POCKET Day 3: Is Pocket decentralized and trustless?


Day 3 update: We're up to 584 Genesis claims, so the total supply stands at 584,000,584 tokens. See all the latest Pocket stuff here. If you want to see a sampling of transactions, check @pocket-a's comment section. Among all the many messages of "Success! You claimed..." you'll start to see quite a few "Successful Send of..." indicating that people are sending Pocket tokens around. Very fun!

Million Dollar Question: Is Pocket decentralized and trustless?

I had someone ask me this yesterday, and it's an important enough question that I wanted to write a whole blog post about it. If Pocket isn't those two things, then it's just a bot that's being run by some schmuck who goes by @biophil, and you should all run for the hills - what's to prevent me from taking away your tokens? On the other hand, if Pocket is decentralized and trustless, you can be much happier and feel more secure, because, and this is the crucial point, it's not about me. I'll take them one at a time.

Decentralization

A lot of people have argued at great length about the specifics of what exactly constitutes decentralization, how it's different from "distributedness," what its value is, what its costs are - etc. For my purposes, I'll take a simplified binary view, and I'll tell you what decentralized is not:

A system is not decentralized if it contains a single point of failure.

So it might be helpful to think about the differences between Pocket and a centralized tipping service like @tipu. @tipu, I'm not trying to disparage you; it just happens that you're an excellent example of what Pocket isn't.

@tipu works like this: @tipu is a bot. You send them SBD ("deposit"), then reply to a post with the word "tip!", and @tipu will send a small tip to the author of the post you replied to. All of the SBD deposits are stored in the @tipu account, controlled by @tipu's single active key (whose public key is STM6pdex2VkcBhNFPwkw6vFeDrV7hhRy7XiY6eKFgmZ14pENeqVCo). The software that operates the @tipu bot is probably running on only a single server somewhere, and @tipu is controlled by a single entity. I don't actually know if that entity is a single person or multiple people working together, but in any case, it's an organized group.

So what happens if:

  1. @tipu's active key is lost?
  2. The server/computer that is running the bot software crashes?
    (there's an obvious 3rd involving theft that I'll get to in the "trustless" section)

The answers are simple:

  1. All of the depositors are SOL, because the several thousand dollars that are held in @tipu's wallet are lost forever.
  2. This is less catastrophic, but it means that the @tipu service will be completely shut down until the software can be relaunched on another machine or the server can be repaired.

How is Pocket different?
Anyone who's used Pocket so far has seen a confirmation message from the @pocket-a account. @pocket-a is a bot, so on the surface it might look like Pocket is exactly the same as @tipu - a bot service being run on a machine by a human entity. Actually, Pocket is completely different.

You see, there is absolutely nothing special about @pocket-a. That's just the account I created to be the first Pocket confirmer. But if someone else creates a @pocket-b account and has that account post confirmations before @pocket-a can get to it, then as long as the confirmations are formatted correctly, @pocket-b will earn the fees! Now, so far, @pocket-a is the only confirmer account that I know of. So right now, Pocket isn't quite as decentralized as I'd like. But it's still less centralized than @tipu! Here's how. I'll answer those same questions from above for Pocket as currently operating with only @pocket-a:

  1. If @pocket-a's private key is lost, it won't be able to post confirmation messages any more. I'll lose access to its 400-odd POCKET tokens. However, I'll just go create a new account (probably call it @pocket-b, let's be honest) and have it start posting confirmation messages. Everybody's funds are safe.
  2. If the machine running @pocket-a crashes, it will cause a lapse in confirmations until I can get it going again. This one looks the same as @tipu.

Now, in both of those cases, all Pocket users experience a lapse in confirmations, but nobody loses their tokens! So that's a good place to be. Can it get better than that?

Yes, and it should get better than that. What we need is for more people to start running confirmation bots! Those people will be rewarded with fees for every Pocket transaction they confirm, and they'll add robustness to the system! So now let's look forward to the day (hopefully soon) when there are 2 confirmation bots running, call them @pocket-a and @pocket-b, and let's answer the two questions again.

  1. If @pocket-a's private key is lost, @pocket-b will take up all the slack. The owner of @pocket-a will lose access to its Pocket tokens, but essentially nobody will notice that it is gone.
  2. If the machine running @pocket-a crashes, users of Pocket will NOT experience a lapse in confirmations because @pocket-b will confirm all transactions.

So you see, we need to have someone start running another confirmer bot! Contact me if you'd like to; I can give you tips on how to se it up. It's extremely easy to do if you happen to be running a Steem witness node, but that's not actually completely necessary.

What about trust?

"Trustless" means, essentially, that you control your funds and that you don't have to trust someone else to take care of them. This, in my opinion, is the absolute most important difference between something like @tipu and Pocket.

With @tipu, you have to trust the human entity that owns @tipu not to run away with your money. They're sitting on thousands of dollars of SBD; they could steal that and you would have no control over it. Please understand that I'm not suggesting they will - I suspect they're good people and wouldn't do such a thing. But the fact remains that if you deposit your money with them, you trust them not to steal it.

With Pocket, nobody can steal your tokens unless you give them Posting access to your account! Your tokens are tied to your Steem account by the rules of the Pocket Protocol. Now, this gets a little slippery with only one confirmer bot running. I could program @pocket-a to tell you you don't have tokens when you actually do; how would you know? Again, this is a reason we need more people running confirmer bots. The more bots we have, the more people we have to call BS when a confirmer bot tries to go rogue.

Conclusion

The main point of all this is that Pocket is designed to be decentralized and trustless, but it can't really be unless people start running their own confirmer bots like @pocket-a. Contact me if you want information about how to do this!

For more information

H2
H3
H4
3 columns
2 columns
1 column
27 Comments