My First Impressions of Web3
Despite considering myself a cryptographer, I have not found myself particularly drawn to crypto. I’m much more likely to click on Pepperidge Farm Remembers flavored memes about how crypto used to mean cryptography than I am the latest NFT drop.
Also ~ cards on the table here ~ I don’t share the same generational excitement for moving all aspects of life into an instrumented economy.
Even strictly on the technological level, though, I haven’t yet managed to become a believer. So given all of the recent attention into what is now being called Web3, I decided to explore some of what has been happening in that space more thoroughly to see what I may be missing.
How I Think About 1 & 2
Web3 is a somewhat ambiguous term, which makes it difficult to rigorously evaluate what the ambitions for Web3 should be, but the general thesis seems to be that Web1 was decentralized, Web2 centralized everything into platforms & that Web3 will decentralize everything again. web3 should give us the richness of web2, but decentralized.
It’s probably good to have some clarity on why centralized platforms emerged to begin with & in my mind the explanation is pretty simple:
-
People don’t want to run their own servers & never will. The premise for web1 was that everyone on the internet would be both a publisher and consumer of content as well as a publisher and consumer of infrastructure.
We’d all have our own web server with our own web site, our own mail server for our own email, our own finger server for our own status messages, our own chargen server for our own character generation. However – and I don’t think this can be emphasized enough – that is not what people want. People do not want to run their own servers.
Even nerds do not want to run their own servers at this point. Even organizations building software full time do not want to run their own servers at this point. If there’s one thing I hope we’ve learned about the world, it’s that people do not want to run their own servers. The companies that emerged offering to do that for you instead were successful & the companies that iterated on new functionality based on what is possible with those networks were even more successful. -
A protocol moves much more slowly than a platform. After 30+ years, email is still unencrypted; meanwhile WhatsApp went from unencrypted to full e2ee in a year. People are still trying to standardize sharing a video reliably over IRC; meanwhile, Slack lets you create custom reaction emoji based on your face.
This isn’t a funding issue. If something is truly decentralized, it becomes very difficult to change & often remains stuck in time. That is a problem for technology, because the rest of the ecosystem is moving very quickly & if you don’t keep up you will fail. There are entire parallel industries focused on defining & improving methodologies like Agile to try to figure out how to organize enormous groups of people so that they can move as quickly as possible because it is so critical.
When the technology itself is more conducive to stasis than movement, that’s a problem. A sure recipe for success has been to take a 90’s protocol that was stuck in time, centralize it & iterate quickly.
But Web3 intends to be different, so let’s take a look. In order to get a quick feeling for the space & a better understanding for what the future may hold, I decided to build a couple of dApps & create an NFT.
Making Some Distributed Apps
To get a feeling for the web3 world, I made a dApp called Autonomous Art that lets anyone mint a token for an NFT by making a visual contribution to it. The cost of making a visual contribution increases over time & the funds a contributor pays to mint are distributed to all previous artists (visualizing this financial structure would resemble something similar to a pyramid shape). At the time of this writing, over $38k USD has gone into creating this collective art piece.
I also made a dApp called First Derivative that allows you to create, discover & exchange NFT derivatives which track an underlying NFT, similar to financial derivatives which track an underlying asset 😉.
Both gave me a feeling for how the space works. To be clear, there is nothing particularly distributed about the apps themselves: they’re just normal react websites. The distributedness refers to where the state & the logic/permissions for updating the state lives: on the blockchain instead of in a centralized database.
One thing that has always felt strange to me about the cryptocurrency world is the lack of attention to the client/server interface. When people talk about blockchains, they talk about distributed trust, leaderless consensus & all the mechanics of how that works, but often gloss over the reality that clients ultimately can’t participate in those mechanics. All the network diagrams are of servers, the trust model is between servers, everything is about servers. Blockchains are designed to be a network of peers, but not designed such that it’s really possible for your mobile device or your browser to be one of those peers.
With the shift to mobile, we now live firmly in a world of clients and servers ~ with the former completely unable to act as the latter ~ & those questions seem more important to me than ever. Meanwhile, ethereum actually refers to servers as clients, so there’s not even a word for an actual untrusted client/server interface that will have to exist somewhere & no acknowledgement that if successful there will ultimately be billions (!) more clients than servers.
