It’s not clear to me how decentralized the Incognito project is at the moment. The intention of this topic is to summarize the current state of decentralization, I’ll update it once I learn more.
Component
Design*
Operation*
Comment
Network
Full nodes can mirror the blockchain data, but only the Incognito team can create new blocks.
Bridges
Incognito team has exclusive access to all funds in the network.
pDEX
**
Trades can be created by anyone on any full node.
Mobile App
**
Only operates with the official network node. Awaiting instructions on how to host your own App node.
Web Wallet
In development.
Web DEX
In development.
Governance
*) Decentralized design and operation. **) Built on a centralized blockchain.
The main question on my mind is; if you turn off all of the Incognito-operated servers today (nodes, web, bridges, everything!). In how deep shit are we (and our funds) in?
I want to ask the Incognito team (@alias) a series of questions to start this topic off.
Network
The network is run centralized today, is it decentralized by design?
You have previously talked about the fixed nodes filling the role of block proposers. If you turn off the 22 fixed nodes today, what will happen to the network? Update:The network will stop producing blocks.
Bridges
If you turn off the public bridges today, does unshielding stop, or are there already redundancies?
How can I set up my own bridge to convert pBTC back to BTC?
Wallet
This is basically the iOS and Android App today, and they are not decentralized. Android could be, but Apple will always control iOS.
Is there a plan to allow you to choose to run the Incognito App directly with your own full node? If so, why not now already?
Will the web wallet be centralized or a browser extension designed to run without official incognito servers?
pDEX
In my view, what users see and use today is a CEX built on a decentralized protocol.
Will the web DEX be the first real pDEX? Update: No, you can actually already create trades directly on your full node, with incognito-cli for example.
You have previously talked about the fixed nodes filling the role of block proposers. If you turn off the 22 fixed nodes today, what will happen to the network?
The network will stop producing blocks.
We are increasing the validators from the community. When the dynamic committee size feature is deployed, and committee size reaches 48 members or more, we achieve this goal: “We get a world where, block production is centralized, block validation is trustless and highly decentralized, and censorship is still prevented.” by Viatlik at https://vitalik.ca/general/2021/12/06/endgame.html.
In the final step, we have to decentralize the block production. We are studying to use PoA or similar protocols to achieve this goal.
There’s a distinction between being centralized by operation because you only have a few players, and be centralized by design where no one can take over the role. The latter is a single-point of failure.
If you have a network or power outage at your datacenter, everything stops? If your system has been compromised, the whole network is taken down for days until it’s fixed?
I understand the security implications. You don’t want bad actors ready to take over and corrupt the chain the moment fixed nodes fails. But “all eggs in one basket” comes to mind.
On the incognito.org/infrastructure page it says that Incognito is a decentralized blockchain. Please remove this, it’s dishonest and misleading.
Which takes me to my next concern, the ownership, operation and security of the bridges. If I’m getting this correct, the trustless non-custodial bridges uses a multisig wallet where the private keys are split between seven fixed Incognito owned and operated beacon validators? This means that the Incognito team have the only and exclusive access to the underlying shielded assets? How can these assets be recovered if your datacenter burns down? If your government seizes all your servers? If one of your team members have sticky fingers?
Yes, which is kind of the point of this topic in the first place, to map what is what. With the word “decentralized” and “DEX” thrown around, I must admit I thought we had come a bit further.
I like that there is no reference to the term DEX anymore on the website. But it does still tell me it is a decentralized blockchain.
If you have a network or power outage at your datacenter, everything stops? If your system has been compromised, the whole network is taken down for days until it’s fixed?
If fixed nodes are hosted on 5 data centers. Assume that a data center crashes 1 day per year. So the probability that all data centers shut down on the same day is 1/(365^4), which is negligible.
On the incognito.org/infrastructure page it says that Incognito is a decentralized blockchain. Please remove this, it’s dishonest and misleading.
Bitcoin protocol, Incognito protocol or some other blockchain protocols are designed as a decentralized protocol. However, the degree of decentralization depends not only on the protocol, but mainly on the participants who are operating, and using the chain.
