You are viewing a single comment's thread from:

RE: Fact: Steemit Sybil Attacked the Steem Blockchain

in #steem5 years ago

Your views are interesting. I guess I'm just an extremist when it comes down to language. I agree he managed to optimize his 'effective power' if you count it in # of blocks mined, and he earns STEEM by mining blocks.

But, it's important to remember that we have no way to verify identity on a decentralized network. It's all based on human judgement. Justin did 20 very obvious puppet accounts, using chinese numerology, because he isn't too bright. He could have used his employees names / pictures to open semi-legit nodes that he still would have controlled (like he does on TRON). Who is to say that there is/was always really 20 real node owners in the steem top 20? Maybe WitnessX is secretly controlled by WitnessY, it's impossible to prove currently because of the inavailability of a working decentralized identity tech.

That's why I won't change my definition of sybil-attack, otherwise all current systems are not sybil-resistant and the term becomes useless.

Sort:  

Maybe WitnessX is secretly controlled by WitnessY

And you wouldn't consider that a form of Sybil attack? To me, that's the very definition of it, and it's not a matter of scale which determines the identity.

IMO, very few systems (if any) are sybil-resistant. Some are wide open to it, and some have some protections which can still be bypassed under extreme or unusual circumstances. Maybe it's better to release a false assumption than to claim this wasn't a sybil attack. The term, to me, is still very useful, regardless of scale employed because the identifying characteristic of a pseudonymous identity is the problem. We want distributed, decentralized systems, not centralized systems pretending to be otherwise.

I don't see the point of saying that STEEM got sybil attacked. It doesn't play in STEEM's favor, even though it's not really the case. You don't need 65M steem to execute a sybil attack xD

But basically, you think it's better to ask everyone's passports like voice so we could be 'more sybil resistant'? Or reduce the number of max witness votes to 1?

The point is if it got Sybil attacked, we have to improve how we validate witnesses as actually being individual entities. To launch as successful Sybil attack (to date), apparently you do.

No, I don't think "everybody" but maybe some type of advanced reputation system for witnesses that have some kind mechanism for determining the likelihood that the witnesses are individually controlled or part of a sybil attempt.

I've been thinking about some of this stuff for a while: https://twitter.com/lukestokes/status/1236697082653822978

I don't know if 1t1v or max votes of 1 is the answer, but I hope something is better than what we have now.

I agree @lukestokes , this will help to brainstorm different ways to avoid this situation in the future. Perhaps placing an obligatory restriction that witnesses could not be created on same datacenters, same servers, etc.

Perhaps a rule on the smart contract similar to PROSPECTORS Gold game that their is like a police. So, when someone makes an attack like this one or similar types, all the stake being powered up is frozen for lets say 1 year, or even according to the type of attacks, it gets frozen more or less amount of time. Your thoughts?