It is not clear to me that there is any reasonable way to implement a truly permissionless and secure decentralized anonymous protocol without using programmatic money as you need some way to fairly allocate resources. Hell: if you stare into the soul of Bittorrent long enough trying to figure out how to make it worth your while to seed unpopular files you realize that it is essentially just digital barter screaming for a way to store and transfer your good will, letting all the seeding you did on prior files help you download this new one... and, well: welcome to capitalism.
I was working on decentralized systems back as early as 2001--notably, well before Bitcoin existed--and it frankly seemed just as true back then and we didn't even know how or if it was going to be possible for anyone to make the money part work. In 2009, when Bitcoin came out, I was too busy working on my federated iOS app store alternative for it to sink in what had happened as I remember barely taking note of Bitcoin and later not taking enough note when people tried to show it to me that something important had been figured out. I am sad that I saw people I even knew working on Ethereum and still didn't join the efforts until 2017.
But like, with permissionless systems, and when all the participants are anonymous, you have a really serious problem of how to deal with freeriders and spam. To the extent to which prior attempts at such protocols have worked they either are run by centralized cabals (Tor and its ~10 directory servers managed by Roger Dingledine and his friends), is based on barter and has severe / obvious limits on its applicability (Bittorrent), or--and this is the biggest category by far--only works because it is so niche and/or new that no one has so far decided to attack it (or, worse: someone did attack it, the attack worked, but the protocol is so niche that the people who built the protocol don't actually give a shit as the attacks aren't happening in practice... this is the situation with I2P). Hell: email has even become more and more centralized and less possible to remain anonymous, in no small part due to spam.
At best, you see people try to build a kind of reputation management system based on your IPv4 address, under the assumption that those are scarce. In fact, despite Tor being largely centralized (on the aforementioned directory services run by Roger Dingledine and his friends) it also relies heavily on IPv4 address scarcity as they don't know all of the server administrators (though Roger Dingledine does claim to "personally have met" 2/3rds of them, which I find more terrifying than relieving). This, though, only really works if you use a slow accumulation whitelist model (which is how Tor manages their high-risk exit nodes) as otherwise your protocol kind of becomes irrelevant in a world of IPv6 (which Tor has in fact struggled with, though they have better options here due to the design of the directory server cabal).
Regardless, if you are building up reputation surrounding IP addresses, you know what you aren't? Anonymous (because an IP address is a location tied to a user; and, if you are able to borrow someone else's IP address, its reputation is going to be poor, almost by definition). And, sure... that's sort of OK for some kinds of protocols: in the case of Tor, you want the users to be anonymous while the servers don't at all have to be (and, in a very real sense, can't) and so they can use this largely-centralized design for the list of servers to slowly build trust in new operators whose reputation they manage by their indirect identity, and then hopefully the users can be anonymous, right? (...Right?)
But like, the users being anonymous only sort of works on Tor because the users are by-and-large actively choosing to not be brats: the servers are donating resources and they are donating it to a cause, not because they are bored; and so, if you sit around using their bandwidth and good will to do nothing more interesting than stream YouTube videos all day--as a user in the United States who is not blocked from accessing YouTube or anything--you are considered to be abusing a scarce resource and people who find out try to make you feel bad. Maybe it works? But the result undermines the premise: everyone who uses Tor is supposedly someone who needs to use Tor, which means the FBI can and in fact did (as part of XKeyScore) just flag people who go to Tor's website for extra diligence.
If you wanted the worlds' Internet traffic to flow through it, with every user using much more bandwidth from the system than it costs them to send (as their bandwidth gets amplified as it goes through multiple other nodes) you need a way to dole out this resource in a fair way, building some kind of market for the resource; and, I totally do appreciate this answer kind of sucks, but the decentralized way to build a market is... capitalism, using some kind of money to compensate people for their efforts. You will find a similar need in any decentralized system to prevent bad actors from just monopolizing all of the resources (well, unless you decide to use an IP-based reputation management scheme... which would again undermine the point).
(Note: I work on a system designed to make this eventually work in the specific case of an actually-fully decentralized market-based Tor-like mechanism. No: it isn't something I am sufficiently proud of right now to want to sit around arguing whether the thing that we deployed fully solved the problem: I am just going to say we made a lot of impact and progress and leave it at that for today... however, I am still working on this problem space, I already know how to make this stuff better, but I have been distracted with personal issues... maybe you'll see something dramatic from me in the near future. But like, I frankly see no way of making anything even similar work without money in the design; and, if you do, then I beg of you to drop everything you are doing and either build it or tell others how to build it as the world needs to have decentralized protocols and the reason almost all of the decentralized protocol design has moved into crypto is not merely because it is lucrative: it is because, for the first time, it actually feels possible there.)
