I have a hard time getting on board with this argument. Wonderland DAO is taking itself seriously, and I imagine every member on the team has confidence in their integrity and abilities to manage this beast as they were elected to do. If someone isn’t comfortable taking on the multisig position, that feels to me like they are afraid they could get dragged into a shitty situation and become liable for shitty management.
If someone believes they can work with the wonderland team to effectively and responsibly manage the multisig, they should not be so concerned with the community being aware of their anon identity. I do empathize with why many may have second thoughts about joining the multisig at all if they haven’t worked with the current team, but I personally feel anyone who is willing to take the position should be willing to be known to the community. An anon name is not what is requested. Defacto for instance gets a pass because we can verify their connections and build our own comfort. I’ve never spoken to them or even seen a message from them, but I have a good idea of the chain of people I’d need to go through to get in direct contact with them in a worst case scenario situation.
I don’t think it’s necessarily about trusting the team on a single anon. There are multiple aspects of this proposal that make it uncomfortable to swallow.
I was uncomfortable with the first completely anon multisig member, now we’re going to add two more and make it a three of six. Three members of the six are completely anon in that scenario, right?
This is all not to mention that you’re placing additional liability concerns onto the team for appointing people to that position with only your own word to bank on. I actually trust you. This situation is difficult and confusing to me because I trust you so much.
I suspect there are good reasons to keep this member anon from everyone except the OO.
Can I ask, is that the level of secrecy we’re talking about here? Like no one outside of the OO and maybe one other elected member would know the identities?
No they are not. No one is completely anon. Every single member of the multisig will be doxxed one way or another. Simply not to the whole community.
The only fully anon signer is me, but that, for the most part, is not an issue because of trust. Coming back full circle again.
As for the liability on the team. There is no way around it. No matter who selects the members, the team members will carry the liabilities based on due diligence and voted responsabilities.
As for who will know the identity, I dont believe the OO to do background checks on their own. The legal help hired will also be “exposed” to their identity and safe keep the information if it need to be disclosed.
You are known to the extent that I would consider sufficient to make a judgement call. Even Defacto is known enough for me to feel comfortable that I was able to make that judgement call myself. This is where I’m having trouble getting on board with your argument- it’s not about doxxing necessarily. Yes, there is an expectation of full doxxing to someone, I like the law firm better than a single person as that’s an entity so it removes a single point of failure, plus they’re independent and specifically representing the DAO itself.
There is a difference between the team providing a couple sentence description of the individual they want to put in the position and providing a set of usernames that can be referenced by member’s themselves. Indeed, the usernames will invite scrutiny on that person, that sucks, but it’s something I believe we’re entitled to.
I’m sitting here arguing with myself too, trying to figure out good reasons why I should just shut up and let this play out because I know you wouldn’t do us dirty. I know you treat this situation with the utmost professionalism. I can’t shake the discomfort though. There’s got to be more we can work with or do to make this feel more comfortable. I suspect maybe if we can wait to get a legal firm and secure representation for the DAO, this would feel much more comfortable. I don’t even know if that will be suffice though.
You are correct, it is not about doxxing. It is about trust.
Dafacto is not anon, but is a reputable person in the market (trust). Same for SkyH. Me and Vayu are anon, but have been around for quite a bit (trust).
My point is that a set of username does not provide the security (trust) that people want/need.
Let’s do an example.
Team says ok, the new signers are Dumb and Dumber (their anon name). The community looks at Dumb and Dumber’s “history”, but there’s barely nothing. Is it enough to give these people the keys to the vault, now ? That’s enough information for a community member to say, “ok, Dumb and Dumber are posting good memes, my concerns have been addressed” ?
If the concern is transparency for the sake of tranparency, then sure, but the issues seem to be deeper then this.
The judgement call that you talk about is based on trust.
Trust is earned. I would agree with @MattMacGyver that you’ve earned our trust; however, what happens if one day you decide to leave the project? What if multiple team members decide to move on to something else?