If each fixed node (proposer) in the Incognito chain is run by a single organization, that is decentralization. Similar to the bitcoin chain, if there is only one majority mining pool, it’s centralized. Fortunately, it has 7 main mining pools as of now.
Imo, the decentralization of the incognito chain is only a matter of time.
Ok, 5 geographically separated data centers operated by different organizations is a good start, then we can rule out power and network outages. But I bet there is at least one person on your team that has access to the information on how to sign on to all 5 data centers?
Yes, I understand there are different ways to decentralize. Most traditional blockchains are decentralized by design where any and everyone can fulfill the roles. If 1/3 of the main Bitcoin mining pools disappears, the chain continues with whoever is left.
If I understand the end goal of Incognito, it’s to decentralize by the power of authority. Where eventually the fixed nodes are owned and operated by different isolated organizations? If 1/3 of the fixed nodes (authority) disappears, the community cannot fill the role and the system stops.
I’m not saying it’s wrong. I just want to point out the difference.
Yes, this is my point exactly, it’s been a matter of time since 2019. But we’re not there, and you shouldn’t claim it is a decentralized blockchain.
The PayPal network is distributed over 4000+ servers in locations all over the world, it doesn’t make it decentralized. But maybe we have different definitions?
If you look at it, the decentralization of the blockchain is not even on the 2022 roadmap. What’s on the road map is giving validators a say in the verification of blocks that Incognito creates. But please bear in mind that:
Even after May the Incognito team holds 1/3 + 1 slots in every committee, giving it veto power.
The Beacon chain is 100% operated by the Incognito team.
This means that the public validators will only have the power to stop blocks from being added to the shards, they cannot create blocks or validate blocks on their own.
And I think you have been pretty clear here because you call it “transferring consensus to the community”.
Going further, as far as I understand, all bridges are owned and operated by the Incognito team as well? Almost two years ago one could read that.
Incognito takes a decentralized approach to custodianship; there are multiple custodians instead of one centralized authority like Bitgo or Coinbase Custody. Anyone can become a custodian by simply supplying a bond.
Is this true? How can I become a custodian?
I may sound very negative in my posts, but I’m just trying to straighten out what’s what and make sure that we’re not giving users the impression that the network is something it’s not. A lot of old posts from 2020 talks about decentralization, but from what I’ve seen, right now, the Incognito team holds the exclusive power and responsibility of all funds in the network. They are as safe as the weakest link within the team. Correct me if I’m wrong. I sure hope I am!
I would like to hear more about how the bridges are planned to be “decentralized” among other custodians. Bridges are in reality the ANCHOR of the whole network and when the network is global, I would want as many different anchors in as many different places on the globe as possible. I hear @fredlee’s point that a “decentralized” network is only as decentralized as every software link or layer is decentralized. I also hear developers points that there is no way to instantaneously get all of this up and running all at one time since each part/layer/mechanism has to be built out. Once a mechanism is built however like Portal V3, discussion of how that mechanism is planned (and incentivized) to be distributed and decentralized around the globe needs to take place.
There is always a kind of chicken and egg issue here. One groups says we need growth first in order to encourage a greater number of validators and custodians and another group says we need the infrastructure and all its links, layers and parts working as optimally as possible prior to growth or growth can’t happen. Of course, both must happen simultaneously in a balanced way and while that is happening (fredlee’s point is) we have to be very careful not to mis-describe where the project currently stands especially when there is a strong desire to use marketing (sometimes mis-leading marketing to) increase the number of users and validators.
Developers here and on many other networks have already been willing to describe “phases” of the whole project which is clearly on a PATH toward full decentralization which has not yet been achieved. But my point is: “decentralization” is not a binary proposition implying either one has it or one doesn’t. It is a scale or a series of phases which I suggest developers should use clearly. Level 1 Decentralization, Level 2 Decentralization, Level 3 Decentralization, Level 4 all the way up to FULL decentralization. Why not use some such scale to describe EACH part/layer/software link which give us all some more accurate basis for judging where the network as a whole (which is a bit more than the sum of the parts) stands on the scale of and stages on our way to Full Decentralization. Some discussion of this occurred here
but it needs to be extended to other parts of the network now like the custodian bridges/portals and beacon chain (shard validators slots have been discussed).
