The old internet shows signs of quietly coming back

What goals does today's crypto-token-powered "web 3" vision share with the old Internet? It's not enough to say "well it's decentralized" and do a handwave.

Consider the NFT exploration Moxie Marlinspike did recently:

https://moxie.org/2022/01/07/web3-first-impressions.html

This is essentially a system that lets you buy DRM'd metadata that points to servers owned by a corporation funded by billions of VC dollars, and transactions are recorded on a ledger that spends more power than the entire country of Finland. The only purpose of these activities is to speculate on prices of these make-believe digital assets.

None of these things have anything to with the old Internet: cargo cult DRM, billion-dollar VC funding, enormous energy waste, artificial scarcity where none is needed.

That website on dial-up was slow because of real physical constraints, not artificial constraints erected to make VCs richer at the expense of the planet's ecosystem.

So I downloaded MetaMask, got everything set up, and went to one of the NFT marketplaces to try to make one. Uploaded the image and got a big scary warning:

> (paraphrased; I don't have a screenshot) This image was found too many times on the internet. If this image is not yours, this is ILLEGAL AND A VIOLATION OF COPYRIGHT LAW, and may result in your NFT being removed from the marketplace.

How on earth is this decentralized? Like yeah, I get wanting to protect your "asset" from "theft," but what central authority gets to decide what copyright law we abide by- further, what happens when an NFT marketplace removes your NFT? Does it get removed from the blockchain? I legitimately don't know how this works.

The user experience is also TERRIBLE. I am rather technical (hell, I used to do Bitcoin back in like 2015, or whenever it was about $4k/coin) and still don't really know how the hell MetaMask works. I imported the wallet on my phone... maybe? The randomart image it showed initially was different, but apparently the iOS app just defaults to a different kind of randomart.

You also have to use the MetaMask browser on iOS. It sucks.

Also the MetaMask connect buttons barely work across different sites. It had a _really_ hard time telling if I had a wallet. Not sure if this is an implementation issue on the dev end but as a user it was super confusing.

Using crypto to sign transactions to verify my identity is actually a very interesting idea, I like it a lot. Much easier than creating a user/pass for every site- just click Sign and go. That's basically the only good UX of web3 as it stands.

Ethereum, for example, is full of people building interesting things like off-chain low-cost trading using non-interactive zero knowledge proofs and actively working to make crypto less energy intensive and more useful. They don't want to sell you an NFT and it's not part of some elaborate rugpull- There are plenty of examples of people doing this important work because they legitimately believe that a world where fiat control is divorced from the levers of governmental power is a positive change.

There are also, of course, people trying to use those achievements as part of a weird shell game where the end result is giving gullible strangers nothing in exchange for something. That's sort of the human condition.

From that Moxie Marlinspike article:

> A crypto wallet like MetaMask, Rainbow, etc is “non-custodial” (the keys are kept client side), but it has the same problem as my dApps above: a wallet has to run on a mobile device or in your browser. Meanwhile, ethereum and other blockchains have been designed with the idea that it’s a network of peers, but not designed such that it’s really possible for your mobile device or your browser to be one of those peers.

> A wallet like MetaMask needs to do basic things like display your balance, your recent transactions, and your NFTs, as well as more complex things like constructing transactions, interacting with smart contracts, etc. In short, MetaMask needs to interact with the blockchain, but the blockchain has been built such that clients like MetaMask can’t interact with it. So like my dApp, MetaMask accomplishes this by making API calls to three companies that have consolidated in this space.

> For instance, MetaMask displays your recent transactions by making an API call to etherscan > …displays your account balance by making an API call to Infura > …displays your NFTs by making an API call to OpenSea

> Again, like with my dApp, these responses are not authenticated in some way. They’re not even signed so that you could later prove they were lying. It reuses the same connections, TLS session tickets, etc for all the accounts in your wallet, so if you’re managing multiple accounts in your wallet to maintain some identity separation, these companies know they’re linked.

> MetaMask doesn’t actually do much, it’s just a view onto data provided by these centralized APIs. This isn’t a problem specific to MetaMask – what other option do they have? Rainbow, etc are set up in exactly the same way. (Interestingly, Rainbow has their own data for the social features they’re building into their wallet – social graph, showcases, etc – and have chosen to build all of that on top of Firebase instead of the blockchain.)

> All this means that if your NFT is removed from OpenSea, it also disappears from your wallet. It doesn’t functionally matter that my NFT is indelibly on the blockchain somewhere, because the wallet (and increasingly everything else in the ecosystem) is just using the OpenSea API to display NFTs, which began returning 304 No Content for the query of NFTs owned by my address!

https://np.reddit.com/r/ethereum/comments/ryk3it/my_first_im...

Web 1.0 it was the nerds saying it was going to change the world and the people with no knowledge of how the internet worked saying it was BS.

Web 2.0 for the most part just seemed to naturally happen without a ton of specific hype and was what finally got all the naysayers of Web 1.0 on board.

