ETH Recovery has been a desired thing since before the Parity multisig issue. While the Parity multisig issue is the biggest single loss, there are a large number of other smaller losses that effect a large number of users. I like blockchains because they prevent institutionalized theft (e.g., Civil Forfeiture and Chargebacks, not because they enable me to shoot myself in the foot. What I am proposing is that we protect people from shooting themselves in the foot where we can, while continuing to defend against institutionalized theft. I almost left for ETC because I saw it as an instance of institutionalized theft (effectively a chargeback), and in the end my reasons for sticking with ETH had nothing to do with the to-recover or not-to-recover question. Should institutional theft become a pattern, I would likely leave Ethereum.
For me personally, I have a Shelling Fence that prevents this from being a slippery slope. It certainly feels like the disagreement is around whether or not a Shelling Fence exists.
You can call my views extreme, but I genuinely believe that over the long term âprotecting people from shooting themselves in the footâ will lead to institutionalised theft, especially considering thereâs no formalised boundary. EIP-999 might not be considered theft, but each time we accept one of these proposals to essentially undo a transaction, weâre taking another step towards a centralised government that gets to choose which transactions are valid and which are not. Each recovery will set another a precedent just like the DAO fork did (if the DAO fork never happened, we wouldnât even be having this conversation). Long term, if we accept state changes like this Ethereum will slowly evolve towards a corruptible, tyrannical system over the decades to come. These views were expressed in the DAO fork debate in 2016 and they are still valid today.
Institutionalised theft exists because a small minority of people hold more power than the rest. Many people are attracted to cryptocurrency because of the absolute property rights, i.e. nobody can interfere with your transactions. The fundamental awesome-ness of Ethereum is that code executes exactly as written and there shouldnât be exceptions to that for people who are exceptionally negligent. This EIP breaks the core functionality of Ethereum.
As harsh as it may sound, un-freezing ether is a form of theft. When balances become frozen, the value attached to those burnt ether are effectively distributed to the whole economy. In the same fashion as when you transfer ether to 0x0000, or when you set fire to $1 trillion. Redistributing value from the current ether holders is a form of inflationary theft in the same sense that quantitative easing and corporate bailouts are hidden thefts.
For those that want a quasi-centralised system where transactions can be undone, they should opt-in to a solution on the Ethereum application layer; these decisions shouldnât be made at the protocol level. Itâs clear from the volume of debate in this EIP-867 and EIP-999, the split sentiment on reddit and the results of the EIP-999 coinvote that many people are not interested in a system like this.
You might have a personal fence, but the greater community doesnât. I think we need to determine where that fence is now and commit to holding that promise for the future of Ethereum. And I think that if and when we come to a consensus on that, it should only be applied to future state changes (i.e. EIP-999 should fail no matter what).
A team has already implemented a recovery eth contract similar to what has come out of this thread - completely separate from this work. I think we should merge the two or begin working on ways to support this project and the ecosystem further.
It is like those concrete road blocks/dividers. They are technically moveable, but it takes a massive amount of energy to do so. This means that against normal day to day pressures, or even a car running into it, it is quite stable in itâs position. However, if someone makes a concerted effort to intentionally move the wall it can be done.
My shelling fence for this is sturdy enough that Iâm not worried about accidentally moving it through the course of day to day governance decisions, but I acknowledge that in the future someone may make a very compelling argument for intentionally moving the fence, and in such a situation I recognize that I may be convinced to do so.
This serves the purpose of a shelling fence in that it protects me from the problem of vague boundaries that are difficult to describe clearly and may move over time on accident. However, it does not calcify me into a position that may no longer make sense in the future when new information becomes available.
What new information has become available since the early days of touting hard immutability as a key benefit of Ethereum? Those promoting immutability at the time surely understood that all programmable systems come with bugs, and that these would in turn cause unanticipated losses or gains. Nothing new.
It is clear that hard immutability wonât fly in the real world, but Itâs hard to see how Ethereum can now convincingly change what has been so thoroughly beaten into the collective consciousness.
Hard Immutability permits systems of fiat to exist on layers above it.
The same is not true for fiat -> immutability.
If you require fiat, this project already provides you the ability to write your fiat in public code where others can voluntarily participate - or not.
That is the strong argument for the benefit of immutability to all cryptocurrency, not just Ethereum.
Part of the problem is that people use the word immutability when they really mean something else (something less well defined). Check out the post by @phiferd over in here, he does a good job of describing reality and you can see that immutability of the blockchain is well defined, but quite constrained. This definition still holds even if we do a recovery.
So I would say the new information is people gaining a better understanding of what immutability really means, and what Ethereum (or any blockchain) really is in terms of guarantees. Back during TheDAO fork I was one of the people shouting about immutability and slippery slopes, but since then I have spent a lot of time thinking about governance, blockchains, etc. and because of that my stance has changed (though Iâm still anti DAO fork to some extent, but for more well defined reasons).
I canât speak to what the people in the early days meant when they said âimmutabilityâ, but as you can see in the link above Ethereum has never been completely immutable (that just doesnât make sense).
