Fixing Taggr community's broken update issue – announcing imminent NNS proposal

Never do what again?

Upload an incorrect binary and have a proposal process that doesn’t require/encourage voters enough to verify the binary before voting to adopt.

I analyze what is now, defining the scope of what is possible with known data about how the NNS functions and what is the scope of this proposal.

What is this proposal about:

• making a one-time fix that is within the scope of the NNS DAO. An opportunity to learn, adapt and develop.

Considering future ramifications that might occur broadens the scope to a point the decision-making process is out of scope and paralyzing.

I think Dom explained a lot of his thinking in this thread, but I thought I would add some sense of the sentiment from DFINITY.

Based on my conversation with Jan and others, my understanding is the general intent is the proposal is NOT seen as a common way of doing things (or standard for the future), but a rarely-used exception to learn from and we are open for more suggestions on how to minimize cases like this, or how to learn from this. In this sense, @Hazel 's analogy to the ETH DAO hack rhymes with this case (a possible, but rarely-used power used by the consensus of the network).

I say this because:

1. I wanted to clarify that DFINITY does not see this as the norm action or behavior, and future cases may be treated differently

2. I wanted to validate that “slippery slope” is taken very seriously

3. I want to recognize that while this may set a precedent, it is also true that DFINITY (as a member of the NNS DAO) may also raise its own internal bar for future cases. In a DAO, all one can do is control their own voting after all.

4. I want to recognize people have good ideas for future cases

I’m going to double down on the fact that it’s not necessary to do the proposed solution to recover taggr accounts and you can do this with a couple line low impact code change to the Internet Identity frontend that would not impact the user experience.

I think its a bit more complex that the simplification that one or two neurons can pass a vote.

1. There are something like 16,000+ neurons that vote when DFINITY votes on proposals that fall under All Topics. While most neurons were configured to follow neurons 27 or 28 by default when they were created, every neuron owner has chosen not to change their configuration.
2. For governance motion proposals, which doesn’t change code, every neuron owner that votes has made an intentional choice for who they follow. None were set by default. They have voted by selecting their proxy.
3. If you take Synapse as an example, our vote is triggered by simple majority of 12 Followees. One vote does trigger liquid democracy, but only after 6 others have voted to adopt or 5 others have voted to reject. That act only triggers 21 votes owned by the Synapse neuron. All other votes come from people who have chosen Synapse as their proxy.
4. It is entirely possible that one of our voting member neurons is configured to follow multiple other neurons outside Synapse (that’s not supposed to happen, but only neuron owners can control who they follow), which could on occasion include the triggering neuron that cascades liquid democracy that passes through the Synapse neuron.
5. I’m pretty sure that DFINITY neurons are controlled by multiple Followee neurons as well, each of which are controlled by different people. I don’t know who or how many, but that’s my understanding how they control their neuron voting.

I just think it’s much more nuanced than the notion that only one or two entities control the NNS.

This is the exact point we’ve uncovered…

There are protocol level changes required to make sure that a continuously improving and upgradable decentralized application can be built on the IC.

Currently, the only way to ensure this doesn’t happen again is to risk decentralization.

If Taggr was not truly decentralized this problem would’ve been fixed in 30 seconds.

We have of course identified a number of process improvements that should/would make it harder to happen but in my view it’s an inevitability that it will.

So are you in general opposed to the NNS DAO supporting other DAOs built on the ICP?

@diegop Having emotional reassurances from DFINITY is a good start but not enough. A formal declaration from not only DFINITY but the NNS would be necessary in this case. I’d like to re-emphasize my statement:

Achieving full decentralization and censorship resistance of the World Computer would require the NNS to limit its scope in a clearly defined way, otherwise it would degenerate into a “mob rule” as Jordan described above.

Granted it is technically impossible for the NNS to enforce such declarations in the future, nor would it be binding for all current and future members of the NNS, however such a formal declaration from the NNS would serve as a much stronger social consensus than whatever promises we’re getting in the forum.

There’s still a long way to go but this could very well be the crucial first step.

however such a formal declaration from the NNS would serve as a much stronger social consensus than whatever promises we’re getting in the forum.

Btw, this was already discussed during the ethos proposal. As far as I remember, the only conclusion was that a rigid set of rules is simply not enforceable when any individual voter can make a personal exception on any proposal they like, which is obvious.

I bet that after a DeFi hack, if there is a proposal reverting this hack, everyone affected will say this is worth being an exception no matter what they preached before.

Yes I’m aware of the ethos proposal. We’re exploring at the forefront of DAO governance and it’s probably time to bring that discussion back. It’s great that you mentioned it, and I think a possible solution is to structure it as follows:

Establish a different class of proposals (the “Constitution”) that would require a much larger quorum and threshold (for example 80% required to pass), and other governance proposals cannot be passed in violation of the Constitution. Proposals in this class would thus be subject to much more scrutiny and less prone to manipulation by interest groups. This would make it enforceable against all normal governance proposals.

My comment was flagged for stating the truth?

The NNS was not designed to alter the Internet Computer’s code to rescue a DApp with only a handful of users and no TVL, simply because the developer made an easily avoidable mistake.

If this were a DApp unrelated to Dfinity, we wouldn’t even be discussing this issue. You are merely demonstrating the centralized nature of the Internet Computer.

Your comment was flagged for being off-topic.

AFAIK Taggr is not affliated with DFINITY, contrary to what you suggested.

Indeed, the topic is relevant. As far as I’m aware, the founder of Taggr is either employed by or connected to Dfinity. Furthermore, numerous Taggr users are employed at Dfinity.

The fact that the comment was flagged actually supports this point.

Actually it was designed to do that…

… only when Dfinity feels like doing so… (according to Diego’s comment)

It would probably help if you provide some more info to your allegations (possibly without doxxing anyone unless they come forward themselves).

I think so, yes. I want the NNS to get out of the application layer. It should only be used to change the code of the protocol and perhaps some other parameters.

I don’t know how I feel about NNS as controller of anything.

The founder expressed it personally, perhaps on Taggr.

Proposal 115067 on the IC now has so many people voting in favor. This is the rhythm of death. If this proposal is passed, everyone can sleep and sleep. There is no hope.

If this is passed, it means that the IC is completely reduced to a fake chain, which means that the underlying foundation of the blockchain does not exist directly, and it is completely reduced to a situation that is more depraved than the occupied area;

This is the most terrifying governance attack, a hacker attack under the guise of a name;

It’s really not a joke, this is not a child’s play, the ground shakes when the foundation of the bottom layer moves;

The foundation of the bottom layer is unstable, and the applications on it are all bubbles, and many people do not realize the seriousness of the problem at all;

This is actually a naked governance attack, directly attacking the underlying logic;

All applications and investors built on shaky foundations are all buried with them;

Those who voted in favor are simply idiots who don’t understand the deep meaning of the blockchain. It’s a pity that most investors are such idiots, just chasing profit maximization and fake benevolence;

I can only hope for the negative votes of the foundation. If the foundation also recognizes the imbecile, then there is really no way to save it. Damn it, I invested so much money to play with these idiots, hey;

Grass fucking eight year pledge.