(2022-01-07) Moxie My First Impressions Of Web3

Moxie Marlinspike: My first impressions of web3. Despite considering myself a cryptographer, I have not found myself particularly drawn to “crypto.”... I don’t share the same generational excitement for moving all aspects of life into an instrumented economy.... Even strictly on the technological level, though, I haven’t yet managed to become a believer. So given all of the recent attention into what is now being called web3, I decided to explore some of what has been happening in that space more thoroughly to see what I may be missing.

How I think about 1 and 2

It’s probably good to have some clarity on why centralized platforms emerged to begin with, and in my mind the explanation is pretty simple:

People don’t want to run their own servers, and never will. (Personal Server) Even nerds do not want to run their own servers at this point. Even organizations building software full time do not want to run their own servers at this point.

A protocol moves much more slowly than a platform. This isn’t a funding issue. If something is truly decentralized, it becomes very difficult to change, and often remains stuck in time.

Making some distributed apps

To get a feeling for the web3 world, I made a dApp called Autonomous Art that lets anyone mint a token for an NFT by making a visual contribution to it.

I also made a dApp called First Derivative that allows you to create, discover, and exchange NFT derivatives

Both gave me a feeling for how the space works. To be clear, there is nothing particularly “distributed” about the apps themselves: they’re just normal react websites. The “distributedness” refers to where the state and the logic/permissions for updating the state lives: on the blockchain instead of in a “centralized” database.

One thing that has always felt strange to me about the cryptocurrency world is the lack of attention to the client/server interface

Blockchains are designed to be a network of peers, but not designed such that it’s really possible for your mobile device or your web browser to be one of those peers.

since the blockchain can’t live on your mobile device (or in your desktop browser realistically). So the only alternative is to interact with the blockchain via a node that’s running remotely on a server somewhere.

Almost all dApps use either Infura or Alchemy in order to interact with the blockchain. In fact, even when you connect a wallet like MetaMask to a dApp, and the dApp interacts with the blockchain via your wallet, MetaMask is just making calls to Infura!

This was surprising to me. So much work, energy, and time has gone into creating a trustless distributed consensus mechanism, but virtually all clients that wish to access it do so by simply trusting the outputs from these two companies without any further verification.

Instead of storing the data on-chain, NFTs instead contain a URL that points to the data. What surprised me about the standards was that there’s no hash commitment for the data located at the URL. Looking at many of the NFTs on popular marketplaces being sold for tens, hundreds, or millions of dollars, that URL often just points to some VPS running Apache somewhere. Anyone with access to that machine, anyone who buys that domain name in the future, or anyone who compromises that machine can change the image, title, description, etc for the NFT to whatever they’d like at any time (regardless of whether or not they “own” the token).

So as an experiment, I made an NFT that changes based on who is looking at it

After a few days, without warning or explanation, the NFT I made was removed from OpenSea (an NFT marketplace):

What I found most interesting, though, is that after OpenSea removed my NFT, it also no longer appeared in any crypto wallet on my device. This is web3, though, how is that possible?

like my dApp, MetaMask accomplishes this by making API calls to three companies that have consolidated in this space.

MetaMask displays your recent transactions by making an API call to etherscan:

…displays your account balance by making an API call to Infura:

…displays your NFTs by making an API call to OpenSea:

Again, like with my dApp, these responses are not authenticated in some way. They’re not even signed so that you could later prove they were lying. It reuses the same connections, TLS session tickets, etc for all the accounts in your wallet, so if you’re managing multiple accounts in your wallet to maintain some identity separation, these companies know they’re linked.

All this means that if your NFT is removed from OpenSea, it also disappears from your wallet. It doesn’t functionally matter that my NFT is indelibly on the blockchain somewhere, because the wallet (and increasingly everything else in the ecosystem) is just using the OpenSea API to display NFTs, which began returning 304 No Content for the query of NFTs owned by my address!

People are excited about NFT royalties for the way that can benefit creators, but royalties aren’t specified in ERC-721, and it’s too late to change it, so OpenSea has its own way of configuring royalties that exists in web2 space. Iterating quickly on centralized platforms is already outpacing the distributed protocols and consolidating control into platforms.

I think this is very similar to the situation with email. I can run my own mail server, but it doesn’t functionally matter for privacy, censorship resistance, or control – because GMail is going to be on the other end of every email that I send or receive anyway. Once a distributed ecosystem centralizes around a platform for convenience, it becomes the worst of both worlds: centralized control, but still distributed enough to become mired in time

This isn’t a complaint about OpenSea or an indictment of what they’ve built.

My sense and concern, though, is that the web3 community expects some other outcome than what we’re already seeing.

it seems like we should take notice that from the very beginning, these technologies immediately tended towards centralization through platforms in order for them to be realized, that this has ~zero negatively felt effect on the velocity of the ecosystem, and that most participants don’t even know or care it’s happening.

When you think about it, OpenSea would actually be much “better” in the immediate sense if all the web3 parts were gone. It would be faster, cheaper for everyone, and easier to use.