Web 3.0 is all the OG naysayers saying it is going to change the world while the nerds roll their eyes.

Personally I am looking forward to Web 3.1 :-D

We already have this with SSO though - what would be the difference? Decentralization? Though it should be possible to host your own SSO.

Web 3.1 is probably coming but it is going to be something we have not fully figured out yet

There isn't much of an NFT resale market. There are minters, and there are suckers. Any chance to make money flipping NFTs was used up last year. NFTs may stay around as collectables, but to make money that way, you must have fans who buy your merch. You need to own an NBA franchise, be a famous performer, or have a major collectable brand.

NFT sentiment on Reddit has gone from positive to very negative in the last three months. The hype isn't working any more. Without hype, it dies.

Then there's enforcement. About twice a month, the US SEC brings the hammer down on some crypto-related crook.[1] They're still working through the Initial Coin Offering scam backlog. They'll get to NFTs as the complaints start coming in.

[1] https://www.sec.gov/spotlight/cybersecurity-enforcement-acti...

[0] https://en.wikipedia.org/wiki/Cherry_picking

As a layman, I’m not touching crypto until I know what this means.

None of it designed to make it easy or to make sense. Because if people realized they are being taken for a ride, no one will show up and empty their wallets. It's what corrupt businesses and dictatorships do. Confuse and conquer.

This'll get almost as much traction as activists decrying HTTPS/SSL because it took more compute, and therefore obviously more pollution!

Yes, it's too complicated right now (so was https://www.!).

E.g., Sam runs a Web site and wants to charge each user some small amount, say, $0.001 up to $0.10, including users in foreign countries, for each visit. Sam is eager to let his users pay with some major NFT.

Joe wants to use Sam's site and other sites with such a charging technique so buys in whatever fiat currency his country uses, say, $10.00 worth of some NFT. Then Joe uses Sam's site and pays with some NFT money. That NFT tokens can be divided into many parts is crucial here.

Once a day Sam converts all his NFT revenue to dollars (or whatever fiat currency is used in his country).

So, net, the money flow is from Joe's fiat money to $10.00 WORTH of some NFT to Sam's revenue in NFT to Sam's revenue in his fiat money.

Point 1: The NFT is held by Joe and Sam for only a short time and is used only as a convenient way to move many small amounts of money.

Point 2: Neither Joe nor Sam cares what each whole token of the NFT is worth.

Point 3: Investors who want to speculate on the long term value of a NFT tokens have risks from "unknown unknowns".

Point 4: If each of 1 billion people do what Joe does, hold nearly all that NFT, and on average hold only $10.00 worth, then we have an estimate of the maximum the investors can make.

2) "zero knowledge" : Suppose I want to prove to you (or at least, give you very strong evidence) that I know a 3-coloring for the graph, but I don't want to give you any information about how to color the graph with 3 colors.

This can be done in a way where I first randomly permute the 3 colors, and then commit to a particular coloring without showing you anything about it (e.g. I give each node on the graph a random salt, and show you the hash of (the color and the salt appended) for each node ), and ask you to pick any two nodes of the graph. I reveal the color and salt for those two nodes, and you can check that they make the hash I said they did. If the two nodes are connected by an edge, then the colors I give have to be different (if they are the same then my proof is invalid and you shouldn't believe my claim that I have a coloring of the graph with 3 colors.)

By repeating this process many times (each time I randomly permute the colors/names-of-the-colors, and make a new commitment about each node), and each time you choose a random pair of (adjacent) vertices, then, if I didn't actually have a coloring of it with 3 colors, there's a high chance you would eventually find that the pairs you asked me to reveal, have the same color. So, if we keep doing this, and I'm telling the truth, eventually you should have strong evidence that I have a coloring for it, but without you getting any information about that coloring (other than that it is one) (because by permuting the colors each time, the only info you get about the nodes you asked about, is that the colors are different, which is already implied by it being a coloring.)

So, that would be a zero knowledge proof that I know how to color that graph using only 3 colors, with no 2 nodes having the same color.

(of course, the thing with coloring graphs is just an example, one which is relatively easy to give a protocol for.)

3) "non-interactive" : accomplishing the same sort of thing, except instead of us sending many messages back and forth like in what I described above, instead, I just do one computation (using the knowledge I have), and then I give you the output of that computation, and you can check that with some algorithm, and the algorithm says "yep" if I gave you a good output, and "nope" if I gave you a bad output, and, if I had the info I claim to have and used it for the input to my computation, then you will always get the result "yep", while if I don't have the info I claim to have, then the probability that I succeed in giving you a good output, one which would make your program say "yep", is negligible.

__

Hopefully that helps make the idea more clear?

You might be wondering why this idea is applicable to cryptocurrency stuff?

A number of reasons. Being able to prove that you have some information that satisfies a given property, without revealing the information, is fairly powerful.

Don't criticize the tech, criticize the individual bad actors, like you did with Theranos.

One of the main talking points "web3" critics yell is "scams!", like they don't exist elsewhere.

