1,171 comments

[ 1.2 ms ] story [ 391 ms ] thread
All: this is quite an interesting article. It deserves much better than the tedious flamewar that this topic has routinely been converging to, so let's give it a go.

If you're going to comment, please focus on specific, interesting things in the article that you're curious about.

Please don't post generic, shallow, obvious, indignant, and/or dismissive comments—those are repetitive and predictable, we've had more than enough of them, they're tedious, not what this site is for, and we don't need more.

https://news.ycombinator.com/newsguidelines.html

This is not what I expected from Moxie. A writes very good account of his experience trying to do some dapp / NFT stuff. He eloquently draws attention to the problems that are based in human behavior.

Definitely worth the read. Both sides of the debate could elevate their arguments if they ponder what Moxie has written.

> Both sides of the debate could elevate their arguments if they ponder what Moxie has written.

I appreciate that he fairly tried these different things out and reported his experience. But I don't think he has noticed anything particularly interesting or novel.

It's common knowledge that the plentitude of blockchains out there now make compatibility between them almost impossible. This is how Bitcoin "maximalists" came to be in the first place. If reputation and trust is the game, it defeats the purpose to have a million different blockchains.

I've known Moxie to often be right. And I think he happens to be right about this.
I'm perplexed with him writing this piece and, at the same time, adding crypto based payments to Signal...

Has he written anything on Signal and payments?

I don't think there's necessarily any contradiction. This is a critique of the Web3 paradigm (crypto all the things) and not cryptocurrency itself for say, payments.
Yeah I read the article more as a list of valid suggestions for a nascent industry. Not an attempt to suggest that crypto is going to disappear entirely.
> at the same time, adding crypto based payments to Signal...

Damn, and just when I'd been thinking how much I like Signal.

The goldrush when Keybase added crypto completely ruined what had been a pretty good tool.

Moxie is no fan of decentralization. And he made why very clear with concise and incisive arguments.
His argument here is that web3, as it exists today, isn't actually decentralized. Also:

> These technologies immediately tended towards centralization through platforms in order for them to be realized, that this has ~zero negatively felt effect on the velocity of the ecosystem, and that most participants don’t even know or care it’s happening. This might suggest that decentralization itself is not actually of immediate practical or pressing importance to the majority of people downstream, that the only amount of decentralization people want is the minimum amount required for something to exist, and that if not very consciously accounted for, these forces will push us further from rather than closer to the ideal outcome as the days become less early.

Per the post, he's in favor of decentralization that "uses cryptography (rather than infrastructure) to distribute trust," he's just skeptical that web3 will head in this direction.

No, the issue is that he is against a decentralization generally.

He opposes it for Signal.

And his arguments in favour of centralization are flawed. Sure, regular people do not want to run their own (email, chat, etc) servers. But they DO want to be able to chose from a handful of available servers the one they like best (or the one they trust most), without losing connectivity with their contacts. Tired of Google's shenanigans, move from Gmail to Protonmail, tell your contacts your new email, set up an autoresponder, all is fine. When you move away from a centralized silo like Signal, you'll have to move all your chat buddies with you to a new platform.
If you read the section "Recreating this world" it addresses this pretty directly
Directly, and not convincingly at all. He presents just one use case, which, coincidentally, is the only one that casts the service he runs in a really good light. There are other use cases, like several email users leaving Gmail altogether, escaping from what he calls "the worst of both worlds". And his alternative? Using the centralized service (preferrably, the one he runs), because, he promises, this one will be totally different, aha.
Some people say they want this, but in practice, why you should trust someone you've never heard of?

Network effects aside, consider the difficulty of deciding that the people behind a fork of Chrome or Signal are trustworthy. The average person doesn't have the knowledge to do due diligence, and many of us who could (in theory) don't want to bother.

How do you get to the point where people think your team of software developers is legitimate? Decisions like this are based on what everyone else is using.

One reason that app stores serving sandboxed apps are popular is that you don't have to evaluate each software developer's organization just to play their games.

> consider the difficulty of deciding that the people behind a fork of Chrome or Signal are trustworthy.

Yet web users did decide that the people behind Chrome were trustworthy, even when there were still sites claiming to "work best in Internet Explorer". You're arguing that something is unrealistic, and yet you give an example of that thing actually happening.

> The average person doesn't have the knowledge to do due diligence

The average person knows that Facebook is bad for society, and yet they are tied to the platform because of a lack of interoperability. A minority of users have accepted the switching cost and moved to Fediverse instances, but I think it's not controversial to suggest that more people would switch to Facebook competitors if they could stay in contact with their Facebook friends.

This is a really interesting breakdown of web3 (or as he calls it later on web2x2). I haven't dove into the world of web3 yet but it does seem incredibly ironic that there's already seemingly a large amount of consolidation around platforms to make web3 more accessible to people. This is good for early adopters and artists who are generating wealth during the gold rush but I don't think it's good for "web3 the idea" as a distributed protocol.
It feels like there’s alot of get rich quick types involved (is a gold rush as you say) but over time the decentralised principles will play out
This

> After a few days, without warning or explanation, the NFT I made was removed from OpenSea (an NFT marketplace)

Then

> What I found most interesting, though, is that after OpenSea removed my NFT, it also no longer appeared in any crypto wallet on my device. This is web3, though, how is that possible?

How indeed:

> You don’t own “web3.”

> The VCs and their LPs do. It will never escape their incentives. It’s ultimately a centralized entity with a different label.

> Know what you’re getting into…

> https://twitter.com/jack/status/1473139010197508098

Please don't degenerate into flamewar.

https://news.ycombinator.com/newsguidelines.html

How is that a flamewar? Literally talking about the content of the article.
You started from the article and headed straight for a highly repetitive flamewar trope. That's just what we're trying to avoid.

Would you mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of this site more to heart? You unfortunately have a history of violating it, and we're trying for at least a slightly better quality of discussion here.

I have to disagree like others are doing. There was nothing wrong with that comment. I've avoided this entire post so far because after reading the entire article, I was left with a distinct "huh, this looks like a pyramid scheme run by idiots and that may even include somebody I previously respected", which is pretty much what NFTs and most of digital cryptocurrency are.
The comment consists of "This", "Then", and "how indeed", followed by the biggest recent inflammatory tweet on the topic. That is not an interesting or substantive comment. Many users in this thread have posted far more substantive things. HN is for that, not this.
I think the thing that swings it for me is that I wasn’t previously aware of Jack Dorsey’s view on Web 3 and while I don’t share his extreme position on it, I did find this comment useful and informative as a result, especially given Jack’s very unique position and viewpoint in the industry.

Is linking to an inflammatory tweet the same as posting a directly inflammatory comment?

I still think the comment was acceptable. Not the most substantive, but not deserving of moderation.

I know it’s a very fine line to tread. But I come to HN to read all viewpoints - even those that might be on the outer edges.

I agree that the comment might have seemed more interesting if you hadn't seen that tweet before, but that's an illusion for several reasons. First, the tweet has been repeated often enough to have achieved informational heat death (I get that you hadn't seen it, but that's an anomaly); second, it plays on a tedious flamewar trope in its own right; third, the comment didn't add any information.
Over the weekend I spent a bunch of time looking into web3 and I've come to the conclusion that effectively, this entire thing is a bujnch of clown cars and we're not obliged to provide comments that provide information (IE, it's not even worth the effort explaining why everything about web3 is a pyramid scheme/sham run by cryptobros). I'll generally try to avoid even commenting on such threads, but just be aware: large swaths of HN think this is dangerously bad stuff. My guess is HN wants to promote these conversations because Y-combinator invested in cryptocurrencies and wants to hype demand.
You are obliged to post better comments, no matter how little you feel you owe 'clown cars' or whatever, because you owe this community better if you're participating in it.

The idea on HN is: if you have a substantive point, make it thoughtfully; if not, please don't comment until you do.

Btw, that has nothing to do with YC investments. It just has to do with trying to have an internet forum that doesn't suck and doesn't burn itself to a crisp. That's our job here and it's hard enough already without piling something extraneous on top.

It isn't.

Re Dang: straight from your link, "Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something."

Personally, I found the comment insightful. I don't have all the time in the world to sit and pick something apart. Make no mistake, the smart tl;dr of HN are what gives HN any kind of value. Without that, may as well just use RSS and Reddit. I'm already subscribed to Moxie, came to HN to see what intelligent people have to say about it given that I am no longer a Signal user, and am anti-cryptocurrency in its current iteration, but pro-decentralization, which makes Moxie quite an interesting choice for me to want to actively follow the thoughts of as we feel differently about many important topics.

There is no binary black or white to be established with abstract, complex topics like these.

If it was any kind of bait, it was bait to discuss further. That the whole USP of Web3 is supposedly ownership and anti-censorship, and what's happening appears to be opposite is definitely something we should be discussing.

What's the point of comments on HN if we can't use them to discuss? It's a commentary on somebody's opinion—with opinions.

Perhaps if you don't like opinion pieces then you should simply ban them via these rules? I think HN's content might end up a little thin on the ground in that scenario though.

Worth noting is what "guidelines" actually are, they're not rules. If you would like them to be enforced as rules, and expect people to treat them as such, start calling them rules or ToS. But in that case, expect far less interest in HN if you aren't going to permit open discussion.

Have a good weekend, Dang. Hope you and yours are healthy and happy.

With the greatest respect, I disagree with this reading of the parent’s comment. It doesn’t seem particularly inflammatory to me? Or at least enough to warrant this call out…

It’s expressing a strong view yes, not necessarily one I disagree or agree with (I don’t know enough on the topic yet to take a view), but this doesn’t seem to blatantly break the guidelines.

If it wasn’t for the superb track record for what I view as quite impartial moderation on HN, I’d worry that the mention of “VC” here was a trigger for moderation…!

(comment deleted)
If you read why indeed, it is because metamask calls the OpenSea API.

