I already said that I was not on board with social validation, but it’s a logical conclusion that “many” !== “one” and when it comes to social validation, more is always going to be better.
I also really like TAGGR and what they have done, I don’t know who X is, but Im certain he was heart broken when they saw the fucking Could not find the canister ID. as I have stared many times at that screen wondering what the hell I did wrong. X did everything they could have done to fully recover the platform, but they took things one step further and hit a pretty significant road block, so we should help out… but this is pandoras box.
After giving it some more thought and having a coffee, I’ve come up with a more comprehensive list of questions:
If this proposal passes, what guidelines and criteria will be established to determine the execution of similar proposals in the future? How can we ensure consistency and fairness in decision-making?
What implications does executing this proposal have for the extent of control the NNS has over the contents of the Internet Computer? Ideally, how much influence should the NNS exert over the application layer to maintain decentralization?
Is there a risk of majority voters within the NNS abusing this power to take malicious actions against minority groups with legitimate projects (and how do we define ‘legitimate’)? What safeguards can be put in place to protect projects from potential misuse of power by bad actors?
I think where I’ve ended up is that I cannot even consider going along with this unless we know the answers to these questions. Taggr is such a wonderful application and I really don’t want to see the community get hurt by this. I really want us to help them. However, it’s crucial that we also protect the integrity of the Internet Computer as a whole.
Edit 1. To be explicit. I personally I am not comfortable with the NNS having any control over canisters which have not explicitly designated the NNS as their controller.
To be honest, I think it’s pretty common to see a major uptick in the discussion after the proposal is submitted to the NNS. The formality of that process drives a lot of engagement that often isn’t seen pre proposal. A lot of the people who do engage and watch the forum for new Governance topics are part of Taggr Network and have already commented here or discussed it on the new TaggrDAO discord (and probably the VIP discord). I think it’s also taking a little longer for opposition to surface on this proposal because a lot of the people who typically offer harsh criticism of DFINITY are members of the Taggr Network and want to see the community restored. Hence, I think discussion among the broader IC community wouldn’t happen on this topic until the proposal is submitted anyway.
I’d like the NNS to rescue Taggr, and then immediately revoke its own authority to do so.
We should save the app, thank them for revealing a DX weakness of IC development, and then build a more appropriate set of well-scoped tools for rescuing stuck dapps in the future.
Any canister is subject to the will of the NNS vote and could always have its controllership re-assigned, code modified or state changed. “Black-holed” canisters are not inviolable - even though they were
thought to be.
The approach of a replica change for this fix seems to be counter-culture. I agree we need tools get folks out of jams without requiring an NNS vote ever again - Kyle’s point.
We also need more people involved in validating builds before pushing code rather than relying on a person.
Really appreciate the thoughtful feedback and I agree those questions need to be answered…but in this case it is literally the DAO (who was) responsible for the canister asking the NNS to help.
If you don’t accept our social recovery proof namely the DNS TXT message for the custom domains used for Taggr that is a different challenge. However it this scenario it is the TaggrDAO asking the NNS DAO to help it’s canister.
If it can’t or chooses not to then we have to really question any compelling reason to decentralize on a platform that has risk of recovery or an ability to fork due to II principals being locked to one canister… in other words technical platform risk. Why would anyone choose to decentralize their app with these technical risks.
As for the community… they and their continued support has been nothing short of amazing… it’s a good thing we never sold anything other than trying to push the boundaries of decentralization… so this could have been A LOT worse!
Love this idea! In this case we are pretty clear we are asking the NNS DAO for it’s support… I do agree with all the discussions around precedents and slipper slopes and it works both ways IMO of not interfering in those who don’t want you to but supporting those who do.
