POCKET Day 3: Is Pocket decentralized and trustless?

in #pocket7 years ago (edited)


Day 3 update: We're up to 584 Genesis claims, so the total supply stands at 584,000,584 tokens. See all the latest Pocket stuff here. If you want to see a sampling of transactions, check @pocket-a's comment section. Among all the many messages of "Success! You claimed..." you'll start to see quite a few "Successful Send of..." indicating that people are sending Pocket tokens around. Very fun!

Million Dollar Question: Is Pocket decentralized and trustless?

I had someone ask me this yesterday, and it's an important enough question that I wanted to write a whole blog post about it. If Pocket isn't those two things, then it's just a bot that's being run by some schmuck who goes by @biophil, and you should all run for the hills - what's to prevent me from taking away your tokens? On the other hand, if Pocket is decentralized and trustless, you can be much happier and feel more secure, because, and this is the crucial point, it's not about me. I'll take them one at a time.

Decentralization

A lot of people have argued at great length about the specifics of what exactly constitutes decentralization, how it's different from "distributedness," what its value is, what its costs are - etc. For my purposes, I'll take a simplified binary view, and I'll tell you what decentralized is not:

A system is not decentralized if it contains a single point of failure.

So it might be helpful to think about the differences between Pocket and a centralized tipping service like @tipu. @tipu, I'm not trying to disparage you; it just happens that you're an excellent example of what Pocket isn't.

@tipu works like this: @tipu is a bot. You send them SBD ("deposit"), then reply to a post with the word "tip!", and @tipu will send a small tip to the author of the post you replied to. All of the SBD deposits are stored in the @tipu account, controlled by @tipu's single active key (whose public key is STM6pdex2VkcBhNFPwkw6vFeDrV7hhRy7XiY6eKFgmZ14pENeqVCo). The software that operates the @tipu bot is probably running on only a single server somewhere, and @tipu is controlled by a single entity. I don't actually know if that entity is a single person or multiple people working together, but in any case, it's an organized group.

So what happens if:

  1. @tipu's active key is lost?
  2. The server/computer that is running the bot software crashes?
    (there's an obvious 3rd involving theft that I'll get to in the "trustless" section)

The answers are simple:

  1. All of the depositors are SOL, because the several thousand dollars that are held in @tipu's wallet are lost forever.
  2. This is less catastrophic, but it means that the @tipu service will be completely shut down until the software can be relaunched on another machine or the server can be repaired.

How is Pocket different?
Anyone who's used Pocket so far has seen a confirmation message from the @pocket-a account. @pocket-a is a bot, so on the surface it might look like Pocket is exactly the same as @tipu - a bot service being run on a machine by a human entity. Actually, Pocket is completely different.

You see, there is absolutely nothing special about @pocket-a. That's just the account I created to be the first Pocket confirmer. But if someone else creates a @pocket-b account and has that account post confirmations before @pocket-a can get to it, then as long as the confirmations are formatted correctly, @pocket-b will earn the fees! Now, so far, @pocket-a is the only confirmer account that I know of. So right now, Pocket isn't quite as decentralized as I'd like. But it's still less centralized than @tipu! Here's how. I'll answer those same questions from above for Pocket as currently operating with only @pocket-a:

  1. If @pocket-a's private key is lost, it won't be able to post confirmation messages any more. I'll lose access to its 400-odd POCKET tokens. However, I'll just go create a new account (probably call it @pocket-b, let's be honest) and have it start posting confirmation messages. Everybody's funds are safe.
  2. If the machine running @pocket-a crashes, it will cause a lapse in confirmations until I can get it going again. This one looks the same as @tipu.

Now, in both of those cases, all Pocket users experience a lapse in confirmations, but nobody loses their tokens! So that's a good place to be. Can it get better than that?

Yes, and it should get better than that. What we need is for more people to start running confirmation bots! Those people will be rewarded with fees for every Pocket transaction they confirm, and they'll add robustness to the system! So now let's look forward to the day (hopefully soon) when there are 2 confirmation bots running, call them @pocket-a and @pocket-b, and let's answer the two questions again.

  1. If @pocket-a's private key is lost, @pocket-b will take up all the slack. The owner of @pocket-a will lose access to its Pocket tokens, but essentially nobody will notice that it is gone.
  2. If the machine running @pocket-a crashes, users of Pocket will NOT experience a lapse in confirmations because @pocket-b will confirm all transactions.

