RE: Soliciting feedback on pre-emptive methods to protect Hive against a malicious court order ...
You are viewing a single comment's thread:
Not just witnesses, but stakeholders can also be targeted. Let's say the top 20 witnesses AND the top 20 stakeholders are targeted, at the same time, in a sophisticated coordinated action. The rest of the network has to be able to keep the network running.
In a similar vein, datacenters or hosting companies can be targeted in an attempt to shut down or take over many nodes at once. This could end up including top 20 nodes as well as many other nodes. Again, the rest of the network has to be able to keep the network running.
A very sophisticated actor would study the system very well before making a move. They would identify the weakest spots. So they might go for all three vectors described above (witnesses, stakeholders, datacenters), at the same time. And in addition, they might launch a campaign to convince the public that the network is posing a great danger for reasons xyz, and present evidence and negative things that have happened because of the network's activities (some of which may be genuine challenges that the network is working on overcoming - not unsolvable problems). (Capabilities like censorship resistance and immutable content pose challenges and have to be handled carefully and socially responsibly, for sure.)
There are such sophisticated actors that have huge technical capacity and IT personnel at their disposal. See for example this hack on Google: Operation Aurora.
Excellent point. This potentiality certainly warrants analysis and consideration.
Regarding attacks on stakeholders, I think the biggest advantage will be having those stakeholders distributed amongst different jurisdictions. Of course we have no way to coordinate or effectuate that — it is what it is.
As far as hosting services taking nodes offline, having 400 active witnesses should ensure that the blockchain keeps functioning even if a widespread coordinated attack came along that vector.
True. However, even if such actors were able to pull off a wholesale takedown of the blockchain and all its witnesses, Hive can simply be reborn, like a Phoenix from the ashes, as long as at least one node, somewhere, has the pre-attack history of the blockchain stored on it.
It's not about targeting the top 20 stakeholders, but top stakeholders who together hold 51% of the voting power.
That's why I run at least one witness backup node on premise.
And as @trostparadox said, should they take Hive down, we would simply fork it and restart, as we already did.
There are diminishing returns potential to that last ditch mechanism, and I am certain all of us would prefer to prevent losing what resources in infrastructure, stake, and community are endemic to existential forks.
The PoS governance mechanism is entirely vulnerable to nothing more than stake. This was proved by the events that necessitated the creation of Hive. AFAIK, the only security Hive presently has from external stake successfully prosecuting such an attack by no more sophisticated means than buying stake is the 30 day moratorium on stake voting witnesses.
It is utterly facile to buy accounts or tokens through various and myriad cut outs available to state actors and deploy them after that 30 day moratorium has expired. Such stake based attacks could instantly replace a consensus and implement code. No hack required at all.
Absent implementing radical changes in governance, I don't see any route to security from such attack. Only basing governance on other metrics than stake are potentially competent to secure Hive from such vectors.
That is why I advocate promoting other values and deprecating stake. It's also obvious that extant stakeholders will not be willing to do so, and that such attacks represent golden parachute exit strategies to that demographic.