I’m sure this will never be possible in a manner that can be verified by decentralised reviewers. It’s epistemologically impossible, there’s no point waiting for a solution.
What will happen (I hope) in the future, is periodic audits to hold NPs to account for the claims that they have made during the onboarding process. @SvenF mentioned this previously as well. I’d be interested to know how that discussion is progressing.
The reason I think there’s a big problem with the onboarding process as it stands currently is that NPs could conceivable claim plausible deniability for some of the things that a physical audit may try to hold them to account for in the future.
As just one random example, if one NP would like to onboard more nodes under a different identity, they could ask their wife (or husband) to do so for them. If that individual is clearly not involved in crypto, or in managing the affairs of their nodes, this would clearly be a violation of the ‘independent node provider’ foundation that the IC is supposed to built on. If something like this were found to be the case in the future as a result of a physical audit, but nobody bothered to ask the NP during onboarding what their closest relationship was to any of the pre-existing NPs, then they could quite rightly say that they did nothing wrong. However, if they lied about this information when asked, the issue would be clear cut.
Other blockchains address this issue by having a significantly larger number of nodes taking part in consensus. As you know, the IC has as few as 13. All it would take is for one person, or a tight-knit group of people, to board nodes under 13 different proxy identities, and then over time slowly nudge those nodes into the same subnet (which would be quite easy if they proactively respond to degraded or offline nodes). That person (or those few people) would then have control over the computation of a subnet, and the sum total of value managed by it.
Rigerous onboarding reviews, coupled with future audits, are the only things I can imagine protecting the IC from this eventuality. The value proposition of the IC completely falls down if there’s a lack of confidence in NP independence. I can’t imagine the world at large ever taking the IC seriously in this context. This needs addressing.