All blockchains have the same problem, on ethereum for example if 51% of nodes agree to set your account to 0 it will be erased and only historical data will remain, we could argue that most neurons follow the same neurons giving few ppl the power to do it in comparison with all the ethereum nodes but most eth nodes are farms managed by few ppl and the big majority just use exchange wallets so they could be lied easily so at the end I think it’s the same, we have to trust a small group of ppl who have the power to change stuff or get our own archival node
Hi @dralves. IIRC the NNS stakeholders adopted a proposal shortly after Genesis that created an “emergency mechanism” for node providers in the system subnet to upgrade the governance canister by submitting a proposal directly to the root canister. Do you know if these emergency proposals are being tracked on the dashboard alongside regular NNS proposals?
“My point is that unless you can show the hard proof (under reasonable assumptions, such as not all private keys of nodes are compromised) of the upgrade records are complete and verifiable, they cannot be trusted.”
I just want to point out that’s the meaning of trustless: paradoxically enough, trustless means you can have a reasonable expectation of trust. It does not mean you can naively believe everything anyone tells you (and that would really be more of a fantasy of bliss). Labeling it as a myth is very reminiscent of how blockchain itself is trivialized by many haters stating ‘decentralization is just a myth’.
Considering that blockchain is built on the idea of the validation of consensus, perhaps it would make it easier to understand the reality of what trustless means if we had more ways to represent how to quantify it. I’d argue a more accurate way of describing it would be as a theory or hypothesis, with each blockchain an experiment of its trustless implementation.
1 Like
Hum, good question. They could since the API is public (i.e. the query API is unauthenticated), but I don’t think they are (maybe because none was ever submitted 
) I’ll ask internally.
2 Likes
this issue is not just for the NNS, but basically all of the IC, there are two levels at which the verification must happen:
- Verifying the source code of the replica
- Verifying the canister smart contract WASM
for the second part, we have created Cover which allows you to verify that a canister running on the IC, has indeed come from the source code it claims.
but verifying the first one is something I am not personally knowledgeable about. It would be good for IC to have a similar public tool allowing any third party to do reproducible builds of the replica binary and be able to verify that it is indeed the same one that’s being executed by the node operators.