I’m glad to see you posting the forum with the intention of driving dialogue on a potential security threat for the NNS (although, the last sentence was over-the-top imo).
To add to the dialogue, here are some additional solutions that could be considered:
Drastically increase the number of named neurons with people and groups that are clear with their voting strategy and intended goals. In this solution, most neuron holders will follow a named neuron and the “spam” will only be seen by the voters of the named neurons (this is my preferred solution)
Create a multi-step process for creating proposals.
Create a penalty for proposals that fail to reach a threshold of votes or an option for voters to identify a proposal as spam.
I like the multi-step process idea. If there were a web UI that made submitting proposals simple, but submitted them to a public review board (on the same site), before the actual NNS, and the board required a certain number of upvotes to be submitted to the NNS; we could defeat the spam proposals from those that can’t/don’t submit over dfx (like those that think Entrepot is necessary).
Additional decentralization (your first option) is the best solution here, asked it will happen over time.
You are really smart for a high school kid @ysyms. . I really appreciate your engagement in governance discussions and the effectiveness of the tactics you have chosen to stimulate discussion. Well played!
I’m not sure if you have seen it yet, but @justmythoughts started a forum topic discussion two days ago that I think has some really good ideas as well. The two ideas that have surfaced that I think have high potential for developing into a good solution to this type of attack include:
Allocate 75% of total voting rewards each day to Governance participation on a 21 day rolling average (since we don’t have governance proposals daily). This way it doesn’t matter how many proposals are submitted or if there is a proposal submitted every day. I’d be curious if @johan or others at Dfinity have already considered this idea.
When a proposal is submitted to the NNS, a new forum Governance topic is created automatically on the forum with a minimum deliberation time period requirement (potentially set by the proposal lead). Then after the deliberation time, the proposal lead is required to submit a follow up proposal (potentially a revision) to the NNS in order for it to become active for voting. I’m sure there are other variations that would make sense, but this gets at the need for deliberation. It doesn’t have to be the current forum, but that is what we have available at this time and makes sense for now.
I’m interested in your thoughts on how to improve decentralization if motion proposal weights are reduced. What would drive people to follow anyone other than Dfinity? How can Dfinity and our IC community escape accusations of centralization if more public known neurons don’t step up to the task of representing the community (and not follow other public known neurons) and people are not incentivized to follow them? You clearly have given a lot of thought to the governance system, so I’m curious what you think are solutions to that problem.
By the way, I agree with your assessment that the proposal to reset default following for All Topics Except Governance does not address spam attacks that are initiated for the purpose of community announcements or advertising. That proposal only removes the incentive for spam proposals by anyone who wants higher voting rewards with the current system.
I don’t see why we have to vote to receive rewards.
Shouldn’t abstaining be a valid vote? What if I don’t have enough technical knowledge to cast an educated vote? I just have to blindly click approve/reject to get my rewards? It skews the incentives for progressing the network.
I think doing away with “vote to get rewards” in favor of a classic staking model (e.g. PoS rewards) makes more sense. This would prevent spam proposals from getting any attention, because everyone would just ignore them, knowing that they’ll still get their rewards whether or not they vote.
Since I was at mentioned, I should note that I am not personally privy to designs on spam prevention, but I believe research team has some thoughts (and consider it important). However, I do not want to dangerously speculate due to my own ignorance on this topic.
I am heavily in favor of Dominic’s voting proposal Idea which he posted on twitter.
"my guess is we’ll need to have random subsets of neurons “second” governance proposals before prime time, auto-repeating with larger subsets when the result is indeterminate ". - Dominic.
This idea is immense. Not only does it deal with the current spam proposal scenario, adding randomization to any voting system helps with decentralization as well.
The NNS as a system needs to evolve by creating strong decentralized protocols that avoid simple if-then error catching solutions. It has to be organic with layers of filtering and verification, thankfully blockchains allow this to be easily possible
Dom’s threshold voting solution solves this. It randomly chooses a set of neurons from a population which then decides whether the proposal is fraudulent or not. If it is found to be spam it will then do nothing the proposal ends there. If the small group of neurons find the proposal to be valid or indeterminate, they fire which activates a larger group of neurons to do the same thing, and so and so on. Each group further validating the proposal. ( I added my own bit there, it moves to another larger group even if its valid)
However for this to fully work we still need the human element that can actually read through proposals, manually vote on them and not just follow governance leaders. Unfortunately, the only real solution at the moment is people parties, maybe once A.I advances we can shift directions then.
If am excited to see if Dom further pursues this line of thinking and what he develops out of this base idea.
First, in terms of economic motivation, choosing this attack method wastes a lot of time and energy of the attacker, but it will not increase the attacker’s profit, nor will it cause any asset loss, and the attacker’s motivation is not very high. Enough, I suggest that you implement an attack immediately to test the robustness of the ICP network.
In the future, voters may need to vote every day, but this is not the fault of the spam proposal, with the development of ICP, voters will face various motions
The real threat of junk proposals to NNS is to use proposals with very objectionable content to make neurons give up governance, which forces neurons that originally wanted to participate in governance to follow other neurons, thus making NNS more and more centralized