HIP: 55 title: Explicit Sybil Resistance author: @greenlucid status: Phase 3 created: 2022-07-18 conflicts with: None languages: EN
Make the registration policy reject sybils explicitly.
Make the Acceptance Criteria be explicit about puppeteers not being allowed. Allow challenging puppeteered submissions as Duplicate. A puppeteer is an actor that controls human accounts whose human does not represent themself.
In its current state, the Policy states the registry is sybil resistant, which is a desirable trait. But the Acceptance Criteria was not explicit about this. This has resulted in some different strategies to creating sybils, like farming, or helping family members to get in while controlling their keys.
The point of this clause is to explicitly make the case in the rules, of something that was already implicit in the spirit of the registry.
Merge this PR to the HIP-45 compliant repo. Changes are also stated here, for completion, but in the case of conflict, the implementation to follow is the one in the PR.
- Define puppeteer as
actor that has direct control over registered human accounts that don’t represent them.
and be explicit about 100% proof not needed.
- Add non-puppeteer as Acceptance Criteria.
- Add examples of puppeteers.
- Add puppeteering as a Duplicate worthy challenge.
Make it clear that the burden of proof is on the challenger.
Specifically, this is translated to the two following changes in the policy.
- The submitter is not a puppeteer, and will not become a sybil after successful registration. A puppeteer is defined as an actor that has direct control over registered human accounts that don’t represent them. Since this is very hard to prove, it is enough to invoke this criteria if it is extremely likely for the submitter to be a puppeteer. To invoke this reason, the burden of proof resides in the challenging side, in case a registration is disputed, or in the remover side, in case a profile is being removed. This side must provide an explanation for why, within reason, the submitter is a puppeteer. Given inconclusive evidence, jurors must rule in favor of including the submission.
- For example, a human cannot be registered if the submitter is not the same person as them.
- For example, a human cannot be registered if their submitter is a farmer, an actor that submits multiple humans.
- For example, a human child cannot be registered if their parent (who technically is the submitter) is controlling their private key.
- Duplicate: The submitter is already registered in the list, or the submitter is a puppeteer.
- If the submitter is already registered, the challenger has to point to the identity already registered or to a duplicate submission. If someone tries to register multiple times simultaneously, all submissions are to be rejected.
- If the submitter is a puppeteer, the challenging side has to prove within reason that the submitter is a puppeteer. The burden of proof resides on the challenging side, who must explain why, within a reasonable interpretation, the chances of the submitter being a puppeteer are extremely high. Dubious motives weigh in favor of including the profile.
It’s not possible to prove that someone is a sybil at its core, since that would imply proving they are holding other accounts’ private keys or whatever equivalent. So, an explanation with reasonable, extremely-high likely arguments for someone being a sybil, should be enough. The most important characteristic of the registry is sybil resistance, not inclusion.
It would also be desirable to treat a sybil submission challenge as a Duplicate, because then, whoever vouched for them gets removed as well (who, is certainly malicious, unawarely or knowingly so).
Purposely, exceptions are not added. This is because, when there are exceptions in play, items that do not match the exception obtain extra legitimacy in favor of the challenger. The challenger is expected to provide the full, lengthy explanation of why the submitter is a puppeteer. The burden of evidence rests on them.
Some complaints were made on why a standard of evidence wasn’t disclosed in the proposal. This is because:
- such a standard would be general to the policy, not this clause specifically. It is outside the reach of the proposal.
- adding this standard can result in challenges that follow the standard to have overwhelming strength compared to the submitter. This is similar to how adding exceptions to give breathing room to submissions, makes the non-exceptions stronger challenge reasons in the eyes of the jurors.
- the jurors already follow a standard of evidence. Jurors don’t accept baseless claims.