Reevaluating Neuron Control Restrictions

Just look for centralization of voting power & you’ll find your answer - there are 3-4 entities that make the decisions here; Synapse & Friends.

If they cared for the network as they’ll virtue signal to you, they wouldn’t have stood in front of countless proposals that’d potentially redistribute their majority of governance vote power - yet here we are; with the decision entirely in their hands, again.

EDIT: Because I found it comical, I figured I should add the fact that the proposal passed, but because DFINITY didn’t prioritize it “it’s void, doesn’t count, resubmit proposal”, and a previously passed proposal was resubmit until the desired outcome of rejection was achieved, because the monopolozing entity realized it wouldn’t be beneficial to them in retrospect.

To understand whether there’s a threat within the voting system, it’s essential that the system is fully transparent. Access to a complete list of neurons, their voting records, and their follow lists is necessary. Without this transparency, we are left with mere speculation and cannot grasp the full scope of what’s happening. When the topic of disclosing neuron lists arises, privacy concerns are frequently cited as a reason for withholding information. However, for the sake of transparency, detailed personal information or the principals behind the neurons are not required. Simply providing the NeuronId, which is inherently anonymous and has no direct link back to the principals, would suffice. Here’s an example of a voting scenario as described in the post - https://twitter.com/retalti/status/1770352862922514501

One can also recall the incident with the ‘Psychedelic’ project, the project we lost due to disagreements. It apparently received a considerable grant, but for some reason, is now absent from the list of grants. However, a simple search on this forum using the project’s name should suffice.

There’s a significant beef between Psychedelic and the community & DFINITY. Psychedelic took over 1 million in grants from the foundation and then after butting heads with DFINITY over roadmap priorities, left.

Let’s not conflate what can be a serious and hard issue of a lot of hard work by 3rd party devs being moved down into the replica layer with an instance of someone manipulating a loophole in direct opposition of the obvious intent. In no universe did the ID Geek guys not have the conversation that it was likely and probable that the neuron market would be shut down eventually but to move ahead anyway because the tech was cool and it would force the issue and eventually make the network stronger. Also, I don’t think anyone has seriously suggested doing anything that would affect current neurons which would be able to continue using ID Geek into the future. Will these changes affect the potential future size of their market? Yes. Does activating canister-owned neurons affect their business(why go through the hoops of an II swap-a-roo when canister neurons will be much simpler and more liquid?) Yes also. I doubt this discussion is a surprise to them.

Those guys have built some awesome tech in lots of areas and I think they have a very bright future even with a security-threatening feature being patched.

As far as I understand the restriction in neuron transfer is to avoid the “nothing at stake” problem, where someone votes against the interests of the network and is not penalized because the neuron is sold immediately after.

However the technical solutions to this seem to ignore the existence of an ecosystem outside of the Internet Computer. A malicious actor can already easily vote against the interest of the network while at the same time shorting the ICP price on some external exchange.

What am I missing here?

Agree, this is getting so confusing, I don’t even understand what is all this about, age, and all the other metrics is real confusing. Leave the things and the rewards without ANY modification.

I locked for 8 years now I’m supposed to get less rewards? Doesn’t make any sense if this is true. I don’t wanna learn anything else related to this topic as It was already confusing, leave the things as are working now!

Currently not many can do it because of cost and the restrictions in place
if the restrictions are removed…everybody and their grandmother will be able to do it

A lot of people will get scammed if something like this goes live, Buyers will keep buying on thir party dapps without understanding this technical detail hidden.

who was the brilliant behind this idea being honest?

I agree PoK could become a threat to the IDGeek business model (depending on how extensively it is applied), but @alexander, @alexeychirkov and the team that built the app definitely knew that it violates one of the central tenets of the ICP governance model and that DFINITY was interested in “exploring ideas on how to make it more difficult to transfer neurons”. Below is the original post when IDGeek was introduced and a quick browse through the comments will reveal that everything we are discussing today was also discussed in a similar way back in April 2023. In fact, there have been public discussions about neuron transfer and marketplaces as far back as mid 2021 (for example here, here, and here) just after genesis and I’m quite certain that it was well known to many prior to that timeframe since at genesis so many restrictions were already in place within the IC codebase that deters and prevents neuron transfer.

