Author: moxie

Although I consider myself a cryptographer, I am not particularly interested in crypto. I can’t remember if I actually said “get off my land,” but rather than click on the latest NFT release, I’m more likely to browse the nostalgic “Pepperidge Farm Remembers.” )-flavored meme lamenting the good old days when "crypto" used to mean "cryptography."

Also, frankly, I don’t share the generational excitement of moving every aspect of life into an instrumental economy.

Even from a technical perspective, I am not yet a believer. So, given the recent widespread attention on so-called Web3, I decided to explore some of the developments in this space in more depth to see if I'd missed anything.

My thoughts on Web1 and Web2

Web3 is a relatively vague term, which makes it difficult to rigorously evaluate the goals of Web3. But the overall point (https://a16zcrypto.com/posts/article/why-web3-matters/) seems to be that Web1 is decentralized, Web2 will centralize everything to the platform, and Web3 will be decentralized again . Web3 should be able to provide us with the same rich experience as Web2 on a decentralized basis.

First of all, it’s good to understand why centralized platforms emerged. In my opinion, the explanation is very simple:

1. People don’t want to run their own servers and never want to . The premise of Web1 is that everyone on the Internet is a producer and consumer of content, as well as a producer and consumer of infrastructure. We all have our own web server, we have our own website, we have our own mail server, we have our own status message server, we have our own chargen server, we have our own character generation server. However, I think this cannot be emphasized enough: This is not what people want. People don't want to run their own servers.

Even geeks don’t want to run their own servers these days. Even organizations that develop software full time are now reluctant to run their own servers. If there's one thing that sums up our understanding of the world, it's this: people don't want to run their own servers. Companies that offer server hosting services are successful as a result, and those that continually iterate on new features based on the possibilities of these networks are even more successful.

2. The evolution of protocols is much slower than that of platforms (https://signal.org/blog/the-ecosystem-is-moving/). After more than 30Email remained unencrypted in , while WhatsApp moved from unencrypted to full end-to-end encryption within a year. People are still trying to standardize reliably sharing videos over IRC; and Slack lets you create custom reaction emojis based on your own face.

This is not a funding issue. If something is truly decentralized, it becomes very difficult to change it and often stagnates. And that's a problem for technology because the rest of the ecosystem is evolving rapidly and will fail if it doesn't keep pace. There's a whole parallel industry focused on defining and refining methodologies like Agile, trying to figure out how to organize huge teams to move as fast as possible, because that's crucial.

This is a problem when technology itself tends to stagnate rather than evolve. A proven and successful approach is to centralize a protocol that was stagnant in the 1990s and then iterate quickly.

But Web3 wants to be different, let's see. In order to quickly learn about this space and better understand possible future developments, I decided to build a few dApps and create an NFT.

Make some decentralized applications

In order to experience the Web3 world, I made a dApp called Autonomous Art (https://autonomous.graphics/), which allows anyone to make visuals for NFT Contribute to mint tokens. The cost of making a visual contribution increases over time, and the minted funds paid by contributors are distributed among all previous artists (visualize this financial structure as a pyramid-like shape). As of this writing, over $38,000 has been invested in creating this collective artwork.

I also made a dApp called First Derivative (https://firstderivative.market/) which allows you to create, discover and exchange NFT derivatives that track the underlying NFT, similar to tracking the underlying asset financial derivatives?.

Both gave me a feel for how the field works. To be clear, there’s nothing particularly “distributed” about these applications themselves: they’re just regular React websites. "Distributed" refers to where the state and the logic/authority to update it resides: on the blockchain, not in a "centralized" database.

One thing that strikes me as odd in the crypto world is the lack of focus on client/server interfaces. When people talk about blockchain, they talk about distributed trust, leaderless consensus, and all the mechanisms that work, but that often obscures the reality that clients ultimately cannot participate in these mechanisms. All network diagrams are server-based, the trust model is between servers, and everything is related to the server.related to the server. Blockchain is designed to be a peer-to-peer network, but it is not designed for your mobile device or browser to actually be one of those peer-to-peer networks.

With the paradigm shift to mobile, we now live in a world of clients and servers, with the former completely unable to replace the latter: these questions are more important to me than ever. Meanwhile, Ethereum actually refers to servers as "clients", so there isn't even a word to describe the actual, untrusted client/server interface that must exist, and there's no awareness that if successful, the end client's There will be billions(!) more than servers.