But so like, I essentially dare you to show me any decentralized protocol that allows anonymous users to permissionlessly participate even if they are actively trying to gobble up resources and even if they simply hate the protocol and chose to implement it incorrectly. That Bitcoin worked was a watershed moment in this space, and it did it by starting with the idea of using capitalism to solve a kind of lazy version of the consensus problem. It isn't the be-all-and-end-all of designs and it has a lot of holes, and yet it is still working despite a ridiculous number of people trying to use it at the same time and a number of people actively wishing it didn't exist. Did it get expensive at times? Yes. But did it just turn into a bunch of worthless spam? No. Have people managed to shut it down? Not yet! And later designs have been attempting to iterate on the mechanism by adding more functionality (such as Ethereum, upon which my team was able to deploy a probabilistic nanopayments mechanism similar to the centralized Internet startup PepperCoin) or increasing the performance (I had been particularly enamored with Avalanche). There are parallel tracks designed to improve the privacy and anonymity (such as Zcash).
This is, in all honesty, the future of decentralized systems. And yes: the existence of money as one of the early essential primitives means that for every iota of progress there are people who just try to cash in on the whole thing... but I watched this space take a full decade before anyone even figured out how to build a decentralized currency, and the progress suddenly made since then has been dramatic, with people figuring out how to build any number of decentralized alternatives to centralized systems that previously would have been unheard of... even if you want to poo poo it all because it is "hard to use" or "costs more", the fact that it works is amazing and should be inspiring.
Tor relies on the IPv4 scarcity to make Sybil attacks more expensive but is slowly moving away from it e.g. the number of allowed relays per IP was recently doubled from 2 to 4 and it may get doubled in the near future again.
>Roger Dingledine does claim to "personally have met" 2/3rds of them
Hey said that he knew 2/3 in the beginning so 10 years+ ago and that it's no longer the case but he would like to increase the number of relay operator he or others of the Tor Project knows again. There are in person relay operator meetups at conferences (e.g Chaos Communication Congress) and I assume that he met most of the people at such occasions. I'm not sure why this should be terrifying.
>whitelist model (which is how Tor manages their high-risk exit nodes)
I'm not sure if this ever was the case but exit nodes aren't threatened specially than other relays and there is no whitelist model for them.
FWIW, he had told me that five years ago. I fully admit 5 is as close to 10 as it is to 0, though ;P. But like, even if he was stuck using an old stat the idea that he wants to know all of them isn't confidence inspiring from this angle. I asked him what he would do if someone came to him with a lead pipe and threatened him with a demand to poison his directory server and he seemed confident until I asked him the same question about his family and it frankly felt like he hadn't really considered it before, which was crazy to me.
The point being, though, that Tor isn't really a decentralized design as the cabal is too small and the community is too tight: I am just listing it as a thing that clearly isn't decentralized and anonymous / permissionless in one place (the servers) and just kind of throws up its hands at the issue of dealing with a bratty set of users; it works because, by and large, not many people want to use it and not enough people are unhappy enough that it exists to DoS it out of existence.
I think he said it sometimes after KAX17 so around 2022 but honestly I'm not exactly sure since when he doesn't know that much anymore maybe it has been till a few years ago and not 10.
Yeah you're right it's a small group with a lot power. I have no solution to make it decentralized but I'm pretty sure if the solution includes "money" it's not a solution I like.
I was working on decentralized systems back as early as 2001--notably, well before Bitcoin existed--and it frankly seemed just as true back then and we didn't even know how or if it was going to be possible for anyone to make the money part work. In 2009, when Bitcoin came out, I was too busy working on my federated iOS app store alternative for it to sink in what had happened as I remember barely taking note of Bitcoin and later not taking enough note when people tried to show it to me that something important had been figured out. I am sad that I saw people I even knew working on Ethereum and still didn't join the efforts until 2017.
But like, with permissionless systems, and when all the participants are anonymous, you have a really serious problem of how to deal with freeriders and spam. To the extent to which prior attempts at such protocols have worked they either are run by centralized cabals (Tor and its ~10 directory servers managed by Roger Dingledine and his friends), is based on barter and has severe / obvious limits on its applicability (Bittorrent), or--and this is the biggest category by far--only works because it is so niche and/or new that no one has so far decided to attack it (or, worse: someone did attack it, the attack worked, but the protocol is so niche that the people who built the protocol don't actually give a shit as the attacks aren't happening in practice... this is the situation with I2P). Hell: email has even become more and more centralized and less possible to remain anonymous, in no small part due to spam.
