It seems that the “Reset Followees for the “All Topics Except Governance” Category” proposal can be a good solution to the reward problem @wpb

But this doesn’t really prevent spam proposals, because in addition to that, spam proposals have the following motivations

1. You will have to pay attention to the motion proposal due to weight issues, which makes the motion proposal a broadcast of the community

2. The purpose of garbage proposals is not to be executed but to be seen by the community

How to use $34,000 to conduct a spam proposal attack on NNS. (I will not implement this attack at the moment)

For proposers:

1. The proposer uses USD 34,000 to buy 1,700 ICPs, the daily interest is 1ICP, and the proposer will get the right to propose every day.
2. The purpose of the proposer can be to make ICP better, to spread their own ideas, to promote products, or to defraud the community.
3. The growth of the ICP token price does not prevent this attack, and as the ICP price grows, the influence of the motion proposal will also grow.

To voters

1. Due to the weight of the motion proposal, voters will be forced to view the content of the motion proposal and vote on it every day. At this point, most of the attacker’s goals have been completed
2. Since the motion proposal has no content restrictions, voters will see various information, such as pornographic, bloody content

For stakers

1. If he does not vote on the motion proposal, then he will give up most of the proceeds
2. If he does not want to give up his gains, then he must vote every day.
3. He can manually vote every day and encounter the problems that voters will encounter, or he can choose any one in the “known neuron list” to follow (this will be the choice of most people, and this is what I recommend The main reason for deleting the “known neuron list” of the motion proposal, especially when the “automatic reinvestment” function is completed, ordinary investors will lose the motivation to participate in governance, he only needs to buy ICP, lock ICP, and turn on automatic reinvestment. To cast, randomly select a neuron to follow in the list of known neurons. Then NNS will not be a governance system for him, but a financial management tool. PS: At present, many people do this)

For NNS

1. Most neurons will not be able to bear to read proposals and vote on motion proposals every day, they will choose to follow the neurons in the “known neuron list”.
2. The attack only needs $34,000 to make NNS very centralized

Several possible solutions to avoid this attack

1. Review the content of the proposal in various ways.
2. Increase the funding threshold for initiating proposals.
3. Decrease the weight of motion proposals.
4. DFINITY has mentioned the mechanism of the spam prevention proposal in the roadmap. I would like to know how it is designed. I hope DFINITY will announce more information as soon as possible. @diegop

You may have realized the seriousness of the problem, please express your opinion

I don’t think the threat at the end was necessary. Even if you don’t care about the implications now I would be careful in the future about such things.

Otherwise, I do think you make some valid points.

I think it can get more people’s attention

You are quite correct in that this attack can be implemented and would be quite effective (currently).

Unfortunately it doesn’t require YOU to carry on this attack. It can be done by anyone else at time of their choosing.

Really the only thing that will solve it is everyone participating in governance motion proposals (either manually or through following).

On spam, there’s a cost (1icp) associated with generating a proposal. Yeah, it could be spam. But who’s to judge whether it’s spam or not?

I’m glad to see you posting the forum with the intention of driving dialogue on a potential security threat for the NNS (although, the last sentence was over-the-top imo).

To add to the dialogue, here are some additional solutions that could be considered:

• Drastically increase the number of named neurons with people and groups that are clear with their voting strategy and intended goals. In this solution, most neuron holders will follow a named neuron and the “spam” will only be seen by the voters of the named neurons (this is my preferred solution)
• Create a multi-step process for creating proposals.
• Create a penalty for proposals that fail to reach a threshold of votes or an option for voters to identify a proposal as spam.

ok i modified it _____

I like the multi-step process idea. If there were a web UI that made submitting proposals simple, but submitted them to a public review board (on the same site), before the actual NNS, and the board required a certain number of upvotes to be submitted to the NNS; we could defeat the spam proposals from those that can’t/don’t submit over dfx (like those that think Entrepot is necessary).

Additional decentralization (your first option) is the best solution here, asked it will happen over time.

I love the change! Thanks.

I like the multistep proposal solution, actually suggested similar yesterday on Twitter (although I was solving different/false problem):

You are really smart for a high school kid @ysyms. . I really appreciate your engagement in governance discussions and the effectiveness of the tactics you have chosen to stimulate discussion. Well played!