For example, whether running on a mobile device or the web, a dApp like Autonomous Art or First Derivative will need to interact with the blockchain in some way in order to modify or render state (collectively created art the work, its editorial history, NFT derivatives, etc.). This is not actually possible to do from the client, though, as the blockchain cannot exist on your mobile device (or indeed in your desktop browser). Therefore, the only option is to interact with the blockchain through a node running remotely on some server.

Server! ! ! However, as we all know, people don't want to run their own servers. As it happens, a few companies have emerged that sell API access to their Ethereum nodes running as services while providing analytics, enhanced APIs built on top of the default Ethereum API, and access to historical transactions. This sounds...familiar. Currently, there are basically two companies. Almost all dApps use Infura or Alchemy to interact with the blockchain. In fact, even if you connect a wallet like MetaMask to a dApp, and the dApp interacts with the blockchain through your wallet, MetaMask is just calling Infura!

These client APIs do not use anything to verify the authenticity of the blockchain state or responses. It turned out not even a signature. An application like Autonomous Art would say "hey, what is the output of this view function on this smart contract", Alchemy or Infura would respond "here is the output" with a JSON blob, and the application would render it.

This surprised me. A lot of work, energy, and time have been invested in creating a trustless distributed consensus mechanism, but almost all clients who wish to access it simply trust the output of these two companies without any further verification. This doesn't seem like the best privacy situation either. Imagine that every time you interact with a website in Chrome, your request is sent to Google and then routed to its destination and back. This is where Ethereum is today.All write traffic is obviously already exposed on the blockchain, but these companies can also view almost all read requests from almost all users in almost any dApp.

Blockchain proponents might say that if this type of centralized platform emerges, it won’t matter because the state can be viewed on the blockchain, so if these platforms misbehave, customers can simply transferred to other places. However, I think this is a very superficial view of the dynamics of the platform.

Let me give you an example.

Making an NFT

I also wanted to create a more traditional NFT. Most people think of images and digital art when they think of NFTs, but NFTs don't typically store data on-chain. This is too expensive for most NFTs for most images.

NFT does not store data on the chain, but contains a URL pointing to the data. What surprises me about the standard is that there is no hash commitment to the data on the URL. Looking at the many NFTs sold on popular markets for tens, hundreds, or millions of dollars, the URL usually just points to a VPS running Apache somewhere. Anyone with access to the machine, anyone who purchases the domain in the future, or anyone who compromises the machine can change the NFT's image, title, description, etc. to whatever they want at any time (regardless of whether they "own" it or not) the token). Nothing in the NFT specification tells you what an image "should" be, or even allows you to confirm whether something is the "correct" image.

So, as an experiment, I made an NFT that would change depending on the viewer, since the web server serving the image could serve a different image based on the requester's IP or user-agent selection. For example, it looks one way on OpenSea and another way on Rarible, but when you buy it from a crypto wallet and view it, it always shows up as a big ? emoji. What you bid is not what you get. There is nothing unusual about this NFT, but rather the way the NFT specification is built. Many of the highest-priced NFTs could turn into a ? emoji at any time; I just made that clear.

A few days later, without any warning or explanation, the NFT I made was removed from OpenSea (an NFT marketplace):

< p nodeleaf="">

The deletion indicates that I violated some terms of service, but after reading the terms, I don't see anything prohibiting NFTs that change based on where they are viewed, and I publicly do so Describe it.

What I found most interesting, though, is that after OpenSea deleted my NFT, it no longer showed up on my device for any encryptionin wallet. But, this is Web3, how is this possible?

Crypto wallets such as MetaMask, Rainbow, etc. are "non-custodial" (keys are kept on the client), but it has the same problem as my dApp above: the wallet must be run on a mobile device or browser . Meanwhile, Ethereum and other blockchains are designed with the idea that it is a peer-to-peer network, but are not designed for your mobile device or browser to actually become one of those peer-to-peer networks.

Wallets like MetaMask need to do basic things like displaying your balance, recent transactions and NFTs, as well as more complex things like building transactions, interacting with smart contracts, etc. In short, MetaMask needs to interact with the blockchain, but the blockchain is built in such a way that clients like MetaMask cannot interact with it. So, like my dApp, MetaMask does this by making API calls to three companies that are integrating in this space.