For example, whether it’s running on mobile or the web, a dApp like Autonomous Art or First Derivative needs to interact with the blockchain somehow ~ in order to modify or render state (the collectively produced work of art, the edit history for it, the NFT derivatives, etc). That’s not really possible to do from the client, though, since the blockchain can’t live on your mobile device (or in your desktop browser realistically). So the only alternative is to interact with the blockchain via a node that’s running remotely on a server somewhere.
A server! But, as we know, people don’t want to run their own servers. As it happens, companies have emerged that sell API access to an ethereum node they run as a service, along with providing analytics, enhanced APIs they’ve built on top of the default ethereum APIs & access to historical transactions. Which sounds… familiar. At this point, there are basically two companies. Almost all dApps use either Infura or Alchemy in order to interact with the blockchain. In fact, even when you connect a wallet like MetaMask to a dApp & the dApp interacts with the blockchain via your wallet, MetaMask is just making calls to Infura!
These client APIs are not using anything to verify blockchain state or the authenticity of responses. The results aren’t even signed. An app like Autonomous Art says “hey what’s the output of this view function on this smart contract,” Alchemy or Infura responds with a JSON blob that says “this is the output” & the app renders it.
This was surprising to me. So much work, energy & time has gone into creating a trustless distributed consensus mechanism, but virtually all clients that wish to access it do so by simply trusting the outputs from these two companies without any further verification. It also doesn’t seem like the best privacy situation. Imagine if every time you interacted with a website in Chrome, your request first went to Google before being routed to the destination & back. That’s the situation with ethereum today. All write traffic is obviously already public on the blockchain, but these companies also have visibility into almost all read requests from almost all users in almost all dApps.
Partisans of the blockchain might say that it’s okay if these types of centralized platforms emerge, because the state itself is available on the blockchain, so if these platforms misbehave clients can simply move elsewhere. However, I would suggest that this is a very simplistic view of the dynamics that make platforms what they are.
Let me give you an example.
Making an NFT
I also wanted to create a more traditional NFT. Most people think of images & digital art when they think of NFTs, but NFTs generally do not store that data on-chain. For most NFTs of most images, that would be much too expensive.
Instead of storing the data on-chain, NFTs instead contain a URL that points to the data. What surprised me about the standards was that there’s no hash commitment for the data located at the URL. Looking at many of the NFTs on popular marketplaces being sold for tens, hundreds, or millions of dollars, that URL often just points to some VPS running Apache somewhere. Anyone with access to that machine, anyone who buys that domain name in the future, or anyone who compromises that machine can change the image, title, description, etc for the NFT to whatever they’d like at any time (regardless of whether or not they own the token). There’s nothing in the NFT spec that tells you what the image should be, or even allows you to confirm whether something is the correct image.
So as an experiment, I made an NFT that changes based on who is looking at it, since the web server that serves the image can choose to serve different images based on the IP or User Agent of the requester. For example, it looked one way on OpenSea, another way on Rarible, but when you buy it & view it from your crypto wallet, it will always display as a large 💩 emoji. What you bid on isn’t what you get. There’s nothing unusual about this NFT, it’s how the NFT specifications are built. Many of the highest priced NFTs could turn into 💩 emoji at any time; I just made it explicit.
NFT on OpenSea
Same NFT on Rarible
Same NFT in a Wallet
After a few days, without warning or explanation, the NFT I made was removed from OpenSea (an NFT marketplace):
The takedown suggests that I violated some Term Of Service, but after reading the terms, I don’t see any that prohibit an NFT which changes based on where it is being looked at from & I was openly describing it that way.
What I found most interesting, though, is that after OpenSea removed my NFT, it also no longer appeared in any crypto wallet on my device. This is Web3, though, how is that possible?
A crypto wallet like MetaMask, Rainbow, etc is non-custodial (the keys are kept client side), but it has the same problem as my dApps above: a wallet has to run on a mobile device or in your browser. Meanwhile, ethereum and other blockchains have been designed with the idea that it’s a network of peers, but not designed such that it’s really possible for your mobile device or your browser to be one of those peers.
A wallet like MetaMask needs to do basic things like display your balance, your recent transactions & your NFTs, as well as more complex things like constructing transactions, interacting with smart contracts, etc. In short, MetaMask needs to interact with the blockchain, but the blockchain has been built such that clients like MetaMask can’t interact with it. So like my dApp, MetaMask accomplishes this by making API calls to three companies that have consolidated in this space.
