2nd Community Review of BDX Allocator

[filecoin-watchdog]

First Review https://github.com/filecoin-project/Allocator-Governance/issues/20

Gov team notes: can you verify that you will enforce program and allocator requirements? (for example: public diligence, tranche schedules, and public scale retrievability like Spark). Please reply here with acknowledgement and any additional details for our review.

Latest Allocator Compliance Review https://compliance.allocator.tech/report/f03018484/1724112938/report.md

Given additional 2.5PiBs Data Cap awarded to:

18 by cryptoAmandaL | f03159860 | NOAA | 900 | 2024-08-07 | Refill |

3 by cryptoAmandaL | f03074437 | XBug | NCAR | 1,024 | 2024-08-01 | Refill |

18 by cryptoAmandaL | f03159860 | NOAA | 512 | 2024-07-23 | First |

3 by cryptoAmandaL | f03074437 | XBug | NCAR | 100 | 2024-07-03 | Refill |

8 by cryptoAmandaL | f03096912 | NHGRI | 50 | 2024-07-01 | Refill

Still no sign of retrievals

Also - There is no detail on data preparation, all questions in the applications are left blank and answers from client in comments are vague. I'd challenge the allocator to push for more details and demonstrate proof of how dataset is prepared and documented and how the client can actually retrieve the open files.

[cryptoAmandaL]

@filecoin-watchdog Hello, we are executing our plan and following the allocator's duties. Details are as follows. After a client makes an application, I will do an information check on them.

#3

#8 https://github.com/cryptoAmandaL/BDE-Allocator/issues/8#issuecomment-2141329525 https://github.com/cryptoAmandaL/BDE-Allocator/issues/8#issuecomment-2141427499

#18 https://github.com/cryptoAmandaL/BDE-Allocator/issues/18#issuecomment-2244681821 https://github.com/cryptoAmandaL/BDE-Allocator/issues/18#issuecomment-2244715674

[cryptoAmandaL]

Sp list updating.

Clients have left messages on slack or github. # 3 # 8 # 18

[cryptoAmandaL]

Spark retrieval

After getting the updated list of sp from the client, I had checked on spark's dashboard if they support retrieval. And after confirming that these sps meet the requirements, I allocate datacap to this client. I have done a review of whether the sp supports retrieval during the client's use of the datacap, and the successful retrieval is about 70-80% or higher. Because turning on retrieval will always take up sps' network bandwidth, some sps will stop supporting retrieval after the deal is ended. This is the reason why some nodes currently show no retrieval results, depending on the client's cooperation plan with sps. I'll next suggest that clients try to choose sps that can provide long-term retrieval services to maintain the stability of their data.

[cryptoAmandaL]

Data preparation # 3 # 8 # 18 In their applications, clients describe the technology they used for their data preparation. If Proposal # 125 passes in the future, I'll demand more detailed information from clients based on the latest rules of the community.

[cryptoAmandaL]

We can update our standards of reviewing our clients according to the rules of the community, and we will take seriously the responsibility given by the community to play the role of an allocator.

[galen-mcandrew]

This is the second compliance review of this manual allocator, and there is still mixed performance overall. Specifically:

• Low and inconsistent retrieval of public open datasets, average retrievability success rate of 17.55%
• High usage of VPNs without enforcing stated requirements from allocator application (https://github.com/filecoin-project/notary-governance/issues/1027 "require clients to disclose their VPN usage"
• Also claimed to utilize "monitoring system to track and report VPN usage", but no evidence
• Noncompliant SP distribution (Data Distribution section of application), with continued subsequent allocations (such as https://check.allocator.tech/report/cryptoAmandaL/BDE-Allocator/issues/18/1724187305534.md)
• Noncompliant DataCap tranche allocations
• Mixed KYC diligence into client claims, such as clients making conflicting region claims and lacking KYC checks in GitHub (such as https://github.com/cryptoAmandaL/BDE-Allocator/issues/3)

As a reminder, the allocator team is responsible for verifying, supporting, and intervening with their clients. If a client is NOT providing accurate deal-making info (such as incomplete or inaccurate SP details) or making deals with noncompliant unretrievable SPs, then the allocator needs to intervene and require client updates before more DataCap should be awarded.

Given the above compliance issues, we are requesting a match of the previous 2.5PiB of DataCap, in the hopes that this allocator can show increased diligence and alignment. @cryptoAmandaL Please verify that you will instruct, support, and require your clients to work with compliant storage providers. Please reply here with acknowledgement and any additional details for our review.

[cryptoAmandaL]

Thank you @galen-mcandrew

a. The client's successful retrieval rate is unstable, which affects how the next data distribution will look like.

b. We have checked the ip of the sp that the client is working with and it matches their ip provided by the client, so we recognized that the client is not using a vpn. pic1-

pic2- Is there a better way to verify that?

c.

(such as https://check.allocator.tech/report/cryptoAmandaL/BDE-Allocator/issues/18/1724187305534.md)

In this application I have checked that the client distributed to 7 SPs, and these sps‘ speed of packaging the data was different, resulting in the report presenting unbalanced data. I will remind my clients to be mindful of the percentage when making distributions.

d. I have communicated with this client https://github.com/cryptoAmandaL/BDE-Allocator/issues/3 in slack

I will take note and keep a public record on github in the future.

Yes. I will instruct, support, and require my clients to work with compliant storage providers

[galen-mcandrew]

Regarding VPNs, we are still working on tooling and investigation methods, so we would love to collaborate.

For my investigations at this time, I utilize the information in the CID checker report for a client, which shows the SP location and ISP (such as the screenshot below). I then search that ISP (some of which I know and recognize by name, so that's easier). Quick web searches give me a threat risk, such as here for SingleHop: "potentially medium fraud risk ISP". However, it does not always accurately indicate whether it is a VPN.

Where are you finding the IP4 address for that minerID? Is that information provided to you directly by the client, or publicly from another report/dashboard/explorer?

It could be great to improve the CID checker bot to have an assessment rating or likelihood for VPN usage next to each SP.

[cryptoAmandaL]

@galen-mcandrew Thank you, I got the sp's ip address on filfox. https://filfox.info/ I consider the data on filfox should be right.