Hive's centralisation problem

in Deep Dives3 years ago

Hive's ecosystem is intended to be decentralised, but is it really? Let's take a look.

Hive Flag, made by me

What is Hive?

Before we can determine if Hive is decentralised, we must first know what Hive is.

Hive is a delegated proof of stake blockchain which hard forked from Steem back in March 2020.

While Hive's blockchain protocol itself has some issues regarding potential for centralisation, they're well known and work is being done to fix this.

Well, if the blockchain is properly decentralised, what's the problem?

Hive also doubles as a social platform, and as such, has multiple front-ends for accessing it. The most popular of these are, in no particular order: PeakD, LeoFinance, Hive.blog, and Ecency.

That's already pretty small of a selection, but Hive is still rather small so it's currently not that big of a problem. There are other clients, such as Dapplr, that have been gaining popularity.

Let's do a quick audit of these four to determine their trustworthiness and independence from each-other.

First question: Is it open source? Being open source is an important trust factor as it allows for public auditing and allows the public to fork the project should the original developers become unfavourable or go rogue. Hive wouldn't exist if Steem wasn't open source.

PlatformOpen Source
Hive.blogYes (frontend, wallet)
EcencyStandalone clients are, web interface isn't (Desktop, Mobile)
LeoFinanceNo
PeakDNo

Plus the two most popular authentication tools, Hivesigner and Keychain

AuthenticatorOpen Source
Hive KeychainYes
HivesignerYes

The situation here could be better, but let's move on to the next things.

Hive has multiple public nodes, these nodes are what clients use to access the network. Let's see where the 10, as of time of writing, public nodes are being hosted and who they get their TLS certificate from.

NodeRegionHostCertificate Authority
api.hive.blogUnited StatesOVHLet's Encrypt
api.openhive.networkPolandOVHLet's Encrypt
anyx.ioCanadaOVHLet's Encrypt
api.hivekings.comUnited StatesCONTABOLet's Encrypt
hived.privex.ioGermanyHetznerLet's Encrypt
rpc.ausbit.devFinlandHetznerServer was down when tested
api.pharesim.meGermanyHetznerLet's Encrypt
techcoderx.comFranceDediboxLet's Encrypt
rpc.esteem.appGermanyHetznerLet's Encrypt
hive.roelandp.nlFinlandHetznerLet's Encrypt

Based on this, I have to say that Hetzner and OVH have far too much potential leverage over the Hive network. The heavy reliance on Let's Encrypt also opens a secondary major attack vector that someone powerful could use in an attempt to shut down Hive.

The countries Hive's public nodes are hosted in are fairly spread out however.

As much as people like to talk about Hive being part of Web 3.0, I would argue it's far too dependent on the existing Web 2.0 to count as a Web 3.0 platform. However, it has potential to change this.

In order to Hive to qualify as a Web 3.0 platform by my standards, it would need to have a standalone client that can utilise the network without connecting to a single established Web 2.0 service. That means running an in-client node, all data being distributed peer to peer, et cetera. This would also make it near impossible to block in countries known for censorship like China, Russia, Pakistan, and India. The I2P Network would likely make a great choice for building on top of.

However... Hetzer, OVH , and Let's Encrypt are not the biggest problem here.

Let's do the same again, but this time with the web frontends and Hivesigner.

FrontendApparent Host
hive.blogCloudflare
ecency.comCloudflare
leofinance.ioCloudflare
peakd.comCloudflare
hivesigner.comCloudflare

This is a major problem.

Why? Well first we need to know a bit about Cloudflare.

What is Cloudflare?

Cloudflare is a US-based company who markets their services as providing general security, content delivery, and distributed denial of service mitigation to websites.

They also provide a "free" plan that small websites can use.

However, the way their service acts goes far beyond what's needed to provide general security and DDoS mitigation, and content delivery can also be done in a better way as well.

First, this is how similar security services worked before Cloudflare came along:


  ╔══════════╗    ╔══════════╗    ╔════════╗
  ║          ║───────────────────>║        ║
  ║   Your   ║    ║ Security ║    ║ Remote ║
  ║ Computer ║    ║  Service ║    ║ Server ║
  ║          ║<───────────────────║        ║
  ╚══════════╝    ╚══════════╝    ╚════════╝

Your connection passes through the security service, it can see where connections are from and where they're going plus how many there are, but it can't see the contents of encrypted connections.

