Can providers modify the software I pay them to execute? Is their service trusted or verified?

I wonder how much access a provider has to the container I want them to run. Can they modify the code? Can they read everything in the container? Can they affect its inputs or its outputs?

For example if I want to run a Bitcoin full node on Akash, can I trust it to provide me with accurate block data? Can I use the node’s wallet, storing its private keys in the container?

With Akash, you decide who you want to trust. Akash has a feature designed to allow you to control your trust settings called Audited Attributes.

What are Attributes?
Akash allows you to define attributes such as the type of provider, region, CPU, Memory, Storage, and which auditors you want to trust. When you deploy on Akash, you can configure any attribute that restricts bids to only providers that meet your criteria.

What are Audited Attributes?
Auditors on the Akash Network review cloud providers and digitally sign the provider on chain with their certificate. If you only accept bids from audited providers this means you are trusting the Auditor/Provider not just a Provider.

How do I limit my trust to Audited Providers?
Follow the getting started guide, and you will see the instructions for audited attributes suggest using only servers signed by Akash Network. If you deploy today, you will see bids by Equinix servers that audited and signed by Akash Network.

By doing this you are trusting Equinix’s Security Standards and Compliance and you are trusting Overclock Labs as the auditor to only sign servers that meet those standards.

2 Likes

“… only servers signed by Akash Network”.

How does one find the Akash Network public keys? How can they be validated?
Is there a public key associated with each provider? Any examples of retrieving this would be helpful.