The main problem with the P2P approach that I see is that you basically must have the data more or less n-times redundant for n players. So basically, everyone is an "owner".

One could in principle imagine three approaches, but I think only one can really work:

1. one user is the owner of a block n?1
2. several users are concurrent owners (optionally with something like a reed-solomon code or such) n?m (with m n)
3. every user who has visited a sector is an owner n ? n

The first approach has the problem that if I don't play, you can't play (other than using the procedurally generated content). It also means, among many other things, if I disconnect while you play, your entire world suddenly changes. If I realize that you are playing in my sector and I don't like you (or you're from the enemy faction), I'll just add your address as "malicious" to my application-level firewall. Bang, you're dead.

The second approach is much better. If there are, say, 25 owners on a particular sector, and it's late in the morning, so only 2 of these play, I can still enter the sector and get what I saw yesterday (which is what I expect to see!). One of them alone can't just block me out either, I'll still get data from the other one. One of them alone also can't easily cheat me, if I have a means of checksumming his data against the other's.

But what if none of them plays? What if you piss them off (which is kind of easy to do with online RPGers, simply make any kind of update, modification, or tweak), and they choose to delete their local copies? What if someone uses a hex editor just to see if it's possible to make some (more or less random) modifications, or worse, what if someone actually finds a vulnerability in your file format that lets him modify the data on his disk? It's not like that kind of thing hasn't happened to several major companies selling consoles in the past. Something that is at the user's home, under their control, is always at risk.

Only the third approach could work reliably, but none more securely (rather the opposite), and the bandwidth requirements would be immense.

Also, what if some user-generated content conflicts with the law in some country? Say, someone writes neonazi messages into the sand. How do you (who, as the maintainer has a legal responsibility) delete the contents if you do not have physical access to the data? Someone could pull a copy, disconnect and go on holiday, and come back 3 weeks later with the offending material still on the disk.

No one can block you from the content you expect to see. Once you enter an area you have a copy of that area on your hard drive. So someone blocking you through their firewall would only block you from getting data from them but not from any other player. If anyone at any point has entered the area, you will get their copy.

Since the sectors are using cryptography to enforce permissions, someone can modify their copy but it will be rejected by peers unless it is signed by the owner. Yeah, the owner/group could modify the sector with special software to make modifications that would be practically impossible in game. So they could for example make defensive structures which would be almost impossible to break through. However, the sectors will be monitored for hacking so that if the owner could not have possibly done what their copy shows based on available resources and time then the sector will be flagged for review and a moderator could black list them.

The client software would be open sourced and the users would be hosting the data so they would be legally responsible for the content which they are hosting.

I suggest usurping the block chain protocol from bitCoin and stuffing your tranactional information in there somehow which you can use to rebuild your procedural world. That way you offload the largest obstacle, secure transactional integrity.

See

http://blockchain.info/charts/blocks-size

it's nearly 18,000 MB now, if you can figure out a way to cleverly link the transcational data of bitCoin to your procedural world...

While that's not a terrible idea, it could cause some problems. The data for sectors could grow exponentially and cause users' computers to crash as they enter a sector. To me it would seem better that if someone creates a situation where it could crash computers then the computers that crash would stop transmitting that data to peers. This would create a form of natural selection which will weed out bad data.

We'll if you're expecting exponential data growth i don't know of any data strategy which will work, however I still think u can piggy back on bitCoin blockchain backend. There are more than enough bits to play around with and by its very nature bitCoin has to store and accept all those transactions securely and forever. I think if you are intent on making a "universe" it has to be procedural for the most part and for that you'll be exchanging computational complexity for data. You will have to create some sort of procedural language from which the world is built and modified, these 'atoms'.

There is several strategies i can see, store the world in a series of complete stateful snapshots or store the steps in making the world, or a mix of both. By offloading the transactional atoms to create the world you can then just worry about storing the snapshots. These can be stored on a distributed p2p file system and can even be lossy. The thing is the atoms don't need to operate upon perfect data, they will operate upon any data even incomplete ones. The idea isn't to have a 100% perfect world rather one which is consistent and consensual among the peers. Who is to say that mountain in the middle of the desert ever existed if no one stored the necessary bits to re-created it, when everyone agrees now it's a flat river bed? I think you'll have to consider the world more mutable and dynamic, a living thing and build accordingly.

Good Luck!