The document outlines a scoring system where you on a scale of 1-9 grade
The impact a risk event would have if it occurs;
The chance it actually would occur; and
The knowledge you have as part of assessing this.
Towards the bottom of the document, there’s a link to a Google Spreadsheet where risks are presented as individual rows in the table, and you in the community can input your own risk assessments as columns in the table.
I’ve just now done this for myself, please feel free to give it a shot for yourself and help us become better at assessing our risks!
Instructions & Notes
Add risks. Please feel free to brainstorm new risks! Just add them to the table.
Use the scoring instructions. Don’t wing it. I had the scoring instructions next to me and cross-referenced them constantly to try to make a correct assessment.
Don’t troll. The quality of this exercise will depend upon how serious we treat it.
Don’t mess with other people’s scores. If you input scoring you can protect your input by Data >> Protected sheets and ranges...
Give it your best shot. Doesn’t have to be perfect, just give it an honest try.
It gets easier. After a couple of estimates you start getting the hang of it and you progress faster.
We’ll be discussing the results of this in the Nov 6 Governance meeting, feel free to join us then!
Criminal users lead to PR disaster A high profile event / attack occurs that is linked to Grin usage and the spotlight is turned on the project and its stance on privacy. Relevant world example is the Apple-FBI encryption dispute. 7 5 6
Grin is declared illegal It becomes illegal to develop or use Grin in certain countries. Real world example is the ongoing efforts to stop 3D-printed guns. 8 2 5
Developers are raided / harassed / prosecuted Due to PR disaster above, political pressure builds to motivate government authorities to doxx anonymous developers and "make an example" by arresting them and issue criminal arrest warrants on other developers associated with the project. It's important to note here that it is irrelevant whether there is an actual valid legal case against the developers. 8 4 6
Care to explain why you believe these are doomsday events and rare?
Cause I may have a history lesson for you. Bitcoin is only the first successful stateless currency, and his anonymity and disappearance of satoshi are not paranoia
I think anything goes, as far as I understand. Why should it be its own genre?
Yes, this felt weird to me as well, but it helped thinking of it as just a way of scoring and assessing the unknown. It’s not meant to to be a mathematical even distribution of score → probability.
Can you elaborate?
Not really, why don’t you give them your own scores instead. And what makes you think I believe they are doomsday events? Did you read the scoring scale? I just gave them a high impact score. Impact can be both positive and negative.
Always up for a good history lesson, so yes please, do go on!
Yes, this felt weird to me as well, but it helped thinking of it as just a way of scoring and assessing the unknown. It’s not meant to to be a mathematical even distribution of score -> probability.
You should assume the scale provided a downward pressure on the score. Half the probability exist between 50 and 100 percent on an s curve. And people are not good at probability naturally.
Can you elaborate?
Like I lived thru losing half my bitcoin 3 times, one of those was bitfinex; I know exactly how “an extange getting hacked” effects me, I felt the prices before and after, also thinking my life savings at the time was gone for 2 weeks.
Wheres “work” in day trading? What exactly is “studing”? Who the fuck studies under anyone?
I also knew about bitcoin since the white paper, (dismissing it as another liberty dollar, or e-gold, because yay learned helplessness of my movement at the time) I knew about cyberpunks before the link can buried
Again whats “work” in this case? I can tell you distrust of state currency and agorism go back to americas newspaper heyday; not “satoshi ‘came out of nowhere’” or maybe if your lucky “cypherpunks also existed in the 90’s to help spread encryption, maybe satoshi was a cypher punk who started to work on bitcoin after 2008” but rather this thing as been brewing since a little after slavery ended and for most of that time the nail that stuck out got hammered down.
I didn’t study under anyone and if I could it would probably make me an expert in the field, I mostly read primary sources of old political essays
These are fuzzy things that don’t mesh well with the engineering-friendly definition you’ve made
Always up for a good history lesson, so yes please, do go on!
Thanks for elaborating. Just to be clear I cannot take any credit for these definitions, they are from @RiskyMan who seem to have experience doing risk management professionally and offered to share their knowledge with us.
This is awesome. Lots of large game scenarios that I initially didn’t consider when I was focused on the small game of understanding the crypto.