I’m not sure if you have seen it yet, but @justmythoughts started a forum topic discussion two days ago that I think has some really good ideas as well. The two ideas that have surfaced that I think have high potential for developing into a good solution to this type of attack include:

1. Allocate 75% of total voting rewards each day to Governance participation on a 21 day rolling average (since we don’t have governance proposals daily). This way it doesn’t matter how many proposals are submitted or if there is a proposal submitted every day. I’d be curious if @johan or others at Dfinity have already considered this idea.
2. When a proposal is submitted to the NNS, a new forum Governance topic is created automatically on the forum with a minimum deliberation time period requirement (potentially set by the proposal lead). Then after the deliberation time, the proposal lead is required to submit a follow up proposal (potentially a revision) to the NNS in order for it to become active for voting. I’m sure there are other variations that would make sense, but this gets at the need for deliberation. It doesn’t have to be the current forum, but that is what we have available at this time and makes sense for now.

I’m interested in your thoughts on how to improve decentralization if motion proposal weights are reduced. What would drive people to follow anyone other than Dfinity? How can Dfinity and our IC community escape accusations of centralization if more public known neurons don’t step up to the task of representing the community (and not follow other public known neurons) and people are not incentivized to follow them? You clearly have given a lot of thought to the governance system, so I’m curious what you think are solutions to that problem.

By the way, I agree with your assessment that the proposal to reset default following for All Topics Except Governance does not address spam attacks that are initiated for the purpose of community announcements or advertising. That proposal only removes the incentive for spam proposals by anyone who wants higher voting rewards with the current system.

I don’t see why we have to vote to receive rewards.

Shouldn’t abstaining be a valid vote? What if I don’t have enough technical knowledge to cast an educated vote? I just have to blindly click approve/reject to get my rewards? It skews the incentives for progressing the network.

I think doing away with “vote to get rewards” in favor of a classic staking model (e.g. PoS rewards) makes more sense. This would prevent spam proposals from getting any attention, because everyone would just ignore them, knowing that they’ll still get their rewards whether or not they vote.

1. Every proposal must be set by a followee
2. Followees are responsible for the content of their proposals
3. Followees must participate or-and be DAO
4. DAO must be voted in order to be followees
5. DAO must vote before setting a proposal
6. The result of their votes must easily shown to everyone
7. For any illegal content of any proposal, authorities must be informed and the DAO setted the proposal is responsible for that.
8. Rewards must be distributed to the voters that their vote=results. If I vote adopt and the result is reject, I cannot be rewarded and the opposite.

I’ve been concerned about this for a while and knew it was only a matter of time before someone did it.

I also wondered if someone starting to submit spam proposals would be the motivation for change or if we could get ahead of that.

I think this is probably at least worth a conversation (if not a full analysis) of how the penalty for submitting a spam proposal is far outweighed by the ICP minted in voting rewards.

I believe this could create incentives for spam proposals to be submitted as they would always result in a net positive for voters.

@ysyms I notice that the neuron from which you are submitted these proposals has 0 ICP in it. I also notice that 2 months ago, about 200 other neurons were created with 0 ICP staked. 2 questions:

1. How did you manage to create this neuron without ICP?
2. Are you sure the attack hasn’t started already?

Thanks again for bringing necessary changes to the internet computer

Since I was at mentioned, I should note that I am not personally privy to designs on spam prevention, but I believe research team has some thoughts (and consider it important). However, I do not want to dangerously speculate due to my own ignorance on this topic.

For 1, I don’t understand how it is implemented.
For 2, it looks like it can’t avoid broadcasting motions to the community

There will be a Twitter space about NNS tomorrow, I may reveal my thoughts on this later

attack? Ok but they are not the same attack

abstaining is a valid vote if you use a super majority voting system rather than a simple majority system

Then perhaps a supermajority system is what we need. My point for casting blind approve/reject votes still stands.

I am heavily in favor of Dominic’s voting proposal Idea which he posted on twitter.

"my guess is we’ll need to have random subsets of neurons “second” governance proposals before prime time, auto-repeating with larger subsets when the result is indeterminate ". - Dominic.

This idea is immense. Not only does it deal with the current spam proposal scenario, adding randomization to any voting system helps with decentralization as well.

The NNS as a system needs to evolve by creating strong decentralized protocols that avoid simple if-then error catching solutions. It has to be organic with layers of filtering and verification, thankfully blockchains allow this to be easily possible

Dom’s threshold voting solution solves this. It randomly chooses a set of neurons from a population which then decides whether the proposal is fraudulent or not. If it is found to be spam it will then do nothing the proposal ends there. If the small group of neurons find the proposal to be valid or indeterminate, they fire which activates a larger group of neurons to do the same thing, and so and so on. Each group further validating the proposal. ( I added my own bit there, it moves to another larger group even if its valid)

However for this to fully work we still need the human element that can actually read through proposals, manually vote on them and not just follow governance leaders. Unfortunately, the only real solution at the moment is people parties, maybe once A.I advances we can shift directions then.

If am excited to see if Dom further pursues this line of thinking and what he develops out of this base idea.

Exciting stuff here.