Moxie Marlinspike: Here’s What’s Wrong With Web3

in a blog post Posted on Jan 7, Moxie Marlinspike, creator and maintainer of the Signal messaging app, raised concerns about Web3 and in particular its claim to be a future new and decentralized alternative to the Web 2.0 platform giants. .

Marlinspike begins his post by admitting that despite considering himself a cryptographer, he has not been particularly drawn to “crypto”. [Marlinspike’s quotes], and that he has not yet managed to become a believer.

“Also, cards on the table here, I do not share the same generational enthusiasm for moving all aspects of life into an instrumented economy,” writes Marlinspike.

Although skeptical, Moxie Marlinspike decided to test Web3 by creating two Web3 applications (dApps) called Autonomous Art, which allows anyone to mint a token for an NFT by making a visual contribution to it, and First derivative which allows users to create, discover and trade NFT derivatives that track an underlying NFT.

People don’t want to run their own servers.

Although Web3 is a somewhat ambiguous term, according to Marlinspike, it should be reduced to providing its users with the “richness” of Web2, but in a decentralized way. The main reason the originally decentralized Web1 became centralized Web2 is because “people don’t want to run their own servers, and they never will” and “a protocol moves much slower than a platform.” As an example of the latter, Marlinspike points to email.

“After more than 30 years, email is still not encrypted; meanwhile, WhatsApp went from no encryption to full e2ee in a year. ”e2ee stands for end-to-end encryption.

a thing that Marlinspike finds it strange that “the world of cryptocurrencies is the lack of attention to the client / server interface”, and that “blockchains are designed to be a network of peers, but they are not designed in such a way that it is really possible that your mobile device or your browser is one of those peers. The point that Marlinspike makes is that, normally, wallets do not connect directly to the blockchain, but do so through the APIs provided by the node operators.

However, this is a centralizing bottleneck since, in practice, there are only two of these API providers: Infura Y Alchemy, and almost all dApps use one or the other to interact with the blockchain. The reason is that these APIs make life easier for dApp developers.

“In fact, even when you connect a wallet like MetaMask to a dApp, and the dApp interacts with the blockchain through your wallet, MetaMask is only making calls to Infura,” writes Marlinspike, echoing the criticism that has been made. heard many times throughout Ethereal’s history.

“This was surprising to me. A lot of work, energy and time has gone into creating a trustless distributed consensus mechanism, but virtually all customers who want to access it do so simply by relying on the results of these two companies without any additional verification, ”writes Marlinspike .

NFTs are centralized in the OpenSea API

For Moxie Marlinspike, the situation is even worse with NFT, partly due to the way the NFT standard (EIP-721) is designed and partly due to the centralizing power of the OpenSea market and its API.

Instead of storing the data in the string, in most cases, NFTs contain a pointer to the data. Depending on where that data is stored, anyone with access to that storage system can change the data, regardless of whether or not they own the actual token.

Also, in the words of Marlinspike, there is nothing in the NFT spec that tells the owner what the data should be, like an image, or even allows the owner to confirm if something is the correct data.

This is different from the misunderstanding around the right-click-save meme, where some people seem to think that the NFT is the actual image, when in reality the NFT is some kind of certificate that proves the authenticity and ownership of this image. But there is nothing in the NFT that says what that data should be; there is nothing to say if an NFT is for a Bored Ape Yacht Club or a Pudgy Penguin.

There is only a pointer to some data outside of the string; if someone manages to change what that pointer points to, it will point to something else. The exception to this is NFTs that store data on the chain, like lean data CryptoPunks do, but it is only economically feasible for small amounts of data.

“What you bid is not what you get”

Marlinspike illustrates this problem by creating an experimental NFT that looks different depending on who is looking at the associated image, having the web server serve different images based on the requestor’s IP or user agent. In this way, the same NFT presents three different images depending on whether it is viewed through OpenSea, Rarible or a wallet.

“What you bid is not what you get. There is nothing unusual about this NFT, it is how the NFT specifications are built, ”writes Marlinspike.

After a few days, without notice or explanation, according to Marlinspike, his NFT was removed from OpenSea, probably because it violated some terms of service. By removing the NFT from the marketplace and thus removing it from its API, OpenSea made it impossible for most wallets to display the NFT, even though it is still there on the blockchain. This is because, again, wallets like MetaMask use APIs, like OpenSea’s in the case of NFTs, to access and display data on the chain.

“MetaMask needs to interact with the blockchain, but the blockchain has been created in such a way that clients like MetaMask cannot interact with it. So, like my dApp, MetaMask achieves this by making API calls to three companies that have established themselves in this space, ”writes Marlinspike.

“All of this means that if your NFT is removed from OpenSea, it also disappears from your wallet. It doesn’t matter functionally that my NFT is indelibly on the blockchain somewhere, because the wallet, and increasingly everything else in the ecosystem, just uses the OpenSea API to display NFT, which started to return “304 No content “for the consultation of NFT owned by my address.”

The space is consolidated around the platforms. Again.

In Moxie Marlinspike’s mind, the blockchain space is consolidating, for the same reasons as Web1, around centralized platforms to make blockchain technologies usable by a wider audience. Again because neither individuals nor organizations want to run servers.

“Given that dynamic, I don’t think it should come as a surprise that we are already in a place where your crypto wallet’s view of your NFTs is OpenSea’s view of your NFTs. I don’t think we should be surprised that OpenSea is not a pure “view” that can be replaced, as it has been busy iterating the platform beyond what is strictly possible with impossible or hard-to-change standards. This is not a complaint about OpenSea or an accusation of what they have built. On the contrary, they are trying to build something that works, ”writes Marlinspike.

If the blockchain industry wants to change people’s relationship with technology, Marlinspike believes that the industry has to do so on purpose by accepting the premise that people will not run their own servers and designing systems that can distribute trust without having to distribute infrastructure.

Second, Marlinspike believes that the blockchain industry should try to reduce the burden of creating software.

“I think changing our relationship with technology will probably require making software easier to create, but I’ve seen the opposite happen in my life. Unfortunately, I think distributed systems tend to exacerbate this trend by making things more complicated and difficult, not less complicated and less difficult, ”writes Marlinspike.

CryptoSlate Newsletter

Featuring a roundup of the biggest daily stories in the world of cryptocurrencies, DeFi, NFT, and more.

Obtain a edge in the crypto asset market

Access more information and cryptographic context in each article as a paid member of CryptoSlate edge.

Chain analysis

Price snapshots

More context

Join now for $ 19 / month Explore all the benefits

Source: https://cryptoslate.com/moxie-marlinspike-heres-whats-wrong-with-web3/

Leave a Reply

Your email address will not be published. Required fields are marked *