For instance, MetaMask displays your recent transactions by making an API call to etherscan:
GET https://api.etherscan.io/api?module=account&address=0x0208376c899fdaEbA530570c008C4323803AA9E8&offset=40&order=desc&action=txlist&tag=latest&page=1 HTTP/2.0
…displays your account balance by making an API call to Infura:
POST https://mainnet.infura.io/v3/d039103314584a379e33c21fbe89b6cb HTTP/2.0
{
"id": 2628746552039525,
"jsonrpc": "2.0",
"method": "eth_getBalance",
"params": [
"0x0208376c899fdaEbA530570c008C4323803AA9E8",
"latest"
]
}
…displays your NFTs by making an API call to OpenSea:
GET https://api.opensea.io/api/v1/assets?owner=0x0208376c899fdaEbA530570c008C4323803AA9E8&offset=0&limit=50 HTTP/2.0
Again, like with my dApp, these responses are not authenticated in some way. They’re not even signed so that you could later prove they were lying. It reuses the same connections, TLS session tickets, etc for all the accounts in your wallet, so if you’re managing multiple accounts in your wallet to maintain some identity separation, these companies know they’re linked.
MetaMask doesn’t actually do much, it’s just a view onto data provided by these centralized APIs. This isn’t a problem specific to MetaMask ~ what other option do they have? Rainbow, etc are set up in exactly the same way. (Interestingly, Rainbow has their own data for the social features they’re building into their wallet ~ social graph, showcases, etc ~ & have chosen to build all of that on top of Firebase instead of the blockchain.)
All this means that if your NFT is removed from OpenSea, it also disappears from your wallet. It doesn’t functionally matter that my NFT is indelibly on the blockchain somewhere, because the wallet (and increasingly everything else in the ecosystem) is just using the OpenSea API to display NFTs, which began returning 304 No Content for the query of NFTs owned by my address!
Recreating this World
Given the history of why Web1 became Web2, what seems strange to me about Web3 is that technologies like ethereum have been built with many of the same implicit trappings as Web1. To make these technologies usable, the space is consolidating around… platforms. Again. People who will run servers for you & iterate on the new functionality that emerges. Infura, OpenSea, Coinbase, Etherscan.
Likewise, the Web3 protocols are slow to evolve. When building First Derivative, it would have been great to price minting derivatives as a percentage of the underlying’s value. That data isn’t on chain, but it’s in an API that OpenSea will give you. People are excited about NFT royalties for the way that they can benefit creators, but royalties aren’t specified in ERC-721 & it’s too late to change it, so OpenSea has its own way of configuring royalties that exists in Web2 space. Iterating quickly on centralized platforms is already outpacing the distributed protocols & consolidating control into platforms.
Given those dynamics, I don’t think it should be a surprise that we’re already at a place where your crypto wallet’s view of your NFTs is OpenSea’s view of your NFTs. I don’t think we should be surprised that OpenSea isn’t a pure view that can be replaced, since it has been busy iterating the platform beyond what is possible strictly with the impossible/difficult to change standards.
I think this is very similar to the situation with email. I can run my own mail server, but it doesn’t functionally matter for privacy, censorship resistance, or control ~ because GMail is going to be on the other end of every email that I send or receive anyway. Once a distributed ecosystem centralizes around a platform for convenience, it becomes the worst of both worlds: centralized control, but still distributed enough to become mired in time. I can build my own NFT marketplace, but it doesn’t offer any additional control if OpenSea mediates the view of all NFTs in the wallets people use (& every other app in the ecosystem).
This isn’t a complaint about OpenSea or an indictment of what they’ve built. Just the opposite, they’re trying to build something that works. I think we should expect this kind of platform consolidation to happen & given the inevitability, design systems that give us what we want when that’s how things are organized. My sense & concern, though, is that the web3 community expects some other outcome than what we’re already seeing.
It’s Early Days
It’s early days still is the most common refrain I see from people in the web3 space when discussing matters like these. In some ways, cryptocurrency’s failure to scale beyond relatively nascent engineering is what makes it possible to consider the days early, since objectively it has already been a decade or more.
