Node Provider Audit discussion

Thanks for your response @alexu

Could you walk me through the process you’re envisaging? Please bear in mind there may (and should) be any number of voters who would like to independently verify authenticity.

I disagree with this. This just leads to the inevitability that some people know how to game the system, while voters are unaware (and are therefore not fully informed about what they’re voting on). I think it would undermine the whole point of a public governance system.

I’m unclear on how the full picture can be obtained by a series of audits which each may be missing the same important details. I understand that multiple audits may in principle pick up on things that others missed, but if these are audits against different NPs, I’m not clear on where the overlap/blind spots get covered.

Hey Alex. Have you ever outlined what you envision being the ultimate solution? If so, will you please provide a link? If not, will you please do so now? I’m interested in learning what you have in mind. For the most part I see you asking a lot of questions and poking holes in the framework that has been outlined, but I’m struggling to see where you think it should go. What should this node provider onboarding work process look like in your opinion?

I don’t think node providers have been resistant to modifying the work process for transparency and fairness, but they do have concerns about privacy and changes to the rules after they have made investments and contractual agreements. I think we can all agree that some level of privacy needs to be respected and that our rules need to be friendly to reasonable business practices. Hence, I’d also like to know how these concerns fit into your vision. It might require including some sort of timeline to go along with your vision.

All we ask is that we are 100% certain that each node provider has a clearly distinct separate beneficial owner.

You weren’t expecting this to blow up in your face were you Wenzel. You’ve been protecting this scam for over 2 years.

Hey Adam would you please stop with the accusations and false narratives? It would be nice to have an intellectually honest conversation for once.

As I mentioned already, everyone is in agreement with this goal.

Please, let’s carry on diplomatically so we don’t ruin this thread. It has potential for some very good conversation.

Sorry, this is not trolling.

You are laser focused on protecting the small group of people that own 75% of the nodes. Just carry on talking, will be interesting to hear how you deny reality once more.

Not true Borovan, but anyway… @Lorimer it would be nice to learn more about your vision. I would like to chase you down over the next few days to learn what kind of vision you have.

I don’t yet have a complete picture of what I think would work. It starts with thinking about aspects that wouldn’t work in what is currently proposed, and attempting to encourage course corrections where they may be needed (after robust discussion from multiple parties).

I’m confident that what is needed is:

1. A portion of node provider rewards being automatically staked into a NNS-slashable neuron (but which the NP also has control over)
2. No privileged entities in the governance process
   • (I’ve been somewhat sceptical about NP audits from the start - unless the processes, procedures, and ideally information is available and transparent)
3. Public, on-chain statements that act as a Sword of Damocles if they’re ever found to have been blatantly inaccurate.
   • I’m not opposed to the use of periodic audits (or detective work) for this purpose. I like the general idea. My concern is that absence of findings can give false confidence, particularly if the auditors are elevated to some privileged status in the governance process.
4. Public, on-chain legal documents that have legal weight (rather than being inadmissible), and which would conceivably form part of legal proceeding in the NPs jurisdiction if legal action were ever taken.

Thanks for your response Alex. I look forward to seeing how this develops.

I believe the node providers have already indicated this is a problem including your own co.delta team member @MalithHatananchchige with well reasoned justification here and here. Of course, there is always a way to incentivize it if needed. In this case, it might require increasing the node rewards to help offset the impact to cash flow that they are expecting in their business plans. Perhaps there are other incentives too.

I agree you have been skeptical, but it’s the path we are heading down. I don’t know how else we can maintain privacy for node providers without having privileged entities that are responsible for reviewing private information. I think this one is a real challenge.

I suspect that node providers would agree. I haven’t seen any node provider express any resistance to this kind of idea. They generally seem to want to be transparent as much as reasonably possible.

I certainly agree with this objective. I’m wondering however how well this would work across all the various international jurisdictions that the network covers. I’d be interested if @alexu and the Dfinity team could obtain and share some expert legal opinions on this.

Hi everyone, I have completed the node provider audit pilot and have updated my self declaration accordingly as instructed which is accessible here: Bianca-Martina Rohner - Internet Computer Wiki

Best wishes,
Tina

This is absolutely hilarious.

(post deleted by author)

Do you still consider this to be true?

@bjoernek, can I ask if you have any oversight over these audits?

