BanklessDAO Incident Report - Governance Sybil Attack

I’d love to something along these lines with specifics for bDAO.

You’ll notice a big difference in our content moderation approach compared to other major social media platforms.

We’re not building another self-declared “neutral” platform. We believe that far too often, “neutrality” is used as an excuse to allow behaviors and content that’s designed to harass and harm those from communities that have always faced harassment and violence. Our content moderation plan is rooted in the goals and values expressed in our Mozilla Manifesto — human dignity, inclusion, security, individual expression and collaboration. We understand that individual expression is often seen, particularly in the US, as an absolute right to free speech at any cost. Even if that cost is harm to others. We do not subscribe to this view.

We want to be clear about this. We’re building an awesome sandbox for us all to play in, but it comes with rules governing how we engage with one another. You’re completely free to go elsewhere if you don’t like them.

If bDAO does not invest time and energy into specifying when protection from harm supersedes “free expression” then by default “free expression” rules, which I do not believe should be the highest value of any organization. The bDAO Code of Conduct was our attempt to codify where we believed the lines should be drawn. If no one has the willingness to work to define those then nothing will change.

As others have noted, this issue has arisen multiple times in the past (and will continue to do so!)

Lack of enthusiasm for a Bill of Rights for bDAO has meant that I have reduced my involvement as I do not align with the demonstrated beliefs of the DAO. I am not optimistic about it becoming reality either @Humpty.

2 Likes

Here are the final results of this vote.

You can see more details here:
LINK

For the duration the details are here:
LINK

Infosec has implemented the ban, we need to decide on for how long since it was a tie between forever or 1 year.

Follow up items:

  • The Governance Department is investigating sybil resistant tooling
  • Infosec is investigating security measures around roles, especially L2.
    • Expect a write up on this soon.
  • There are talks about updating the code of conduct.
    • If anyone wants to be involved with this, please also join in the governance department discussions.

As a final note on this, I regret that this has happened and we have had to take a course of action around it. Although it is a good reminder that, we can’t control what happens to the DAO, but we can control how we respond.

I think we have overall responded fairly well.
A lot of attention and discussion has developed around our governance and tooling, and this is the best result of this incident. Looking forward to the results from those discussions.

Hope you all have a great week.

3 Likes

On Discord, the poll is split evenly for temporary and permanent ban. Are the results posted here premature?

1 Like

So as we are in a tie, what’s next (I am hoping the ban will continue while a new solution is discussed)

2 Likes

Yea it was my mistake.
I thought it ended 35 - Permanent, 33 temp.

High level the results are:

  1. A ban
  2. For how long is in question - 1 year or permanent
2 Likes

Maybe revisit the ban a year from now or deal with it near-term decisively while it’s fresh of mind.

1 Like

My thoughts are we should hold a shorter term vote of 5 days with:

  • Permanent Ban
  • 1 Year ban

And be done with this.


I would prefer that we round down to the more lenient option, but I’m aware THAT would need a vote as well.

So in service of moving forward think we should just wrap this with two options.

1 Like
  • The Governance Department is investigating sybil resistant tooling
    • If anyone is interested in helping out here, please do join. - Thursdays at 1pm EST

event link?

3 Likes

Link

3 Likes

It will be hard to do another revote and ensure everyone that voted the first time will be available to vote again. I mean the user in question is already banned, so that’s 1 less vote. The result of the vote was a draw, with a few more votes leaning towards a more lenient punishment. If I would had to make a judgement based on existing results, it would be a temp ban of 1 year. Also, I would be fine with a shorter time, if the user in question took responsibility for their wrong doing, and worked with the admin to publish an acceptable public apology.

2 Likes

Thank you for your diligent, difficult work @Icedcool and InfoSec @BogDrakonov @Dysan @stackthat.eth and many others.

I agree with @Dysan that overall community sentiment leans towards a one-year ban, and moving forward and readdressing this issue as expiration of that time period draws near seems appropriate.

While it’s tempting to seek greater finality while there is attention, imo the interests of the DAO are best served if we address this issue after we have had time to take away learnings and refine our governance, operations, code of conduct, and documentation.

We’ve given this matter sufficient attention; it’s time to move on. :pray:

6 Likes

@Dysan @hirokennelly She’s now actively working to undermine bDAO by lying about what happened to other communities, including Gitcoin. There’s no apology forthcoming, she’s the hero in her version of the story.

4 Likes

That sounds horrible. Could you provide an example? And context as to exactly what “lies” you are referring to? It seems only fitting to back this statement up. Otherwise this statement itself would be false.

1 Like

Fortunately, pulling off this sort of attack at scale is non-trivial. Anyone can create a bunch of emails and wallets, but it’s far more difficult to fake a persona. At the end of the day people are who they are.

4 Likes

We don’t want to risk amplifying her message, however if you search the internet for “Sprinklesforwinners” I’m sure you can find the content in question.

2 Likes

Still working hard for the ‘cause’ huh…

4 Likes

Sprinkles, you are not permitted to have an account here under a new name. Bans are permanent per live human being, not per account.

3 Likes

I unfortunately need to add a short addendum to this.

Sprinkles has kicked off a non-DAO affiliated grants campaign at:
https://twitter.com/banklessgrants

Mirror Article:
Here

Airweave Link:
Here

Her wallets with proof of etherscan:
Here


I think this needs an awareness raise because at this point it is at least misleading, and at worst malicious.

I would still recommend everyone to stay focused on building and doing our best focusing on the BDAO mission and positive vibes!

The best way for us to move on is focus on the positive, and not dwell in the negative or feed it any more attention.

11 Likes