It does feel a little odd though that @igno.peverell disappearing is at the top of the list. While core/founding members are very valuable, for people new to the project wanting to get involved it feels a little “cult”-y (I dunno if that’s a word, but you get the idea lol). Maybe change that to say “core contributors abandon the project”?
Also, I think another risk is that “community engagement and support is lacking”. While talking about risks in price, mining, and exchanges is good… it’s also missing the main point that any blockchain is only as strong as it’s community. A strong community is what enables technology to grow into a real usecases beyond speculation or motivations for financial gain. Currently the core developers have a strong community, and that’s reflected in the various risks in the spreadsheet. I believe there is equal risk in the 3rd party developer and end user ecosystems as well.
Will people stick with the platform or move onto the next shiny thing?
Will users who use the service or run nodes be prosecuted (like with Tor)?
Will users accidentally send Grins to the wrong addresses or lose their keys and somehow lose their funds?
Will third party developers build services that are easy to use, but insecure and include fatal bugs that cause users to lose money or leak data, resulting in negative PR and less adoption?
Will TLAs mascaraed as third party developers and build services that are easy to use, but insecure and include fatal bugs that cause users to lose money or leak data, resulting in negative PR and less adoption?
Will TLAs put pressure on social networking platforms to block Grin communities (Twitter, Discourse, Reddit, Mailchimp, etc…) making it hard for people to engage with or learn about the community and technology?
Will blogs and reporters incorrectly state things about Grin that cause people to lose interest? (like this post I just asked about on the forum)?
Will “rival” blockchains/services spread lies and rumors that are untrue?
There’s only so many Rust and crypto developers out there, and they might choose to work with more “respectable” and socially accepted projects that have a shinier image like Zcash (or one of the many other ZK crypto startups emerging)?
Winnie the Pooh (and likely other business-y books) has some applicable methods on how to derisk. After figuring out a possible solution, Pooh suggests we first try on a small scale
The risk list is scored, but not sorted. If I randomly pick the already mentioned Igno-risk, to guesstimate and derisk what effect a disappearing cape on Igno would have on Grin, Igno could simply take an unannounced vacation, just long enough to make non-believers worry (or not worry). Given how the development has worked out so far, I do suspect Igno-vacations are not very high on the Impact-scale. Work would go on, somewhat slower, but the bus-factor on grin (in part or as a whole) is >1, maybe even up around 4 or 5.
Based on Ingo’s participation history, a noticeably long vacation also isn’t high on the Probability-scale (ÄDBED?). Ingo scored the Chance a low 3 on a full disappearance, even though he’s the invisibility-cloak guy. So I would not worry. If we do get some average and sorting in the risk sheet, then Igno-vacations or disappearances are probably going to be below-the-fold, though surely higher up the list than QC :).
UPDATE: After calculating averages, the evaluators so far have put QC Quantmageddon at a much lower chance than Igno-vacations, though with its higher impact it seems QC comes on a tied position with Actual 51% attack, tightly followed Grin declared illegal tied with No exponential growth, then Accidental fork, and after that Igno-vacations and a few others on a similar Risk * Impact value.
So I did some maths and colored inspired by this chart and it seems that grin’s top risk is:
Critical bug/attack that leaks privacy
followed by
Intentional fork
and other risks aren’t (according to evaluators) anything we really need to worry about.
So risk mitigation work should probably focus on these two points. This article which was already linked to from grin’s risk/mitigation documents mentions some features/action points:
Provide encryption keys for well-known developers (preferably also some of which have a low latency to respond)
Respond quickly to bug reports, also if they are from unknown sources
Make responsible disclosure easy. (Though we could share this info or at least link to it in more places.)
Actively monitor for forks. Implemented by some grin explorers. Beeping/not-ignoreable push notifications not yet implemented?
Defensive coding
Code review. Github has support for making it hard to change (by folder, I think) without proper review. We could set this up for the most consensus / privacy critical parts of grin but maybe it’s only supported per repo based on branches
Provide bug bounties that are larger than the black-market value of said bug. bounty pool funding needed.
Publish a chain-split policy and strictly follow it to avoid surprises. TBD