All one has to do is call a different API for the same information. It's not like it was actually gone

Really great article, it's so nice to read a nuanced article on such a flame war topic.
The first article on Web3 that I've read that drills into the details and was written by someone who's not only kicked the tires but taken the thing for a spin. And the conclusion: It's mostly the bad stuff of Web2 combined with the bad stuff of Crypto.
Exactly,and it's also intentionally misnamed as web3 as if it's an inevitable extension of current internet practices, rather than a scifi buzzword fantasy of a small pocket of investors (or small to moderate hedge of larger investors).
A deep dive into this stuff is certainly useful. The question is, of the people who were offended by shallowness of people saying "this is obviously garbage though I can't be bothered to investigate it", how many will say "ah, so here's a thorough, technical and soft-spoken explanation why this is all garbage, thanks".
I find these articles to be a lot like criticizing tcp/ip because Facebook exists.
I think you are over-simplifying the conclusions of the article. The article presents a much more nuanced view, and while it points to certain limitations and deficiencies of Web 3.0 (and that only on the Eth part of it; we are in a multi-blockchain world now), it also points to several strengths of the growing ecosystems, and mostly comes across as humble; not knowing how its all going to turn out.
Yes - a bit over-simplifying I admit. And Moxie said that it's "early days". However it turns out, it'll be fun to watch.
To be fair Moxie says it's only "early days" in the sense that the technology has failed to advance, since of course a significant quantity of time has passed since inception.

   In some ways, cryptocurrency’s failure to scale beyond relatively nascent engineering is what makes it possible to consider the days “early,” *since objectively it has already been a decade or more*.
To be fair, (and I am by no means a fanboy), blockchain's decade isn't that long of a time.

Look at the history of the internet: https://en.wikipedia.org/wiki/History_of_the_Internet

The use of technologies is not always obvious or immediately successful.

I'm just addressing the misconception re: Moxie's apparent position.

My personal opinion is that the internet solved problems from day 1 and its growth was largely constrained by the deployment of physical infrastructure. Blockchain is not similarly constrained - it just doesn't really, you know, do anything for anyone. The proof will be in the pudding.

Advancement in this space is going to be very non-linear.
I keep reading that there are a ton better blockchains than eth, but then it seems that all dapps continue to use just eth, even at the cost of insane gas fees. Why is that?
I would say network effects. It’s where the users and devs are.
(comment deleted)
This article helped me understand why OpenSea was able to raise money at a $13 billion valuation. They're even more centralized than I had assumed. VCs look at that and see an impressive moat.
Concise, well thought out analysis by a cryptographer on Web3. If you believe in Web3, then you shouldn't dismiss this out of hand as a hater. He truly tried to understand how it works by actually building dApps. And the holes seem glaringly obvious.

What you should do if you believe in Web3, is take this as constructive criticism and improve so that they holes are no longer there.

This is a really well-thought-out, nuanced take. I really appreciate mixture of "but there are still servers", not being able to stop a gold rush, and (refreshingly) the technical take on the implementation details.

It stands in such stark contrast to other content. For example, a web3 chat app announcement I saw yesterday [1]. I even joined the Discord to learn more and just found...hype.

I found this parenthetical to be amusing:

> (visualizing this financial structure would resemble something similar to a pyramid shape)

Pyramid-shaped financial setups indeed :).

[1] https://twitter.com/MessagePartyApp/status/14791510011813765...

The centralization of apis (infura, opensea and ethscan used by metamask) is the biggest problem. I could be wrong, but I don't think we've seen that fast consolidation in other early tech. I remember in the late 90s there were a number of search engines but no one really owned the space. Only 20 years later did Google emerge as the winner and is (IMO) by far the best in terms of relevant results. But that didn't happen overnight, and there wasn't a search engine dominating 90% of the market within a few years of the beginning of mainstream acceptance.

How hard is it to create a competitor to infura? MetaMask should be incentivized to do this as they're core offering is controlled by one party.

[edit] Never mind, metamask and infura are owned by the same company (ConsenSys). It's even worse than it appears...

It's really not that hard (or even expensive) to run your own.

Here's[0] an example doing it on k8's. I had something similar running on GCP in a couple hours. It's been running for a month with no issues.

0 - https://messari.io/article/running-an-ethereum-node-on-kuber...

But one of the main points of article is that people don't want to run servers, developers included. Even being easy, letting someone else do it will always be easier.
How many (large) companies, governments, etc... run their own email servers? If there's a strong enough need, people will run their own servers even if they'd rather not. "people don't want to run servers" arguably could be rephrased as "people don't have a reason (today) to run their own servers". I'd argue this is a key difference between web1 and cryto centralization and the web2 centralization. If Google announced tomorrow that anyone can buy the gmail contents of any gmail address, you'd bet a lot more individuals would either switch to alternatives or start running their own severs.
> How many (large) companies, governments, etc... run their own email servers

Every year a decreasing number as everything moves to SaaS and the cloud.

> How many (large) companies, governments, etc... run their own email servers?

Office 365 financials alone suggest that the answer is "very few, and rapidly decreasing". I work for a ~30k employee technology company that doesn't run it's own email servers.

Should be pretty easy to find the top 100/1000/10000 companies and look at their MX records.

I’d imagine it’s a large number of Office 365, GSuite by Google and Barracuda/ProofPoint which may point to a SaaS thing or an internal server.

But the question was how hard is it to run a competitor to Infura. And the answer is trivially easy. Infura is just an Ethereum node API that's publicly exposed. Building an Infura competitor literally is nothing more than $100/month it costs to run a Geth node on AWS.
This is true today. But the standard approach in this industry is to start by offering access to an open service and then quickly build in value-add services that aren’t available in the open service. So for example, the smart move would be for Infura to offer a proprietary chain or rollup that gets widely used but isn’t available outside of Infura. If they can pull that off, competition could get much harder.
I second this. If history has thought us anything is that every web3 company will work toward increasing the competitive gap.
Right, this was my point. People don't usually run Postgres themselves (e.g. set up Postgres in a docker container), but it's not very hard to do.

The article makes it sound like Infura has a moat. There's no moat, it's as easy to switch as it is to switch Postgres clouds.

To be clear, I agree with most of their findings, this on is just a bit off.

> People don't usually run Postgres themselves (e.g. set up Postgres in a docker container), but it's not very hard to do.

It's easy to do a basic install.

It's quite hard to do it right, at scale, with workload-appropriate configuration, replication, backup etc.

My point... neither Postures nor Indira, or any other blockchain solution are easy to install and maintain in a fully scaled-up, fault-tolerant, multi-node deployment

As someone who has run nodes, no it is hard and expensive. Every time a geth node dies it has to resync and no persistent volume mounts and stateful sets are not solutions. They are problems. If you need to scale horizontally you get strange consistency issues with the API. All of this makes for a very unpleasant experience. It's built for TLC on a beefy box not a herd.
What version of geth were you using? How many CPUs? When one of my geth nodes dies, another spawn without issue.
And that's the rub. The new node doesn't have the same state as the old one. So clients making requests assuming that latest is the same start having problems. If you haven't seen them you just haven't been running a production quality service.
In a discussion about people not wanting to run their own servers the fact that your first instinct was to use GCP is telling.
> I don't think we've seen that fast consolidation in other early tech

I actually struggled with this point throughout the article. I'm not sure I see this as a parallel trend toward centralization like we saw with web2 - but rather that this is how software is built today and this is what we're comfortable with. It doesn't seem unnatural or problematic to me that we will start with something that approximates the world around us today and move toward the decentralized end state that apologists are hoping for.

Why would we ever move toward decentralization? It is almost always easier to have at least some central point of control in any distributed system, even the Internet (IANA, RIRs, etc.). It is also very difficult to remove a centralized control point after a system is already deployed, especially if the system supports heterogenous clients (as it is likely that some clients will be slow to switch to the new design, and many will make bad assumptions about the system architecture).
decentralization in the blockchain world is really to provide security and interoperability by emulating centralized services. So essentially it looks like a centralized service, but it's more secure than a centralized service.
From a cryptographic perspective, centralized and decentralised services are equally secure. From a user perspective, blockchains are less secure as there is no authority you can approach for chargebacks

The point of blockchain was removing trust from a single person and spreading it around over a network

> From a user perspective, blockchains are less secure as there is no authority you can approach for chargebacks

This actually proves the point that security is relative. There are instances when I would feel more secure when an outside party can refund my money, say when the seller never ships the product I ordered. There are also times when I would feel less secure with chargebacks, like when I sell something on eBay and the buyer files a complaint with PayPal after taking delivery of exactly what they ordered.

Security wasn't an original goal of bitcoin. Privacy, anonymity, and immutability were, though the first to were lost a decade ago and immutibly is pretty well solved but also the primary cause for so much wasted resource consumption.

> There are instances when I would feel more secure

Your comparative examples make no sense - you like refunds as a customer and hate refunds as a vendor.

Surprise, surprise…? I mean this is already the case in web2/fiat.

It sounds like you did understand my two examples, not sure how they could have made no sense. The two scenarios point to competing ideas of what "secure" would mean, and my point was that security can't be a goal because its relative
can you explain how web3 solves your issue?
Oh it doesn't, I haven't found any value in web3 yet. I may just be missing something, but I still don't get what problem web3 can solve that isn't solved easier with web1 or web2 technologies.
> From a cryptographic perspective, centralized and decentralised services are equally secure

That’s just not true

> Why would we ever move toward decentralization?

for all of the reasons that web3 apologists are excited about decentralization. I'm not really one of them, so I'm not going to advocate on their behalf, but lots of people are very excited about this.

> It is almost always easier to have at least some central point of control

I don't think anyone is going to argue that decentralization is the easiest solution.

I agree that it's hard to remove this point of centralization once it's there. My guess would be that, if this goes the way many are hoping, new places emerge over time with increasing levels of independence from these central providers.