Now we’re left in a situation to have to hold votes to fill those positions. Now if any anonymous signers need to be replaced we’re talking about someone(s) who may not have established that same level of trust with the community deciding who the anonymous signers are.
I may trust you and almost every other member of the team right now. But I’m not going to say I will always trust every member of the team in the future. And this vote essentially requires us to have blind faith now and in the future and that’s just a bridge too far as it stands.
I think it’s a combination of trust and a lack of information. I know one of the major reasons I am uncomfortable with this is because I am inherently uncomfortable not having information, it’s just a human weakness. It’s easier to accept that I can’t know their real names when I can know their fake names (and connections). I’m still inherently uncomfortable with that, but I am able to cling to something and form my own opinion with what I can know. Also, I would hope for more than just a username from our discord, like who they are connected to if they are connected to anyone or any project, and it would be nice to have them engage with the community for a short period if there is literally nothing else to offer - like come in to answer some questions for a half hour or respond to gather questions from the community, something that can allow the community the opportunity to feel we are making a judgement call on them ourselves. We’re not talking about trusting you all to hire assistants or graphic designers, that’s would be really weird if we demanded to feel like we were making those choices.
It is trust too though. Having a law firm representing the DAO doesn’t remove the human element, but it does make an independent organization liable for their services, which adds another layer of trust to the system. I can be comfortable that this independent org did their job at verifying identities and without a question they will provide those identities if the DAO required them. One could argue, “well the team could do that too”, and I would agree, but the firm means that even without a team there’s still access.
For me, it boils down to our team being a group of really great, but arguably new to managing a $100mm+ organization, being responsible for this activity. I have trust in the people, I really do. But I guess you could say not enough trust that everything would be perfectly secure enough for me to be cool with a couple sentence descriptions. I’ve worked with this team for almost a year now, I have trust in your integrity.
The answer is NO, if Dumb & Dumber haven’t been active community members then putting them on the multisig would be more like adding an independent 3rd Party. Then we have to question how did team decide to trust these inactive members and what was it based on since there is no engagement. This is why blind trust doesn’t work. It seems the team is getting further and further from transparency on many items and that doesn’t instill confidence or trust. So the more team chooses to be less transparent the less trust you are going to have from the community. You are essentially shooting yourself in the foot.
Actually not because of any doubts in team or performance, it‘s about the affiliation to a protocol that is called flashy scam even by Vitalik and generally still has a very long way to go to have some sort of trust level in the public eye.
You yourself distanced greatly, because of public perception and your personal circumstances, this is very similar.
The people that stood with the protocol all this time are the few - the many took a step back and don‘t want public attachment, still.
It‘s a shame, but how it is.
I have 0 issue with sharing the info within the team, if that helps - or implement whatever other safeguard is wanted. But seems this whole discussion goes more about personal trust in the team or not. That‘s something I can‘t help with. If we haven‘t shown over the past year that we are trustworthy then there is little to say.
Seems to be few, but loud voices that feel that way, which I am sorry for - but ultimately this needs little trust because of the neutral 3rd party, the legal firm. At least that was the thought, in order to cater everybody and their wishes.
I get behind more than one team member having the info, non issue. But I can‘t force people wether or not they want to publicly be attached or not, at this point in time.
Why not have the GO evaluate since they have experience with the msig and is one of the few that has shown no conflict of interest in the past? I’m sure being removed from the multisig is gonna free up enough time to evaluate new candidates.
I can understand this argument, but I don’t think it’s exactly valid. I do distance myself from public view, but I do not shy away from accountability and I recognize the DAO need for transparency, so in order to be involved with the DAO I accepted that they need to know enough about me. I have been doxxed to many members of the community for most of this year and when I put my name in the hat, I was comfortable with the possibility that I would be dragged into legal or regulatory situations - I would not have put my name in if I felt I wouldn’t be comfortable with that. I put my name in because I believed this DAO is working to Increase Transparency and double down on being the most legit org in the space - I was confident that if push came to shove, I would be with a team that has worked to bring professionalism and integrity to the space, not too concerned with fallout.