However, if they had built a platform to buy and sell images that wasn’t nominally based on crypto, I don’t think it would have taken off. Not because it isn’t distributed, because as we’ve seen so much of what’s required to make it work is already not distributed. I don’t think it would have taken off because this is a gold rush. (asset bubble)

Eventually, all the web3 parts are gone, and you have a website for buying and selling JPEGS with your debit card.

Personally, I think enough money has been made at this point that there are enough faucets to keep it going, and this won’t just be a blip. If that’s the case, it seems worth thinking about how to avoid web3 being web2x2 (web2 but with even less privacy) with some urgency

If we do want to change our relationship to technology, I think we’d have to do it intentionally

My basic thoughts are roughly:

We should accept the premise that people will not run their own servers by designing systems that can distribute trust without having to distribute infrastructure

uses cryptography (rather than infrastructure) to distribute trust. One of the surprising things to me about web3, despite being built on “crypto,” is how little cryptography seems to be involved!

We should try to reduce the burden of building software

I think changing our relationship to technology will probably require making software easier to create, but in my lifetime I’ve seen the opposite come to pass. Unfortunately, I think distributed systems have a tendency to exacerbate this trend by making things more complicated and more difficult, not less complicated and less difficult.

Vitalik Buterin responded: The word "server" imo is not very useful in the blockchain context; it combines together a bundle of concepts that are best treated separately.... Moxie's critiques in the second half of the post strike me as having a correct criticism of the current state of the ecosystem (where (1), (2), (7) and (8) are the only things that we have working code for), but they are missing where the blockchain ecosystem is going. There's already teams working on implementing (3), (4), (5), and active research on making (6) happen....

Dan Finlay: What Moxie Missed on Web3 Wallets

I think Moxie's article on his First Impressions of Web3

thoughtfully considered the systems he was giving impressions on

So I found his article extremely inviting to discuss a bit more about what I think he missed, mainly from my perspective, primarily the wallet/MetaMask perspective.

Things Moxie Got Right

What Moxie Missed

The Presence of Client Friendly Protocols

modern wallets are doing nearly no validation of blockchain state, and are just trusting servers. This is basically needed for Ethereum in its current state, but it doesn’t need to always be so.

HTTPS is signed data

The Right of Exit

Even nerds do not want to run their own servers

One of MetaMask’s first design differentiators from the dominant player before us (Mist) was something that Moxie described: the introduction of a trusted source of blockchain data (Infura) instead of requiring every user to self-host an Ethereum “client”.

I think this revealed a fundamental truth about what wallets are, and it’s that wallets are portable

If a wallet is just a tool for trusting someone else, then who needs a blockchain? Why not just have a bank? I think part of the answer is “right of exit”.

Maybe your bank is fine, and credit cards serve you, so the notion of digital money is unbelievably stupid sounding to you. If you’ve had your account frozen because the bank didn’t like where your money was coming from, you might have a different perspective on it.

I think a lot of web3 ethos lives right in here. It springs from a patchwork of deep wounds from a lifetime of being betrayed by seemingly every centralized institution that ever gained our trust. The most extreme stance is that this means the infrastructure must trust nobody, but upon hitting the impracticalities of that approach, I think accountability is a surprisingly strong second-best option.

While MetaMask ships with Infura, we’ve always allowed users to choose their own blockchain connection instead. I

You might ask: Why in the hell would a business choose to make it easier to opt-out of themselves? I think we can just think of it as a feature. It may not be a feature that every user demands upfront, but it’s a feature that if we can adhere to

There Are Viable Alternatives to the Centralized NFT Index

we know that “hitting a centralized index for your possessions” is a flawed strategy

A better solution is to make asset detection a client-centric act of consent. Most wallets allow adding custom tokens. Via EIP-747, MetaMask also allows a site to suggest a custom asset to the user’s wallet, and so the user’s wallet becomes the index of assets, no central server needed. We intend to do something similar for NFTs

The Role of the Wallet

Until a couple of years ago, I think people didn’t take wallets seriously, and thought of them as super thin software that ideally does nearly nothing, a bit like Moxie describes in his article. I think some of us at MetaMask thought similarly when we started out.

I’ve come to see the wallet’s role as enormously large, instead. So large that it’s at dangerous risk of bloat and massive re-centralization if it isn’t managed carefully. In particular, while the full node may be “providing all the data”, the wallet is the tool that helps the user give informed consent

The challenge for a web3 wallet is that the user can consent to arbitrary actions from turing-complete applications. This makes getting informed consent much harder. Ideally, every sensitive action would initiate a coherent, user-readable confirmation.

When the kinds of consent a user might give are constantly evolving, there are a few ways a wallet can compete: It can either specialize in a sub-domain of the ecosystem, and try to absolutely master it (Be the best DeFi wallet! Be the best Cosmos wallet!), it could try to be a generalist (what MetaMask does today, which can make many individual use cases feel under-served while facilitating general experimentation),

or maybe there is a way to invite our vast community to help expand and define the definition of wallet, in a way that is as permissionless and free as the web itself. That’s why MetaMask has been working on the Snaps extensibility system

The point isn’t “web3”, it isn’t “decentralization” for the word’s sake. The point is developing tools that allow us to leverage computers to collaborate more effectively. It’s about accountability and choosing for ourselves what to trust.


Edited:    |       |    Search Twitter for discussion