Preventing modified GDS

[sternenseemann]

It could be a huge Problem if GDS-Instances get modified to harm the whole GDS-Network. We need a good way

• to check if a GDS Instance is modified
• or to announce when there's a GDS Instance which does bad things (can also be missused)
• or to prevent that modified GDS Instances can harm the network

[lukasbestle]

You can't prevent this. It will be most likely open source - so people will always find a way to modify a GDS instance but they will also be able to modify the "instance is modified" service. This means that you can't know for sure if a GDS instance was modified.

In which ways could a modified GDS instance harm the network?

[sternenseemann]

Mentoring Servers for Example, as you already wrote

[lukasbestle]

Mentoring Servers are servers you personally trust. I guess you can't always prevent that stuff to happen, but these will automatically sort out in a big community of good servers.

[sternenseemann]

Another Strategy is that we'll solve this Problem when it's there. I think that this Problem will appear...

[lukasbestle]

It will happen - but the question is if it has to be prevented. Maybe it will solve itself, we don't know yet. So I agree with you: We will need to wait. :)

[augustl]

I hope that GDS ends up being a whole lot of protocols, and a "reference" implementation to go with it. I think it's important that other programmers should be able to write their own implementation of GDS if they want to. For example, let's say Google wants to provide GDS as part of a Google account. Or your ISP, as part of your subscription. I think it would be great if this was possible.

If that's the route GDS takes, modified GDS is a feature, not a problem :)

[waaaaargh]

With decentrality come issues with trust. Developers of competetive online games know this issue too well - You can't trust anything that comes in over the network.

One notable exception are 'trusted friends' that a instance owner trusts with defending their instances against malware and not expoiting that trust.

From a security standpoint we should be very careful to not expose potentially harmful RPC interfaces to untrusted instances, one example of which is a proposed solution to the "instance discovery" problem that proposed to "ping" a GDS instance and notify other known instances. How could a potential attacker exploit this: "Wow, there's a GDS instance over there at example.com, you should totally check that out!" protocol messages to let's say a million GDC instances could be enough to crash a small instance on a cheap VPS.

tl;dr: security should always be kept in mind when developing decentral applications.