When you connect to a website over an encrypted connection, it's supposed to indicate that only you and the service you're talking to can read or modify the connection's contents.

However, Cloudflare breaks that trust model. This is what connections via Cloudflare look like.


  ╔══════════╗    ╔════════════╗    ╔════════╗
  ║          ║───>║            ║───>║        ║
  ║   Your   ║    ║ Cloudflare ║    ║ Remote ║
  ║ Computer ║    ║   Server   ║    ║ Server ║
  ║          ║<───║            ║<───║        ║
  ╚══════════╝    ╚════════════╝    ╚════════╝

This means that your connection isn't being encrypted between you and the service you're accessing, but rather between you and Cloudflare.

Cloudflare can see all the contents of the connections, including passwords and anything else sent over it. They can also modify anything going either way.

What's worse is that there's no guarantee that the connection between Cloudflare and the remote service is encrypted, as Cloudflare can operate without encryption between it and the remote service. That means that the remote service's ISP can potentially also see and modify connection contents.

The way Cloudflare has been operating shows that they're trying to centralise the entire internet. They've been quite successful at it so far as well, managing to get nearly 15% of the entire internet going through their service in the span of 10 years. Compare that to the 1% that goes through Amazon's servers, the next largest platform.

In fact, in just the last year Cloudflare has gone from just above 10% to nearly 15%

Cloudflare should be seen as the greatest enemy of Web 3.0, even more so than Google, Facebook, Microsoft, and Amazon.

If you want firsthand experience with how broad a scope Cloudflare has, try browsing the internet for a week using only Tor Browser.

What this means for Hive and what you can do

Cloudflare has the potential to effectively destroy Hive in the span of minutes by injecting malicious code into people's page loads. They also have the potential to target individual Hive users should the US government come knocking.

Now, thankfully, there are ways to protect yourself.

The best is to only use standalone apps to interact with Hive, such as Ecency Desktop/Mobile and Dapplr. These are stored locally on your device and can't suddenly become compromised from a central authority. Always make sure to verify any updates you download are valid and haven't been compromised either.

If you must use a service behind Cloudflare, make sure to use Hive Keychain to log into it with automatic signing disabled. This will ensure that the site doesn't have access to your keys, and that no transaction can occur without your confirmation.

You can also encourage @ecency, @blocktrades, @leofinance, and @peakd to drop Cloudflare and use something else, preferably making sure they're not using the same thing everyone else is using.

Hive has great potential to grow and become a truly decentralised network, however right now it falls short of that.

Dropping Cloudflare would be a step towards decentralisation that wouldn't require any major changes to code.

Mentions to people who wanted to know when I finally posted this: @cryptographic

I hope everyone has a great day.

Sort:  

What would you personally suggest we would use at PeakD instead of CloudFare? Open to suggestions. I'm not the programmer but would pass along suggestions in house.

We have limited development time going to a lot of things and usually feature development is highest on the list since in general hive is very very small and our goal is to develop a set of features that we can start marketing with.

so these issues you bring up are ultimately important but not presently highly important because as you stated they are theoretical issues (true as they are theoretically) but not present. Though it would be nice to see more diversification of nodes.

You missed a big one the blacklists the nodes use... they all are pretty much the same (pull from same source) meaning there is a big issue with centralization of blocking power. Now the proposal by @blocktrades for users (hopefully trusted ones) to create their own lists and choose what lists to follow could perhaps solve this issue.

Well, I'm most in favour of a do it yourself method. Getting a server on a host with built in DDoS mitigation and rolling your own haproxy setup. Doing so will require having someone familiar with Linux and webserver management. I've set up servers like this before, although they're often set up to be far more protective of their origin IP than PeakD would need.

On top of that, Cloudflare tends to give website maintainers a false sense of security. However, it looks like PeakD has been properly configured as I was only able to find out that you use Hetzner for part of your infrastructure.

Also, worth noting, if you're using OVH as your host, they already provide built in DDoS mitigation.

If you need a CDN, there's plenty of those. You've got Rackspace, Akamai, Limelight, CDN77, and Amazon Cloudfront to name a few.