So you see, we need to have someone start running another confirmer bot! Contact me if you'd like to; I can give you tips on how to se it up. It's extremely easy to do if you happen to be running a Steem witness node, but that's not actually completely necessary.

What about trust?

"Trustless" means, essentially, that you control your funds and that you don't have to trust someone else to take care of them. This, in my opinion, is the absolute most important difference between something like @tipu and Pocket.

With @tipu, you have to trust the human entity that owns @tipu not to run away with your money. They're sitting on thousands of dollars of SBD; they could steal that and you would have no control over it. Please understand that I'm not suggesting they will - I suspect they're good people and wouldn't do such a thing. But the fact remains that if you deposit your money with them, you trust them not to steal it.

With Pocket, nobody can steal your tokens unless you give them Posting access to your account! Your tokens are tied to your Steem account by the rules of the Pocket Protocol. Now, this gets a little slippery with only one confirmer bot running. I could program @pocket-a to tell you you don't have tokens when you actually do; how would you know? Again, this is a reason we need more people running confirmer bots. The more bots we have, the more people we have to call BS when a confirmer bot tries to go rogue.

Conclusion

The main point of all this is that Pocket is designed to be decentralized and trustless, but it can't really be unless people start running their own confirmer bots like @pocket-a. Contact me if you want information about how to do this!

For more information

Sort:  

I made some different vesions of the Pocket Token Logo....
Incase we might want to make a round version????

Pocket_Logo_3.jpg
Pocket_Logo_2.jpg
Pocket_Logo_1.jpg

Nice! You should post these top-level too.

Top one is best. Great work.

I prefer the second one

How can I run a confirmer bot?

How computer savvy are you? You can run my Python code that I have here: https://github.com/biophil/pocket

I wish I can help @biophil, but technically speaking I do not know much. I don't even know what's a bot. Ja, ja, ja. But I want you to know that this has been a great experience and I appreciate the time you are dedicating to Pocket and Steemit. And I enjoy reading your blog. Please, keep teaching how Pocket functions and what should be our expectations.

is this all it takes ?

Nicaragua....aqua for my bunghole.....arriba...

@biophil , as usual , I have helped you to translate this post to chinese.
Link here: https://steemit.com/cn/@incrediblesnow/pocket-day-3-pocket
Hope you like it!

Speaking of points of failure...I just realized that everyone who has pocket tokens and uses a service that knows your posting key (like steemvoter) have the posibility of loosing their tokens.

I am not saying that they will take your tokens but it is a posibility.

Yes, that's an issue. Probably should be a topic of a blog post of mine.

upvote and resteem

Dear ladies and gentleman! Your comments about post admiring really make interferences. You can just upvote the post!

@biophil, please accept my apologies, for this soul scream :) in your comment list.

I will just upvote you a tad to push them down a bit...

Sorry but I still do not quite catch this pocket business.

So I have my confirmation message.

How do I know exactly how many Pocket Tokens I have?

pocketsend:1@sylviamiller, send some to yourself, and a bot will reply and tell you your balance. Also, read my "Announcement" link I have in the post. It tells everything you need to know!

Successful Send of 1
Sending Account: biophil
Receiving Account: sylviamiller
New sending account balance: 973803
New receiving account balance: 1000000
Fee: 1
Steem trxid: 030851b25739425ddab157b72f315336c23e956e
Thanks for using POCKET! I am small bot and right now I am running this code.

hello buddy nice post i enjoyed it

Thanks for the details, @biophil. Still, one questions remains: what would stop somebody creating a confirmation bot that will charge a tax of 1000 tokens? The fastest bot will take the fee, isn't it?

Still, one questions remains: what would stop somebody creating a confirmation bot that will charge a tax of 1000 tokens? The fastest bot will take the fee, isn't it?

The fastest bot takes the fee, but the protocol only awards 1 token as a fee for a confirmation. A bot can't take more than 1 token per conf.

It's not the bots who decide where the tokens go, it's the protocol. Bots that don't obey the protocol will be ignored by bots that do obey the protocol.

Another way to look at it is that if someone builds a bot that doesn't obey the protocol, that bot won't be part of Pocket - it will be creating a fork of Pocket. People can follow that fork if they want, but if there's considerable mass already behind the original Pocket, my money is on people sticking with the real thing.