6 burning questions for the self-proclaimed blockchain singularity (dfinity)
In this post I’m gonna be looking at the self-proclaimed “blockchain singularity”, “unstoppable!”, “tamper-proof”, at “web speed”, with “end to end security”.
Yes, I will be looking at dfinity, which had some sort of a big splash launch event yesterday1.
dfinity logo, sourced from wikipedia under fair use; I have nothing in common with the dfinity foundation; this is a critical commentary
It is supposed to be the next generation decentralized computing, and the next step in the “first Bitcoin, then Ethereum, then dfinity” evolution.
And honestly, after seeing bits of the launch video… I have a few burning questions2.
Let’s start with an easy one:
How is using a single-factor authentication a good idea?
In the chat app demo3, the presenters showed login solely based on security keys. They even boasted that there are no passwords.
Okay. How is this safe, in case of [physical credential] theft? Same problem arises when user loses one of their devices that happens to have the credential detachable/accessible.
In essence, this takes two-factor authentication4 and cripples it into a one-factor authentication. Ouch.
How does any e2e encryption in flight work in dfinity?
Right now, the entire system hangs on a few domains5, presumably controlled by a single entity. I’m gonna get to that in a moment.
And applications (called canisters) are supposed to be accessed as:
For the record:
$ host boundary.dfinity.network boundary.dfinity.network has address 220.127.116.11 $ host ic0.app ic0.app has address 18.104.22.168 $ host ic1.app ic1.app has address 22.214.171.124 ic1.app has address 126.96.36.199
That also means, that all traffic gets protected by the SSL certificate of those domains.
So there’s basically zero guarantee of end-to-end encryption. What if the
boundary.dfinity.network gets 0wn3d? Or served a warrant?
Let’s assume this can change in the future. That the apps can be hosted on dedicated domains.
How are the SSL certificates going to be stored in that case?
Barring some sort of “decentralized HSM” (which is bullshit), either ~anyone running as a network node has access to the private key material for the SSL certificate, or there’s no decentralization to speak of.
Because without universal access to the SSL private key, it will reside on boundary nodes. And the boundary nodes have to be under strict control of someone6.
How is a system utterly dependent on a handful of domains “decentralized”?
Above I have raised the issue that a few domains (
dfinity.network) are presently the only proxies between internet and
nodes running the dfinity network.
How is this “decentralized”?
No, seriously. So far you have maybe created a super complicated clone of serverless (targeting webasm) that talks to some blockchain under dfinity’s control.
I’m still waiting for the decentralized part.
When you say “delete your database”, what’s dfinity’s confidentiality story?
In the promo materials on dfinity website is this pearl: “Go ahead, delete your database”, and that radical rethinking will automagically solve everything7.
Fine. Let’s assume you can store all the state on the blockchain. And solve the scalability issues (among host of other prolems… like consistency, availability, and latency).
How exactly does confidentiality work?
Because I hardly want my app’s entire database in plaintext on some blockchain. Neither do I want to grant potentially hostile nodes unrestricted access to my data.
So how does the “encryption at rest” story look like?
And how do you ensure secure computation?
Because if you’re saying that all binaries should be in the open (at least that’s what it looks like from the deployment model), fine. Stallman would be proud.
But all data also in the open? Bitcoin style? I can’t wait to hear the excited screams of the compliance folks in any regulated industry.
So since this is a paid service that’s centralized, what are the benefits?
On the website there’s a lot of words written about decentralization, not depending on big tech, etc.
OK, so far it looks like we should be trading the traditional hosting model for a new hotness (that’s not even ready yet).
And pay for it in a completely opaque way, using yet another unproven token currency8.
Where am I wrong in that assessment?
Because if I have a webasm application, and my own domain, what benefits does dfinity offer over hosting it wherever the hell I please9?
Are you planning to eat your own dogfood?
$ host dfinity.org dfinity.org has address 188.8.131.52 dfinity.org has address 184.108.40.206 dfinity.org has IPv6 address 2606:4700::6811:df14 dfinity.org has IPv6 address 2606:4700::6811:e014 dfinity.org mail is handled by 10 alt4.aspmx.l.google.com. dfinity.org mail is handled by 10 alt3.aspmx.l.google.com. dfinity.org mail is handled by 5 alt1.aspmx.l.google.com. dfinity.org mail is handled by 1 aspmx.l.google.com. dfinity.org mail is handled by 5 alt2.aspmx.l.google.com. $ whois 220.127.116.11 | grep NetName NetName: CLOUDFLARENET $ whois 18.104.22.168 | grep NetName NetName: CLOUDFLARENET $ whois 2606:4700::6811:df14 | grep NetName NetName: CLOUDFLARENET
I’ve spent limited time trying to understand dfinity, so I might be very wrong… but so far: it’s either a solution looking for a problem, or the wrong solution for some existing one.
It almost seems as if it was a startup riding the blockchain hype train.
I would be more than happy to be proven wrong, though.
I mean, 5-6 thousand concurrent viewers isn’t bad, actually. ↩
That can’t be explained by dfinity’s docs. ↩
Yes, they demoed a chat app; Urbit people would be proud. Even though they bested them by also demoing a TikTok clone. [Although to be fair, there was NO mention of end to end encryption. A foreshadowing?] ↩
Something you know (password), something you have (security key). ↩
And I am uncertain who that someone (who has unilateral admin access to the entire network) would be. ↩
Unfortunately the link to “key concepts” on dfinity’s website doesn’t lead to anywhere that would explain in detail this magical ability. ↩
Which is unsettling to think of, in light of Ethereum’s gas prices fiasco. ↩
For example a conventional colo facility. Or heroku. Or GCP. Not to mention that the conventional hostings clearly state their price upfront. ↩