Review the security issues of ICP - proposal 54831

I am not a security expert but would be very interested to know more about @ysyms proposal 54831?

Well, NNS really cannot modify the private key, but NNS can modify the II"s seed phrase and delete the II"s login device, you can learn more information through this post: [My NNS has been stolen, Please help me](https: My NNS has been stolen,Please help me)
In addition, the law cannot protect the blockchain. At present, DFINITY certainly has no motivation to attack IC, but no one can guarantee that the neurons of DFINITY and ICA will not be attacked.
The entire IC is built on trust in DFINITY and ICA neurons, and attackers can destroy the entire network as long as they control these two neurons.

Chain key cryptography, threshold ECDSA signatures, @#%&… are all being controlled by this bad NNS. This leads to the fact that the actual security of the entire chain is not as good as a multi-signature wallet. The current design of NNS requires everyone to trust DFINITY and future development organizations, how can it be safe? No one is accusing ICP of centralization, it is just a fact.

Any explanations or comments are welcome. I am really interested to learn more about this.

I’m afraid that NNS proposal has now become a very effective way of spreading disinformation about IC itself.

It is true that foundation’s neuron has large following, but anyone is free to change that following. So why don’t everybody act now to unfollow the foundation’s 2 neurons? That way NNS is saved from mis-management of foundation. So this claim “The entire IC is built on trust in DFINITY and ICA neurons” is false. It is not built that way, and it can be changed today by people’s action.

If this proposer really cares about decentralization, why not call for action to unfollow the foundation? But instead all this guy does is laying baseless accusations and enjoying the spotlight on the stage while he still can.

Maybe someone from the foundation can speak on how they manage their 2 neurons. But it is very childish to make claims such as " the actual security of the entire chain is not as good as a multi-signature wallet".

2 Likes

The voting power of DFINITY is derived from everyone who chose to vote the same way DFINITY does. They gain no benefit from doing so as opposed to voting any other way including their own; there is no ‘lock-in’ effect that the word centralization implies. A way in which the people who participate in the NNS behave is being presented as a fault of the NNS; it could not be closer to the opposite, as if you disagree with it, you can participate yourself and stake some ICP behind your disagreement.

To quote the thread you’re referring to (and to link it for discussion participants, as you didn’t):

This is the part I am most concern. Was not really the vote. Sorry, i should have been more precise

By the way, the goal of this thread is not to spread FUD or talk negative against anyone, neither the spammer. I (and probably many others) are interested to know more aout the security, especially the NNS access. And if there is an apparent issue, is there a way to make it better.
I hope to read that it is absolutely impossible for anyone to delete or change your seed phrase and delete your device other than me. This is my part of concern.