However, even if this is just the beginning (& it very well might be!), I’m not sure we should consider that any consolation. I think the opposite might be true; it seems like we should take notice that from the very beginning, these technologies immediately tended towards centralization through platforms in order for them to be realized, that this has ~zero negatively felt effect on the velocity of the ecosystem & that most participants don’t even know or care it’s happening. This might suggest that decentralization itself is not actually of immediate practical or pressing importance to the majority of people downstream, that the only amount of decentralization people want is the minimum amount required for something to exist & that if not very consciously accounted for, these forces will push us further from rather than closer to the ideal outcome as the days become less early.
But you Can’t Stop a Gold Rush
When you think about it, OpenSea would actually be much better in the immediate sense if all the Web3 parts were gone. It would be faster, cheaper for everyone & easier to use. For example, to accept a bid on my NFT, I would have had to pay over $80~$150+ just in ethereum transaction fees. That puts an artificial floor on all bids, since otherwise you’d lose money by accepting a bid for less than the gas fees. Payment fees by credit card, which typically feel extortionary, look cheap compared to that. OpenSea could even publish a simple transparency log if people wanted a public record of transactions, offers, bids, etc to verify their accounting.
However, if they had built a platform to buy & sell images that wasn’t nominally based on crypto, I don’t think it would have taken off. Not because it isn’t distributed, because as we’ve seen so much of what’s required to make it work is already not distributed. I don’t think it would have taken off because this is a gold rush. People have made money through cryptocurrency speculation, those people are interested in spending that cryptocurrency in ways that support their investment while offering additional returns & so that defines the setting for the market of transfer of wealth.
The people at the end of the line who are flipping NFTs do not fundamentally care about distributed trust models or payment mechanics, but they care about where the money is. So the money draws people into OpenSea, they improve the experience by building a platform that iterates on the underlying Web3 protocols in Web2 space, they eventually offer the ability to mint NFTs through OpenSea itself instead of through your own smart contract mint eventually this all opens the door for Coinbase to offer access to the validated NFT market with their own platform via your debit card. That opens the door to Coinbase managing the tokens themselves through dark pools that Coinbase holds, which helpfully eliminates the transaction fees & makes it possible to avoid having to interact with smart contracts at all. Eventually, all the Web3 parts are gone & you have a website for buying & selling JPEGS with your debit card. The project can’t start as a Web2 platform because of the market dynamics, but the same market dynamics & the fundamental forces of centralization will likely drive it to end up there.
At the end of the stack, NFT artists are excited about this kind of progression because it means more speculation/investment in their art, but it also seems like if the point of Web3 is to avoid the trappings of Web2, we should be concerned that this is already the natural tendency for these new protocols that are supposed to offer a different future.
I think these market forces will likely continue & in my mind the question of how long it continues is a question of whether the vast amounts of accumulated cryptocurrency are ultimately inside an engine or a leaky bucket. If the money flowing through NFTs ends up channeled back into crypto space, it could continue to accelerate forever (regardless of whether or not it’s just Web2x2). If it churns out, then this will be a blip. Personally, I think enough money has been made at this point that there are enough faucets to keep it going & this won’t just be a blip. If that’s the case, it seems worth thinking about how to avoid Web3 being Web2x2 (Web2 but with even less privacy) with some urgency.
Creativity Might not be Enough
I have only dipped my toe in the waters of Web3. Looking at it through the lens of these small projects, though, I can easily see why so many people find the Web3 ecosystem so neat. I don’t think it’s on a trajectory to deliver us from centralized platforms, I don’t think it will fundamentally change our relationship to technology & I think the privacy story is already below par for the internet (which is a pretty low bar!), but I also understand why nerds like me are excited to build for it. It is, at the very least, something new on the nerd level ~ & that creates a space for creativity/exploration that is somewhat reminiscent of early internet days. Ironically, part of that creativity probably springs from the constraints that make web3 so clunky. I’m hopeful that the creativity and exploration we’re seeing will have positive outcomes, but I’m not sure if it’s enough to prevent all the same dynamics of the internet from unfolding again.
If we do want to change our relationship to technology, I think we’d have to do it intentionally. My basic thoughts are roughly:
- We should accept the premise that people will not run their own servers by designing systems that can distribute trust without having to distribute infrastructure. This means architecture that anticipates & accepts the inevitable outcome of relatively centralized client/server relationships, but uses cryptography (rather than infrastructure) to distribute trust. One of the surprising things to me about Web3, despite being built on crypto, is how little cryptography seems to be involved!