There is a point to be made here that is an important difference between web2 and web3+centralized apis. On the latter companies do not have lock-in of the data, which provides a big incentive to not be evil. the moment someone can make a case for bad play they have the advantage to shift the market to a different platform. Unfortunately this is not so easy on web2 because of the data that locks users on those platforms.
This is probably the best argument I have seen in favour of web3
> the moment someone can make a case for bad play they have the advantage to shift the market to a different platform.

As we have clearly seen with OpenSea and rampant fakes, copies, plagiarism etc. Oh wait...

I don't think making all data public is the best solution for preventing companies from selling my data, or withholding it from me.
> There is a point to be made here that is an important difference between web2 and web3+centralized apis. On the latter companies do not have lock-in of the data

This is only true of the data stored on the blockchain itself. As described in the article, that isn’t anywhere near enough to replace the centralized systems being billed as “web3”, and it’s completely unworkable for data which can’t be public, which is updated frequently, or which needs to be deleted. Combined with blockchains being unavoidably quite expensive and slow, and the challenges of standardizing protocols while the competition is shipping it seems quite unlikely that this will change.

It doesn’t reduce lock-in meaningfully if Google were to continue to store and process all of your data but now you’re using an outside authentication system. I’m sure they would love, however, the way “web3” makes their job of tracking users so much easier.

Deletion and/or non-public is an interesting problem. Obviously, you can store it encrypted and delete the key, but advances in compute and algorithms might render that encryption breakable.

For data that needs to be updated, all you need is an override mechanism, which sounds simple enough.

Storing it encrypted also means you have to ask what happens if the key is leaked — for example, if I tried to sell movies that way rightsholders would be unlikely to accept a system where you could pay $10 and then give the decryption key to all of your friends, leaving me no way to revoke it.

For updates, you can definitely replace things but that's expensive if you have to pay a transaction fee regularly and it could quickly get to non-trivial storage sizes if you have to store obsolete versions in perpetuity, especially with non-trivial metadata overhead.

Distributed storage does not make any difference for lock-in with a centralized API. For example, imagine a system for storing photos on some distributed system and a popular, centralized web front-end for users. Now what I will do with the centralized front-end is to give users a "value-add" by encrypting their photos, thus protecting their privacy, and better still I will use my proprietary key management technology to relieve end users of the various problems with losing private keys. Lock-in achieved, and all you accomplished with distributed storage was to outsource the maintenance of the storage infrastructure.

We already see this with blockchain payments. The vast majority of merchants who accept cryptocurrency payment do so through a service that manages their wallet and typically offers some kind of value-added features to lock them in. There is no reason to believe the same will not happen with Web3, if it is not happening already.

This discussion would benefit from a Ramsey, graph, random matrix person to expound on "random" graphs as seen in nature. Nodes with n edges in, 1 out are around but not without some centralization. Surely not robust?
But why would it do that though? I’d like to hear a falsifiable theory of how that would happen, because as of right now it’s not happening, and no one seems able to explain what big thing is going to change. If the biggest part of the change (using the blockchain) isn’t causing the dynamic to shift, what future change will?
To me the argument here is because it's easy. Even if the interaction layer is centralized the underlying tech is decentralized so everything can easily be validated and that's the key difference.
But as noted in the article, that's not the case. OpenSea stores data that then isn't on any blockchain, like royalties. That's done as just a regular web2 feature, a database on OpenSea's backend.

So no, it can't be validated, and it can't be migrated.

Royalties is a funny example because a) they’re being standardized, see eips.ethereum.org/EIPS/eip-2981 and b) royalties are entirely opt-in. You can happily transfer NFTs without having to pay royalties if you forgo an exchange that respects them.
But there will be other features over time, that would not be standardized. As per article centralized platforms progress faster than decentralized standardization. Switching cost will grow.
That’s literally one of the most salient points of TFA: protocols move dog slow and provide too little too late, platforms iterate fast and give people what they want right now.
I think he touched on that in the article. The masses are trusting the centralized API, not the blockchain. His NFT exists in the chain, but not the API, so it effectively doesn't exist in the eyes of the market.
Kinda sounds like RSS and Google Reader, and how did that work out?
That feels like an argument that could be applied to web2 too though, and it falls apart there too: It’s never been easier to spin up some servers and whip up a basic social media site or search engine or online store, but it’d still be hard to displace Facebook, Google or Amazon. The problem isn’t with the ease of starting a competitor, it’s the psychological and social forces that cause people to prefer having one default place where they can go for a certain thing.
>and move toward the decentralized end state that apologists are hoping for.

Is there any evidence that this is actually happening? It seems rather backwards! Is the maximalist argument here that these companies are going to build out all this infrastructure, move the global financial system onto it, and then rip it apart and rewrite it to be entirely distributed afterwards? Why? If the point is to be distributed, wouldn't they want it to be distributed first?

Where are the blockchains with full-fat clients that can actually run on normal mobile devices? And if they actually exist, does anybody use them? Like, for normal, actual uses, not "shilling this app makes my portfolio go up 300% before I dump it on some clueless bagholder, to the moon rocket emoji rocket emoji".

> Is the maximalist argument here that these companies are going to build out all this infrastructure, move the global financial system onto it, and then rip it apart and rewrite it to be entirely distributed afterwards

I haven't heard anyone articulate this as their vision lol. I would think they distribute the systems somewhere between trading monkey JPEGs and actually moving the global financial system onto it.

As to why start with it centralized, it's easier to get a POC working with the systems and conventions we have in place today than alongside rethinking all of the infrastructure at the same time. Work on the UI, trade some stupid goods that finance the development of these distributed systems, etc. I just don't understand the argument that this whole thing will or should be binary. Huge migrations like that fall over all the time. Gradual rollouts take longer but are generally safer and in this case probably the only option.

"You should check out my new car company, ThreeWheel. We're completely revolutionizing the business of getting around. The key innovation is that our cars have three wheels. This reduces tire cost, improves aerodynamics, and reduces rolling friction. Our three wheeled cars are the future of all wheeled transport!"

"Okay."

"But our prototype has four wheels, as a temporary prototype to test out the technology."

"That doesn't seem like it tests the technology very well."

"I don't see why you're quibbling about the details. We've sold thousands of ThreeWheels to people who are very enthusiastic about living in a three wheeled future!"

"You've sold four wheeled cars to people who want three wheeled cars?"

"They then resell them for tens of thousands of dollars more than they paid! They're ecstatically happy! Nobody is bigger fans of the three wheel car future than our customers."

"Even though these cars, the cars they purchased, have four wheels."

"Well, they could remove one wheel later, if they wanted."

"Would that work?"

"Oh no, absolutely not. You couldn't drive it at all, then. It would be much worse than a regular car. A lot of work remains to be done to gradually transition current ThreeWheels to a three wheeled form. We plan to send robots to each customer's garage to cut sections from the frame and re-weld them together. Then we need to swap out the steering rack, re-route the driveshaft, change suspension components, brakes..."

"That sounds hard."

"Yes, we think it will take hundreds of changes over years to move current generation ThreeWheels to a three wheeled mode."

"Instead of just building three wheeled cars today?"

"Wow John Cena bought a ThreeWheel and posted it on his instragram! My collection of ThreeWheels is going to explode in value! I love my job!"

I'm sure this is funny but a much better example would be the Prius and electric vehicles.
Was the Prius ever intended to be an evolutionary step toward widespread EV adoption?
Not GP but I have to say I love getting 50mpg in the city and having the same range as any gas powered car. So I don't quite see how Prius is a better example than the awesome analogy made above.
The Prius had user benefits right away.
This example is not good. Hardware has a much different release cycle than software. Once you sell a car, you can't simply release a hardware update.

99.999% of internet software is built iteratively. Even programming languages and operating systems have versions. This argument about needing everything to be decentralized from the beginning is exposing bias because it's not a logical conclusion unless you're bent on antagonizing web3.

Even most DAOs start out centralized and slowly become decentralized. This is expected. You don't want to go full decentralized until everything is stable.

> Even most DAOs start out centralized and slowly become decentralized

This is also how democratic governance works. A core group of “trusted” leaders makes decisions that are ratified by elected representatives. It is then disseminated through the various layers of governance and implemented in a distributed fashion.

I thought you were going after Aptera and Arcimoto for a second and I was wondering what they had done to deserve to be associated with that debate…
Why would the global financial system move to a blockchain?
If key financial institutions had more trust in a blockchain than in the Federal Reserve, and the European Central Bank, and the Bank of England, and maybe the Central Bank of Japan to hold an account of their assets.
Do we have any reason to think that would be the case, or they’d enrich the early adopters of one of the existing blockchains by using it rather than creating their own? Central banking doesn’t need to pay the overhead for trustless anonymity since all of the participants are known and have ongoing working relationships.
The crux of the article is that the front-ends are all routing calls through centralized APIs to get their message included on the blockchain. Infura and Alchemy don't do much. They just pass a JSON-RPC message to an Ethereum node running on their servers. There is some additional indexing services they provide, but there are many open, decentralized alternatives for that such as TheGraph Protocol. And it's not unfeasible for an application to run its own Postgres instance to index data from the ETH blockchain.

As for full-fat clients on normal mobile devices, the main issue is the data requirements. Running a full node can take hundreds of gigabytes. It is possible on light hardware. People are running Beacon chain nodes on Raspberry Pis. But you do need the storage and that tends to be scarce on mobile.

Meanwhile, the Ethereum core devs are aware of this issue and are actively working towards it. They shipped the Altair hard fork this year that has adds sync committees which make it possible to do without needing the whole chain history (using merkle trees): https://github.com/ethereum/annotated-spec/blob/master/altai...

The light clients to follow from those improvements are forthcoming but here is one in progress: https://our.status.im/nimbus-fluffly/

It's almost as if there's only the bare minimum decentralization needed to avoid regulation and taxation and the rest is good old fashioned centralized web apps.
So "decentralized" doesn't necessarily mean "no servers" it means "the servers don't matter". If Infura went down tomorrow, nothing would be lost, because Infura was just hosting something anyone could have hosted. You want to be the next Infura? You just download the same code they did and run it: Infura isn't holding any state. If Facebook goes down tomorrow, everyone's accounts and all of their data is destroyed.
> If Facebook goes down tomorrow, everyone's accounts and all of their data is destroyed.