For example, MetaMask uses the etherscan API Call to display your recent transactions:

GEThttps://api.etherscan.io/api?module=account&address=0x0208376c899fdaEbA5305 70c008C4323803AA9E8&offset=40&order=desc&action=txlist&tag=latest&page=1HTTP/2.0

…By Infura issues API Called to display your account balance:

POST https://mainnet.infura.io/v3/d039103314584a379e33c21fbe89b6cbHTTP/2.0{"id":2628746552039525,"json rpc":"2.0","method":"eth_getBalance","params":["0x0208376c899fdaEbA530570c008C4323803AA9E8","latest"]}

…By OpenSea makes an API call to reveal your NFT:

GEThttps://api.opensea.io/api/v1/assets?owner=0x0208376c899fdaEbA530570c008C4323803AA9E8&offset=0&limit=50HTTP/2.0

Again, just like my dApp, these responses Not authenticated in some way. They're not even signed, so you can't prove they lied later. It reuses the same connections, TLS session tickets, etc. for all accounts in your wallet, so if you manage multiple accounts in your wallet to maintain some identity separation, these companies will know they are related.

MetaMask doesn't actually do much, it's just a view of the data provided by these centralized APIs. This isn't a problem specific to MetaMask: what other options did they have? Rainbow etc. are set up exactly the same way. (Interestingly, Rainbow owns their own data for the social features they are building into the wallet: social graphs, displays, etc., and have chosen to build all of this on Firebase rather than blockchain.)

All this means is that if your NFT is removed from OpenSea, it will also disappear from your wallet. Functionally, it doesn't matter if my NFT exists permanently somewhere on the blockchain, because the wallet (and increasingly, everything else in the ecosystem) just uses the OpenSea API to display the NFT. em>, and for querying the NFTs owned by my address, it started returning 304 No Content!

Reshaping the World

Given the history of Web1 becoming Web2, I find Web3 odd that a technology like Ethereum was built with many of the same implicit characteristics as Web1. To make these technologies available, the field is consolidating around platforms. Again. People will run servers for you and iterate on new features as they emerge. Infura, OpenSea, Coinbase, Etherscan.

Similarly, the development of the Web3 protocol is also slow. When constructing a First Derivative, it would be nice if the derivative's minting price could be set as a percentage of the underlying value. This data is not on-chain, but it is in the API that OpenSea will provide to you. People are excited about NFT royalties because they can benefit creators, but royalties are not specified in ERC-721 and it is too late to change that, so OpenSea has its own way of configuring royalties, which exists in Web2in space. Rapid iteration on centralized platforms has moved beyond distributed protocols and integrated control into the platform.

Given these dynamics, I think it’s not surprising that we’re already in a position where your crypto wallet’s view of NFTs is what OpenSea’s view of NFTs is. I don't think we should be surprised that OpenSea isn't a pure "opinion" that can be replaced, as it's been busy iterating on the platform beyond what can be achieved by strictly adhering to impossible/hard-to-change standards.

I think this is very similar to what happens with email. I could run my own mail server, but functionally it wouldn't matter for privacy, censorship resistance, or control because GMail would be on the other end of every email I send or receive anyway. Once a distributed ecosystem centralizes around a platform for the sake of convenience, it becomes the best of both worlds: centralized control, but still decentralized enough to get bogged down over time. I could build my own NFT marketplace, but it wouldn't provide any additional control if OpenSea mediates the view of all NFTs in the wallets people use (and every other application in the ecosystem).

This is not a complaint against OpenSea, nor is it an accusation against what they have built. Quite the contrary, they are trying to build something that works. I think we should expect this kind of platform integration to happen, and given the inevitability of it, we should design systems that give us the functionality we need in this way of organizing. However, my sense and concern is that the Web3 community expects a different outcome than what we are currently seeing.

It's early days

"It's still early days" is the most common statement I see in the Web3 world, especially when discussing similar issues. In a sense, the failure of cryptocurrencies to break through the relatively preliminary engineering stage is what allows people to consider this period as "early stages" because, objectively, it has been around for a decade or more .

However, even if this is just the beginning (and it probably is!), I'm not sure we should consider that consolation. I think the opposite is probably true; it seems like we should note that from the beginning these technologies tend to be centralized via platforms in order to implement them, which has little negative impact on the speed of the ecosystem, And most participants don't even know or care that it's happening. This might suggest that decentralization itself is not actually of immediate practicality or urgency to most people downstream, and that the only degree of decentralization one wants is the minimum necessary for something to exist without very Consciously consider this, and over time these forces will move us further away from the ideal outcome, not closer.

