Design Philosophies

This post outlines some of the thinking that went into my design of these processes. This has been the work of many months, with investigations in governances processes inside and outside of crypto and hours of consultations with legal advisors in various jurisdictions.

A warning – If you read nothing else, read this!

I’m going to start not at the beginning, but at the most important point. I’ll be making this again and again: the parameters (quorums, token thresholds) are set deliberately high. Getting a proposal through the governance processes will be slow, expensive, and time consuming. Making a proposal alone will be out of reach for the average token holder.

This is all deliberate. The goal is not to produce lots of proposals. Governance is about quality, not quantity.

There will be ways in which every token holder can make their voice heard. But please resist the temptation to set the values low enough that you personally can make a proposal. I know it’s hard to deliberately choose to place something out of reach, but the parameters are high to protect the community assets. The easier it is to make and support a proposal, the easier it is to attack the system. Decentralized governance is in its infancy, and projects are experiencing governance attacks with alarming regularity.

The previous governance has had strict guard rails: if things went wrong the HOPR Association was poised to intervene. That can’t happen under the new system. In fact, it would be illegal.

Please be risk averse. Please take what you imagine to be risk averse and then be even more risk averse than that. Humans are bad at assessing risks.

We WILL implement whichever parameters you vote for, even if they are dangerously low or incompatible. Please take this warning seriously.


Designing governance processes is challenging. There are a wide variety of competing values to balance, including:

  • Speed

  • Autonomy

  • Automation (not the same as autonomy, but often muddled up)

  • Decentralization

  • Fairness

  • Accessibility

  • Compliance

  • Security

This is more complicated for HOPR, which has the additional wrinkle of placing high value on privacy and even anonymity.

This complication is then made exponentially more complicated when you give the processes the ability to evolve and upgrade themselves. An already broad attack surface becomes impossible to conceive of. But we need to try. The best hope seems to be to engage in prudent risk management.

This governance design tries to be agnostic on what constitutes a good decision. The hope is that by providing a clear, accessible and incorruptible set of processes, every token holder has the opportunity to make their opinion known to a fair degree. If that happens, we assume that the processes will output the right decision, in the sense that it is the one the token holders have coordinated to agree on. But it could still be a bad decision objectively speaking. Individuals and groups make bad decisions all the time. Making good rather than bad decisions is a task for other systems (formal and informal), separate from the governance processes.

This all perhaps sounds pessimistic. I don’t intend it to be. This is an extremely exciting time in crypto, and I believe we’re trying something genuinely new and amazing here. I just don’t want to get carried away with enthusiasm and ignore the risks.


This is the problem with group decision’s, I work with a number of UK councils who work by group decisions and they take a long time to make any decisions and typically the are poor. This has been endemic within the UK for years so getting a perfect formula will be very difficult IMHO.