Also, blocklist sharing sounds good on paper but turns out horrific in practice. It's been done on Twitter before and ended up being a complete disaster. It'd be far better to implement some form of Trust Propagation, however it would be very difficult to do so in a way that scales well.

Interesting! I did not know about cloudfare. I split my time on hive between daplr and peakd... perhaps I need to spend less time using peakd...

As long as you're using Hive Keychain and keep the automatic signing off, you'll be safe from any potential hijackings of PeakD or malicious Cloudflare activity. Though that won't prevent any data harvesting, should Cloudflare be doing that.

It is generally a good idea to stick to using standalone programs whenever possible though, they tend to have less surface area for possible attack vectors than a website does.

Thanks for mentioning Ecency. Kindly join our Discord or Telegram channels to learn more about Ecency, don't miss our amazing updates.
Follow @ecency as well!

It's refreshing to see an author less on the nuts and more on the gas pedal regarding this chains future. Last I checked, this start-up was barely clinging to a top 150 position at coinmarketcap.

Your methods are not negative, you're obviously a trained programmer/developer. Have any of the names you mentioned at the bottom of this article reached out to you as as a possible addition the blockchains potential improvements?

Not yet, I've only been around for a few weeks. I'm planning on making some new DApps soon, not sure where to begin really as I've got too many ideas. Maybe I'll run a poll at some point to see what people are most interested in.

I know a lot about things from a technical side but actually putting things into practice is extremely draining on me as programming is pretty stressful. I work better as a project architect and maintainer, laying out roadmaps and encouraging a team.

Sounds like a plan. 😎

Great information - I think all decentralised apps need a standalone option you can run locally like lbry. Also can anyone tell me where can I find more of this kind of technical stuff on how hive works?

Also was surprised that peakd is not open source. Is dapplr an open source project?

Yeah it was surprising when I found out too. Dapplr isn't open source either sadly, thought they've made some vague promises at doing so in the future. There also seems to be a lot of misconceptions about open source projects as well.

To my knowledge, the only open source mobile app right now is @ecency, hopefully they'll open source their web frontend soon as well.

Decentralisation cannot come at the expense of performance and staying power, taking a snapshot of any project you can claim centralisation. I am not saying what you list here is not true, they are, are there concerns, yes, but we can't make less decentralisation the enemy of good.

Is the ecosystem more robust than most of web 2.0 yes I would say so? Is Bitcoin the so-called most decentralised network, decentralised? some would say yes, some would say no. I don't like to get into this debate because you can always move the goal posts.

and I also would like to see more solutions put forward, lets say the cloud flare one, what options are there apart from their centralised competition at this moment that's going to provide the same speed, security and cost structure, then you can evaluate is the decentralisation to a other centralised service or using a fully decentralised service the best for the products direction or is it just lip service for look how decentralised we are as a project

Yeah, we can point fingers but getting to solutions or options is what we need.

"You can also encourage @ecency, @blocktrades, @leofinance, and @peakd to drop Cloudflare and use something else, preferably making sure they're not using the same thing everyone else is using"

Yeah I read that but what are the options lol. I don’t know them since I have never hosted anything. They might but that’s no guarantee.

You clearly don't understand the seriousness of the attack vectors he noticed with how politicized free speech has been.

Its not worth using this platform whatsoever ever if it is bias on the net neutrality debate, not sure how you use the logical fallacy of buttons core to compare to hive, but DPOS and SHA-256 mining are very different.

Lol so plan for a tsunami when no one even knows these sites exist? I mean really, torrent sites have been doing the whack-a-mole run around for ages, if people want the content you can always move it

I am saying there is something, drastically different, about the fundamental logic we use in our individual and unique circumstances.

Reference to what I am referring to.

https://www.sciencedaily.com/releases/2019/08/190826150700.htm

Well, I hope those mentioned above would drop off cloudflare in that case...

Great information - I think all decentralised apps need a standalone option you can run locally like lbry. Also can anyone tell me where can I find this kind of technical stuff on how hive works?

You can find Hive's developer documentation here: https://developers.hive.io/

Interesting topic, we've got to look decentralizing HIVE in every aspect.