- We should try to reduce the burden of building software. At this point, software projects require an enormous amount of human effort. Even relatively simple apps require a group of people to sit in front of a computer for eight hours a day, every day, forever. This wasn’t always the case, and there was a time when 50 people working on a software project wasn’t considered a small team. As long as software requires such concerted energy and so much highly specialized human focus, I think it will have the tendency to serve the interests of the people sitting in that room every day rather than what we may consider our broader goals. I think changing our relationship to technology will probably require making software easier to create, but in my lifetime I’ve seen the opposite come to pass. Unfortunately, I think distributed systems have a tendency to exacerbate this trend by making things more complicated & more difficult, not less complicated & less difficult.
“At Blackstone we have established, and over time refined, an investment process to accomplish that basic concept. We have created a framework for assessing risk that has been incredibly reliable. We train our professionals to distill every individual investment opportunity down to the two or three major variables that will define the success of our investment case and create value. At Blackstone, the decision to invest is all about disciplined, dispassionate, and robust risk assessment. It’s not only a process but a mind-set and an integral part of our culture.” ~ Curated Excerpt From: Stephen A. Schwarzman. “What It Takes.” Apple Books.
Curated via Moxie Marlinspike. Thanks for reading, cheers! (with a glass of wine & book of course)
Dom Caudron Prediction
Producer: Champagne Dom Caudron, Champagne Brut, France
"Pure Pinot Meunier from the western slopes of the Montagne de Reims has produced a Champagne with a smooth texture, packed with ripe pear flavors and a rich aftertaste. Drink now." ~ 90 Points ~ Wine Enthusiast
What It Takes: Lessons in the Pursuit of Excellence
From Blackstone chairman, CEO, and co-founder Stephen A. Schwarzman, a long-awaited book that uses impactful episodes from Schwarzman's life to show readers how to build, transform, and lead thriving organizations. Whether you are a student, entrepreneur, philanthropist, executive, or simply someone looking for ways to maximize your potential, the same lessons apply.
People know who Stephen Schwarzman is—at least they think they do. He’s the man who took $400,000 and co-founded Blackstone, the investment firm that manages over $500 billion (as of January 2019). He’s the CEO whose views are sought by heads of state. He’s the billionaire philanthropist who founded Schwarzman Scholars, this century’s version of the Rhodes Scholarship, in China. But behind these achievements is a man who has spent his life learning and reflecting on what it takes to achieve excellence, make an impact, and live a life of consequence.
Folding handkerchiefs in his father’s linen shop, Schwarzman dreamed of a larger life, filled with purpose and adventure. His grades and athleticism got him into Yale. After starting his career in finance with a short stint at a financial firm called DLJ, Schwarzman began working at Lehman Brothers where he ascended to run the mergers and acquisitions practice. He eventually partnered with his mentor and friend Pete Peterson to found Blackstone, vowing to create a new and different kind of financial institution.
Building Blackstone into the leading global financial institution it is today didn’t come easy. Schwarzman focused intensely on culture, hiring great talent, and establishing processes that allow the firm to systematically analyze and evaluate risk. Schwarzman’s simple mantra “don’t lose money” has helped Blackstone become a leading private equity and real estate investor, and manager of alternative assets for institutional investors globally. Both he and the firm are known for the rigor of their investment process, their innovative approach to deal making, the diversification of their business lines, and a conviction to be the best at everything they do.
Schwarzman is also an active philanthropist, having given away more than a billion dollars. In philanthropy, as in business, he is drawn to situations where his capital and energy can be applied to drive transformative solutions and change paradigms, notably in education. He uses the skills learned over a lifetime in finance to design, establish, and support impactful and innovative organizations and initiatives. His gifts have ranged from creating a new College of Computing at MIT for the study of artificial intelligence, to establishing a first-of-its-kind student and performing arts center at Yale, to enabling the renovation of the iconic New York Public Library, to founding the Schwarzman Scholars fellowship program at Tsinghua University in Beijing—the single largest philanthropic effort in China’s history from international donors.
Schwarzman’s story is an empowering, entertaining, and informative guide for anyone striving for greater personal impact. From deal making to investing, leadership to entrepreneurship, philanthropy to diplomacy, Schwarzman has lessons for how to think about ambition and scale, risk and opportunities, and how to achieve success through the relentless pursuit of excellence. Schwarzman not only offers readers a thoughtful reflection on all his own experiences, but in doing so provides a practical blueprint for success.