But you can't stop the gold rush

If you think about it, OpenSea would actually be a lot "better" if all the Web3 parts disappeared. It will be faster, cheaper, and easier to use. For example, to accept a bid on my NFT, I would have to pay over $80 to $150+ in Ethereum gas fees. This sets an artificial threshold for all bids, otherwise you will lose money by accepting bids that are lower than the gas fee. Credit card payment fees often feel expensive, but they are cheap in comparison. OpenSea can even publish a simple transparent log if people want public records of transactions, quotes, bids, etc. to verify their accounting records.

However, if they built an image buying and selling platform that was not nominally cryptocurrency-based, I don’t think it would catch on. Not because it's not distributed, because we've seen that a lot of the stuff that's needed to make it work is already not distributed. I don't think it's going to catch on because it's a gold rush. People make money through cryptocurrency speculation and these people are interested in spending these cryptocurrencies in a way that supports their investments while providing additional returns, so this defines the context of the wealth transfer market.

The people at the end of the line flipping NFTs don’t fundamentally care about distributed trust models or payment mechanisms, but they care about where the money is. So money attracts people to OpenSea, they improve the experience by building a platform that iterates on the underlying Web3 protocol in the Web2 space, they eventually offer the ability to "mint" NFTs through OpenSea itself rather than through your own smart contract, and ultimately This all opens the door for Coinbase to provide access to a verified NFT marketplace via your debit card through their own platform. This opens the door for Coinbase to manage the tokens themselves via dark pools held by Coinbase, which helps eliminate transaction fees and makes it possible to avoid interacting with smart contracts entirely. Eventually, all the Web3 parts disappear and you have a website that buys and sells JPEGS with a debit card. Due to market dynamics, the project cannot start as a Web2 platform, but the same market dynamics and fundamental forces of centralization may push it to eventually go there.

At the end of the stack, NFT artists are excited about this development because it means more speculation/investment in their art, but if the purpose of Web3 is To avoid the pitfalls of Web2, then we should worry, which is already the natural tendency of these new protocols that are supposed to offer a different future.

I think these market forces are likely to persist, and the question of how long it will last, in my opinion, is that the massive accumulation of cryptocurrencies is ultimately what’s inside the engineStill in a leaky bucket. If money flowing through NFTs ends up being channeled back into the crypto space, it could accelerate forever (whether it's just Web2x2 or not). If it comes out in large quantities, it will be a blip. Personally, I think there's enough money being made at the moment and enough taps to keep it going that this won't be just a blip. If that's the case, it seems worth considering how to avoid Web3 becoming Web2x2 (Web2 but with less privacy).

Creativity may not be enough

I am just new to the world of Web3. However, looking at these small projects, it's easy to see why so many people think the Web3 ecosystem is so great. I don’t think it will rid us of centralized platforms, I don’t think it will fundamentally change our relationship with technology, and I think privacy issues are already below the standards of the internet (which is a pretty low bar!), but I Also understand why geeks like me would be excited to build for it. At least, it's something new on a geeky level: it creates space for creativity/exploration, reminiscent of the early internet days. Ironically, part of the creativity may stem from the limitations that make Web3 so unwieldy. I hope the creativity and exploration we see will yield positive results, but I'm not sure it will be enough to prevent all the same dynamics of the internet from unfolding again.

If we really want to change our relationship with technology, I think we have to do it intentionally. My basic thoughts are roughly as follows:

1. We should accept the premise that people will not run their own servers by designing systems that distribute trust without the need for distributed infrastructure. This means that the architecture can anticipate and accept the corollary of a relatively centralized client/server relationship, but use cryptography (rather than infrastructure) to distribute trust. Even though Web3 is built on "encryption", I'm surprised how little it seems to touch on!

2. We should strive to reduce the burden of developing software. Currently, software projects require a lot of manpower. Even a relatively simple application requires a group of people sitting in front of a computer for eight hours a day, day after day, never ending. This was not always the case, there was a time when 50 people working on a software project was not considered a "small team". As long as software requires such concerted effort and so much highly specialized human attention, I think it will tend to serve the interests of the people who sit in that room every day rather than what we might think of as the broader goals. I think changing our relationship with technology may require making software easier to create, but throughout my life I've seen the opposite. Unfortunately, I think distributed systems tend to exacerbate this tendency, making things more complex and difficult rather than simpler and easier.

Original link: https://moxie.org/2022/01/07/web3-first-impressions.html