How far away do you think we are from this →

• Based on the pilot’s results, we plan to submit a follow-up motion with refined questions and process improvements if needed.
  Proposal: 136573 - ICP Dashboard

I think it’s clear that process improvements are needed. I think it’s also becoming clear that an FATF compliant audit is about as useful as asking the NP to simply fill out the comprehensive self-declaration questionnaire. There’s no way for me to verify that this isn’t the case.

I think this spells out that audits aren’t the way forward. I don’t see how they can be if we’re to accept that this is the case.

Please can we fast track moving forward with the far more important stuff →

yes.

IMO the statements are not at odds. It clearly states any other. The ones that were identified are already listed; others are not. These statements are literally one above the other. In fact, the fact that Tina co-owns GeoNodes is listed not once, but twice

Your right, I missed the first bullet point on my first read. Thanks for pointing this out. Something I think that’s really lacking in these audits is an explanation for how information has been discovered. It’s stated lower down in that document that it’s information that was provided to the auditor. Would they have discovered it? Would they have discovered it under conceivably different circumstances?

Hey @Lorimer will you please add a statement in your first post above (where you have a lot of information crossed out) that explains why you crossed it out? I still don’t understand what you were trying to accomplish by crossing it out instead of deleting it. You provided a lot of harsh criticism in that post, so it would be good to clarify your intent after you received additional feedback from @alexu. I think the crossed out information kind of confuses how your post can/should be read. I’d like to better understand where you are coming from.

I’ve deleted it instead to avoid confusion. My concerns about the audit pilot remain though, mentioned in the other post above.

Ok thanks. Understood. Thanks for clarifying.

Recognising the shortcomings of the pilot programme, I’d like to propose an adjusted way forward. I’d appreciate discussion and critique from anyone willing to offer feedback.

Problem Context

There’s no way for governance participants to verify the impartiality of an auditor, the quality of an auditor, and/or the quality of an audit. To understand the quality of the audit, it’s necessary to understand the processes and procedures employed to produce the audit documents in each case.

Even if we have the above, unless the auditors are very well known with a big reputation at stake and they’re willing to commit to their findings, the audits are not going to engender confidence.

If we do have the above, there’s an opposing concern that →

But as a Web3 governance participant, why should and would I trust your auditor? What if I want my own auditor and I’m willing to front the costs (now or in the future)?

In addition →

The way I see it, opaquely selected auditors following opaque processes simply does not align with Web3 governance, and introduces a whole raft of additional trust assumptions that are more concerning than the problem the audits are supposed to address.

Problem Summary

Recognising that:

• Intensive detective work needs to be seen to be incentivised (even if it’s not necessarily taking place)
• Such detective work is in a different league altogether than that of audits
• I should not have to trust an auditor someone else appointed
• I cannot excercise my VP in an informed and confident manner while being kept in the dark about what an audit has entailed

There is therefore a lack of:

• incentive to carry out the work that is needed, and a lack of
• level footing among governance participants (in terms of what they can know, verify, or have confidence in).

Proposing a Web3-aligned Regime

Incentivising Detective Work

I think it should be possible to kill two birds with one stone, by utilising slashable stake as an incentive mechanism as well as a punishment.

Recognising that Node Providers will need to increase their skin in the game in a way that’s slashable (there’s a parallel thread for establishing how to go about that), why not treat whatever would be slashed as a transferable bounty that goes to whoever carried out the detective work that lead to the slash occuring?

Democratising Audits

I would like to propose that any entity who is willing to cover the costs of an audit should be able to request the audit of a specific node provider or set of node providers. Provided the auditor is reputable and regulated, the financier supporting this (as part of their detective work) should be able to choose their auditor (and should therefore be privy to the processes and procedures of that audit).

In the event that wrong doing is detected, a body of evidence would be collected and made public, followed by discussion and an NNS proposal allowing the NNS to act as the judge.

DFINITY is currently doing this. What I’m suggesting is that anybody willing to finance the same sort of process should be able to. Node Providers should be required to submit to participation in a maximum number of audits per year (potentially zero, depending on interest).

This allows big players to enter the ecosystem and establish their own sense of confidence about the ‘proof of authority’ that node providers operate under.

Please share your thoughts - @bjoernek, @wpb, @MalithHatananchchige, @Thyassa, @timk11, @alexu,

There are reasons why people can’t just walk into a business and tell them they are being audited because I paid an auditor to come check you out.