Given that proposal 135626 links directly to this thread which I started, I feel the need to clarify that this proposal was not submitted by me. The proposing neuron has a huuuuge stake, and has been around since 2021.
I’m glad to see whales taking an active role in due diligence, and recognising the severity of this sort of issue. I think this topic needs to be brought into focus. @geeta23, @tina23, @paul23 have so far declined to comment on their relationship to one another:
All 3 of these individuals have pretty much identical onboarding statements, and a clear convention in their account name, as well as node machine hosting similarities. When questioned about this, there’s a lack of honesty/transparency - “I just chose some username”…
Based on what I can find, I think it’s very likely that Geeta is George Bassadone’s wife (both are node providers). GeoNodes (another node provider entity) is basically a business alias for Tina and George. Tina and Paul (another node provider and prospective node provider) are close colleagues from Goldman Sachs. Unclear how many other business fronts there are. I strongly suspect there are other node providers involved that aren’t as obvious, and I think the problem is getting worse.
NPs are springing up with non-disclosure agreements that prevent them from disclosing the agreement between them and another node provider that gave them the nodes. In other cases new providers are declining to comment on the details about how they acquired their nodes. Despite this, proposal reviewers have been happy to adopt. We desperately need a better system, and more due diligence.
Node Provider Working groups, in my opinion, are not the forum for addressing this problem. What motivation do NPs have for making their lives harder, increasing the penalties that could be levied against them in the future? Also, given that I’m so far one of the few people who’s been vocal about this, I can’t imagine having much fun in one of these working groups. It also takes place during working hours for me, so it’s not really an option.
Are you able to provide an update with how it went @maria? @louisevelayo has already been asked almost a week ago…
Given that we know that there are Node Providers out there that are literally business fronts for other pre-existing Node Providers, we know that Node Providers are not at all required to be independent in order to convince the NNS to onboard them, yet that’s exactly what Node Providers are supposed to and need to be. It’s a foundational assumption that the IC Target Topology is based on.
Yet there are DFINITY representatives saying things like this…
If you think this is a problem that will disappear as the IC scales, you’re mistaken. It can only get worse. As the number of node providers grows, the sybiling fraction that slip through the net become a larger portion relative to the size of individual subnets (which have as few as 13 nodes). As described here, it would be relatively easy to nudge those nodes into the same subnet and seize control.
I would suggest that we urgently need an initiative that does the following things:
- Node Provider consolidation
- Node Providers that have multiplied their presence on the IC under multiple NP entities should be collapsed into a single Node Provider (note that this does not require a change to the businesses, just how they’re represented on the IC)
- Node Provider full-disclosure
- All Node Providers should be required to publish details that describe how they acquired their nodes, who from, for how much, and which other Node Providers they have a close relationship with (this aspect needs a rigorous definition to capture nuance and edge cases).
- A Clear Statement of Intent for Punishment
- One that’s blessed by a motion, which makes it clear that if at any point in the future any of the above statements that have been published by Node Providers are found to have been lies or objectively inaccurate, they will be off-boarded. By itself this isn’t really enough. We need proof-of-stake, and the threat of that stake being confiscated/slashed. Node machines themselves are not a stake, unless the NNS is able to revoke an NPs custody of the machine (in my opinion this would be ideal).
- Periodic Physical Audits (a solid plan that these will begin taking place in the future)
- This is how NPs will be held to account, and the knowledge that this will take place in the future should be sufficient to encourage NPs to fully disclose their details honestly now.
Perhaps the above points can be fleshed out and put to a motion?