I would say that Dyrk has done a lot for the Decred community and is a valuable member... but I too am curious of the security of Evolution.
Indeed, and since he's a part of the community, we may as well consult him directly instead of wasting time on conjecture.
No, absolutely not. It has nothing to do with if the person is trustworthy or not, there are many other factors, see this great post by Dave. https://forum.decred.org/threads/why-does-one-pool-control-so-much.5220/#post-24752
In fairness, the shared-profits POS pool model is something that I wanted to set up back when the stake pools were originally going up as well, and the team that I was in (which unfortunately seems to be the only stakepool that didn't actually get off the ground) were interested as well. The big hurdle was trust. Or more accurately, trustlessness. The thing with cryptocurrencies is that the users are (should be) untrusting. That's why we use cryptography. A shared-profits POS pool should be trustworthy not because the owner can be trusted (which in this case, I think Dyrk can), but because the pool itself is incapable of cheating the customers. I was actually hoping that Dyrk could come in and explain what, if any, mechanics he has in place to ensure that the pool is not "trustworthy," but "trustless." Especially since it's something the team I was on discussed but never reached an answer on and agreed to come back to at a later date. And if there aren't any mechanisms for that, then no, don't trust the pool. Because we don't trust people around here, we trust math.
I assure you that Evolution is absolutely not trustless. It is a centralized service where the users give up control of their coins by sending them to the service and the service then purchases tickets with them. All returns go back to the service as well where they are reinvested, etc. When probed on the issue of trust, the official answer of the service is "it's not as insecure as you think because the coins are locked up in PoS". This argument is incredibly fallacious because the coins have to return to the service's wallet(s) at some point and if those private keys are compromised, the coins will just be stolen later as they unlock. You can't magically change where the tickets are committed to send the original coins and the rewards to, so the only thing PoS does in that regard is prevent immediate liquidation and delay the theft process out. That does not mean the hacker needs continuous access to the service however. All they need is a single breach, for a very short period, to obtain the associated extended private keys and they will have everything they need to steal the funds as they unlock. What's, perhaps, even more troubling is the fact that the service gives all voting rights to the same PoS pool (because the same person owns both) so it now currently has ~23% of all pool staked tickets which is a not healthy for the network at all.
Once again, thank you for your advice. As soon as possible I will relate my testimony of my experience
There is no doubt the system works. The issue is that you are effectively putting you money in an investment fund. There is very small chance this fund can loose you money due to bugs or hacks. Poof! Your whole investment is gone. Compare this to PoS mining with a pool where the worst that can happen is a missed vote. Sure, you have to buy the tickets yourself.
This statement is valid for every service which use or will be using Decred as payment method as well. What you propose is actually do not adopt the coin and never use it to pay for the services (can be stolen), trade in exchanges (can be stolen) or even hold in your VPS for mining (can be stolen). I'm not saying that evolution is safer than exchange or local wallet. I'm saying that if you cannot accept all cons of the cryptocurrencies, then you probably shouldn't use crypto currencies and stay with fiat money in your bank account.
I agree with you in principle but there is a question of scale. If you buy a service or a product for a small amount of money, let's say 100$, you can afford to loose it. 10 stake tickets @ 50 DCR is a bit more money. At this point it becomes a more relevant to have some form of guarantee or at least a clear picture of the risks involved. But each person judges the risk vs reward of any financial transaction themselves. There are plenty of people who feel confident keeping large amounts in an exchange. Is that a good thing? Sure, If you want to day-trade. For use as wallet? Questionable at best. That said I actually think there is market need for cryptocurrency investment funds. How they are implemented and regulated is another story. And also want to say I really appreciate you contribution to this project! I do not doubt your honesty and even if I did it is clear you have so much invested you would be foolish to "kill the goose that lays the golden eggs".
Yeah, I think the problem is less that using the Evolution stakepool is risky because someone can steal Dyrk's stuff, it's more that it's risky because Dyrk can steal your stuff. Now, I'm not saying he would, but at the same time, it makes people complacent, and sets a standard for trusting people with things you shouldn't be trusting people with. That's the whole point of cryptocurrency. And while Dyrk might not steal your stuff, we don't want people getting complacent and starting to trust someone else who might. If we do, the lesson for that is only going to be learned when someone steals a *very* large amount of Decred and vanishes into the ether. Remember, we've already had two cases of people in this very community who offered to help someone set up their wallet only to take the 33-word key and steal everything that person had.