Hive's centralisation problem

Hive's ecosystem is intended to be decentralised, but is it really? Let's take a look.

Hive Flag, made by me

What is Hive?

Before we can determine if Hive is decentralised, we must first know what Hive is.

Hive is a delegated proof of stake blockchain which hard forked from Steem back in March 2020.

While Hive's blockchain protocol itself has some issues regarding potential for centralisation, they're well known and work is being done to fix this.

Well, if the blockchain is properly decentralised, what's the problem?

Hive also doubles as a social platform, and as such, has multiple front-ends for accessing it. The most popular of these are, in no particular order: PeakD, LeoFinance, Hive.blog, and Ecency.

That's already pretty small of a selection, but Hive is still rather small so it's currently not that big of a problem. There are other clients, such as Dapplr, that have been gaining popularity.

Let's do a quick audit of these four to determine their trustworthiness and independence from each-other.

First question: Is it open source? Being open source is an important trust factor as it allows for public auditing and allows the public to fork the project should the original developers become unfavourable or go rogue. Hive wouldn't exist if Steem wasn't open source.

PlatformOpen Source
Hive.blogYes (frontend, wallet)
EcencyStandalone clients are, web interface isn't (Desktop, Mobile)
LeoFinanceNo
PeakDNo

Plus the two most popular authentication tools, Hivesigner and Keychain

AuthenticatorOpen Source
Hive KeychainYes
HivesignerYes

The situation here could be better, but let's move on to the next things.

Hive has multiple public nodes, these nodes are what clients use to access the network. Let's see where the 10, as of time of writing, public nodes are being hosted and who they get their TLS certificate from.

NodeRegionHostCertificate Authority
api.hive.blogUnited StatesOVHLet's Encrypt
api.openhive.networkPolandOVHLet's Encrypt
anyx.ioCanadaOVHLet's Encrypt
api.hivekings.comUnited StatesCONTABOLet's Encrypt
hived.privex.ioGermanyHetznerLet's Encrypt
rpc.ausbit.devFinlandHetznerServer was down when tested
api.pharesim.meGermanyHetznerLet's Encrypt
techcoderx.comFranceDediboxLet's Encrypt
rpc.esteem.appGermanyHetznerLet's Encrypt
hive.roelandp.nlFinlandHetznerLet's Encrypt

Based on this, I have to say that Hetzner and OVH have far too much potential leverage over the Hive network. The heavy reliance on Let's Encrypt also opens a secondary major attack vector that someone powerful could use in an attempt to shut down Hive.

The countries Hive's public nodes are hosted in are fairly spread out however.

As much as people like to talk about Hive being part of Web 3.0, I would argue it's far too dependent on the existing Web 2.0 to count as a Web 3.0 platform. However, it has potential to change this.

In order to Hive to qualify as a Web 3.0 platform by my standards, it would need to have a standalone client that can utilise the network without connecting to a single established Web 2.0 service. That means running an in-client node, all data being distributed peer to peer, et cetera. This would also make it near impossible to block in countries known for censorship like China, Russia, Pakistan, and India. The I2P Network would likely make a great choice for building on top of.

However... Hetzer, OVH , and Let's Encrypt are not the biggest problem here.

Let's do the same again, but this time with the web frontends and Hivesigner.

FrontendApparent Host
hive.blogCloudflare
ecency.comCloudflare
leofinance.ioCloudflare
peakd.comCloudflare
hivesigner.comCloudflare

This is a major problem.

Why? Well first we need to know a bit about Cloudflare.

What is Cloudflare?

Cloudflare is a US-based company who markets their services as providing general security, content delivery, and distributed denial of service mitigation to websites.

They also provide a "free" plan that small websites can use.

However, the way their service acts goes far beyond what's needed to provide general security and DDoS mitigation, and content delivery can also be done in a better way as well.

First, this is how similar security services worked before Cloudflare came along:


  ╔══════════╗    ╔══════════╗    ╔════════╗
  ║          ║───────────────────>║        ║
  ║   Your   ║    ║ Security ║    ║ Remote ║
  ║ Computer ║    ║  Service ║    ║ Server ║
  ║          ║<───────────────────║        ║
  ╚══════════╝    ╚══════════╝    ╚════════╝

Your connection passes through the security service, it can see where connections are from and where they're going plus how many there are, but it can't see the contents of encrypted connections.

When you connect to a website over an encrypted connection, it's supposed to indicate that only you and the service you're talking to can read or modify the connection's contents.

However, Cloudflare breaks that trust model. This is what connections via Cloudflare look like.


  ╔══════════╗    ╔════════════╗    ╔════════╗
  ║          ║───>║            ║───>║        ║
  ║   Your   ║    ║ Cloudflare ║    ║ Remote ║
  ║ Computer ║    ║   Server   ║    ║ Server ║
  ║          ║<───║            ║<───║        ║
  ╚══════════╝    ╚════════════╝    ╚════════╝

This means that your connection isn't being encrypted between you and the service you're accessing, but rather between you and Cloudflare.

Cloudflare can see all the contents of the connections, including passwords and anything else sent over it. They can also modify anything going either way.

What's worse is that there's no guarantee that the connection between Cloudflare and the remote service is encrypted, as Cloudflare can operate without encryption between it and the remote service. That means that the remote service's ISP can potentially also see and modify connection contents.

The way Cloudflare has been operating shows that they're trying to centralise the entire internet. They've been quite successful at it so far as well, managing to get nearly 15% of the entire internet going through their service in the span of 10 years. Compare that to the 1% that goes through Amazon's servers, the next largest platform.

In fact, in just the last year Cloudflare has gone from just above 10% to nearly 15%

Cloudflare should be seen as the greatest enemy of Web 3.0, even more so than Google, Facebook, Microsoft, and Amazon.

If you want firsthand experience with how broad a scope Cloudflare has, try browsing the internet for a week using only Tor Browser.

What this means for Hive and what you can do

Cloudflare has the potential to effectively destroy Hive in the span of minutes by injecting malicious code into people's page loads. They also have the potential to target individual Hive users should the US government come knocking.

Now, thankfully, there are ways to protect yourself.

The best is to only use standalone apps to interact with Hive, such as Ecency Desktop/Mobile and Dapplr. These are stored locally on your device and can't suddenly become compromised from a central authority. Always make sure to verify any updates you download are valid and haven't been compromised either.

If you must use a service behind Cloudflare, make sure to use Hive Keychain to log into it with automatic signing disabled. This will ensure that the site doesn't have access to your keys, and that no transaction can occur without your confirmation.

You can also encourage @ecency, @blocktrades, @leofinance, and @peakd to drop Cloudflare and use something else, preferably making sure they're not using the same thing everyone else is using.

Hive has great potential to grow and become a truly decentralised network, however right now it falls short of that.

Dropping Cloudflare would be a step towards decentralisation that wouldn't require any major changes to code.

Mentions to people who wanted to know when I finally posted this: @cryptographic

I hope everyone has a great day.

52 Comments