The GeekFactory team has built some amazing tools and they are an important part of the ICP ecosystem. I appreciate that they pushed the boundaries when they brought IDGeek to the market. However, this is really not a good example for how how changes implemented by the NNS could make a developers project useless. It’s not like the GeekFactory team didn’t know that they were pushing the boundaries and that changes could occur in the future that threatens the business model for IDGeek. They pushed forward knowing the risk.

This “suggested proposal” is making me as a big token holder think twice to follow Dfinity neuron to vote on behalf me.

If I’m being affected now, of a decision I made 1 year ago by locking for 8 years, when I did a deep analysis on whether or not was profitable to lock indefinitely and get my ROI just by voting rewards instead of selling, and that I also were acknowledge that I could sell my neuron at any time in any case, I wanted on IDGEEK, and now this new rule coming a year after…

it’s not a really good impression I got from Dfinity. BUT I would like to clarify, if this will not affect people’s decisions like this one I made, that were made before the proposal is “adopted” that’s another story but anyway we MUST think of those new users if they will see this as another limitation in terms of how confusing is this topic of voting rewards, and also they will must take care of ANOTHER “key” additional to the seed phrase.

Exactly if the main reason, of the proposal is to avoid a attacker could buy voting power for less money in the future, whats the point of the disbursement key? If the attacker is just focus on buying voting power to VOTE, and not looking to wait for 8years or whatever time to disburse the neuron…I mean, if the attacker just want power on the network why he will be looking as a threat the DISBURSEMENT KEY ? if he never planned to disburse it anyway? Is this proposal more focus to avoid big neurons be able to sell on the open market in near future? Or is really a security concern? Or just wanting to lower the voting rewards with this narrative?

Whatever technical solution is arrived upon here, I hope that the DFINITY team puts the long term security of the NNS first.

Any other “half-measure” solution that aims to appease all parties will still make some people angry.

For developers, like IDGeek, this means DFINITY will probably need to “break” the trust assumptions of your marketplace, which is devastating. People will get very emotional. Short term holders who staked a neuron for 8 years thinking they could sell it easily later on IDGeek will yell on the forums and Twitter. The Geek team may leave the IC. People will scream centralization and to a certain degree, they will be right.

This is what happens when a loophole goes unaddressed for over a year and more and more developers start building solutions to capitalize on it. The fault is as much in DFINITY’s hands as anyone else for not realizing that after HTTP outcalls this was an inevitability.

The entire NNS security model (proof of useful stake) is based on staked neurons being non-transferrable, and II (neuron) marketplaces circumvent that security.

To short term holders/people who locked for 8 years thinking they could earn 15% a year and sell at any time:

The reason that people choose to build on a blockchain vs. AWS is decentralization, security, and reliability. If this loophole is allowed to persist, you have a major vulnerability affecting all 3. No enterprise will adopt ICP knowing this, and that in turn will affect the token price more than the extra 15% you’d earn on the side from your 8 year neuron (enterprise adoption is the big investment money).

If you truly have long term intentions (for both the network and the price of ICP), you should want the fundamentals and security of the NNS to be bulletproof.

Disagree, it CANNOT apply to all the neurons, I decided to locked my net worth a year back to this “brilliant” Idea, that now is looking to affect my personal finances directly.

I chose to lock for 8years or “indefinitely “ because my ROI was supposed to be get by voting rewards according to the formula proposed a YEAR AGO by Dfinity, if DFINITY plans to vote and propose to adopt something like this, in the end should affect just NEW NEURONS, for NEW users that must be aware of this new implementation, you cannot affect personal investments in that way to people that weren’t aware that they cannot sell their neurons in the future, and if they wanna sell they will receive “20%” less rewards, that’s not serious, Dfinity will get sued by changing and affecting peoples investments decisions in that way.

I’m a big supporter and investor, with long term vision not planning to sell, but imagine how bad this idea is that even a huge supporter is getting mad about this.

You cannot affect my personal investments and finances, when the decision to locked the tokens for 8 years was made when it has never been mentioned in the past, that the rewards of the locked neurons could be affected by NEW PROPOSALS that affect the way of generating rewards Due to the protocol, the documents only mention that the rewards may vary due to a formula that each year reduces inflation and accommodates fewer rewards for voting, while increasing for age bonus, BUT it was NEVER mentioned that there could be a reduction and that I MUST decide to choose between, can SELL the neuron and get less rewards, or not being able to sell it in the future (due to a “watermark”) in said neuron to get (NOT EVEN MORE REWARDS) but to get the same rewards as was already defined in the past.