I don’t give a flying fuck what buterin says about WL with his extensively limited knowledge of WL. If he spends any time at all tracking us, I would call that wasting his time - so I assume he knows very little, if only our most distant past. Anyone with a good head on their shoulders and a rational mind recognizes the lack of severity of buterin comments are in comparison to the current efforts and actions of our DAO. Being afraid of association due to he-said-she-said nonsense doesn’t lend credibility to multisig members, it shows a sign of weakness and flakiness that I don’t find necessary for our rebuilding efforts.
I don’t think the DAO is ready for this level of secrecy out on the shoulders of our new team. I mean no offense but none of the team are industry pros with years and years of experience managing risk, doing due diligence on individuals, looking out for bad actors, or maintain secure records. You all have been doing a great job so far and I am still here rooting you on, but it feel like you’re all asking for the community to have too much trust right now. How about we work on building experience in the team, trust within the community, and then pursue initiatives that might involve such secrecy. If we were Blackrock with a crew that had decades of experience managing financial behemoths - this would be a completely different story. It very difficult to say something like this without it coming across as a dis or sleight - it’s really not. You all are doing great and you’re making great progress, it’s just not realistic to believe you all have gained decades of experience handling this kind of very tricky situation in the year you have been with us.
Neutral Third Party does not make something inherently secure. It is difficult for me to trust at this time that the team has the experience necessary to vet individuals to ensure they are neutral, or secure. If vetting to ensure actual neutrality (no affiliation with team, project members, or conflicting projects), that makes it inherently more difficult to vet their integrity and security. If they are known well enough by a team member or community member, this means they are not technically neutral. A truly neutral third party would be an independent service provider who is legally liable for their services, like a Multisig as a Service setup or a publicly associated individual who was also liable for their services. Calling anything other than that a neutral third party, imo, is using the term too loosely and not accepting the inherent security flaws in any lesser setup. Someone from another protocol or “industry pro” doing us a favor by being on our multisig is not a neutral third party.
You mention “a firm” at the end of this, which is a big piece of this whole proposal that makes everything else harder to swallow. You may have been speaking to law firms and getting insights, but those insights and your personal affiliation with them is in no way providing additional security or confidence of security to this equation. When a firm is secured to Represent the DAO, they will be our first truly neutral third party. They do not answer to any individual within the DAO or outside the DAO, they do not provide legal protection to any individual inside or outside the DAO above the DAO - the DAO is their client. When handling the due diligence of candidates, they are legally liable for the services they provide. This firm should also have extensive experience in performing this service, so confidence in their performance is easy to achieve, even if identities remain secret.
I probably wouldn’t have even commented on this proposal and barked at all if we had a firm on retainer and the proposal said the firm was handling the background checks to ensure the people being added are secure and accountable - not have a firm be involved (”in some way”) after we’ve already voted them in.
I do have a question I’d like people to consider. How many wrench attacks, kidnappings, thefts, and legal actions can you find regarding publicly known multisig members or DAO managers - compared to the number of anon multisig members or DAO managers that have committed theft with the benefits of anonymity?
A few days ago I started a search to find precedence for (history of) the potential security implications for multisig members, as well as liability concerns. It’s interesting to compare the two, and consider the risks with those statistics in mind.
I see a lot of comments on this thread about needing to know more about who the signers are, but we’ve already established this is not the core issue and I dont see solutions being proposed. Or maybe I lost then in the walls of text
Form a binding agreement with a legal firm to represent the DAO and have that firm perform a background check on the individual candidates, as well as all elected and appointed members while they’re at it. They should establish a line of contact to these individuals and be able to gauge their potential level of accountability in a bad situation - How would they directly contact the members if needed, and if necessary, what are the steps we’d need to take to ensure accountability for each member? They can hold this info in a secure way and provide it to the DAO if required.
This is basically handing the vetting off to a truly neutral third party, and establishing a precedence for how the DAO should perform actions that are exceptionally sensitive in the future.