How to ensure the Frequency blockchain "can't be evil"?

How will Project Liberty ensure that the Frequency blockchain “can’t be evil”?

Thank you for your work on Project Liberty and DSNP. I have taken the time to read as much as I can here about your architecture and plans and appreciate your thoughtful approach and good intentions.

My question is about ownership and control of the “stack,” extending down to the level of the supporting Frequency blockchain:

• How are the interests of those owning and controlling the underlying infrastructure aligned or not with the interest of the DSNP users over time?
• Who will own and control the Frequency blockchain? What is the concentration of this ownership and how might the interests of the owners diverge from that of the users over time?
• What is the ownership and control structure of the underlying Polkadot chain, and how could the interest of the Polkadot owners diverge from those of Frequency and users of applications built on top of the DSNP protocol?
• Is there a chance for censorship or exploitation at the underlying chain level even if DSNP is perfectly designed?
• Is there a chance for cultural divergence of the owners from some categories of future users (e.g. developed world owners vs developing world users) that would likely lead to ignorance or neglect of these future users needs and desires, and therefore produce design choices that do not ensure liberty for them?
• Will it be possible for users to fork the underlying blockchain if they deem it necessary, without undermining the DSNP applications running on top (e.g. without fragmenting the user base or social graph)?
• Is it possibly necessary for the blockchain to be cooperatively owned and controlled by the users themselves in order to properly and permanently align the interests of the owners with the users?

For example, I know many people in Africa are concerned about Facebook’s plans to build a fiber internet ring around that continent. (Reference: Google and Meta’s underwater cables up the stakes on internet control - Rest of World) Is this a project that is safe and empowering for African citizens or not? The potential for good through increased connectivity is clear. But the potential to be evil, either intentionally or unintentionally seems high in a project not owned and controlled by the end users.

Would DSNP be able to proclaim that it “can’t be evil” when deployed over privately owned and controlled infrastructure like this?

Cybersecurity professionals talk about “threat vectors” that must be considered to protect critical infrastructure from hackers, etc.

Is there a conversation at Project Liberty about identifying and protecting against “threat vectors” targeting liberty itself? Where can the essential infrastructure be pinched, controlled or misdirected in such a way that it could be used for “evil” (e.g. censorship or propaganda)?

There is a concept coined by Hannah Arendt, “the banality of evil” that is worth considering. Designing a new human infrastructure for everyone that “can’t be evil” is a high bar, and one I support, but I believe it requires taking these types of questions seriously. It is probably most important during initial design, but it will need ongoing attention as well, in the same way that cybersecurity cannot be guaranteed during the design phase only.

I look forward to learning more about how you have investigated and addressed these concerns so far, and helping with that ongoing effort if desired.

Thank you again.

Great questions! I’ll speak just to the questions about the Frequency side and I’ve asked @wes to add notes from the DSNP side.

How are the interests of those owning and controlling the underlying infrastructure aligned or not with the interest of the DSNP users over time?

The interests of any blockchain (not just Frequency) is about being used and providing value. Frequency has a structure that builds collaboration between those transacting on it. The post about Frequency Economics and Capacity goes into a bit more detail on that.

As a general system, the alignment of the decentralized system of Frequency is that of those using it. While nothing of course can guarantee that an upgradable decentralized system is completely immune from drifting and changing (in fact that it is flexible to meet new challenges is important), the decentralization and disinterest (as a system) is key to maintaining that alignment. Should the uses of Frequency (such as DSNP) find it a poor choice in the future, that is a failure of the system to maintain value and utility and the individuals making up the decentrialized control should react by finding new alignment.

(A side note, if you don’t already know about it, you might find this interesting: Gödel's Loophole - Wikipedia which goes into the issue with any system that is completely “upgradable”)

Who will own and control the Frequency blockchain? What is the concentration of this ownership and how might the interests of the owners diverge from that of the users over time?

The goal is that it will be “fully decentralized.” There is a lot of question about what that means as it means different things to different people. My individual version of it is that no one person has a controlling interest. Currently the chain is controlled using a form of Polkadot Governance v1: Governance V1 · Polkadot Wiki That is just a starting point and I’m very curious to hear your or others thoughts on how to generally extend blockchain governance systems beyond merely tokens and systems such as this. (Soulbound tokens are an example, but still can only capture the interest of those directly participating. The delegation system that DSNP and Frequency use mean “coinless” users also exist and should be a part of the general decentralization and direction of the system).

