Plausible deniability for node operators

I just want to say every storage chain has this problem. Filecoin nodes remove content. Storj bans the user account. And this is IPFS Protocol Labs Inc. and the core IPFS team have adopted this copyright infringement policy in accordance with the [Digital Millennium Copyright Act. More here: Legal | IPFS

1 Like

Thanks for sharing these references

Filecoin: Document how removal of data for legal reasons · Issue #65 · filecoin-project/specs · GitHub

1 Like

I think I get where you are coming from, most probably I would have had similar reasoning when I was young.
While agreeing with you on some I strongly disagree on others.
If what you suggest becomes reality, the IC will become a fringe (TOR-like) network with the reputation that comes with it. Good bye mass adoption.

There are different times to take different steps. ‘Patience is a virtue’ 'Rome wasn’t built in a day`` et al. come to mind.

Right now this project needs to grow to a point where it’s ‘too big to fail’ (like ethereum) but this will be much harder today than it was for eth (much more attention), so the comparison lacks, like most I’m reading, nuance.

1 Like

Thanks for bringing this up, afaik filecoin/protocol labs wasn’t shunning time and resources on exactly this issues. It’s not like one has to reinvent the wheel here. Surely Dfinity legal team were looking into their research, considering filecoin is really big in China, where censorship is, how to put it, something else.

1 Like

Great to see this very relevant discussion taking place here!

An important thing to note is that the Nintendo takedown notice was for the operator of a boundary node that was just routing traffic to the IC, not of a replica in the relevant subnet that is hosting the content.

Technically, it will be fairly hard to hide IP addresses of boundary nodes or whatever gateways people use to access the IC, because they have to connect to them somehow. The best one can do here, AFAICS, is to “play the numbers game”, having many boundary nodes in many countries that people can use to access the IC. But it will reduce people’s experience if their closest gateways are taken down.

The additional problem of boundary nodes being forced offline is that access to the entire IC gets blocked because of one infringing canister. If the NNS decides to keep a hard line pro free speech and against taking down illegal content, then governments worldwide will start hunting down boundary nodes until the IC becomes as hard to reach as, say, Pirate Bay. Not exactly the level of adoption (or reputation) that many of us are hoping for.


I think an alternative approach is to give node operators / boundary node operators a simple way to comply with legal concerns in the region they are located. For example, you could imagine that one node provider / boundary node provider can supply a “blocklist” of canister ids for which they do not want to answer any queries. Now when I host a node in Switzerland and I get some legal notice that I’m breaking Swiss law due to some specific canisters, I could just add those canister ids to my personal blocklist. That might be enough to prevent my node being taken down by law enforcement, but nodes in different regions where the content may be legal can still serve queries to that canister.

In the mario example, it would’ve meant that this one boundary node could’ve stopped serving queries to the relevant canister and hopefully avoid legal trouble / full takedown, but all other boundary nodes would still be serving it.


No. And I don’t doubt these technical problems (that are above my paygrade) are tough.

It is however, also true, that if you take the other approach and start governing what is or isn’t allowed, you’ll only be able to compete with AWS by following the same rules as AWS. That means all the consensus innovations are worth nought.


Okay, then let’s start talking tactics –

Pick the current aspect of the ICP that you want to sacrifice:

  • The Internet Identity System insofar as it provides anonymity

  • The claims Dominic has made about smart contracts such as UniSwap (which reside in gray areas around laws that are highly subject to change) being unstoppable and “not having a choice but to build on the IC.”

  • The ability of the NNS to be the deciding factor in whether or not a Canister stays on the network.

Just start choosing, because there’s a Pigeonhole Principle here which says if you don’t want the “deal with the devil” as you put it, then one of the above (at minimum) has got to go.

So, let’s just start choosing, play it out, and forget about the philosophical arguments or moral rationalizations either way.

For the record, this idea about some content only being in the shadows unless it’d be on the Internet Computer –

Twitter has, in fact, repeatedly refused to take down child sexual abuse material to such a degree that they now have a lawsuit filed against them.

Facebook, as I linked to in another post, is reported to facilitate over 50% of all child trafficking activity on the internet.

YouTube, as you can readily find, has refused to take down several channels which have been repeatedly reported as hubs for pedophiles.

– The ICP has the possibility to be a unique facilitator for the good guys with defense mechanisms (through the NNS) against other content.

Does the autonomous driving mode on a Tesla need to never crash, or does it only need to be safer than a human driver behind the wheel (who, in aggregate, crashes all of the time)?


What I see when looking at every single entry in your list of examples above are platforms that have HUGE utility beyond the specific issues that you point to. And are seriously entrenched. E.g. can you imagine the outcry from the public and shareholders if Facebook were taken offline tomorrow until it could satisfactorily deal with all child trafficking activity taking place on the platform? The IC for now has neither of those advantages, only the potential.

Taking a more pragmatic view of things, if at this point in its evolution the IC becomes (fairly or not) widely labeled as “Silk Road on steroids” I’ll let you draw the conclusions about what needs to go.


I personally like the blacklist approach Manu mentions.
Still I think there should be a way to take the pressure off the node providers so they can’t get spammed with takedown requests.

1 Like

Would be nice to hear from Dfinitys legal team, surely they where thinking about this issues, how to protect the system from becoming spammed by lawyers.

For me the main question in this case is still if the boundary node has any liability at all? If they are rerouting content instead of actually hosting it, does it make them liable at all?