Facebook stores data with replication. I’m not sure which scenario involves FB being wiped off the face of the earth, while retaining blockchains.

Regardless, your comparison makes no sense. It’s like comparing a recursive and authoritative DNS server.

“Goes down” could be substituted for a lot of things, for example, “becomes evil”, “disables API access”, “arbitrarily bans you”.

Lots of developers including myself have had things break when Twitter decided to abandon its liberal approach to APIs. There was no alternative endpoint I could just point my app at.

> “Goes down” could be substituted for a lot of things

For clarity, you are now arguing a tangential point.

> Twitter decided to abandon its liberal approach to APIs

I just don’t understand the comparison between Twitter/FB to a blockchain.

Are crypto maximalists arguing that social networks are only about the database itself and access to it?

> There was no alternative endpoint I could just point my app at.

The article already has a great example about this not working as intended - opensea removing his NFT from their API despite it existing on-chain. And every NFT viewer using the opensea view of things than the chain’s view.

> For clarity, you are now arguing a tangential point.

I don’t think I am; all these fall under GP’s first sentence; I took “goes down” in the next sentence as one example, WLOG.

> Are crypto maximalists arguing that social networks are only about the database itself and access to it?

I can’t speak for crypto maximalists (I’m probably as skeptical of this stuff as you are), but I think the best argument is that the existence of a viable off-ramp forces the centralized player to be a good actor. Similar to how many open source projects are very centralized, but the possibility of a fork (like mariadb) is enough of an incentive that it’s rare for a project to screw up so badly that a fork can gain steam.

FWIW, you aren't (arguing a tangential point to me): I didn't say "one of Facebook's servers goes down", I said "Facebook goes down". Companies go out of business or simply get tired of operating product lines constantly. I can sort of appreciate the idea "well maybe by goes down I just meant temporarily", but then I think one needs apply that to the entire sentence: if it goes down permanently, the accounts are no longer usable permanently (aka, "destroyed"); and, if it goes down temporarily, the accounts and data are no longer usable temporarily.
Surely development of the full fat clients will lead to the required innovations to provide light, mobile clients for blockchains that are properly distributed.

I agree there are many scams but we really are in more of a research period with regards to the tech. The research will continue through the hype cycles.

Tally is a community-owned, open-source fork of MetaMask. From first impressions it looks like it will also solve some of the issues brought up in Moxie's (excellent) blog post, i.e decentralizing the node-> NFT->wallet Metadata routes.

Regarding the immutability of NFT image pointers:

Some emerging solutions to this issue are:

Use ERC2477 (DRAFT). This allows you to have some control over the metadata to ensure the name is as you want it. Note that this will require you to implement a zero-knowledge proof or a JSON parser on-chain which validates the new metadata.

Use 0xcert Framework. The 0xcert framework is specifically designed to provide metadata integrity for ERC-721 tokens, it uses a different hashing technique (Merkle tree). But it requires you to use the same schema across metadata versions. Ceramic Network is doing some interesting work on schema coordination amongst other things.

https://ceramic.network/

https://tally.cash/community-edition/

There are voices within the space that have been talking about this issue for many years. There is at least one project which aims to use economic incentives within the design of the protocol to mitigate. Check out Saito.
Metamask lets you enter your own RPC endpoints
Don't get me wrong its good that the option is there, but short of coding and operating your own full node Metamask will still be trusting a centralized third party
You don't need to code a full node. It's software than you run via a cli interface
If the goal is to remove trust in a third party you would either need to code or verify the software before running it. Short of that and you still have to trust whoever coded it and all the distribution infrastructure that let you download it.
There's more than one codebase though, and having more is something commonly talked about.
More options is good for sure, but doesn't solve centralization or trust concerns

The level of centralization is a spectrum and I don't mean to fall into the trap of describing it as all or nothing. The question is how close to decentralization web3 is or can be, and my concern with regards to picking your own API endpoint is just how similarly it is to the original point Moxie was making with regards to there only really being two API hosts in use

I'm not sure I understand, running a full node requires some consumer hardware and a few days. And most infura usage doesn't even need a full node, so it's easier to run.

The API is the same, swapping out for another node is just a config change

> running a full node requires some consumer hardware and a few days

There are monthly utilities and regular maintenance as well. Networking could also be a problem, you'd really want a static IP and an unlimited high-speed network which isn't always supported by many home ISPs

> And most infura usage doesn't even need a full node, so it's easier to run

I don't know as much about the protocol details of infura. Have they found a way to verify transactions with a partial node? That'd be huge if they have, regardless of what happens to the current NFT platforms!

Many projects have chased pruning, but it always seems to get stuck when people realize that means adding trust into Tue system since you can't trace back to the genesis block

Perhaps I'm mixing up terminology but by full node I mean an archive node as that has larger hardware requirements.
You can enter the rpc endpoint for your own self hosted node too
> The centralization of apis (infura

> How hard is it to create a competitor to infura?

Infura is merely hosting nodes for you and exposing their JSON RPC endpoints. They did not _create_ the API.

There's already plenty of competitors in that space. QuickNode and GetBlock for instance, if you want mutualised/managed nodes. You can also host your own node yourself, or use e.g. AWS Blockchain to host it for you, or even use the public free hosted nodes that most blockchain project provide. It's just a Metter of trade-off between cost, time and security.

If you are using JSON RPC APIs (which most people do) there is nothing that locks you to Infura or any other provider.

> If you are using JSON RPC APIs (which most people do) there is nothing that locks you to Infura or any other provider.

How do you switch to another provider in Metamask?

When you open metamask there's a dropdown in the top right. It lets you choose which network you're using, and defaults to "Ethereum Mainnet". If you hit the "Add Network" button you can configure which server your metamask talks to.
As other comments mentioned, you can change your endpoint in metamask.

Also, metamask is not the only wallet there is... Some dApps only accept Metamask buts it's becoming rare. Most dApps implement multiple alternatives, like WalletConnect, which is more of a dapp/wallet protocol, which allows you to use any wallet software.

How many people switched default search in Google Chrome from Google ? Probably less than 1%, because the overall Google market share is 91%.

Unless there's another equally popular extension, not made by Consensys the presence of that option is irrelevant.

How many more switched it to Google from Bing from Microsoft Edge? Google having 91% market share is an effect, not a cause; they have it because their product is the best and does what I want it to 91% of the time.
If Google’s market share was only a result of a superior product then they wouldn’t feel compelled to pay Apple billions of dollars to be the default search engine on iPhones. Defaults matter.
> The centralization of apis (infura, opensea and ethscan used by metamask) is the biggest problem. I could be wrong, but I don't think we've seen that fast consolidation in other early tech. I remember in the late 90s there were a number of search engines but no one really owned the space. Only 20 years later did Google emerge as the winner and is (IMO) by far the best in terms of relevant results. But that didn't happen overnight, and there wasn't a search engine dominating 90% of the market within a few years of the beginning of mainstream acceptance.

> How hard is it to create a competitor to infura? MetaMask should be incentivized to do this as they're core offering is controlled by one party.

> [edit] Never mind, metamask and infura are owned by the same company (ConsenSys). It's even worse than it appears...

Currently working in the space (graduated from doing systems-level . My hot take is what is considered a "full node" can potentially use significantly less resources. The base word size is 256-bit (size of SHA256), most is either 1s or 0s, the entire raw Ethereum blockchain is roughly 350 GiB uncompressed, probably can be much better with zstd compression on multi-core. Let's just quietly ignore that most is not using an assembly-level optimized implentations of uint256 arithmetic operations. Also all the current clients (a) afaik run transactions single-threaded, and (b) no on-disk compression, (c) at best use mmap relying on OS level paging even though you're going to have 32-byte random reads invalidating entire 4K or 16K pages out of ~3TiB of read/write space. I'm more than certain execution can be ran speculatively using STM (software transaction memory). I seriously doubt that most Ethereum transactions within a single block have that much r/w contention if you were to execute them in arbitrary order in parallel. Basically application level speculative execution (except you know the ending hash ahead of time, so you know of the ending state is valid or not). Anyhow...

What is your point? Sounds to me you're just regurgitating technical mambo jambo that doesn't realy have any relation whatsoever to any of the points quoted!

Are you trying to say that by optimizing a node's software, people will be able to run a full node on their devices?? That's patently false currently, even more if the technology actually goes viral one day (small system-level optimisations simply won't scale to compensate for the fast increase in the blockchain size).

I would argue consolidation and centralized elements are inevitable, the promise of true decentralization is like socialism: a promising theory but failed application.
The fundamental problem with decentralisation is that it will always be less efficient than a centralised solution due to the overhead necessary for coordinating the system. This means increased costs of some nature. In order to justify those costs, the decentralised system has to add a sufficient amount of value compared to the centralised solution. And not only is that usually not the case, but, as Moxie points out, it is usually the opposite, because a centralised system can iterate more quickly.

And that is also true for the crypto/web3 world: Outside of some niches, it does not add any value. Almost anything it can do, existing centralised technologies can do better. The only reason they haven't so far is that most of these things are not terribly useful to begin with.

This is the exact argument for authoritarianism over democracy. Centralization is easier and often cheaper, but you have to trust the group in charge completely. Even then, the collective loses out on innovation and new ideas because only a small subset of the population is in a position to change anything.

Centralization is often a short term win, decentralization is a long play. Unfortunately, we almost always seem to chose immediate gratification which is why we see decentralization abandoned early, and why we see democratic freedoms being replaced by authoritarian control.

This is what representative democracy with an executive function is for. The government / executive acts without the need of democratic micromanagement, but is subject to popular oversight through a number of mechanisms.
Even in the case of democracy, you have to put trust in the sovereign.

And whenever the sovereign enforces a law, the person facing the enforcement will consider it tyranny. It’s a known paradox of the power we, the people, grant to the sovereign.

