But you can't just have every node with their own completely different list of validating nodes. How could you possible get a consistent view of the shared database otherwise? I imagine there needs to be enough overlap for everyone's view to be consistent (to not fork). The dynamics of how the shared UNL can evolve while avoiding forks isn't clear to me. It seems like it requires nearly all of the nodes currently in charge of validating the database to approve of any additions to the UNL for things to work well. And if that is true, that is what leads to issues for me...
Indeed, you can create your own UNL island (think about nodes on Mars on behind the Great Firewall of China) and they will be on a fork.
Keep in mind key difference between CONNECTIVITY of the network vs. authoritative set of signers to achieve consensus.
For simplicity's sake let us assume that the network is fully connected, then consensus will occur if there is agreement from a sufficiently interconnected UNL-wise (NOT network connection wise) set of nodes.
The issues are subtle and I refer you to the Ripple Consensus white paper:
https://ripple.com/consensus-whitepaper/This is the problem. The people in power (the ones in the UNL already) are the ones who need to add Joe Schmo for him to have any participation in the database modification process. If he and others like him do get added, perhaps then they can slowly exclude some of the other incumbents and gradually change the set of members in UNL across different nodes. But what if they are kept out of the process to begin with because the old guard doesn't welcome the change they bring?
The ones who get to control whether Joe Schmo gets any power to begin with to bring about change in the system are the ones already in power. If they are not following the desires of the masses, the masses have no mechanism to take power away from them other than giving up on the entire system and switching to another system which is not compatible with contracts/debts/IOUs of the previous system and whose tokens are nonfungible with that of the previous system (a significant barrier which might keep them complacent with the old flawed system). With DPOS, changing the set of entities who control the database modifications that get through (or control what hard forks are accepted) is as easy as changing the delegates you vote for and pressing the vote button.
This is correct, one must DESERVE to be taken seriously enough and be considered a well-connected stable node enough for others to be added to others UNL list, but this is NOT necessarily a bad thing.
This WILL however likely to create a cartel-like YET DECENTRALIZED spider-web similar to the spider web of routing autonomous domains.
Ideally in the long run, "the average UNL" list should contain KGB, Chinese Intelligence, CIA, NSA, Bank of Whatever, etc ... it doesn't actually matter how malevolent the entries are on the list as long as THEY DON'T COLLUDE to CENSOR transactions
(CENSORING Transactions or failing to sign valid transaction to stifle consensus are really THE ONLY two avenues of attack open to arbitrary conspiracy of attackers, i.e. the worst possible damage is to PAUSE the network, i.e. ledgers will close but they'll be empty at which point nodes responsible for this are easily detected and commented out of the UNL lists)
i.e. the perfect two entries would be form Itchy & Scratchy Simpson's characters :-)