What is the ownership and control structure of the underlying Polkadot chain, and how could the interest of the Polkadot owners diverge from those of Frequency and users of applications built on top of the DSNP protocol?

Polkadot uses a newer version of governance called OpenGov. You can learn more about it here: Polkadot OpenGov | The Pinnacle of Blockchain Governance | Polkadot

More generally, I would say Polkadot has two interest groups. Token Holders and Parachains. Again the utility of the Polkadot Relay chain is foremost.

This however is a (relatively) easy link to break. It takes a few modifications, but Frequency could run on its own without losing old data. It would of course lose the shared security that comes from the Relay chain model of Polkadot, but it is possible should it be needed.

Is there a chance for censorship or exploitation at the underlying chain level even if DSNP is perfectly designed?

The short answer is that it is difficult. It is theoretically possible (true in any system), but the best safeguard is to grow the decentralization. Already Frequency has outside Collators (the nodes that form the blocks), so to censor transactions is already difficult. It will only grow more difficult and expensive over time.

The possibility of a state level actor seeking to merely destroy with “unlimited” funds and bandwidth is always possible. The internet in general is only barely resilient to such attacks and that is as decentralized as the networks built on it can be.

Is there a chance for cultural divergence of the owners from some categories of future users (e.g. developed world owners vs developing world users) that would likely lead to ignorance or neglect of these future users needs and desires, and therefore produce design choices that do not ensure liberty for them?

I think this is mostly covered above, but it is always a problem in self-upgrading systems. There are interesting ideas in political theory about how best to represent the future and not just the present.

Will it be possible for users to fork the underlying blockchain if they deem it necessary, without undermining the DSNP applications running on top (e.g. without fragmenting the user base or social graph)?

Yes… but. Yes, that it is 100% possible. For development, we regularly spin up new versions of the network and “forks” of the network and data are also possible. The but is that unless everyone switched it would cause fragmentation. Splits in networks are hard to pull off. So while possible, I don’t want to be naive in the time, effort, and cost it would have to be successful. Ethereum vs Ethereum Classic is the best example of a successful fork in a blockchain as both continue to exist and the “fork” is actually the one that most think of as “original” (Ethereum is the fork that the majority followed)

Is it possibly necessary for the blockchain to be cooperatively owned and controlled by the users themselves in order to properly and permanently align the interests of the owners with the users?

I would say this is a part of full decentralization. At that point the distinction between “owner” and “user” breaks down and there is none.

The Frequency Capacity system is also setup such that the applications can receive Capacity from anyone. So it would be possible to have an application that receives its ability to transact with Capacity completely from its users.

That was a lot, and I’m sure @wes will have more. @bmiller59 curious for your thoughts? Anything I said resonate with you or I’m excited if there is somewhere you challenge it as well.

Hi Brendan, really appreciate the important questions here. I’ll add a few things on top of @wil’s comments though I think he’s hit the nail on the head with his points.

The answer to whether there is a conversation about these critical threat vectors is a definite yes, and your statement closely parallels the mission statement of Project Liberty as summarized on https://projectliberty.io/about/.

With regard to your questions:

How are the interests of those owning and controlling the underlying infrastructure aligned or not with the interest of the DSNP users over time?
Who will own and control the Frequency blockchain? What is the concentration of this ownership and how might the interests of the owners diverge from that of the users over time?

Briefly I’d say the goal is that everyone can own it and no one can control it. I know that sounds a little glib, but there has been a lot of design work toward making this possible (definitely recommend reading the Frequency Economics and Capacity piece that Wil shared). Given the way staking for Capacity works, all providers (e.g. apps) are incentivized to hold the utility token, so as the ecosystem grows, there should be a natural distribution of power. We’re also looking at ways end users can be rewarded for participation in order to further decentralize ownership and control.

Is there a chance for censorship or exploitation at the underlying chain level even if DSNP is perfectly designed?

