Upcoming proposal and discussion on content moderation

So the battle plan would be?
Let authorities pull the plug on DC/nodes, because they don’t care if you consider yourself to be a protocol?

1 Like

Question is whose penny. :wink: Perhaps the penny of those who continuously fail to comprehend the fundamental difference between transport (protocol) and storage (server)?

You may argue that a protocol can be agnostic to the content it transports (although even that is debatable), but storing data to make it publicly accessible (no matter how obscured) is a different game. The IC is not just a transport protocol, it’s designed to store large amounts of data, served by its nodes. And legal authorities routinely go after other servers serving illegal content in other networks (be it web, bittorrent, etc). And sometimes rightfully so, I may add.


I feel like I’m going crazy here as I’m corresponding with actual protocol devs but can anyone else here correct me if I’m wrong:

  1. The IC is a protocol for securing data in a decentralised fashion via cryptography and economic incentives.

  2. Nodes that join the protocol provide storage services and play by protocol rules.

If you want to make the NNS responsible for data, then 1. ultimately doesn’t matter as The NNS decides. There are huge legal ramifications for this desire.

1 Like

In that case, the IC isn’t and doesn’t. And by extension (in your black and white view of the world) it will never be and never be able to. Because apparently a protocol with the explicitly built in ability to evolve over time will specifically not do so. For reasons.

There is absolutely nothing in the IC Protocol specification that prevents CP. You could (modulo having to rewrite some of the crypto code, which IIUC is under a slightly more restrictive license) have an IC clone entirely dedicated to CP with zero other changes to the code.

There are significant differences between (1) HTTP, (2) Ethereum and (3) the IC. HTTP is essentially a wire protocol: these are the bytes you (as an entirely independent client) need to send to an (entirely indepentend) HTTP server to get a well-formatted response that is other than a closed connection or HTTP 400. Ethereum OTOH is a network, with a state. It’s not like I can set up an independent Ethereum network clone on my laptop and have it interact with the public Ethereum network in any meaningful way. The reason why it’s censorship resistant (by your definition) is (leaving aside the costs and the fact that it would be totally impractical to attempt copyright infringement via Ethereum) that there are thousands of identical anonymous nodes a majority of which couldn’t be convinced to give a damn about copyright infingement until they were systematically taken off the internet by law enforcement. And law enforcement doesn’t give a damn about taking down content from a network able to store GB of data (some of which may or may not be the record of an illegal financial transaction between what may or may not be shady parties).

The IC OTOH makes the attempt to provide a complete platform (not a decentralized ledger plus 10-line scripts; or a vaguely anonymized, distributed file system) that is powerful and cost efficient. So by necessity it cannot run on 10 year old hardware sitting in someone’s basement (not in any way that would make it meaningfully different from the above); and it cannot replicate state across thousands of machines (without becoming Ethereum with HTTP support).

You can accept this or not, but your acceptance doesn’t change anything about it.


I will point out again that there is no material difference between Ethereum limited to running on tens of publicly identified machines and the NNS with only node providers given voting rights. Or between Ethereum as is and an alternate reality IC consisting of a single subnet replicated across thousands of anonymous nodes. I.e. the difference does not lie in the protocol.

I very well understand the goal of The IC to serve things the other blockchains can’t.

The problem is tokenised open Web 3.0 dApps - the things Dominic keeps shouting from the rooftops The IC was specifically built for - aren’t viable on a protocol with active governance of a ledger by humans. This is especially the case for governance by financial interests. States will absolutely not allow this.

So if we’re in a situation where the IC can’t work without governance yet also can’t work with governance then I ask the question do we have a viable project here? How is it going to work?

1 Like

Yeah if this content was a payment to a terrorist org I’m pretty sure they’d give a much bigger damn about it than copyright infringment.

Like if DeFi and Web 3.0 were possible on human governed ledgers it’d exist on AWS. There’d be no need for all the computational overhead, cryptography and economic incentives.

Right. Because everyone would rather hand over control to one CEO rather than a large group of people, or in your worst case, a group of competing nation states.

The CEO is answerable to shareholders. There’s literally no difference. This is especially the case when governance load would require delegation or devolution.

