Trusted sources of data: verify everything
Tezos is a diverse, global ecosystem of users, clients, bakers, services, and tools providers. It is permissionless, designed to deliver consensus from participants who don’t need to know each other prior and may have divergent interests, but all of whom have economic stakes.
The whole chain is built around the concept of trust minimization, whereby users can trust the chain in aggregate but do not need to trust each individual participant in the network. Individual participants may display or provide incorrect information, voluntarily or otherwise. Others may fail to deliver the result of a request, accidentally, maliciously, or for any number of other reasons.
For this reason, individual participants in the Tezos ecosystem should not rely on single, external sources of data. While some of these sources may probably be trusted, such trust should be based only on your own appreciation of the source, as the data doesn’t benefit from the consensus of the entire network.
Two examples to illustrate my point:
- Bakers should use the data from their own nodes or other first-party data to compute rewards. If they choose external data sources, bakers should use several independent sources and compare the results (this can be done locally using Cryptium Labs’ Bäckerei, for example).
- Snapshots, tools (particularly those in binary format), or any similar data should come from trusted sources only. Users should always verify a source’s integrity by checking signatures and hashes and comparing the signatures and hashes output by several sources to see if they match, ensuring correctness.
Ultimately, avoiding uninformed individual trust will improve the global trust of the Tezos blockchain.