A thousand times no. A true democracy earns trust through the integrity of its institutions: executive, legislative and judicial, and the respectfully balanced and constitutionally limited powers they share.

Never in a sovereign.

democracies are highly centralized.

delegation is not the same thing as decentralization.

democracies and authoritarianism are both centralized, the difference is that one is a cooperative model, the other one is not.

My point wasn't to draw a direct line between democracy and a decentralized network. I just thought it was important to point out the risks and potentially short sidedness of giving up on decentralization because its slower and more difficult. That line of thought leads to more authoritarian control, and that's never worked out well for the average person in the long run.
I don't recall that argument in practice. In Kazakhstan just now for the leader has recently used the argument "Those who don't surrender will be eliminated" which seem more common than "centralization is easier and often cheaper" as far as I can tell in such situations.
I was speaking generally not to any one authoritarian. I can't imagine many, if any, authoritarian leaders would be using the "it's easier and cheaper" argument when grabbing more power, but its a very common argument used in more general and philosophical debates.

Look into any of the writings that led to the USSR and you'll find it all over. The goal was total government control would be the best way to optimize resource allocation. They were making the case that Soviet communism would win out against fascism because they could make everything faster and cheaper.

I might be crazy, but reading this I imagine a blockchain based temporary democracy: full proof-of-whatever correct voting scheme choosing a temporary centralized “government” with measurable goals to move the system to eventual decentralization.
This is actually one of the few uses I know of that I have a lot of hope for. I worked on a digital voting system in college a decade ago, we were researching accessibility concerns mainly related to visually impaired voters. The voting industry in the US is just as much of a tire fire now as it was then but it could easily be improved.

A blockchain based voting system with each state acting as a PoW validator could actually work. The main challenge is how to centralize key distribution in a way that is accessible to everyone without compromising anonymity. If anyone knows your public key they know exactly who you voted for in every election.

The fundamental problem is that problems with centralized platforms are attributed to centralization, and thus decentralization is seen as the answer. This is entirely false. Centralization and decentralization are just words that have an objective definition. Neither is inherently better than the other and choosing either as a solution to your problem is entirely context dependent. Anyone that has a stake in crypto / web 3 conveniently leaves this crucial piece of information. E.g. it's a different solution to the same problem, not a _better_ solution the same problem. Having options by itself can be a valuable use case, but I'm afraid the gold rush is not driven by the excitement for having options, but rather for the excitement of becoming rich quick.
Do you know of any financial structures or corporate structures that are not pyramid shaped?
Only looming at financial and corporate systems is a seriously limited pool of data. There are non profits, collectives, employee owned businesses, etc that are not a hierarchical structure but I don't think they would fall into the pool of financial or corporate structures.
(comment deleted)
(comment deleted)
fwiw I follow a lot of crypto people on Twitter and 0 of them are following this message app, it has 700 followers and you decide to jump into the discord? To me that’s like getting a random email about a product and saying “yes tell me more” I’m not sure what you are expecting.
(comment deleted)
This article seems like it neatly encapsulates and explains why I've subconsciously held off from jumping into the Web3 space.

It might be confirmation bias speaking, but I don't think I've seen anyone lampoon Web3 so thoroughly, and it's nice to have some well-reasoned explanations for why I feel the way I do.

EDIT: A further thought: this article is the first I've read on Web3 that feels like it's actually important and I'm looking forward to the discussion. Are there any real counterpoints to be made against his reasoning?

I don't think this article "lampoons" web3 in any way.

While the article is on the whole critical (but not completely), it did not do so using sarcasm, ridicule, or irony.

lampoon: publicly criticize (someone or something) by using ridicule, irony, or sarcasm.

Hmm, you're quite right. Poor word choice. Perhaps 'skewers' would be more appropriate.
Eviscerates. This is a vivisection. We can see how it works, but this kills the frog.
I guess as some counterpoints:

I kind of agree in some ways but i think he underplays the critical point that you have an option for voice and exit from the forming centralising forces (which do get established because people like convenience/reliability/familiarity) without sacrificing your data or belongings, you can leave without losses. That is a critical difference.

His nft is delisted from a platform and his wallet calls the api of that platform. That sucks, up till now we have "too bad you got delisted from this platform, all your content is gone". But that isn't the case here, his contract is still on chain, and will work with anyone who calls it. He can still get all the data, there are other wallets, you can run them in your terminal if you like, or you can set your metamask to use your own - or someone elses - node (instead of infura). There is a choice. There are things like TheGraph making distributed indexers/search engines and something like that will replace opensea as the main nft api (if they arent building it themselves).

Add to this the more recent developments of light clients, which are coming along great and which allow us to run in-app/in-browser direct connections to the chain for calls/transactions without needing infura or a third party node.

> Personally, I think enough money has been made at this point that there are enough faucets to keep it going, and this won’t just be a blip. If that’s the case, it seems worth thinking about how to avoid web3 being web2x2 (web2 but with even less privacy) with some urgency.

Absolutely agree. there are a lot of people in this space who have made enough money to spend the rest of their lives pursuing their interests in it, and they will. It isn't going away and we should engage with making it as good as we can. Will it be a big thing in ten years? who knows, I can say that everyday I interact with protocols, work and vote in daos- 4 years ago those things were in whitepapers as a possible idea, but now they are reality. What will we see in the next 5?

We can absolutely bring better privacy too. Layers like aztec are working on exactly that, and zero knowledge proofs and other forms of commitments (sismo) are exploring how to do that. I think a lot of people in the space follow the ideal of "privacy for the individual, transparency for the institutions". We will get there.

> We should accept the premise that people will not run their own servers by designing systems that can distribute trust without having to distribute infrastructure.

i sort of agree with this, we can accept that full nodes will be ran be organisations, businesses, and nerdy individuals who also have their own funkwhale instances and homelabs. those commited to the ideals -> same as home email servers or mastodon communities.

but we can also find ways to distribute infrastructure to bring resilience to those who dont think much about these things and just want to use an app. (again with things like light clients replacing api calls to third parties). so that we care for the non-committed users and make sure the points of fragility are lessened as much as we can.

I think a lot of his criticism is valid, but it also kinda falls flat on what is being built. It is a surface layer "i'll be a web3 dev for a day" overview and response. So it reads like if i followed a tutorial on neural nets in python then complained that my car still cant be driven by ai. Those of us in the space are well aware of all of this and it is all being worked on, but people unfamiliar read it as some kind of smackdown, which isn't helpful either.

I'd be much more interested in his thoughts on Whisper/Waku and messaging protocols, tradeoffs in validity/volition/optimistic rollups, distributed indexers, etc. He is smart enough and involved in similar things to just take that extra step to the dev forums and discussions and maybe give meaningful, helpful critique. I'm not sure what resp...

Thanks for the detailed and comprehensive writeup. I think you make some very valid points that help to understand some of the context that he elides.

> everyday I interact with protocols, work and vote in daos- 4 years ago those things were in whitepapers as a possible idea, but now they are reality.

This is a pretty important point. He states that it's not really "early days", but if this is the kind of momentum we're talking about it feels like it is early days still. You don't see this kind of innovation in a stale field.

> I think a lot of his criticism is valid, but it also kinda falls flat on what is being built. It is a surface layer "i'll be a web3 dev for a day" overview and response. So it reads like if i followed a tutorial on neural nets in python then complained that my car still cant be driven by ai. Those of us in the space are well aware of all of this and it is all being worked on, but people unfamiliar read it as some kind of smackdown, which isn't helpful either.

This is the money quote for me. Just because there are issues currently doesn't mean that they won't ever get fixed.

My takeaway is that this subject is a lot more nuanced than his article is claiming, and although he's certainly right in a lot of his criticisms, that doesn't mean Web3 as a whole is doomed to failure.

It also does make me reconsider the movement as a whole. Sure, there are bound to be golddiggers, but that doesn't immediately render the whole concept invalid.

> Even nerds do not want to run their own servers at this point. Even organizations building software full time do not want to run their own servers at this point.

I want this to be wrong.

Broadband providers make it very difficult to run your own server. Server construction is also in a very bad place as well, so this has spread from consumers to companies. There are just too many externalities from all of your vendors that are left to you to solve and that opens up space for a small number of companies who have people who work on those problems as a full time job, amortized out over X vendors and Y customers.

Until or unless that changes, a bunch of things I'd like to have happen won't happen. I should be able to pull files from my home computer when I'm stuck in an airport in Paris. That was the original promise, but we ended up with something else that has a lot of rent-seeking involved.

I think there are a few people working on the servers problem, probably nowhere near enough, but Broadband companies are also largely to blame for this. I'm not sure if Starlink or municipal broadband that is run like power and water, are ways out. But what we have isn't going to work, and consolidation is just going to get worse and worse until someone fixes it.

Groups like DappNode are doing good work here. You can buy a nuc from them with their os installed and then pick from a list of apps to install (owncloud/ eth nodes/ ipfs pinner/etc) and it handles the messyness of dyndns/openvpn/updates and all of that. Anyone can contribute docker packages with their markup for people to install new programs. I’m working on a funkwhale port so I can pull my music back locally and not digital ocean
> That sucks, up till now we have "too bad you got delisted from this platform, all your content is gone". But that isn't the case here, his contract is still on chain, and will work with anyone who calls it

Well, it is still "content on a platform", which is Ethereum. If another blockchain comes into existence and most people say that this new blockchain is the source of truth for digital ownership, your old NFTs are worthless, because nobody cares about old Ethereum.

The same is true for wallet apps. If 90 % of people use one specific thing (OpenSea) and think that only this thing is the source of truth, it simply doesn’t matter that your NFT is technically on the chain.

The sense of ownership and the value comes purely from where the attention is right now – and this being the internet, everything can change.

Compare this to the physical world. Here, the attention and trust is in your local laws. If this changes, you can lose ownership (government seizing properties).

The solution is actually to acknowledge that there is no ownership without society.

With Ethereum, people want to build another society, again based on trust/attention. That society has not much overlap to the physical world.

