Simple answer: We’re not there yet.
Considerations that are contributing:
-
Employees, contractors, DC techs, etc are contractually bound to carry out the direction of whoever is paying them, so that’s different than the OWNER of the nodes who controls the access to the nodes. Of course that doesn’t mean they couldn’t sabotage the nodes that they’re being paid to keep running, and we realize the risk. But their motivations would be quite different and thus decentralizing the ownership of the nodes was considered top priority. Regardless, the IC has moved FROM the risk of when there was just ONE technician (us) to a much wider variety of technicians, so at least we’re headed in the right direction.
-
Making a rule thate NPs can’t use a technician that another NP is using would be quite complicated, as it would require all the NPs to disclose every single technician that they have so that can be cross checked (manually or technically or with a principal ID or something similar), which means:
-
The community would also have to decide if the NP would need to disclose every technician they ever use, even it’s just a remote hands technician in a DC that can only perform limited services, or perhaps a temporary technician who helps set things up and then get his access cut completely. Or does it matter if the technician is a contractor, a DC employee, or an employee of the NP? There are tons of variance here that has been discussed and still needs more discussion.
-
Then there’s the question of how anyone would know if a NP failed to disclose a technician, or allowed someone else to use the credentials of someone who was “approved,” etc. It’s typicaly best to avoid making a rule until there’s a way to enforce it. (I’m assuming here that honest NPs would be happy to disclose technicians, and dishonest ones wouldn’t, and it’s the potentially dishonest ones who are the ones we’d be trying to “catch.” Therefore a rule that would be easy for dishonest NPs to break isn’t going to actually accomplish additional security. To be frank, it would have been remarkably easy for Gwodja to have two separate forum accounts for the two posts. It wouldn’t be breaking any rules to do that either, and there are honest reasons he could have had for choosing to do that.)
-
We have over 100 NPs but I don’t think there are yet 100 technicians in the world who know how to run IC nodes. When we launched at Genesis, there was NO ONE outside of DFINITY who knew how to do it… and we were still learning. We’ve come a good way since then, but there’s still not a wide selection of technicians who have this skill set. So while the IC (on the technical level) is more decentralized than if DFINITY was still the only one handling the technical end of node managing, the decentralization still needs to increase on this level. I’m not sure there exists a way to force people to go out and learn the skills and then offer them to NPs though.
Thus, it’s an involved topic that does not yet have a clear solution. I think everyone agrees that there is a risk involved here though, and as the IC matures, it must be minimized. But since the IC is still in its infancy, it is, hopefully, not surprising that all of these situations do not yet have solutions.