Great write up, glad to see you being critical and analytical about the platform lots of progress needed for sure, I hope hive will adapt and deliver, if not I'm sure newer chains will take it's place

The biggest problems don't have anything to do with Hive's blockchain as I said, more so the most popular frontend websites for Hive. Less popular, more community-oriented, ones like neoxian.city and palnet.io don't use Cloudflare to serve their frontend.

I hear that but the frontend dependence on centralized bodies is taking away from the blockchain features, it's good to see we still have some options that are more "true" to blockchain and decentralization

Congratulations @death-and-taxes! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :

You received more than 300 upvotes. Your next target is to reach 400 upvotes.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Thanks for sharing

Great post. Great work. Good job! AFAIK anyway. 😂

So, the bottom line for us security freaks is:

The best is to only use standalone apps to interact with Hive, such as Ecency Desktop/Mobile and Dapplr. These are stored locally on your device and can't suddenly become compromised from a central authority.

I'm going to take your advice.

And how does HIVE-ENGINE figure into things? I'm a little concerned about how Hivesigner is constantly asking me to import my active key, for example ... haven't tested it enough, but it could be that every time I change device ... doesn't seem to happen with PeakD ...

Hive-Engine does transactions so it makes sense that it uses your active key to sign them. If you went to power up or transfer in PeakD, you'd likely see the same thing.

Yeah, but the import active (or even posting) key should be a one time affair, not every 3 or 4 times you login. The Hivesigner password should be all you need after you've imported your key ONCE I should think.

BTW, I've tested a bit more and it has nothing to do with changing devices. It looks like if you're logged in normally, trading, making and canceling orders, Hivesigner works as set up across platforms without asking to import your key again, BUT if you claim rewards, you get asked again to import your account again, AND then you can't place orders again until you repeat the process again for that. Going back and forth from trading privileges to claiming rewards privileges causes Hivesigner to sign you out on the prior, but sign you out hard since your Hivesigner password no longer works and you're asked to import again. I don't know if I've explained this very well, not knowing the specific terminology, etc., but I'll keep documenting my experience. I seems a little weird ...

Edit: Open source?

Ah, well during the short time I used Hivesigner it seemed very buggy and would never actually save my account info, I had to re-enter it every time. Hive Keychain has worked flawlessly, although the interface it has is a little peculiar and due to how it works it opens up a potential browser fingerprinting vector. The fingerprinting vector isn't going to be a big concern for most people, though if you're using Tor Browser it would be a concern.

!ENGAGE 50

Thanks for the tokens

Just a heads up, looks like the engage bot only processed your comment without the value.
https://hiveblocks.com/tx/a7a5d1e8806c58519e7935265e7de48258762b71

Does it not show in your wallet?

This kind of analysis is invaluable. Just noticed you posted it in Deep Dives, BTW. Very cool.

Yeah, I'm starting to get used to the communities and tags here.

I might start development on a Hive DApp soon, I have one idea in particular that would be interesting to implement, though I'm not sure how much the art and music communities around here would enjoy it.

Good communities to target, if you've got something that would interest them, you know, that satisfies a need. The art community looks very active and vibrant to me. I remember seeing a trending post on commissioned art from an Italian artist, if I remember correctly ...

Can't hurt to ask around. It's the only way to find out.

Thank you for your engagement on this post, you have recieved ENGAGE tokens.

I didn't know CF was that toxic, I am likely removing all their DNS from my networks.

Sadly they have the fastest loading times, aside from 1.1.1.1 and 8.8.8.8 what DNS do you recommend?

I prefer running my own dnscrypt-proxy instance when setting up a network, it provides far better privacy than any traditional DNS server. You can configure it to cache all network requests, or even configure it to make requests over Tor so that it's impossible to log where your requests are coming from.

Aside from that, check out OpenNIC, it's a project aimed at decentralising DNS and letting people have more democratic control. You can easily get your own entire TLD if you've got the technical resources for it, plus it even has built in integration with Emercoin. On top of that, they also run some DNSCrypt servers so you can use both at the same time.

This just gave me a great idea, when I use my own VPN (wireguard) I could totally use this script you mention to send the DNS through tor for all my traffic right?

Yeah, it'll let you do that as long as you configure everything correctly.

You can also use iptables to just make tor your DNS provider, but you don't get caching if you do it that way so things will resolve slower.