Frankly I think that there are much easier ways for bad actors to achieve censorship or exploitation than doing it at the chain level. In the case of DSNP a tradeoff has been made to achieve scalability at the cost of requiring much of the data (e.g. social media content) to be accessible off-chain; in that sense it is just as censorable as the rest of the internet if you’re, say, behind the Great Firewall of China. But there are many projects working on alternatives such as decentralized carriers for HTTP. So I think it would be a fool’s mission for DSNP to attempt to singlehandedly save the world in this regard—fortunately we are part of a much larger community that is taking the challenge of decentralization seriously across all layers of the stack. And it isn’t simply a technological challenge; when you start talking about a theory of power, you are necessarily talking about economic models and incentives that must exist to succeed not only in the marketplace of ideas but also the real world marketplace. Centralization has been (and continues to be) an economically successful model for the Web 2.0 incumbents; Web3 cannot afford to ignore the underlying economics that make that possible.

Is there a chance for cultural divergence of the owners from some categories of future users (e.g. developed world owners vs developing world users) that would likely lead to ignorance or neglect of these future users needs and desires, and therefore produce design choices that do not ensure liberty for them?

This is a very real issue and the current state of affairs is certainly heavily weighted to the Western world. Project Liberty is rightfully insistent on having a model with many stakeholders from differing backgrounds so that these questions can be hashed out in an equitable manner. I don’t think we’re there yet, but it’s definitely a priority.

Thank you @wil and @wes for your thoughtful work on Project Liberty in general and for taking the time to address my questions in particular. I appreciate it. I have reviewed your responses and the references you provided. I have a couple other follow up thoughts/questions.

Yes, I agree “full decentralization” sounds like one of the right goals to be aiming for. I see on Frequency and with Capacity that the app level is very central, since individual users will not likely be purchasing Capacity directly. So then we must consider the alignment of app owner/managers in relation to end users and we still have a big potential for divergence of interests. Of course there is more potential for healthy competition between apps and the ability to leave one app for another relative to today’s “walled gardens,” but I think there are still big concerns about

1. Will there really be apps that are true competitors and exchangeable from a user’s perspective,
2. Migration costs for users between apps,
3. The potential for many Frequency apps to be owned and controlled by a small group (e.g. a web3 Blackrock).

Fundamentally, I do not think it is wise to trust a set of owners/managers (be them initial investors, Frequency app teams or token investors) that is distinct from, or non-representative of, the user base. It sounds like you agree with that, in principle at least.

For example, rather than trusting that decentralization at the app level was enough, or trusting that apps would decentralize their tokens back to their user base, could Frequency be built with an explicit token decentralization mechanism back to end users? I am envisioning something like an Employee Stock Ownership Plan (ESOP) in which loyal and active users, as well as valued/popular content creators, would receive tokens back for their participation. Bottom line, it seems to me that there needs to be a continual mechanism for ensuring that the benefits of the success of Frequency are distributed back to those who contributed to it.

And investors need to understand that they should expect to reap some reasonable return on their investment of maybe 5-10%, but not that they will become the next Peter Thiel, etc. In other words, that the value of investors is kept in proportion to the users and content creators of the platform. Too many new blockchain teams and metaverse teams seem to have the conquistador orientation where they expect to own and benefit in perpetuity for “discovering” a new land which was never really theirs in the first place.

Yes, blockchain governance is a tricky nut to crack and I would not pretend to have any silver bullets, but I would share one thought.

Many blockchains rely on some form of referendum of the token holders. While I am definitely a believer in democratic governance, I believe we need to look beyond both

• direct democracy (e.g. referendums), which are prone to apathy and low participation, manipulation by special interests, and are not deliberative and lack nuance;
• and also beyond representative democracy, which also can be captured by special interests.

Can we envision governance that looks more like a Citizens Assembly? Citizens assemblies, or citizens juries if you prefer, gather randomly selected, representative groups of stakeholders to come together to deliberate and come to agreement on certain policy questions. Such groups are more and more used around the world and participants are generally very happy with the outcomes of the process. Such groups are hard for special interests to capture, they can still benefit from expert testimony just like juries do, and help to ensure policy questions get the deliberation they deserve while also distributing the load across all stakeholders so no one needs to be overwhelmed by governance duties. And if you wanted to make sure all token holders and stakeholders would still have the potential to “certify” the result of the ctizens assembly, that would certainly be possible as an additional safeguard. Food for thought.