I recommend checking out the writeup I linked above (in this comment), and then restate what you mean by âimmutabilityâ. I suspect what you mean is not that you want immutability, but that you want constraints on the ways under which the rules are allowed to change in the future. If you truly want immutability of the rules then I would argue that is against the ethos of Ethereum, since it has long been known that Ethereum will continue to develop as a platform with PoS, Sharding, etc. and that all requires rule changes.
If what you want are constraints on what rule changes can occur, then I recommend dropping the âimmutabilityâ argument (it isnât well defined) and instead argue for how you believe the rules should be constrained. It would also help to argue why you believe that the governance system is incapable of handling this sort of thing in an equitable way.
Never. Just because the loudest people believe A, does not mean A is the majority belief. I continue to participate in the discussion because people continue to misunderstand the reality of the situation. If it was just a matter of one group wanting some particular value and another group wanting a different value or the two groups having different predictions on how future humans will behave, then I would have stopped discussing quite a while ago. However, people keep showing up to the discussion with incorrect mental models of reality and that isnât helping anyone, especially when they propagate that incorrect mental model to others.
Some people have correct mental models of reality and still disagree because goals donât align or predictions differ. Discussion between these parties has died down a bit because each side has said their piece and there isnât anything obvious we can do to resolve the differences other than âtry one and see what happensâ or âaccept that we have different goals and forkâ.
I think itâs very important to correct misconceptions, and I appreciate that you do this. Do you agree though that at some point the discussion should come to ârough consensusâ? (Are the words ârough consensusâ from EIP 1, or is that just what people call it?)
Personally, Iâm not a fan of the Bitcoin model of âwe only make changes to the rules when everyone agreesâ. This leads to stagnation when the userbase has two sufficiently large competing groups. This lead to it taking years for Segwit/Blocksize and along the way there were many forks rather than just one. I am of the opinion that when your userbase reaches the point where there are two groups with incompatible goals then it is time to fork.
The problem, of course, is that in the current environment it isnât possible to fork without one of the two branches getting an unfair advantage when it comes to user choice. Which fork gets the ETH ticker symbol, which fork does Vitalik support? Which fork do Geth and Parity have as the default code in the master branch of their respective GitHub repositories? Which fork is the default for new Geth/Parity users?
This is an unfortunate situation, but one that doesnât have any obvious/immediate solutions. At the same time, not allowing the protocol to evolve is bad (IMO), and if you want the protocol to evolve then you must accept that changes to the rules must be made. This then requires the majority of people participating in a particular fork of Ethereum generally agree on (or are at least not willing to switch forks over) how the governance system for rule changes work. That all culminates in us being in the situation we are in, and likely forking over the matter (again, I donât think this is bad, I think this is a healthy solution).
I agree, this is not the actual Bitcoin model. This is the model posed by organizations like Blockstream that want to cripple the fundamentals of cryptocurrency.
We provide you with the means to achieve your ends - hard fork. Make your own chain and compete to win users.
Technical consensus is not the same thing as majority belief. E.g. the majority might be technically wrong, or their objections non-technical. Over the course of discussions Iâve seen continual improvement of our understanding of this EIP and related EIPs and issues. I havenât seen a killer technical objection yet. I have seen serious philosophical, economic, and political arguments for and against. These need to be technically informed, and the technology needs to be informed by the rest of the world, so itâs fine that they happen here. But in the end, the technical soundness of the proposal is what matters, and wherever I come down on the other issues, it still looks sound to me. If that becomes the consensus, then the place to argue the other issues moves on to whether to adopt particular ERPs.
As a âpoint of orderâ, these discussions seem to be converging towards a place where a serious quest towards technical consensus should ensue. That would involve those with the most expertise and motivation banding together, agreeing to a chairperson whose job it is to seek for and call the consensus, and going for agreement on a penultimate draft. This being both an early proposal in the process and as controversial as they get the chair will need to be of unquestioned impartiality and technical insight. And a skilled cat herder. Other ways of self-organizing the quest welcome.
To add to the thread more philosophically (and hello to the two bot accounts aboveâŚ), I think Ethereum has grown helpfully to support well-known tools for fund recovery at the application layer now, such as social recovery for smart accounts, and upgradeability for protocols smart contracts to fix critical bugs. Having an EIP fund recovery process, even if merely as a guide, would discourage Ethereumâs evolution into the a la carte security system that we are seeing emerge. This is all to say, if people or protocols want to rawdog security for optimization or stability purposes, the tradeoffs have to be real in order for them to realize the coordination benefits of their chosen immutability settings. This is a great offering and service by the network (the biggest vendor of contract finality and code immutability) and should be maintained. Yay~~
Just because the loudest people believe A, does not mean A is the majority belief. I continue to participate in the discussion because people continue to misunderstand the reality of the situation. If it was just a matter of one group wanting some particular value and another group wanting a different value or the two groups having different predictions on how future humans will behave, then I would have stopped discussing quite a while ago. However, people keep showing up to the discussion with incorrect mental models of reality and that isnât helping anyone, especially when they propagate that incorrect mental model to others.