[trentmc]

> How does this solution respond to someone spinning up a thousand nodes, and simply voting for their double spend attack? This is the classic "Sybil attack". But I bet you knew that:)

If you have a member list (ie list of public keys) of who can be server nodes, then you can control this. Each member (public key) only gets one vote. So even if that person makes 1000 copies, it's only 1 vote total from that member.

> governing organization behind the network controls the member list, so Sybil attacks are not an issue.", which is directly contradictory to your statement that it is decentralized. A decentralized network has no "governing organization".

Great question. However the control of this organization is decentralized too. Here's how. IPDB is the BigchainDB public net, and foundation to help govern. Net: each server node is run by a "caretaker". Foundation: each caretaker has one vote. They vote to control the member list (list of caretakers), as well as IPDB board. So, it's decentralized: no single entity is controlling it.

There are other ways to curate "member lists" to address Sybil attacks. E.g. Bitcoin's PoW is basically "one electron one vote" on average (assuming everyone has a modern ASIC). In search of block rewards, many players work hard to maximize their electron spend (ie big ASIC farms), which of course eats a lot of power. Or BitShares' PoS is a riff on "one token one vote". There are more. We simplified the problem for IPDB: start with a great initial member list of reputable orgs that deeply care about the future of the internet (Internet Archive, Open Media Foundation, COALA, etc); and give them control from there. Some heavy lifting up-front to set this up allows great gains in efficiency.