On this point, I have a metaphor from nature that perhaps you can consider: the bee colony. Could it be possible and worth doing to explicitly build in a mechanism whereby a majority of users could trigger the migration of the entire user base to another chain when there was a need to do so? The bee analogy is not perfect because of course there is a single queen bee, but if we replace the queen with a citizens assembly of users, then the colony migration to a more suitable “hive”/chain might be a good metaphor.

If this is not the right mechanism to ensure the ability to leave a corrupted or degraded chain, then I do believe it is still worth considering how it could be done in light of the power that network effects exert in any social network.

Great! Glad to hear it. Bottom line, even if you don’t like any of my above suggestions, I would leave you with this one: I believe it is very important in an undertaking like Project Liberty to engage motivated “red teams” that are representative of your ideal future user base of Frequency and DSNP users to battle test all tentative design decisions. Doing this early and often will prevent finding critical flaws after they are too late.

Thank you again for your important efforts on this project!

Will there really be apps that are true competitors and exchangeable from a user’s perspective,

I hope so, on the competitors, but only partially on the exchange-ability. Twitter and Facebook are competitors, but they are not exchangeable in the way say commodities are. I (personally) hope for more specialization and competition in differences (in econ terms I think it is called “differentiated competition”). A small difference, but one that doesn’t always flourish in social.

Migration costs for users between apps,

I hope for less migration and more use of multiple applications, but I agree that freedom of movement is a key target. This is why DSNP over Frequency places the social graph on-chain. It is much harder to share/migrate a social graph that isn’t in a place controlled by the user.

The potential for many Frequency apps to be owned and controlled by a small group (e.g. a web3 Blackrock).

Agreed again. I think Polkadot is a good example of how to foster an ecosystem (grants, multiple approaches, open access, etc…) and I hope we will be able to replicate at least a portion of that. I think there will be a tipping point of adoption that will help exit this phase of any new decentralized tech, and an important milestone.

could Frequency be built with an explicit token decentralization mechanism back to end users?

First, I think an application on top of Frequency could 100% do this even without anything at the lower level. Not having a token bleed through enables applications of many different setups both from a code, social, and business perspective.

Second, we’ve been looking into ways to help with this more generally. It is VERY much still a work-in-progress and not at all near finalization, but for now you can see some of the ideas in these files in a work-in-progress/idea branch:

• https://github.com/LibertyDSNP/frequency/blob/feat/capacity-staking-rewards-designdoc/designdocs/capacity_staking_rewards_economic_model.md
• https://github.com/LibertyDSNP/frequency/blob/feat/capacity-staking-rewards-designdoc/designdocs/capacity_staking_rewards_implementation.md

The ideas ^ have also been discussed in a Frequency Community Call (see the Frequency Discord. Love to have you come and we can do some discussions there as well!)

Citizens Assembly

Hmm… Interesting. I hadn’t seen some of the newer versions of this. Adding to my list of things to look more into. Thanks!

Chain migration

Hmm… If the majority could trigger it, I don’t see why they wouldn’t just apply the changes/updates to Frequency instead of moving. Such a migration I think would always involve human, code level changes at the application layer. So I don’t see how it could be possible, but I do think the value of an ecosystem around Frequency is that you could swap out large pieces to fix issues without the need for a major “fork.”

Great questions and I’ll again invite you to join the community calls. https://frequency.xyz → Discord Icon → Events (I hope to see these on DSNP over Frequency instead of Discord one day…)

I’m just now catching up, but I agree with @wil the Citizens Assembly is an excellent suggestion.

The tension between privileging wealth and yet also having secure and incentivized governance and consensus is a challenge worth overcoming. Trying to do social media on a blockchain presents this unique problem; after all, isn’t it the users that create value on the network through their mere participation? So then, shouldn’t users have a say in what happens on the network? We want everyone to use the network, to use its dApps, and if you want “everyone” then you can’t require them to pay for it. So how then do we give users a say without requiring them to purchase token on a proof of stake blockchain?

Do we enable that participation somehow with a small token grant, the same way that people are paid for jury duty (say, for being on a Committee)?