At best, you see people try to build a kind of reputation management system based on your IPv4 address, under the assumption that those are scarce. In fact, despite Tor being largely centralized (on the aforementioned directory services run by Roger Dingledine and his friends) it also relies heavily on IPv4 address scarcity as they don't know all of the server administrators (though Roger Dingledine does claim to "personally have met" 2/3rds of them, which I find more terrifying than relieving). This, though, only really works if you use a slow accumulation whitelist model (which is how Tor manages their high-risk exit nodes) as otherwise your protocol kind of becomes irrelevant in a world of IPv6 (which Tor has in fact struggled with, though they have better options here due to the design of the directory server cabal).
Regardless, if you are building up reputation surrounding IP addresses, you know what you aren't? Anonymous (because an IP address is a location tied to a user; and, if you are able to borrow someone else's IP address, its reputation is going to be poor, almost by definition). And, sure... that's sort of OK for some kinds of protocols: in the case of Tor, you want the users to be anonymous while the servers don't at all have to be (and, in a very real sense, can't) and so they can use this largely-centralized design for the list of servers to slowly build trust in new operators whose reputation they manage by their indirect identity, and then hopefully the users can be anonymous, right? (...Right?)
But like, the users being anonymous only sort of works on Tor because the users are by-and-large actively choosing to not be brats: the servers are donating resources and they are donating it to a cause, not because they are bored; and so, if you sit around using their bandwidth and good will to do nothing more interesting than stream YouTube videos all day--as a user in the United States who is not blocked from accessing YouTube or anything--you are considered to be abusing a scarce resource and people who find out try to make you feel bad. Maybe it works? But the result undermines the premise: everyone who uses Tor is supposedly someone who needs to use Tor, which means the FBI can and in fact did (as part of XKeyScore) just flag people who go to Tor's website for extra diligence.
If you wanted the worlds' Internet traffic to flow through it, with every user using much more bandwidth from the system than it costs them to send (as their bandwidth gets amplified as it goes through multiple other nodes) you need a way to dole out this resource in a fair way, building some kind of market for the resource; and, I totally do appreciate this answer kind of sucks, but the decentralized way to build a market is... capitalism, using some kind of money to compensate people for their efforts. You will find a similar need in any decentralized system to prevent bad actors from just monopolizing all of the resources (well, unless you decide to use an IP-based reputation management scheme... which would again undermine the point).
(Note: I work on a system designed to make this eventually work in the specific case of an actually-fully decentralized market-based Tor-like mechanism. No: it isn't something I am sufficiently proud of right now to want to sit around arguing whether the thing that we deployed fully solved the problem: I am just going to say we made a lot of impact and progress and leave it at that for today... however, I am still working on this problem space, I already know how to make this stuff better, but I have been distracted with personal issues... maybe you'll see something dramatic from me in the near future. But like, I frankly see no way of making anything even similar work without money in the design; and, if you do, then I beg of you to drop everything you are doing and either build it or tell others how to build it as the world needs to have decentralized protocols and the reason almost all of the decentralized protocol design has moved into crypto is not merely because it is lucrative: it is because, for the first time, it actually feels possible there.)
But so like, I essentially dare you to show me any decentralized protocol that allows anonymous users to permissionlessly participate even if they are actively trying to gobble up resources and even if they simply hate the protocol and chose to implement it incorrectly. That Bitcoin worked was a watershed moment in this space, and it did it by starting with the idea of using capitalism to solve a kind of lazy version of the consensus problem. It isn't the be-all-and-end-all of designs and it has a lot of holes, and yet it is still working despite a ridiculous number of people trying to use it at the same time and a number of people actively wishing it didn't exist. Did it get expensive at times? Yes. But did it just turn into a bunch of worthless spam? No. Have people managed to shut it down? Not yet! And later designs have been attempting to iterate on the mechanism by adding more functionality (such as Ethereum, upon which my team was able to deploy a probabilistic nanopayments mechanism similar to the centralized Internet startup PepperCoin) or increasing the performance (I had been particularly enamored with Avalanche). There are parallel tracks designed to improve the privacy and anonymity (such as Zcash).
This is, in all honesty, the future of decentralized systems. And yes: the existence of money as one of the early essential primitives means that for every iota of progress there are people who just try to cash in on the whole thing... but I watched this space take a full decade before anyone even figured out how to build a decentralized currency, and the progress suddenly made since then has been dramatic, with people figuring out how to build any number of decentralized alternatives to centralized systems that previously would have been unheard of... even if you want to poo poo it all because it is "hard to use" or "costs more", the fact that it works is amazing and should be inspiring.