Bad bad bad decision, if what you want is limit people being able to sell the neurons because of trying to control selling pressure that’s not the way, focus on how to start getting deflation that’s the right path, you should try to fix the issue from the root. Please let community know when the proposal going live to unfollow Dfinity neuron (at least just in this occasion) but be careful with next proposals I don’t want to be follow - unfollowed dfinity till I get bored of doing that frequently. (It’s the first time I’m considering this because it’s affecting me directly and I’m sure there are another whales out there not so happy )

Also to clarify, there are people with tons more tokens than me of course, and many people with less also, but this is affecting both sides of the coin, the ones with a lot like VC’s, some like me in the middle, and so many with small amounts, that locked with the confidence to get their ROI by using the rewards, and in any emergency they could sell the identity on IDGEEK at discount price, I really suggest this just applies to NEW NEURONS, NEW INTERNET IDENTITIES, NEW USERS.

Never put such a significant rule, where the interests of people today are affected, when said decisions were made in the past and such important information was never mentioned.

It’s funny to think that lifting the restriction might lead to the whole supply being locked in 8-year neurons.

This is an interesting idea, which I had not considered before.
As you pointed out, for security reasons one would definitely need to encrypt the permanent keys via vetKeys (or a similar mechanism) so that a single replica does not have access to them. I will discuss further with the crypto experts to get their feedback.

For the time being, I have one architecture feedback. If we were to implement such a key, (encrypted by vetKeys or a similar scheme), then it seems that the whole security of the NNS would be dependent on the applied encryption scheme.

Regarding the discussion on whether the PoK scheme would need to be applied to all non-II neurons or only newly created ones: I believe, as reflected in the proposal made above, that it would be sufficient to apply the scheme only to neurons, created after a pre-defined cut-off date, with the following arguments:

• Non-II neurons established before the tECDSA feature’s introduction are inherently non-transferable, as they cannot be controlled by a canister. Hence, Implementing PoK for these neurons, which likely represent a significant portion of the voting power, would not enhance security. Instead, it would only impose an operational burden on its users.
• The focus then shifts to the relatively smaller group of non-II neurons created after tECDSA’s launch, a fraction of which might be canister-controlled. Here, the case seems less clear-cut. We proposed a solution that includes a definitive cut-off point aligned with the approval of a motion proposal introducing the new scheme so that users do not have to adapt in retrospect.

Thank you @dx111 and @Seers. I agree that a temporary loss of voting power, in case of a transfer, would be an an elegant solution. It would disincentivise actual transfers, but spare regular users from needing to take any specific actions.

However, there are also ways to circumvent such a scheme. For instance, if verification focuses solely on changes to a neuron’s controller, one could establish a hierarchy where canister A controls canister B, which in turn controls a neuron. Consequently, selling canister A wouldn’t directly alter the neuron’s controller, effectively circumventing the intended safeguard. This could be further complicated by creating elaborate chains of control (“towers of canisters”) or by manipulating the canister through an API and then transferring API access.

If you have further thoughts on how to prevent such circumventions, then I would be very much interested to hear them.

True, existing non II neurons are non-transferable already.

However, existing non II neurons may want to transfer the controller of their neuron to a canister. Neuron holders may want to do this in order to upgrade their security to multisig rather than rely on seed phrases / encrypted PEM files which are difficult to manage, and subject to loss. Instead, using a canister they could then sign up for a service like Orbit. This will be possible to do if we let existing non II neurons have PoK. I do agree it shouldn’t be forced since there’s no requirement, and could create operational complexity if it’s unwanted, but adding this option would be tremendously valuable to those who want it.

You and @skilesare both make valid points that, unfortunately, would never see the light of day if a notable application running on the IC is suddenly made useless via a controversial NNS proposal. Developers and end users would lose confidence in the ecosystem. It’d be an issue of public relations.

You made a big financial decision based in part on a possibility of been able to exploit a "loophole " in the system … and now that this " loophole " might get harder to exploit you are complaining…
Those restrictions were there from genesis…they were there a year ago and they are still there today