Can we reasonably expect nearly everyone will somehow be rewarded (airdropped) small amounts of token, say, by dApp Providers as rewards for various things, or as incentives to join, which they can then use to vote?

Do we instead radically change how the chain works (this seems the least possible and least desirable)

Polkadot Governance V2 has some very interesting and thoughtful features that I believe increase democratic participation as well, and a suggestion to create a Citizen Committee, possibly with enhanced voting power, has already been made on the basis of Governance V2 features. I imagined they would be elected, however, random selection is an intriguing idea.

I would leave you with this one: I believe it is very important in an undertaking like Project Liberty to engage motivated “red teams” that are representative of your ideal future user base of Frequency and DSNP users to battle test all tentative design decisions

I’m not sure how you imagine a “battle test” of literally all design decisions before they are implemented would work. In my mind this would put a hard stop to development of any kind until a 3rd party could be hired and code or at least run every new implementation somehow? And for how long does this process go on? This would slow development down to an impracticable level. Unless I misunderstand you.

Also keep in mind there are certain conservative choices made on system design. Innovating is not done for its own sake but only where needed. Frequency does not “roll its own cryptography” for example, nor should it.

The way it works now is fairly standard for blockchain development. Significant new features are socialized among contributors and discussed in a transparent Design Document process within the open source code base, which feeds into and receives back changes during the implementation phase, and is typically a lengthy process (here are the ones for the Frequency blockchain). New features are rolled out to the Frequency Testnet where they can be tested by anyone with the wherewithal to access and use it. Testnet has a faucet which allows any party to perform such testing of all implemented features. There is also now a simple app called Signing UI which simplifies testing of transactions that involve a delegated operation, such as adding a control key or claiming a handle.

Lastly, contributors to DSNP imagining an “ideal future user base” will inevitably produce something that centered on their view of the world and which at least in part fails to predict the future. Contributors should still make a best effort, however it is crucial to recognize the limitations of such an effort and change as needed.

@Shannon Thank you for your reply, Shannon. And I am glad you also see the wisdom and value of applying Citizens Assemblies to chain governance.

Good points, Shannon, and thank you for letting me clarify. I think I was overly broad in my recommendation. My main point, which I cannot certainly not take credit for, is that “red teams” have value in developing robust software. They are often used in probing and checking for security vulnerabilities, but in this case I believe they also have value in probing and testing how certain core assumptions of the Frequency chain (e.g. regarding chain economics and governance) achieve or fail to achieve stated goals of the software built on top of it (e.g. promoting liberty for DSNP and the apps that rely on it) under certain conditions.

We know with rapidly and widely adopted social technologies (which we hope will be the case with DSNP and Frequency) that there can be a high degree of path dependence due to network effects, etc. Once there are many committed token holders and users, core assumptions and decisions will be hard, or even impossible to change. With emergent systems, the “seed” or “DNA” (the genotype) has powerful effects on what the ultimate shape of that system will be (its phenotype) that may be hard to fully envision ahead of time.

That is why I recommend the red team approach to do as much as possible to test these core assumptions now, in early stages, before it may be too late to change them later.

There are of course other approaches to the challenge of emergent system design. Some businesses can use A/B testing to refine their approach over time, but that is not such a good strategy where path dependence is a concern. Simulations might be a promising approach, but generating realistic simulations might be a huge undertaking in itself. (With simulations you can use techniques like the monte carlo method or genetic algorithms, etc. to “evolve” more “fit” system parameters that achieve the desired end results (e.g. liberty)).

However, my sense is that the use of a red team to test, in an adversarial way that would not be possible by those who invented the system in the first place, that the system parameters (e.g. economic and governance model of the chain) cannot be forced to undermine the desired emergent properties (e.g. liberty) in any important or likely way, could help to ensure that all of your hard work eventually produces the results you desire in the real world.

Just for fun, I include this article about how the Ultima Online game designers were surprised by how people used their game in ways they never intended. While they had the authority and power to change any aspect of the game at any time, you will not have that luxury. The economic and social value of Frequency will make it harder to make big changes later.

I really should clarify that as one of the people suggesting a red team audit (including an “ethical red team” comprised of people who are experts in how social media is used against others) a couple of years ago I am certainly not one to argue against red team audits!