It is not much different than any group of people doing a thing together, like say, an open source project, a clan in EVE or whatever with the only difference that web3 enthusiasts think their hobby has some link to the real world.

> We’d all have our own web server with our own web site, our own mail server for our own email, our own finger sever for our own status messages, our own chargen server for our own character generation. However – and I don’t think this can be emphasized enough – that is not what people want. People do not want to run their own servers.

I must be stuck in the past.

It's true. No one wants to run an arcane, buggy, insecure, wonky POS that needs constant patching. This is really a failure of software and shoving all that up a level into the cloud is not fixing anything. At least with your own hardware you can nuke it and start over from scratch. With your own hardware (and disks), you at least know where your data resides.

We live in a time where you can get a 4 TB NAS for essentially nothing. You can drop a 8 core, 32GB RAM server on top of that for less than $1k. I don't know what other people's scaling needs are--who knows, maybe they need to serve 100 PB?--but it's a mind blowing amount of computation. Most people can probably serve their silly websites off that. If you can't handle your own email load on a server like that, I honestly have no idea what you're up to.

I kind of do want to run my own ones of those things...but I know (with today's software) I'd hate it. Because even after all these years, it kind of terrifies me, the metric shitton of stuff I have had no clue how to do, and I know is way over complicated...because everything is way overcomplicated.

This smells like the classic "you can build your own Dropbox easily" comment. Just because it's technologically feasible doesn't mean people want to do so.
Note, I didn't claim that. I'd love to put a box in my house next to the cable modem that did all that stuff in a manageable, understandable way, that wasn't some underhanded subscription service that is going to try to squeeze me in the future or whoops my data amongst its constant, silent upgrading itself. But alas, no such box exists, and the software components that would go in that box seem to need constant babysitting and arcane configuration. Worse, it seems like all those overcomplicated things keep having critically bad security vulnerabilities and I'm just wondering what the actual fuck is wrong with having a damn thing on my computer that receives my email and serves a webpage.
Yes. Just because it's possible doesn't mean it's easy.

I'd love to see appliance-level servers become standard, but you'd need Google or Apple to throw their weight behind such a thing to make it usable, since decades of server software/hardware development has failed to produce things that require less-than-professional-level users.

I'd love to buy an off-the-shelf box for my network, have it act as a back-end for all my Google cloud-based apps and email and serve my blog and my photos and automatically encrypt and back it all up to a cloud storage system. But none of the big players are interested in that kind of thing, and the small players can't create replacements for the entire Google or Apple or Microsoft server/client architecture.

I run a homelab, and also run a shared server for a few folks.

The hardware is easy. The software can be easy (if you let it). The things that are tricky:

1. Getting different software to all play nicely from the users perspective. I can't even give my users SSO because most software doesn't accept reverse proxy authentication!

2. The gap in average computer skills. Some of my users are engineers, most of them are not. My average user needs help with password resets, remembering URLs and very basic tasks. "Upload a file" is a _difficult_ task for the average user.

3. Feature requests and keeping maintenance reasonable. A lot of my technical users will ask me for feature after feature.. but not put in any time or effort to set things up or maintain. I'm one person and I set a hard cap of how much maintenance I'll do in a week, and that is a big limiter of stuff.

I have toyed with just charging my users a bit per month and hiring someone as a basic tech, and honestly more of my users would rather pay a monthly fee than actually work on the servers themselves.

> 1. Getting different software to all play nicely from the users perspective. I can't even give my users SSO because most software doesn't accept reverse proxy authentication!

It sounds like you're referring to something specific here but I'm not understanding. What kind of software doesn't play well with SSO? And what is reverse proxy authentication? Do you mean give users SSO as in give them an account on an SSO system like Google/Okta/LDAP or do you mean use SSO as authentication for a web app you're running? Even if in the latter case I still don't understand what you mean by reverse proxy authentication or what that has to do with SSO. (I've set up SSO on my apps before and I've run SSO auth servers.)

SSO is short for single sign on. It means users have only a single login across all the parts of the system. That can be something like "Login with Google" or it can be they just have a single local user account that works everywhere.

A really efficient way to make SSO work is to allow a reverse proxy to do all the work. A reverse proxy is a webserver (such as nginx or traefik) which receives all incoming requests and then hands them off to the correct bit of software, such as Plex or Heimdall.

Reverse proxies do lots of things but they help glue different pieces of software together. It allows you to have "http://plex.example.com" and "http://heimdall.example.com" on the same server as a for instance.

You can also have the reverse proxy handle authentication. Users get redirected to sign in if they don't have the right cookie and when the proxy forwards their request it includes headers that give the username, email, etc to the underlying software.

This way instead of both Plex and Heimdall having to support a bunch of different sign in options, user management, password resets, etc all that is done by the reverse proxy. Your software just has to trust the reverse proxy and get it's data from the headers.

His point is that a majority of people don't want to bother with the cognitive overload of running a server. Just like you could build your own car, very few want to. Often they don't even care what kind of car they have. As long as it can get them from home to work and back again without killing them.
I mean, I get that. I have a mailbox on my house. Letters come to it. I don't think about it too much. Bits come to my house all the time but somehow those trillions of computations keep flubbing this basic functionality.
Yeah and I think the point here is that the cognitive overload is unnecessary.

Most people don't want to build their own car but most people would rather own their own car instead of rent one every time they need to go somewhere. In the server world, the options are to build or rent, there's no real option to just buy one that works already. Even having to set your rear view mirrors and seat position is worthwhile, even having to check tire pressure periodically is worthwhile, to continue the car analogy. If we could buy a box that we plug into the wall, and have simple minimal maintenance and setup UX, like a car, or even like a desktop or mobile device, is not impossible. But it doesn't really exist.

Are you talking about physical On-prem systems or just buying a basic ec2 type server and renting some storage space? Because wouldn't the first one require a specific business line to an ISP for networking, which would require an office space and other associated costs? Or are you referring to renting a vanilla server and rolling everything yourself vs using some automated deployment and build pack system?
I just did a speed test and got 175mbs up. That is ridiculously fast and i don't have an out of the ordinary home internet connection. Entire data centers use to run on internet connections slower than that.

A mac mini, ups, and that connection is plenty to run any kind of server for personal/family use.

U didnt answer my question at all. Also running a public facing server for any commercial out of your house is not recommended and may not even be allowed by your ISP
I don't want to maintain my own mail server, but I definitely want to run my own server.

The irony is that modern internet infrastructure makes decentralisation _more_ feasible, but software lags behind. Why can't I buy some device for 200€ or so where I store all my data and I receive email? (with the cloud being used only for optional encrypted backups). One can even imagine a decentralised social network running in these devices, with my friends getting updates by polling it periodically (or my device sending updates to their devices). The device would be powered 24h/365d, and if it breaks you just replace it. When I'm out of home, my phone apps would just query the device to get new mail and updates.

We shouldn't really _need_ the cloud for many things yet we use it for everything.

You can't receive email this way because your spam filter wouldn't work; Gmail's works because they can see what's being sent to multiple people at once.

You can't send email (reliably) locally because other email servers don't trust you like they do Gmail.

I think they key is: despite regular people not wanting to RUN their own server, they do want to CONTROL their own server. Current incumbents treat your data like tier asset, not like custody.

This is because you pay nothing. The beginning of regular people having empowerment begins by paying some fee to own the product.

None of the regular people I'm familiar care about their data at all. If you use any of the popular social media apps (Twitter, TikTok, FB/Instagram, Snapchat), then you can't really claim that you care about your data, and most of the people I know use those apps on a weekly if not daily basis.
> If you use any of the popular social media apps (Twitter, TikTok, FB/Instagram, Snapchat), then you can't really claim that you care about your data

That's not true. I don't use any of those, and I understand the huge toll it has on my ability to participate in stuff. Many conversations happen only on Twitter or Facebook, so it's perfectly possible to "care about your data" and still, as a necessary compromise, use those services.

You’re going to run into a problem right off the bat: Your home network is likely behind a NAT and has an IP assigned by your ISP that can change at any time. You’ll need to tunnel through a server in the cloud somewhere (or use a tool like ngrok that tunnels through a server in the cloud). And now that proxy server is “really” the server, because if the business providing the tunnel decides you’re using too much of their bandwidth, they can throttle you, and if you don’t want to get throttled you’ll likely need to pay by the GB/month for a premium tunneling service. You could make your own tunneling service with an EC2 instance, but it’s the same difference: You’re paying AWS, and the EC2 server is now your “real” server.

As far as I can tell (and I’ve looked pretty hard) there’s no good way to run a website from your house without tunneling unless you have a very unusual house or a very unusual ISP.

Take a look at Tailscale and open-source alternatives.
Just looked it up, this looks like a tool to let you and your friends create a “private internet” using a VPN. Which is cool (I could see a bunch of uses for this, like SSHing into my home computer while I’m on the go), but I’m talking about the ability to expose a device on your home network to the public internet.
One approach is to use a public proxy + tailscale VPN, https://init8.lol/expose-web-services-at-home-via-tailscale-...
Yeah, but the public proxy is exactly the thing I’m trying to avoid. If we’re talking about hosting a static site like your personal portfolio, then once you put a proxy in front of it, you might as well just host the site where you’re hosting the proxy. My complaint is that there’s no way to host a website from home without either paying for a cloud VM to proxy traffic or paying a company who uses a cloud VM to proxy traffic.
I don't like that when an actually good successor to web2 comes along it won't be called web3 because of this bullshit that they call web3.
Well the flaw being they claim it is decentralized when it really isn't. How can a blockchain based web be more decentralized than what I run on my vps? In any case, all the things I read about this cryptoweb technology screams bullshit (and scam/moneygrab - possibly by investors).
Well, this is already the second web3, (the first being semantic and micro-formats) so maybe we can just use it yet again?
As much as I hate cryptocurrency as-it-exists, I'm very much into its potential. Untraceable (eg Monero) digital cash that settles instantly? That has the potential to disrupt societies.

