§ Wiki · Wiki entry

Decentralization and Security Guide

Operational practices that node providers should follow to defend the Internet Computer's decentralization — independence, supply-chain hygiene, physical security, and key handling.

·May 4, 2026·3 min read

A node provider is, in practice, a defender of the network's decentralization. The hardware, the people who touch it, and the contracts that surround it all shape how resistant the Internet Computer is to coercion. This guide collects the operational practices that providers should follow to keep that resistance high.

Decentralization

Independence from other providers

  • Avoid holding a stake in more than one node-provider organization.
  • Maintain a single node-provider identity rather than a portfolio of shell entities.
  • Use public channels (the developer forum, the Matrix channel) for support discussions, so the network can see the conversation.
  • Take full responsibility for your own node operations.

Vigilant decision-making

  • Make independent choices rather than blindly following third-party advice — including guidance from DFINITY.
  • Cross-check important information across multiple authenticated public sources before acting on it.
  • Warn the community publicly if you suspect an attempt at deception or social engineering against providers.

Physical access

  • Handle node maintenance personally where feasible.
  • Where third-party support is necessary, use local trusted providers rather than global ones.
  • Monitor any third-party work at the rack carefully.

Supply-chain hygiene

  • Source hardware locally from trusted vendors. Local sourcing reduces the risk of in-flight tampering and avoids creating a single global failure point if one supply route is compromised.

Organizational controls

  • Apply the four-eyes principle to sensitive operations wherever possible.
  • Document the internal security controls in your self-declaration.
  • Restrict access to vetted personnel only.

Local operations

  • Pick a local data center close enough that you can inspect it on a regular cadence.
  • Avoid facilities run by global corporations whose internal failure could cascade across regions, or whose extra-territorial reach could pressure operations.
  • Operate the nodes from the same country in which you, or your organization, reside.
  • Employ local staff you know personally.

Information management

  • Keep the network's view of your operation current. For example, if you relocate a rack, report the relocation through the Network Nervous System (NNS) so the topology data reflects the move.

Security

Physical hardware protection

  • Understand and verify the data center's physical access controls before signing.
  • Decide who is authorized to handle the devices that come into contact with node machines — USB sticks, HSMs, network cables, laptops — and prevent unauthorized physical access through safe storage and alarm systems.
  • Establish safe work practices at the rack: the four-eyes principle applies for any operation that opens a chassis or touches the network configuration.
  • Decide who holds physical keys and instruct them to keep those keys safe.
  • Keep ancillary devices (laptops, deployment USBs, HSMs where applicable) disconnected from the Internet except when they strictly need to be online.

Password and key storage

  • Use key splitting for any backup of passwords or secret keys, so that no single-point compromise can recover the full material.

[!NOTE] The protocol-level cryptography that protects the network itself is not the provider's responsibility — that is handled by the chain-key engine. The keys covered here are the provider's own credentials and any HSM material they hold for Gen-1 hardware.

Related