It is true that the official team has developed a lot of basic work, but the result? It has been a year and a half since its launch so far, how many ecological applications are running well or give full play to the advantages of IC?
Yes, you may say Distrikt and Entrepot. As for Distrikt, how many users would like to use it instead of web2 social products? And Entrepot, the NFT standard is terrible for every new users to onboard. Compared with the Ethereum projects, these two projects have no obvious advantages, and their user experience is not much greater than web2 products. Why do users come and play?
Recently, even many projects including hackathon award-winning projects have left IC. I believe they will not make this decision without encountering insurmountable difficulties. As Peter Drucker said, start with the end. If the result is bad, it only means that most of the work is useless or it’s not the point you guys should focus on right now.
The third part is the most important
Without a fast growing ecosystem DApps and the users they bring, IC is meaningless to anyone, only the Dfinity dev team think they have made something great but no one recognizes it.
Some important NNS upgrades such as periodic confirmation got postponed too cause the team was busy working on the SNS. Maturity modulation somehow managed to slip through tho, despite being approved at a later date and with less approvals.
That makes it look like internal pressures are more effective than community’s feedback to shift priorities around.
And one more example to illustrate: The Principal ID. Dfinity thinks that users need security and privacy protection so they design delegation identity mechanism. But what the team didn’t see is that users just want a unified address/ID across different DApps.
For now, different wallets can’t import from each other because they use different algorithm. Users will only get different wallet address in different DApps if they use Internet Identity. Are you telling users to make more transactions when they switch DApps? Users say “No, it’s inconvinient. The user experience of wallets on Ethereum are much easier. Goodbye”.
Listen and observe more on users’ demand please, rather than doing what you think it’s great.
Like I answered in the other thread, this is already totally supported and feasable - it’s up to the developer.
Thanks for sharing, I think so, it is really inconvenient to use Internet Identity in different platforms since they generate different addresses.
I am trying to understand the expectation here. You don’t have to use Internet Identity at all. You can just write a frontend or browser extension that takes in a private key or seed phrase or connects to a hardware token and uses the same key for everything (i.e. same principal everywhere). Why does nobody do that? Is the expectation that the foundation writes the “Metamask for IC”? I ask because I hear in other places that the foundation should not work on things on that level. Hence the question, what is the expectation?
That does not sound good. Could you maybe share some examples so I can follow up?
@lei I truly appreciate your extensive feedback. As @Manu writes above, we plan to have a first response/summary about the lessons learned from the SNS-1 launch posted later today, addressing most of your SNS concerns. But your feedback goes beyond that. We will not be able to answer all questions within a day but I will make sure we answer them as well in the next days.
In this matter and what we have experienced last few days with the SNS-1, I posted my worries about the SNS-1 and BTC integration on Discover, 8 days ago.
The ease ‘bots’ could make use of the contract before launch, It made me question the BTC integration:
- Are we fully certain this is attack-proof in any way?
- Has it been audited by any external party?
Especially when it comes to something big as the BTC integration, we as a community cannot handle any failure. The way the Dfinity-team has evaluated the SNS-1 product upon launch, makes me question the safety of all products… Sadly (and probably not even fair), but present.
I think I have summarized the community’s technical requests, in the second part above, some of which have been backlogged for a long time.
Obviously, there is no such thing as 100% security but the Bitcoin integration has undergone a significant amount of testing and verification, on the theoretical as well as the implementation level, both internally and using an external party.
Why do we call the botting of SNS 1an attack when the “attacker” played within the rules?
I think this is a comprehensive summation of community feedback and smart investor diligence. Kudos, @lei! I appreciate the responses from each of the respective DF team members.
Due to the broad reach of the feedback, I think this post would be a great one for Dom to respond to. I’d like to know his responses, from his top-down perspective. I respect him as a world class cryptographer, but I’d like to respect him more as a CEO of the most innovative application of blockchain technology on the internet. If that is not the role he is MORE interested in filling, maybe he should hire a dedicated helmsman, and stick to the crypto?
I suggested that Dfinity create a CEO position a few months ago but the community didn’t want to entertain a discussion. Some Even threaten to quit ICP if that were to happen. It was seen as a move to kick Dom out of his project, which is far from the truth.
Great post, we need more voice like these from comunity
I believe they used Trail of Bits for the BTC integration audit and another unnamed auditor (potentially independent).
It’s not so much a challenge with II, as a challenge with missing functionality. The Internet Identity system is designed to prevent a user being tracked across dapps in default usage. Each dapp sees a different pseudonym, not the original II anchor. The way to solve this is with II “capabilities,” which also solve for smart contracts that run at different security levels. For example, imagine a Web3 gaming smart contract tagged “Game” that is being run on a single node subnet (i.e. at the mercy of the operator, with no security, but running with high efficiency). How could that be trusted to send an instruction to the game’s “bank” smart contract that has been tagged “Fiduciary” (i.e. that is running on a 34X or higher subnet, which also has a bunch of features to make it very secure, but which increases cost beyond which would be acceptable for in-game action). The answer is that it would ask the user to sign a capability using II, which would be human readable (e.g. “Scope: Game XYZ Bank\n Action: Transfer\n What: BTC\n Amount: 100,000 satoshis\n From: Shoan\n To: Dom”). The game smart contract would call the bank smart contract instructing it to make the transfer, passing the capability in a parameter, and the bank smart contract would validate the capability before executing the transfer. There are a number of advantages with capabilities, including that when user interacts with Service A, and Service A instructs Service B, they do not have to trust that Service A will properly instruct Service B. There are a huge number of problems with the fixed principal model used on Ethereum and other blockchains, and they extend far beyond privacy into security (Googling security capabilities will go through them in depth). Adding the capability signing feature to II should not be difficult and is urgently underway on my instruction
Proof of Personhood via People Parties is the ultimate solution for secure airdrops (or for boosting neuron voting power on a per-anonymous-human basis, and things like that), and people could even prove personhood specifically to participate in something like an airdrop, albeit there may be other solutions that trade security for less friction. It’s a shame that People Parties kinda got deprioritized, and there’s a lesson there. One of the reasons this happened is that in some quarters of the community there were a lot of loud voices that said we shouldn’t work on Internet Identity, the SNS framework, or the People Parties framework, among other things, and that only the community should work on such infrastructure. People Parties were partly deprioritized for that reason as a concession. In hindsight, I think we can all see that was a mistake. Lots of projects really need that functionality, and it hasn’t just magically appeared. We need the DFINITY Foundation to develop and contribute these foundational components, to guarantee that they are available for use by everyone. If people want to build alternative systems, or extend what DFINITY contributes, fine, but DFINITY should not step back because the ecosystem is still nascent. Also, I hear you that there ARE community solutions out there, and I think that if they are working and sound, they should have been used in the SNS-1 launch. There needs to be an evaluation of whether they can be incorporated into the next SNS launch and decentralization sale (worth remembering that SNS-1 was conceived a test that would reveal problems, which it certainly has, so the next will be different…)