer at all. If an existing node provider decides (or is forced) to remove their nodes from the IC, then it is the NNS that should decide who will get to take their place. Existing node providers should not be allowed to sell both the node machine and the chit to deploy the node on the internet computer. The chit is much more valuable than the machine and the node provider has already been paid by the NNS through remuneration to cover the depreciation of the asset. Hence, the NNS should retain the right to decide who the new node provider will be while the node machine owner should retain the right to repurpose their property. I think this is very relevant to the borrower/lender relationship given that a lender does have the right to repossess the machine upon loan default. It will help make it clear that a lender is not the beneficial owner of the nodes and it will help protect the expectation of independence among node providers.
Clarify questions 2-5: how should reviewers use them for Subnet/Node/Participant proposals? Should overlapping UBOs, family ties, or corporate stakes always cluster node providers within the 42-node limit, or are there exceptions? Q5 on financing implies clustering lender/borrower ties, but lenders arenât beneficial ownersâwhy does it matter? Clarify before NNS votes. If a lender repossesses a node, they shouldnât deploy it; NNS should pick new providers, not sellers. This keeps lender/borrower roles clear and node independence intact
Thank you, @wpb, for your questions and @Jordan_xx for summarizing!
Regarding the impact of clustering: The primary goal of clustering is to use this information in subnet allocation, ensuring each cluster appears only once in a given subnet. Concerning the node limit, my personal view is as follows: A slight breach of the 42-node limit, say up to 50 nodes, is not a major issue due to the availability of reserve nodes. However, this will eventually need to be addressed. If a cluster significantly exceeds the 42 limit (which I hope is not the case), it becomes more urgent to restructure the node ownership to maintain fairness, especially given that other node providers have sold excess nodes to meet the target.
Regarding question 5 on financing: While a lender does not legally own the nodes, the independence of a node provider is clearly reduced if they receive financing from other providers. Potentially we could make this rule more specific. For example, the special case of an existing node provider selling nodes to a new node provider, using bridge financing lasting for 6-12 months seems less of a concern, compared to a situation where a node provider is dependent on long-term debt from another provider.
So what if there was one guy with millions of ICP, shorting the price, and he was lending his ICP to the providers of say, 600 Node Machines through shell companies in order to control the network and know exactly when the ICP gets dumped on the market.
I donât see how there is a clear reduction in independence. The lender has no legal right to the nodes unless the borrower defaults and then they can only repossess the nodes after proper legal action. The lender cannot access or touch the nodes in any way (we already have requirements that they are in different data centers). The lender does not receive remuneration for the work the nodes are doing. The lender receives no benefits of node ownership.
Regardless, my main concern is to clarify how a reviewer should respond to proposals where a node provider reveals that another node provider provided a loan for them to purchase node machines. Should a reviewer reject that proposal? Are there conditions where it is acceptable?
If we discover that there are existing node providers that have taken out loans from another node provider, will their node provider status be revoked? Will that open a pandoras box of legal action seeking damages since legal agreements were established between borrow/lender under one set of rules and then the rules were changed before the original agreement expired? Will they be able to take legal action against DFINITY? Will they be able to take legal action against public reviewers who are being paid to review proposals? Has DFINITY sought a legal opinion on these kinds of details yet?
I just want to make sure we have thought through the consequences of decisions that could be made based on answers to question 5. It would be helpful if we can be more explicit regarding what those decisions should be.
What if itâs the same lender though for all the node machines? We need to identify the lenders.. because what if it was the same lender for like 20 node providers?
What if the lending contracts were written specifically to take advantage of things within the ecosystem. This just allows a rich individual, say somebody who sold shortly after genesis to game the whole node provision system.
Oh, I agree with needing to identify the lender (either publicly or privately through an auditor as originally proposed). I didnât think that was questionable. Iâm trying to understand why a node provider canât be a lender to another node provider and what are the consequences of that connection. As long as the loan is properly documented, I donât see how the loan can be used to claim that a lender holds beneficial ownership over the borrower. It doesnât seem like this lender/borrower relationship should result in a cluster.