The point is moot anyway. Everyone won’t be allowed to hand over control to a group of people. Governments are well aware of the history of finance and won’t sit back and stay out of an impending disaster zone just because people quote new jargon at them to tell them “this time is different”.

Yet there is nothing to stop him/her from making unilateral decisions. Just because there could be repercussions does not negate the fact that control lies with one individual.

1 Like

I will say again that I am very much convinced by the argument that any amount of moderation is an open invitation for censorship. And (maybe, although this is a bit of a stretch for me) that in an ideal world there would be no way to moderate content on the IC.

I’m just not convinced by taking those argument to the extreme, via claims that other networks can avoid moderation just fine, so (skipping a bunch of steps) the IC must also do it. Now.

On the one hand, as @rossberg has pointed out, there are significant differences between transport protocols and physical networks, with associated states. On the other hand, there is functionality that still needs to be implemented before we can meaningfully talk about taking any stance other than following the law to the letter. And on the other other hand (or third, if you’re keeping count) I am personally still not convinced (although I would be happy to be proven wrong) that a network with the stated goals of the IC (performance and efficiency) can ever practically take a stance as radical as you are arguing for (because of the structure of the network required to make it fast and efficient).

So you have convinced me inasmuch as I honestly believe we should aim to get closer and closer to a state where the NNS doesn’t need to intervene in any way in content moderation. Or change the state of the network. But partly because of where we stand now and partly because the IC is an incredibly complex beast as compared to literally anything else out there, I don’t see how a hands-off approach could possibly work at all. If, as @LightningLad91 above pointed out, something goes south (and there are many ways in which it can and does right now) there is a big need for something like the NNS.

Looking at it from a different perspective, no one is going to take seriously a platform with continuous hour and day-long outages due to the fact that node operators USB drives in hand need to be involved in addressing each and every one of them. (Nor do I, as I’ve already said, see this to be materially different or in any way better than doing the same via the NNS.)


Yes my point is the difference is the governance structures and the incentives they create.

As others have highlighted there are several dimensions to this issue.

While a quick and pragmatic canister removal proposal would function as a short term solution this will have long term effects on the way courts handle node operators and perceive the IC as a whole.

Unfortunately legislators are for the most part responsive and wait for an issue to arise as we saw with the Old & Uber judgments. Let us not make the same mistake, this conversation is long overdue. Otherwise we give room to lots of speculation on the direction democracy and regulation will take within the IC.

In a sense it boils down to “who gets to” and “how” do we define the regulatory framework.

Echoing others, Node providers should benefit from the utmost legal protection. Prevention of their access to info of the cannisters they are hosting would aid in this, but I’m uncertain of the degree to which this can be done with 100% accuracy. Government should never be able to force the hand of a node provider or we’re back to square one.

Similarly our governance system should function as a sieve where greater actions and decisions are only required if the previous protections failed to apply. Before strictly defining what cannot be, we should take the time to suggest what content is encouraged.

A barebones version could look like this:

  • Creation of any canister requires acknowledgement from the controller that “The intent of this canister is to serve as a useful tool or service which will benefit the greater community in at least one of many ways. I.e a)Social interaction b) entertainment c) building and creativity d) problem solving

  • Canister controller is notified directly and given healthy timeframe to delete / remove contents related to claim

  • A random sample of the community (with voter reputation not token amount!) is invited to serve as a “jury” where the claim made is compared to the canister in question. Strong majority could execute a canister removal motion.

  • Canister controllers are given the opportunity to appeal the jury decision but must demonstrate substantial staking power to do so. As this greater appeal will take more time and attention from the community, those involved should be rewarded. An independent liquidity pool or the appellant will be the source of funds depending on the outcome. (Losing a case is always expensive there is currently no way around it)

The SNS may very much play a role further down the line before the “random sample” is called into question. Ultimately no matter the framework there will be quirks but it is crucial we lay the grounds now before we are blindsided by the next regulation/moderation case.

1 Like

2/3 should do the job. I think this would be a good step.

1 Like

When it comes to discussion of changing the definition of Simple Majority and Absolute Majority for certain types of governance proposals, I think it is necessary to clarify if we are talking about majority of votes cast or majority of total voting power. Simple Majority is defined in terms of votes cast, but Absolute Majority is defined in terms of total voting power.