What’s about the ICA in this matter? Aren’t they onboarding nodes in the first place (at least rn) ? Might an approach like IPFS (pointed out above) be a way forward? similar to Legal | IPFS
Could be a way to funnel/review takedown requests before putting them up for review, giving the canister owner time to react, and if not ultimately vote in the NNS.

Imo if there are only a few (boundary) nodes right now it’s important to shield them from this kind of issues.

Sure the ICA could cough up some resources if not already available?

Surely getting flamed for centralistic approach here, but it’s not like I want the ICA to decide on what’s legal or not, just filter the trash out before having everybody vote every time some lawyer has too much spare time.
Just trying to find a pragmatic approach here. Further down the road maybe the NNS (as registered DAO) will have a legal team through community funding dealing with issues like this, could be simply a node dao aswell, whatever rn that’s the best I could come up with. Any thoughts on this approach?

Yep, you’ve just made a very, very strong argument in support of what I’ve been saying.

I have no idea which conclusions to draw on what will “need to go” or what didn’t, because everybody at the Foundation that I have heard speak or read writings from has deliberately avoided discussing this topic until now.

There seems to be this viewpoint that “reasonable” people just have some kind of implicit understanding of what constitutes acceptable censorship and what doesn’t, in lieu of anybody actually being willing to play out the specific dynamics of various policies through discussion.

Those questions about what happens when Uniswap has a huge round of their tokens declared to be illegal securities in various countries isn’t a rhetorical one – what’s your answer? What’s anybody at the Foundation’s answer, in reality?

Anyways, until proven otherwise, I’ll have to stick by my initial thesis that the entire project is effectively some kind of trojan horse compared to how it’s been presented – if “how it’s been presented” isn’t clear, just see Dominic’s various statements on what the network is supposed to survive.

– For the record, I can’t in good conscience say “this should happen” or “that should happen” with very much authority because many other people in the ecosystem have a much larger liability and livelihood exposure than me to various policy adjustments, but I can certainly use many, many, precedents raise high-probability scenarios about what I think will happen if things start going down various paths.

1 Like

@free Okay, so here’s a litmus test for you or anybody else reading this –


A fitness professional in the United States uses the Internet Computer to host a Canister that contains anecdotal evidence of medical success from patients who have used a treatment not approved by the United States Food and Drug Administration to cure a specific disease.

This fitness professional then starts using the Canister to explicit promote said treatment for people with this disease, in direct violation of current government policy which explicitly dictates the language that is “acceptable” for people to use when making claims about the potential of dietary supplements, for example.

Now what?

Does your answer change based on whether or not you personally believe that the person operating the Canister is telling the truth about the results?

Does your answer change if you personally believe that you have no idea whether or not the person is telling the truth?

Would you have banned Ignaz Semmelweis, who was the physician-scientist that was ridiculed and laughed at by his profession and the “authorities” when he suggested that doctors who thoroughly scrubbed their hands could prevent diseases from spreading?

How about Aaron Swartz, the co-founder of Reddit who ended up killing himself after he was prosecuted for providing free access to public scientific journals by hacking into MIT’s computer system?

Julian Assange? Those were classified documents he had, after all!

Edward Snowden?

The list goes on…

1 Like

This sounds like an incredibly promising path to pursue deeper.

Such a cool idea, it’s essentially a system of voting through declaring the risk profile that you’re willing to take on in regards to hosting specific content.

Here’s a question – can it be done in such a way that the visibility is only one way? In other words, node operators can see Canister IDs, but nobody is able to which node operators are hosting which Canisters?


(That’s all I wanted to say, but the forum won’t let me post anything shorter than 20 characters, so here.)

1 Like

Take it down. Fitness instructor claiming that whatever he cooked up in a fevered dream with the goal of striking it rich overnight is literally the same as some medicine that passed multiple controlled medical studies is stupidly dangerous stuff. Doing things the right way is often incredibly painful and frustrating, but that doesn’t give anyone the right to skip the whole process and yet claim they didn’t. If you believe otherwise, I have a bridge to sell you.

But going back to the basics, rather than picking examples designed to tug at heartstrings, let’s face the reality. In the same way the IC is not (implementation-wise) quite at the point where it can scale infinitely (wait, what?) it’s also not at the point where it can afford to willfully ignore copyright issues (no one on this side of the argument suggested for a moment to censor Ignaz Semmelweis) and still survive. You may think “so what, if DFINITY goes belly up, someone will pick up the code and go from there”, but I seriously doubt that: the IC as is is an incredibly complex beast with 100+ engineers working on it for years now. I haven’t seen Bitcoin’s source code but I’m pretty sure I could wrap my head around it within a day.

Proposing unworkable solutions (I don’t think and no one that I talked to believes for a moment that you can credibly make it impossible to find out where a canister is hosted) is not going to solve anything.

As with everything else, I believe the way forward is to start small (i.e. not demand everything matches everyone’s expectations on day one) and go from there. If within a couple of years the IC will have the capability to do what you’re asking and the NNS is unwilling to get behind it, then fork it. It’s as simple as that. There will be software engineers at that point with a deep enough understanding of the code, willing to get behind the fork. There aren’t any now. (Again, not because of ideological reasons, but because it just can’t be done with what’s there now.)


Okay but is that even the PLAN? Its being marketed as a “reinvention of the internet” and “unstoppable”, yet it cant handle a simple mario game that is up on many web2 sites?

From your responses it sounds like thats not even on the roadmap, yet thats not at all what we’ve been led to believe.