Indeed I think it is one thing to gather information, yet another to decide what to do with that information or how to act upon it. In any case, I will be curious to find out if node providers lending to other node providers is even a thing, I doubt it is. Probably anyone who has debt financing has a much more traditional arrangement like a personal loan from a bank (unsecured personal loan), I highly doubt any bank would accept servers as collateral. And if we find out in this exercise that anyhow there is no node provider to node provider lending, then some of this is a mute point and we can move on to future oriented questions, such as whether we would want to prevent such lending from taking place going forward, or whether such lending is ok but then has certain consequences to be defined. I would also question what risk we want to mitigate. That someone else takes over the servers in a borrower default scenario? I mean, then one could always make node providers sign on a self declaration that the servers can never be pledged as collateral in any financing arrangement (regardless of who the lender is) throughout the serversâ use on the IC.
Interesting comment @snoopy â it reads a lot like Wenzel.
Youâre raising nuanced points, carefully hedged, professionally structured⊠and suspiciously aligned with the kind of narrative shaping weâve seen before around node provider governance.
Letâs be honest:
If weâre even entertaining the idea that a single actor could finance 10+ node providers through opaque arrangements, the idea that we donât need disclosure or that this isnât an immediate centralization risk is absurd.
This isnât about whether someone âtechnicallyâ owns a node.
This is about control, timing, and information asymmetry.
And if someone is sitting in this forum, under a pseudonym, downplaying that risk while possibly being involved in shaping policy elsewhere â thatâs not âjust curious,â thatâs strategic.
So letâs ask directly:
Are you a known contributor to the governance process under another identity?
Do you have a direct or indirect stake in node operations, financing, or policy review?
Are you willing to disclose who you are if youâre involved in proposal review, legal guidance, or DFINITY-adjacent decisions?
Because if not, then sure â maybe youâre just a really thoughtful pseudonymous user with a deep understanding of governance tradeoffs. But if so, this discussion needs a lot more sunlight.
Hey @Severin@Ang this thread was very productive, but started veering off topic with this post here. Any chance we can get it cleaned up so itâs not so distracting to the original purpose.
Hey @bjoernek if you decide to respond any further to my comments and questions in this thread, I would appreciate if you will focus on my post such as the one here instead of inaccurate summaries and Monday personality, poorly prompted ChatGPT responses that seem to be popping up in the thread. Iâm really interested in better clarifying the purpose of these new node provider declarations and how they need to be interpreted by reviewers moving forward.
It seems in general that there @bjoernek 's proposals have been positively received from what has been said here. There is a node provider working group meeting on Monday at 16h CEST. That should hopefully give any NPs that donât use the forums for whatever reason to have their say.
I never said that I am against disclosure. All I am saying that we should think about what we actually want to achieve from a risk based approach. And anyway, letâs entertain your theory here for a second. If we want to stipulate that node providers lending to other node providers needs to be somehow limited, this can be done in the same way that node ownership has a cap. For example, one could stipulate that no node provider can own or provide any financing for more than [5%] of the nodes on the network. I think the 42 node limit was anyhow a bit arbitrary in terms of number of racks that Gen1 node providers were operating, rather than 42 being a risk based number.
In any case I donât think node providers lending to other node providers would be very significant currently, but happy to find out. I think around two thirds of nodes are Gen1, they wouldnât have lent to each other at that time IMO. Yes, some Gen1 nodes changed hands recently, but not that many. One third is Gen2 node providers I think, where there are more small node providers and maybe some of them have more traditional financing in place from a bank or something like that.
Further, speaking about a risk based approach, I think there being malicious or colluding node providers is not the only risk we should think about. Like a poster further up alluded to, there can also be risks for node providers arising out of making too many public disclosures. For example, we publish on the dashboard who the node providers are, some ID or other identification, and exactly where the nodes are. In theory this public information could allow someone to threaten or coerce node providers, whether for purely financial motives or something more. Further, if some countries in the future might decide to ban the IC or something like that, right now it would be easy for them to get to the node providers or to seize nodes on their territory. Not sure if any thoughts have been given to these aspects.
Not if you have non-disclosure agreements. This would also be an undesirable complication from the standpoint of reasoning about the IC Target Topology.
Yes, this is why country is a distinct dimension in the IC Target Topology.
This attack vector is unaffected by this whole discussion (itâs already theoretically possible). Itâs an entirely separate problem which shouldnât block or hold up progress on solving the bigger more immediate problem.
I think there are numerous solutions to the coercion risk, but theyâll require some features first which are further along on the roadmap (havenât arrived yet).