The problem is that most societies don't have a particular need of being disrupted, so people are perfectly content paying with their credit cards, and why shouldn't they be? The UX is better and the banks are fine as long as they don't piss off a too-large portion of the population.

Still, I would love it if I could use, say, Nano (as it has very limited PoW) to pay for things instantly and securely. I'm hoping a miracle happens, but I don't think it will, or it would already have happened.

Untraceable digital cash facilitates crime, money laundering and tax evasion.

None of these things are good for a stable democracy.

Pretty much any additional freedom facilitates crime.
And perfect law enforcement means a stagnating society. Think where we would be now if gay people were discovered and punished instantly as soon as they kissed a person of the same sex, or interracial couples were punished as soon as they started dating, etc.
You mean like paper cash?
Cash isn't untraceable, it has serial numbers on it.
What is the real problem underlying such crimes?
> Untraceable (eg Monero) digital cash that settles instantly? That has the potential to disrupt societies

With where the world is with Debit/Credit cards and all other trackable digital payments, the world going back to untraceable physical cash could have the potential to disrupt societies (people should make sure to put their phone/watch/entire car in a faraday cage so their cell phone providers don't have real time access to where they spent their untraceable physical cash)

As an engineer, I feel like this single post helped me better understand Web3 and how it worked under the hood better than any of the heavily hyped Discord and Twitter announcements of new projects over the past year.

It's interesting how tightly coupled Metamask is to all of the other big crypto / NFT marketplaces. Feels like the "distributed web" portion of it has just been an over-exaggeration all along.

MetaMask is a wallet, its not ingrained into any blockchain, your free to use alternatives, and many protocols don't support it. The centralized aspect of a chrome app and marketplace like opensea is very well know issue and talked about a lot in crypto, the problem of course comes down to lack of education, which is apparent in this very post.
Can you point me to where this insightful discussion happens? And where can I educate myself? 99,99% of content and forums I find online about crypto only care about promoting coins, nfts or services basing only on futuristic visionary promises, hyping up the users and attempts at FOMO. It's almost literal spam. This is the first time I read something that just explains how thing works from a technical standpoint and what challenges are there.
Its almost entirely done on crypto twitter. You follow the builders and they talk about this stuff. Tweet threads are terrible but that is where the good information is.

Twitter is frustrating in that the good content is buried and if you follow the wrong people they just spam your feed.

Its a constant battle to keep the signal to noise ratio of your feed high and the right people to follow constantly changes.

I got into web3/crypto (hate both those terms) Twitter a few months ago and it took a very significant amount of time to find the signal among the noise if you will. Twitter’s algorithms heavily favor engagement which in turn favors “influencers” who lack a lot of technical knowledge and peddle hype. I can see why curious skeptics are so quickly turned off, but there really is a gold mine of good discussion out there.

@das_connor is an awesome follow. He works for Avalanche (which I believe will be a massive player in enterprise blockchain adoption).

Who are some of these people in your experience?
I agree about Twatter being difficult. And it is time consuming. Some projects have decent Discord channels. It depends on the devs and community there.
It is quite difficult because indeed everyone has a profit motive to shill. The only way I could get a good read on anything was by experimenting with the tech.
Some of the most interesting tech focused people I've found on twitter:

- @VitalikButerin

- @Hasufl

- @ePolynya

- @gakonst

Can see who they're following as a launchpad into the more interesting ecosystem

The Daily Thread on https://old.reddit.com/r/ethfinance has a number of folks who are in it for the the tech and generally some pretty good takes on protocol/ecosystem tech. It is better than any other crypto subreddit I've come across.
David Lancashire has given numerous interviews on the subject of Ethereum's issues around node operation.
People are certainly free to use alternatives, but if they aren't spinning up their own nodes what will they be using, another centralized node service? Most people aren't going to run their own node and for good reason, its expensive and profitless. Sure a cryptographic/economic layer on top of Ethereum could incentivize people to run nodes and have users pay for decentralization, but at the end of the day people will use Infura or a competitor because it is cheaper, and when these companies control who gets transactions they also influence who can make blocks.

Ethereum is fundamentally flawed in this sense - it only pays for mining (and in the future, staking). The work of routing and storing data is done by the most prolific miners and businesses reliant on Ethereum to keep it from collapsing; there is no sustainable model where a decentralized cohort of nodes can run Ethereum without fundamentally changing how Ethereum pays for infrastructure.

Seems like you (and a vast majority of HN including Moxie) is tying web3 to several centralized front ends (Metamask/OpenSea).

I saw this back in the 90's when a lot of people thought the internet was "Internet Explorer".

And that's one of Moxie's points: how exactly is web3 supposed to be avoiding the centralization that occurred on the web, when it's already at that point.
Ethereum light clients will make it trivial to verify the state of the blockchain and interact with it without also having to store the entire blockchain.

The nice thing is that you can depend on Infura for now, but if they ever attempt to be dishonest, you can easily switch to hosting your own node or light client. The cost of moving away from these centralized services is pretty low.

I think this is “the point”. This is like saying you can switch away from GMail by running your own mail server. People don’t want to run their own mail server.

Will the ethereum light client run in metamask with no configuration? I’m afraid anything short of that is too heavy.

Yeah, you just change the RPC URL: https://docs.metamask.io/guide/rpc-api.html
I don’t think changing the RPC URL exec’s an ethereum light client.

Extending the mail server analogy, updating the MX record does not exec a mail server.

He's saying that configuring MetaMask to work with a light client is as easy as changing the RPC URL. The light client still needs to be installed/configured separately.

Ideally, as Moxie suggested, MetaMask itself integrates a light client into its wallet, so that it becomes the default configuration.

The idea of light clients is they will be bundled inside of apps/websites/extensions. So yes running a light client will be easy because it’s just happening in the background of the app, replacing the api hopping we do now with direct call/response to the chain.

So for metamask they would replace the calls to infura with a light client instead. Easy. They’re probably a year away from adoption, this year will accelerate development as it’s something lots of us want.

I don't think that's a reality yet though. ETH 2.0 hasn't happened yet.
It’s not the same as web2. These web3 frontends don’t have moats or lock-in like Facebook or Google, because they don’t actually control the data. The data they serve is all from public ledgers. You can switch off of Infura in a second by changing your RPC url.
The problem is that they control distribution – the only thing that matters. You don't need to own the data if you own the eyeballs/mindshare.

For example: Spotify doesn't own any music copyrights, yet they own 32% of the music streaming market. The second best is Apple at 16% ... which also doesn't own any of the music.

https://www.statista.com/statistics/653926/music-streaming-s...

It's a little different than Spotify. Spotify still controls the means of distribution while the data sources for "web3" are public/decentralised (in most but not all cases). Rather I'd compare it to Google Search and AMP. The data is still accessible and there are alternatives (manually routing to the sites themselves or using other search engines) however the main path to the data is gatekept by a centralised source (Google) which is routing all the requests through their servers (AMP) instead of using the underlying protocol.

It's still a severe issue but it's a much simpler solution to simply build competitors for a tool accessing an open platform than it is to build a new platform entirely.

Yes, web2 incumbents control data and they control distribution. I agree with you there!

aside; sometimes I feel like I’m taking crazy pills because for the last decade or so on HN we’ve been talking about how Big Tech has monopoly control over everything, how they’ve destroyed privacy and monetized eyeballs and engagement to the fullest. And now that a potential decentralized competitor is emerging, the kneejerk reaction is “why not just keep using <monopolistic centralized surveillance ad platform>”?

(I understand why, cryptocurrency is the whipping boy of the week, and it’s full of scammers, I get it! But I’m not going to pretend I’m happy with the existing crop of centralized services.)

> “why not just keep using <monopolistic centralized surveillance ad platform>”?

The question, for me, is actually "how is this any different than <monopolistic centralized surveillance ad platform>”?

Because I still remember high school and how every single one of these monopolistic centralized platforms sold itself to me as "Come to us, we represent a new free and open society unencumbered by stodgy authorities!".

You know, the exact same rhetoric these new web3/crypto companies are selling. Sounds like Animal Farm all over again to my skeptic ears.

Remember when Twitter was the future of decentralized discourse free of government tyranny where you can organize political protests free of oversight and manipulation from your local govt? Hell it's a big part of why arab spring worked!

I hear you! And I remember.

Every startup that goes big eventually becomes the thing they were supposed to obsolete, because all the incentives point that way. Moats!

I hope that this time is different, because we can now deploy code that is ownerless and immutable. Kind of a cool property if it catches on.

>> The question, for me, is actually "how is this any different than <monopolistic centralized surveillance ad platform>”?

You can send a transaction from A -> B using Bitcoin (or another cryptocurrency) without it being censored by any government. Can they see your transaction? Yes. In that case, use Monero (or the upcoming Railgun). Comparing crypto to any of the above is quite a stretch.

Twitter may have failed in it's promise, but right now, crypto/blockchains/web is a massive improvement. They may not be perfect, but they are trending in the correct direction. Like the parent post, it's shocking to me the 180 that HN has done in this regard.

> Like the parent post, it's shocking to me the 180 that HN has done in this regard.

Is it all of HN that's changed, or just this thread? There are probably a lot of ppl commenting on this article that don't bother to comment (or maybe even read) many other web3 related articles.

> "Come to us, we represent a new free and open society unencumbered by stodgy authorities!".

I don't pay a lot of attention to the complaints, so I could be wrong, but it seems like when ppl complain about Twitter they're just as likely to complain about them being too unencumbered as they are about them restricting too much.

Do you actually think blockchain tech is remotely competitive with the big platforms? Blockchain payment systems have had more than a decade to become popular and still are not even remotely competitive with the big payment processors. Most of the world will only read about "Web3" on some news site or blog, then ignore it because it does not even come close to meeting their needs.

