Centralized Single Point Of Failure - TrustedBlockProducer

[FreeTrade]

Currently only the holders of 5 keys may create new blocks on the BitClout chain, as listed in the "trusted-block-producer-public-keys" config value.

It is not clear how well distributed these keys are. At best, only 5 entities need to be compromised to have full veto power over what transactions are included in the chain. At worst, the five keys are under a central entity's control, and only one entity needs to compromised. This severely undermines BitClout's claim to be a decentralized platform. With permission based block acceptance, BitClout is more akin to a publisher than a decentralized platform.

Recommendation: Trusted Block Producer setup should be replaced as soon as possible.

[Barnacules]

The @bitclout account in Twitter keeps claiming this is full open source and decentralized when it clearly isn't. They still retain full control of the identity and any changes they make are accepted without everyone else agreeing to it with these accounts. I wish people would wake up and realize this was a scam from the start and it was never meant to be truly decentralized because they might lose some control. I'm growing tired of them lying constantly 🤦‍♂️

[Barnacules]

Currently only the holders of 5 keys may create new blocks on the BitClout chain, as listed in the "trusted-block-producer-public-keys" config value.

It is not clear how well distributed these keys are. At best, only 5 entities need to be compromised to have full veto power over what transactions are included in the chain. At worst, the five keys are under a central entity's control, and only one entity needs to compromised. This severely undermines BitClout's claim to be a decentralized platform. With permission based block acceptance, BitClout is more akin to a publisher than a decentralized platform.

Recommendation: Trusted Block Producer setup should be replaced as soon as possible.

Thank you for calling these issues out. I'm sick of seeing BitClout claim it's fully decentralized and say it's "open source" has zero dependencies on their infrastructure which is a bold lie. They are ensuring they maintain full control no matter what and that prevents this from ever being a real crypto. They need to be held accountable since so many people don't understand how to validate their claims 🙏

[diamondhands0]

We are transparent about this, and it is discussed in significant detail in the comments and in this faq: https://docs.bitclout.com/faq/bitclout-faq#how-decentralized-is-the-bitclout-blockchain-and-what-is-the-roadmap-for-further-decentralization

TLDR: This is a check on miners to prevent 51% attacks in the short term, and it is not a single point of failure because nodes can trivially change their flags to ignore the public keys if they misbehave.

The above being said, I’m leaving this open because this mechanism is not ideal, and we do want to move away from it to full proof of stake in the medium term.

[FreeTrade]

@diamondhands0 I welcome your recent FAQ that addressed this. I do want to point out that this issue was opened several weeks before the FAQ was produced. If I understand your current position, it is that you plan to move to a decentralized model and estimate a few months for this process. I'm glad to hear that.

I think @Barnacules comments are mostly offtopic and too wide ranging for this issue, but it is fair to say that BitClout and its promoters made inaccurate statements about BitClout being open source before it was open sourced, and continue to make inaccurate statements about it be decentralized before it is decentralized. Decentralize first please. Then promote as decentralized.

As to whether this is a single point of failure, this depends on whether the trusted block producers act as a single entity or not - I don't think there is a way for community to evaluate that currently.

[carry2web]

Medium term, a few months I read in above thread. But still this mechanism exists end of 2022.
Stating deso is decentralized is then simply not true, unless this gets fixed.