Maybe WitnessX is secretly controlled by WitnessY
And you wouldn't consider that a form of Sybil attack? To me, that's the very definition of it, and it's not a matter of scale which determines the identity.
IMO, very few systems (if any) are sybil-resistant. Some are wide open to it, and some have some protections which can still be bypassed under extreme or unusual circumstances. Maybe it's better to release a false assumption than to claim this wasn't a sybil attack. The term, to me, is still very useful, regardless of scale employed because the identifying characteristic of a pseudonymous identity is the problem. We want distributed, decentralized systems, not centralized systems pretending to be otherwise.
The point is if it got Sybil attacked, we have to improve how we validate witnesses as actually being individual entities. To launch as successful Sybil attack (to date), apparently you do.
No, I don't think "everybody" but maybe some type of advanced reputation system for witnesses that have some kind mechanism for determining the likelihood that the witnesses are individually controlled or part of a sybil attempt.
I've been thinking about some of this stuff for a while:
I don't know if 1t1v or max votes of 1 is the answer, but I hope something is better than what we have now.
I agree @lukestokes , this will help to brainstorm different ways to avoid this situation in the future. Perhaps placing an obligatory restriction that witnesses could not be created on same datacenters, same servers, etc.
Perhaps a rule on the smart contract similar to PROSPECTORS Gold game that their is like a police. So, when someone makes an attack like this one or similar types, all the stake being powered up is frozen for lets say 1 year, or even according to the type of attacks, it gets frozen more or less amount of time. Your thoughts?