I think you would have to believe that DFINITY is a bad actor for this to be an issue. We can discuss motion proposals all we want, but nothing changes by way of code from the result of motion proposals. Those code changes happen on proposal topics that fall into the All Topics catch all category and 99.4% of total voting power in the NNS follows DFINITY on those topics. Hence, decentralization occurs when people and organizations start voting independently on these other topics. Personally, I support this TaggrDAO rescue proposal because I think recovery from mistakes is important, especially for ICP growth and mainstream adoption. However, I think it’s conceivable that there will be changes that DFINITY is compelled to implement where the NNS community would not even have the option of blocking because of default following and lack of independent voting on the topics that change code. DFINITY would not be a bad actor in those situations. They would simply be the only real contributor to the IC and they would be doing what they are compelled to do. DFINITY is our safeguard and it is not possible for bad actors to misuse power against projects. If you think decentralization is the safeguard, then we have a long way to go and people / organizations need to start seriously considering reviewing and voting independently on proposals that change the code. Ironically, only DFINITY has been pushing for this kind of governance participation so far.
I understand that you have a lot going on right now. And, you didn’t ask to suddenly be the center of this huge issue. Following @kpeacock’s lead. Thank you for discovering and brining these issues to the centerstage. It’s a really shit place to be in. I really want to get you unblocked.
The issue isn’t that you can’t prove who you are. The issue is that at a quick glance the obvious answer is: “Yeah we should help them Duh?!”. And, I agree we should. What I’m trying to bring attention to is that there are serious consequences to helping you without an absolute rock solid plan of what happens to the NNS next.
There are so many well reasoned arguments on both sides of the issue.
This really highlights the issue of decentralization and how young and concentrated the VP of the IC still is.
It makes sense then why big money interests would NOT choose IC knowing that their app could be not just deleted, but modified at any point, given that such a large portion of voting power is held by the foundation? There’s already platform risk building on the IC, this just adds to the risk.
Even if a canister is blackholed, it is still mutable through the protocol.
What happens if in response to ckBTC and KYT Compliance, Spinnr builds their own no-KYT wBTC and authorities see the weak link and crack down on DFINITY to use the NNS as a trapdoor in the future?
Question for the Taggr team, users, @mechaquan, and X. Would you advocate for this proposal if it happened to another app on the IC? Seers, AstroX, Kinic, Distrikt, or DSCVR? Where do you draw the line, does the app need to be “too big to fail”?
I completely agree… there needs to be a very clear process for helping DAOs who are decentralized in the future and some fixes that don’t make builders feel like they’re building on sand with the smallest and simplest (trust me is was so simple ) of human errors leading to a canister being locked.
This was an incredible revelation for me because I really don’t see the case for decentralizing your dapp on the IC at this moment due to simple lack of tools or process to fix.
Also, to add, if we had a SNS we would be doing the same thing (minus the interim step of adding NNS as a controller) of asking the NNS DAO to push an update to the canister.
Again, to me the question is whether you trust or believe in the social recovery. We are asking the NNS DAO who can decide via voting to execute an action onto us.
If the question, was we are advocating for an action on to someone else without any proof of social recovery it’s 100% a flat no from me.
So to answer your question, of course I would support the social recovery of any dapp on the IC providing that proof is sufficient.
And again, we are here because we were truly decentralized and the IC is lacking the tools to restore or fork due to the II limitaitions. If we had a SNS we would be in this same scenario.
Size or name of the app are not relevant. It was a mistake, which can be recovered using the NNS. From this situation, lessons learned and better system tooling to prevent this issue affecting other dapps building on IC.
Makes sense, but I think we both can agree that this would definitely be a new/different mental framework for application owners and developers to buy into going forward.
I’m all for social recovery (which could be set up to recover an Internet Identity btw), but this feels like social modification, given that controllers are being added through an replica protocol change.
An additional question. If the NNS DAO can exert itself like this from time to time, or even more frequently as you’ve suggested, what are the benefits of owning and staking $CHAT or any DAO token instead of $ICP?
Every time a big event exposes a vulnerability or division of opinion - Super Mario, Boundary Nodes, Treasury, KYT, crypto economic changes, Scaling issues etc - we as a community massively benefit from the debate and as a result it usually results in a hardening of the system.
It seems most folks are OK with moving forward with helping Taggr provided we implement processes and norms to prevent this from happening again. Those who are very anxious about the downstream effects of allowing the NNS to do this should propose solutions, but that shouldn’t stop us from moving forward now. Dfinity should be involved too.
I’d like to point out while this thread has a mixture of opinions, it has not descended into toxic, ad hominem attacks. I’d like to call out this thread as a model template for how we should conduct debate in the future.