We hope Lokinet will one day help revolutionise privacy and security online, but it’s currently still in beta. During the beta period, Lokinet and its SNApps — websites and applications that operate entirely over Lokinet — are running on the Lokinet ‘testnet’, rather than the ‘mainnet’. So what does that mean for Lokinet and its users?
What is the Lokinet testnet?
The Loki platform is in a stage of rapid iteration and constant development. During this period, we need to be able to safely test substantial changes to Lokinet without risking the integrity of the Loki network. Just like many video games with ‘public testing environments’ or ‘public beta environments’, Loki has a small network of Loki Service Nodes (our testnet) separate to the main network (the mainnet). This testnet, made up of a few dozen nodes, is used for testing cutting-edge features and changes to the Loki privacy suite.
Implications for Lokinet
Right now, when you connect to the Lokinet beta, you’re connecting to the Lokinet testnet. This has some important privacy and security implications. When Lokinet moves out of beta, it will be running on the Loki mainnet, not the Lokinet testnet. A critical aspect of the Loki mainnet’s security is its market-based Sybil attack resistance. Because the Lokinet testnet requires no stake a Sybil attack is can occur where a malicious actor rapidly starts up enough nodes that they can gain control of the network and perform passive traffic analysis. Gaining control of the majority of the network like this could allow a malicious actor to trace messages and information being transferred over the network, or even conduct a DDoS-style attack to force users or SNApps off the network. It’s absolutely crucial that any blockchain project has defense mechanisms in place to prevent such attacks.
Loki’s defense against Sybil attacks is to price attackers out of the market by requiring that new Loki Service Nodes ‘stake’ (lock up) a certain amount of Loki cryptocurrency before they can participate in the network. The staking requirement for starting up a Loki Service Node on the Loki mainnet means that it would cost a prohibitive amount to start up enough service nodes for an attacker to gain control.
One main issue with the Lokinet testnet is that because it is designed for feature testing, ‘staking’ isn’t required to start up a node. This means that Lokinet beta traffic could potentially be traced or intercepted by a malicious actor, and current Lokinet SNApps are vulnerable to specific styles of DDoS-type attacks.
Another thing to be aware of is that we regularly make ‘breaking changes’ to the Lokinet beta software and the testnet itself. A breaking change is an update large enough that older versions of the software will no longer function. While this isn’t a security risk, it means that all Lokinet beta users need to stay on top of software updates, or risk losing access to Lokinet.
Where to from here?
Soon, Lokinet will be making the leap to the Loki mainnet. When it does, Lokinet will have the full protection of the Loki mainnet’s market-based Sybil resistance system, and Lokinet SNApps will be much better protected against malicious actors. We’ll have more to share with you on that front over the next few months. For now, keep in mind that there are certain limitations while the Lokinet beta is still running on testnet — and make sure you keep your Lokinet software up-to-date.