[tor-dev] [dappy] Willing to chat with tor devs, about name system issues/solutions
yanmaani at cock.li
yanmaani at cock.li
Thu Mar 24 04:50:01 UTC 2022
Reply inline:
On 2021-12-24 14:38, Raphaël Fabre wrote:
> We are the only name system in the world that does co-resolution,
> that's the way we found to maintain a consistent name system, and also
> avoid censorship and phishing.
>
> Our system has the following properties:
>
> - blockchain-based name system: it simply means that mapping is
> globally consistent, name management is distributed in the sense that
> a blockchain handles it, the resolver just connect to this blockchain.
1) What is the purpose of trusting a "network of independant companies"?
2) What if these companies collude to censor you?
3) If you can trust them, why do you need a blockchain? For trusted
groups, there's much simpler K-of-M systems to just distribute a SQL
database.
> - Systematic co-resolution (not rotation): lookup request are always
> addressed to a network of independant agents: there are many instead
> of a single one.
4) How does this compare to existing systems?
5) By your definition, do other blockchain-based systems fail to support
"co-resolution"? By my understanding, Electrum for Bitcoin uses a
similar algorithm, but with better security guarantees.
> And then there is consensus at browser level. This
> prevents 90% of attacks or attempt of censorship/phishing.
6) What is "consensus as browser level"?
7) How can the same system prevent both censorship and phishing?
Phishing consists in having a domain which is subjectively "wrong" by
human standards (e.g. "goggle.com" instead of "google.com"), whereas
censorship consists in blocking a domain that people voluntarily want to
access. It seems to me that whatever system is used to implement the
former can also be misused to achieve the latter.
8) What is meant by "90% of attacks," and what are the remaining 10%?
> - Anonymous registrations
9) Are these registrations anonymous (e.g. Monero), or merely
psuedonymous (e.g. Bitcoin)? Are two "anonymous" registrations by the
same entity linkable?
10) Is there a mechanism to anonymously obtain the crypto-token used for
registering the name?
> - Load-balancing of names: you can attach 20 IP addresses to your
> name, dappy browser will try each one of them until it gets a
> response.
11) How does this differ from existing systems, such as the DNS?
> - 100% encrypted/https
12) Is this a feature of the naming system?
> Censorship cannot happen, neither at the storage location (blockchain)
> or on-the-fly at resolution time (co-resolution)
I am also curious about the following passages from your website:
Re: "The companies that secure the dappy name system"
(<https://dappy.tech/>)
13) Does this imply that I need trust "pathrocknetwork" et al to be a
good, honest, etc service provider? If so, what reason do I have for
doing so, and what reason does the system have for requiring me to do
so?
Re: "You don’t need to trust us, the trust is distributed in a network
of independant companies" (ibid)
14) One of the companies listed under the previous heading is "FABCO".
Are they independent?
15) Do the other two companies received any financial compensation from
anyone in consideration of their participation? If so, does this affect
their impartiality or independence?
Re: "Please read the license file. It is based on Metatask extension
license and limits commercial/for-profit usage to 5.000 users."
(<https://github.com/fabcotech/dappy>)
16) Is this an open-source license?
Re:
https://github.com/fabcotech/dappy-lookup/blob/master/src/dappyNetworks.ts
17) There appears to be only one hardcoded resolver for each network in
this file. What's going on here?
Re: "This page focuses on the ideas that make dappy different from
current legacy systems as well as blockchain-based competitors."
(<https://dappy.tech/ideas-and-breakthroughs/>)
18) To which blockchain-based competitors are you comparing? I believe
that all of these except "CSP at the name system level" have been done
before by various projects.
Re: "By doing a multi-request instead of a unique client-server request,
a client is able to read from a public database that he does not have
locally (the state of a blockchain), without having to trust any single
entity." (<https://fabco.gitbook.io/dappy-spec/glossary/multi-request>)
19) How does this compare to existing solutions, such as Merkle tree
inclusion checks, which can trustlessly give verifiable answers in a
single query given the latest block hash?
20) If all the nodes queried collude to lie, can this be detected?
Re: "Partial token offering, and whitepaper release (January 2022)"
21) Where can I find the whitepaper?
Re: "The general documentation consists in two document, the protocol
overview page on dappy.tech that can be seen as a light white paper, and
the general documentation on gitbook, that is technically more
concrete."
22) Where is the protocol overview page?
23) Where is the concrete documentation on gitbook? The "Dappy protocol"
page (<https://fabco.gitbook.io/dappy-spec/glossary/dappy-protocol>)
says: "The Dappy protocol is right now a very generic term because it
has not been standardized in any way."
In conclusion, I am very bothered by this, because it is much too vague
for me to be able to analyze it properly. The provided documentation
fails to answer the most obvious questions that come to mind:
- Who decides who owns a name?
- How much does it cost to register a name?
- Once registered, for how long does it last until you have to renew it?
- If you own a name, can it be taken from you?
- Is it possible to change these rules, and if so, by whose consent?
- How does this compare to previous efforts, in terms of quality of
implementation and in terms of what trade-offs and design decisions are
made?
It saddens me, because, from reading your website, it appears as if you
have a financial incentive in promoting this project ("To fund the
growth of the team dappy is releasing 20% of the Utility Tokens that
will govern the platform"). It seems like the existence of such
incentives would also be a powerful motivator to re-invent wheels, while
denying that any prior art has ever existed in the past.
This leads to an unfortunate situation where, as Drew DeVault put it
(<https://drewdevault.com/2021/04/26/Cryptocurrency-is-a-disaster.html>),
"developers are no longer trying to convince you to use their software
because it’s good, but because they think that if they can convince you
it will make them rich".
The proliferation of such projects reduces overall trust in society,
with the end result that people stop engaging with new ideas that are
presented to them, in much the same way as how telemarketing has
resulted in a decrease in the willingness to answer phone calls from
strangers.
(This is, of course, only true if the ideas are bad.)
Best,
Yanmaani
P.S.:
> Happy to chat
> Merry Christmas
>
> Raphaël Fabre
Better late than never, but it's unfortunate that the message took so
long to be delivered. I think it causes problems in terms of maintaining
a discussion if the delay is months long, but it might just be a problem
on my end.
More information about the tor-dev
mailing list