I would also like to note that it seems pretty clear from watching other networks and coins that building a community of users, validators, custodians, governance committees, etc is ALWAYS the far more challenging task than building the infrastructure and mechanisms. This more challenging task depends on transparency and extreme clarity of terms and descriptions as @fredlee is also implying, especially in this anonymous medium of forums and screen-mediated communication and realities.
I am willing to be patient with slow software development. I am not as willing to be patient with both consistent unintended mis-descriptions which at some point become intended deceptions all in the interest of the perceived good cause of marketing and growth.
Given the uphill battle privacy as a value has since most people are immediately suspicious of anyone advocating privacy, it would be wise for incognito to put a lot of effort into avoiding even the appearance of unintended mis-descriptions and a lot of effort into affirming the sterling values of transparency and clarity along with the central value of privacy. If the main value “privacy” gets associated with mis-descriptions, ambiguities and confusion, the whole project will remain marginal before it even gets a chance to scale with a global population which needs to see financial privacy connected and associated with the positive values of freedom, honesty, clarity and transparency of plan and purpose. As you all know the state controlled media networks in probably all countries around the world will continually be associating privacy with the opposite, namely money-launderers, tax-evaders and criminals (who of course will always exist and can be associated with any activity on the planet one wants to pick). This uphill battle of values incognito faces must always be kept in mind and more positive value associations with privacy must be affirmed in every way possible.
hi @fredlee and @socrates, thank you for taking the time to share your thoughts.
The ultimate goal of a blockchain is to transfer protocol design, source code development, and operation, i.e everything to the community. I think we are in agreement here.
The incognito chain is now in the early steps of transferring operation.
This I suppose is the beauty of Proof of Work.
To clarify this point - Incognito has 22 fixed proposer nodes; the chain can tolerate up to 20 failed proposers when the committee size is 64, or up to 15 failed proposers when committee size is 48.
Incognito will increase committee size to 48 in Q1 2022, from this point each produced block is the consensus between fixed proposers and validators.
We are currently also working on transferring fixed proposers to the community.
Anyone can build an app and run it using their own node. But re the first Incognito app – nodes serving it are somewhat different from fullnodes or validator nodes.
Data of a fullnode is raw and inappropriate for info (balances, rates, history, etc)/actions (transfer, trade, etc) on the app.
App nodes must be able to serve these requirements. They require more effort to operate, but we have been working on documentation and a script for anyone to get a app node up and running. Please bear with us.
@fredlee, @socrates, thank you for suggesting places where Incognito’s messaging could be more coherent with development status. We obviously agree that transparency is best. We will remove the word decentralized from the infrastructure page until the pieces are in place.
Sometimes, there may be more ‘phases’ than expected, as the project is a living thing. Personally, i feel labeling it numerically is somewhat arbitrary and could be problematic in terms of communication also. I do however understand your main point - it would be good to be able to clearly see where we’re at and what we’re working towards.
Based on your feedback, we will be creating on a more detailed post with statuses for each core element of the project. Thanks again.
@alias, can you help me remove some more from my first post?
Bridges
I’m a bit confused regarding the bridges in operation today. Old posts suggest there are custodian bridges where anyone can supply a bond smart contract. However, the latest post regarding the BTC bridge seems to reference v4 which can only be operated by the beacon nodes?
Mobile App
That’s great news! Good documentation and scripts are always welcome, but tbh if you can just point me to some technical wiki or README files, it’s good enough for me.
Web Wallet and DEX
Assuming this falls under the same as the mobile app. If I can clone the repository, run it locally and point it to my own node. That’s gold!
Governance
Is there a split organizational structure in place today, or is it basically Privacy Studios LLC 40+ (?) members that decide and operate everything? I haven’t seen an update on this since 2020 when you talked about moving responsibility and development to the community. What has changed? Can we get an updated “About the Incognito Team”? Don’t be afraid to share. Silence is scary!
from my first post?