If you do want to criticize the tech, leave the moral crusade out of it and say technically what is wrong with it, so we can have a technical debate about the feature in question.

Exactly like crypto often is.

One NFT marketplace shows you an error message and therefore the technology is not decentralized? That's a bit of a stretch. That NFT marketplace might have restrictions in place for their own legal reasons, but using that as an excuse to say that the technology isn't decentralized is unjustifiable.

It's the purest distillation of the "greater fool theory" in human history.

I'd rebuke your framing of leaving the morality of it aside. The more valid framing of a debate for new technology should be to prove that there are non scam-like applications of the technology that are superior to currently existing ones.

Right. In other words, what we have now sucks, but you shouldn't criticize it because we have this proposed scheme which might be better.

NFT doesn't mean "token". If you just mean "token", say "token"?

Unless you mean like, "tokens which represent a fractional share of a particular NFT" ? But why would you use this as the thing to denominate payment in?

If Joe has $5 worth of something, and Carl has another $5 worth of the same thing, and outcomes are equivalent if they swap what they have, then, the thing they have is fungible.

† You might be thinking wait, we don't want to be trackable. WebAuthn doesn't have any way of sending fingerprints to anywhere, the phone is using the biometrics to make this not work for bag snatcher, or for the guy snooping your desk while you go get a coffee.

Regardless of their intentions this is a bad idea and deserves every line of criticism it receives.

Governance, law, and financial regulation exist for reasons that programmers have no place or reason to replace.

Wether they wish it or not there is a centralization of authority that will happen. In Ethereum’s case either the oligarchs with the most money will set the rules, or more likely, actual governments with armies and the ability to enforce laws will.

I'm a total novice in the world of NFT (Google says that abbreviates "non-fungible token"). You are way ahead of me. I'm such a novice that I don't yet even know how to use the words!

I don't yet fully understand your lessons!

Maybe roughly I have the scenario of Joe, Sam, and the long term investors correct.

AKA digital currency. For this we can simply use a digital currency (crypto or otherwise). NFT is irrelevant here, an extra unnecessary complication when the same thing could have done with the ETH chain it's already based on, or a new side-chain or many other methods.

I agree. The only thing missing is a way to recover your account (wallet) if you lose or forget your password.

It was the people participating in the network.

'They' decided on a course of action by doing what most of the people in the system thought was correct. That sounds to me like a feature rather than a bug. At the time the consensus was that the network was young and brittle and breaking things was expected and an 'undo' was appropriate, as evidenced by the fact that a small number of people didn't think it was a good idea, tried to fork the chain to test that sentiment, and pretty quickly faded into obscurity.

Any distributed system that relies on trusting a consensus of individuals will be vulnerable to the majority of those individuals deciding something you don't want them to decide. That's how consensus works (in Ethereum as well as any other crypto BTW) The reason crypto works is that once you hit a certain scale most of the users are interested in keeping the network working. The ETH DAO was an interesting time when ETH was enough of a 'toy' that dev environment stuff like the community agreeing to undo 'oopsies' was conceivable. For better or worse (probably better) ETH is no longer a 'toy' and those mechanisms for undos don't really work anymore.

As in most things, the culprit is not technology, it's people. It's entirely possible to ignore the clear rugpulls and scams and just focus on the technically interesting parts. Quite a lot of people are quietly doing just that while everyone else is busy trying to scam each other and/or be religiously opposed to what amounts to a distributed database synchronization mechanism.

That's a fair criticism, even if I don't agree with it. I don't think it's possible to imagine a world where consensus is shared widely enough that 'mutually assured destruction' of the financial network prevents transaction censorship, particularly when zero knowledge based networks allow validation of network transactions without knowledge of who is transacting, what transaction is taking place, or when it might occur.

>Governance, law, and financial regulation exist for reasons that programmers have no place or reason to replace.

I don't think anyone is suggesting that governance, law, or financial regulation should go away. Those things seem important. The governments of the world can enforce those things like they always have. They just lose the ability to manufacture more money when it's time to fight a new war or pay off one special interest or another (but only if most of the people participating in that society buy into the idea that the government is not a good steward of that power)

Imagine a world where the people ruled by a government have some say in whether they're doing a good job with monetary policy or not. I certainly don't have that today - I get to punch the 'RED GUY' or 'BLUE GUY' button on my voting ticket but neither of them are particularly interested in changing something that fundamental.

Sounds great if you want to buy things law enforcement would be interested in tracking down.

> Those things seem important.

Understatement of the year.

> Imagine a world where the people ruled by a government have some say in whether they're doing a good job with monetary policy or not.

Assuming you live in the US, then you do -- it's called democracy.

But giving power to a handful of rich people and asking them to make monetary policy is an oligarchy and it's not a good idea.

Oh geez, we should probably stop doing that then.

This is what I mean about giving a bunch of programmers/developers the power to choose new forms of governance/financial infrastructure.

These are social structures that affect everyone and shouldn't be given to developers no matter how well-meaning they are.