It is already exceedingly difficult to achieve Absolute Majority unless DF and ICA vote and they have recently proposed a motion (NNS Proposal ID 34485 (internetcomputer.org)) to remove their default followee status for governance proposal. That proposal passed yesterday (Dec 15, 2021). Hence, it should soon be a very high bar to pass a governance proposal by Absolute Majority.

DF and ICA are free to abstain from governance votes and they will likely do that on many proposals that they believe is a conflict of interest or inappropriate for them to vote. If you look at the voting records for the last month or more, they have routinely abstained from voting on governance proposals. Any vote that is not cast is effectively a vote to Reject based on the definition of Absolute Majority. Hence, the votes to Adopt already have a higher bar than the votes to Reject simply due to the definition of Absolute Majority and the fact that everyone will not vote, even on really important proposals.

Looking at the voting history, the proposals that received the highest total votes that were not decided by liquid democracy (in other words, DF and ICA did not vote) were the people party proposal and the cannister safe upgrade proposal with 47.5M and 47.9M votes, respectively. These have been the most popular votes so far and this only amounts to 15% of total voting power that cast their votes. Hence, it is already exceedingly difficult to pass a governance proposal by Absolute Majority.

I personally do not see a need to change the definition of Adopt or Reject at all on any type of proposal. I like the fact that Simple Majority has a 3% minimum threshold of total voting power that must be met and there is a wait for quiet mechanism. I think this is sufficient to decide any proposal. To me the bigger question is whether or not certain types of proposals should be voted at all such as cannister removal. I’m still on the fence about it.

Anyway, I think it is important to clearly define what is meant when talking about changing voting definitions. It is unlikely that 100% of total voting power will vote on governance proposals in the future, so that might require recalibration of our thought process.


Excellent point about simple majority vs absolute majority. I was thinking the potential new thresholds would be with regards to simple majority.


The more costly it is to remove content the least effective it is.
The least costly it is to remove content the most centralized it is.


You keep insisting on comparing the IC with glorified file sharing schemes. They are not at all similar. Even if you use pretty pictures to make your point.

Yes, the IC can store and serve static content. But it also does A LOT more. And node operators don’t have any choice regarding what runs on their nodes. Nor can that content be arbitrarily moved around as is the case with file sharing (i.e. you can’t remove a canister from one node on a subnet and have it run on the others).

Also, as a node provider with servers running in a third party’s data center, you really-really don’t have the “node keeps forwarding infringing content” option. There is no legal pursuit, your servers just get unplugged. Very anticlimactic.

To simplify your colorful chart a bit, this is how it works with IC nodes:

           Someone uploads infringing content
                            + <------------------------------------+
                            v                                      |
                 Node gets legal notice                            |
                            |                                      |
                            v                                      |
        Node cannot take down infringing content                   |
                            |                                      |
                            v                                      |
       Node cannot keep hosting infringing content                 |
                            |                                      |
                            v                                      |
            Node operator submits NNS proposal                     |
                            |                                      |
                  +-------------------+                            |
                  v                   v                            |
         Canister removed    Canister not removed                  |
                                      |                            |
                                      v                            |
                            Node is unplugged by DC                |
                                      |                            |
                                      v                            |
                   Copyright owner identifies other subnet node    |
                                      |                            |

I hope that’s clear enough even if it’s not (in either sense) a pretty picture.


I didn’t think my chart was that pretty but thanks.

Elaborate, what else does the IC does that is legally relevant?

In the case of the IC “node” would be “boundary node,” their decentralization would render em legally autonomous. Added to that, some technical solution to make storage node operators unliable would be implemented, which would be what concerns your comment.

This is being discussed here so please come over and ask about any real issues you may find with that solution, Harrison and Jordan are way smarter than me and I’m sure will be able to respond far better than I can.

As a side note, consider approaching ideas with a bit more charitability, if you want to keep engaging with me at least. Instead of saying “this can’t be done, you’re stupid and the IC is too complex for your solutions,” ask yourself how a solution could be implemented, what the relevant abstractions in the idea are, etc. And we may both benefit from it.