Consider how many people post something on Facebook in a single day, and now consider what it would take if each post had to be replicated across tens of thousands of independently operated systems. Big tech companies scale in large part because of their centralization, which allows them to coordinate large numbers of physical machines to efficiently provide service to their users. You may not like the ads-centric business model but on a purely technical level it is pretty clear that the big tech companies have a big advantage in terms of operating their infrastructure, and overcoming that advantage is not going to be easy for any distributed system.

I personally prefer to focus on mitigating/preventing abuses by a central authority/component of a system, which almost always results in a far more efficient and reliable solution that trying to eliminating all centralization.

> Do you actually think blockchain tech is remotely competitive with the big platforms?

Right now? Absolutely not, web3 is pure jank right now. I’m just trying to see where the puck is headed.

> I personally prefer to focus on mitigating/preventing abuses by a central authority/component of a system, which almost always results in a far more efficient and reliable solution that trying to eliminating all centralization.

How do you do this? How do you take Facebook to task? The only entity that comes anywhere close is France maybe and those fines are just a slap on the wrist.

I was referring to technical solutions, not fines or regulatory measures. For example, before Bitcoin cryptographers published a mountain of research on designing secure and anonymous electronic payments, but relied on a central bank that issued and redeemed the money. The bank was constrained mathematically so that it could not link user transactions, unless some subset of users had cheated in some way (double spending). So there was a central party but certain forms of abuse were impossible, and those systems were overwhelmingly more efficient than Bitcoin or even a proof-of-stake approach ever could be (this is because transactions are "truly" peer-to-peer, meaning that only two parties do any work at all when a payment is made or when money is withdrawn from or deposited with the bank; moreover the work required to perform transactions amounts to verifying a few signatures/NIZKs). Another example is the use of oblivious RAM for secure cloud storage, which both protects user data and ensures that "most" of the access pattern (everything but the number blocks of data a user has accessed) remains private. There are also many examples of real-world deployments of secure multiparty computation that limit abuse by large/centralized parties in various ways while still allowing those parties to operate and even expand their business (without having to collect more user data than they already collect).
The issue is that HN is a bubble.

End consumers don't care and that will always dictate adoption.

Also because people are complaining - doesn't mean that this specific implementation of decentralisation is the right one and that's why it gets so much pushback. A mere difference of opinion, but mostly because parties who claim to work in the name of decentralisation are there to grab the cash and push the narrative that it is actually to relief the society of evil organisations - so far its rather about wealth re-distribution as usual...

Control of distribution is a problem, but control of data makes it much harder for users to switch away from them and use a different distributor.

>>For example: Spotify doesn't own any music copyrights

It has licensing agreements with numerous record labels.

Agree, owning data makes it harder to switch.

A counter example here might be Twitter and Facebook. You can export all your data just fine, but it’s useless anywhere else. Because the reason you’re on Twitter/Facebook is that everyone else is there. They own the distribution of your connections making the data itself useless without them.

True, you can export your Twitter data, but a competitor to Twitter cannot access the entire set of user data that Twitter has access to.

The real differentiator is that with Web3, the data is open, so providing an alternative is as simple as providing an alternative front-end.

What threatens the promise of Web3 are the issues that this article brings up, with decentralized projects not being able to iterate as quickly as centralized ones, leading to proprietary elements becoming the standard for some aspects of widely used Web3 technologies (like NFTs) and establishing a moat for the centralized platform that owns that element.

How does this handle data schemas? Perhaps I’m thinking too much of an RDBMS schema but for Twitter for example. If decentra-Twitter stores my data in some schema (say a hard-coded “pinned tweet” column that only supports one) then is everyone else stuck with that forever? Or could they extend that to include, say, multiple pinned tweets?
I don't have the experience with smart contract development to have an informed opinion on this.

My guess would be that others could extend the protocol, but the challenge would be to get the extension widely adopted.

For example, ERC20 is the primary token transfer protocol on Ethereum, and there are various new token transfer protocols that are supersets of ERC20, and add useful new functionality, but they have not yet gained the widespread adoption to become useful the way vanilla ERC20 is.

> but a competitor to Twitter cannot access the entire set of user data that Twitter has access to.

True, but they could make it very easy for users to transfer all their data, which makes it possible if they could convince everyone to do it mass. So the real problem is that it's not realistic to convince everyone to move; the network effect is too strong.

AFAICT, OpenSea et al have the same first mover/network advantage. The record on the chain of a url "belonging" to someone has approximately zero utility without the edifice they've built on top

The web3 providers mentioned are the most popular, but they do not control distribution. That's the whole point. Anyone can distribute the data on the blockchain with no clear legal repercussions unlike with music where you will get sued for distributing music without permission.
While in theory you could change your RPC URL, in practice what difference would it make? At least IPFS offers some form of integrity checking through its generated hash. But there's no way to say, for example, that I karrot_kream at time T fetched a URL pointed to by NFT N with contents C. As demonstrated by Moxie's changing NFT and eventual deletion by OpenSea, who _knows_ what will happen to it? It's possible to at least build cryptographic attestations of fetching a particular NFT (and even maybe placing this attestation on-chain, to have some NFT "provenance" going on) but there's really not that much work going into it right now. That's the critique.
Changing your RPC url will make no difference because you’ll get the same result either way. Any service that lies about the state of the chain will quickly be jettisoned like so much carbon dioxide.

The bare minimum for a reputable NFT is to publish the contract source code and use immutable storage. That’s the first step of due diligence in the space.

All of this stuff is super fluid and non-standardized because it’s still super early and everyone’s trying to figure out how it ought to work.

> All of this stuff is super fluid and non-standardized because it’s still super early and everyone’s trying to figure out how it ought to work.

I understand this and I'm certainly sympathetic to it. Folks are also trying to figure out how to actually stuff art on-chain which I'm a fan of. I'm very familiar with the NFT standards because I was involved in some of the discussions with it. The amount of money this space is seeing though given how fluid representation in the space though, leads to Moxie's other critique, that this is being fed with a gold rush trying to find liquidity for hoarded crypto. I know that builders can't control what these speculators do but it certainly adds pressure for builders to either take the money or operate at a disadvantage to builders who do.

In regards to keeping the art on-chain, the immutability is a real problem. What happens when someone stuffs illegal data/images on the blockchain? Once a bad actor sneaks trade secrets, doxxing material, or CP onto the chain, it's there forever. By design, deleting data from the blockchain isn't possible.
OpenSea lied about the non-existence of the jpeg-swapping NFT he minted. They removed it from their API responses because they didn't like it. Do you think they're about to be jettisoned? Or will people largely not care because they actually like the centralised nature of OpenSea with its TOS and extra features and with no viable alternative that doesn't require running your own server?
Consider also "what's the point of an uncensorable block chain if the API servers can become untrustworthy and refuse to the serve the data?"

If OpeanSea can blackhole / cancel / hide a NFT on a whim, what does that say about the viability of hosting other services that access the blockchain through similar gateways?

Additionally, if such services can preform those actions, what does that suggest about the viability of financial instruments and company governance accessed through those or similar services?

Yes, this is FUD. I believe it is quite reasonable FUD.

That’s fair. I was talking about canonicalized chain state (hence RPC), not consensus about what constitutes spam.

I agree that OpenSea should not have final say in this regard, as clearly that is not decentralized. I would be interested to hear if anyone is trying solve this at scale.

Github relies on a distributed storage architecture (local git repositories on developers' machines) and in theory anyone can take a project from github and duplicate it on gitlab etc. In reality nobody bothers and a project hosted on github will remain exclusively hosted on github and nowhere else, and likewise with other git hosting services. For the most part nobody cares if the data is hosted on a distributed system or a centralized one, because the overwhelming majority of users will rely on the front end. Changing RPC urls is not as easy as you might think, especially for systems that are widely deployed and have heterogenous clients (which in theory would be the case if Web3 ever took off, which I personally doubt).
And, as the article suggests, if there is some new feature that Github can enable (integration of git commits with an issue tracker or CI/CD integration come to mind), that will happen in a vendor-specific way on Github, not in the Git protocol. So, then you immediately move back to the world of platforms.
Few people bother because every git commit is cryptographically signed and every git repo is inherently replicated. It doesn’t matter if you use a centralized service or not as long as you can rely on SHA1 (and sha256 is coming…) Git is almost the ur-blockchain in this respect, hardly an argument for centralization.

Also, fuck Microsoft.

I keep my projects on GitHub for discoverability and the reputation provided by stars, whatever that's worth. So essentially network effects.

The reality is if I'm looking for a library to solve a problem, I'm much more likely to use one from GH with 1000 stars than a random self-hosted GitLab with 50. I would like to not feel that way, but I suspect many others do as well. It would be nice if we at least had a decentralized reaction/reputation system.

Is there an analog to this with the services Moxie talked about? Sincere question, I'm not familiar with the ecosystem at all.

The closest attempt I can think of is status wallets token ranking for dapps. You could burn your tokens to say if you liked something in their listings and that would rank it for others. The issue they hit is when the lists got popular (in like 2018-19) vc funded projects just bought up the supplies of tokens and burnt them to get their project rated higher. So basically Sybil attack and they became unreliable.

It’s the same problem across all decentralised protocols, if it’s cheap to say something you get spam(see email) but introducing costs can just skew it to those who can afford to spam instead (essentially those with an advertising budget).

So there’s been a lot of research on proof of personhood (BrightID/ideas/proofofhumanity) to add Sybil resistance mechanisms so we can do 1p1v across the network. They’re working ok, but the next big step is adding zkproofs so we can anonymise the voting (which is needed to prevent collusion) which clrfund and sismo are working on.

Kleros have an interesting curated register protocol, which seems to work on small scales. Some groups are using it to token rank guy issues to prioritise work and get feedback.

The status blog has some interesting writing around these ideas over the past few years https://status.im/research/

People do bother. I don't have specific examples off the top of my head, but I've occasionally run into an read-only GitHub repo that's been moved to Gitea or GitLab, or even BitBucket.

More broadly speaking, it's important that you can migrate, even if you don't actually do it, because users who can easily churn give the developers an incentive to keep the UX solid. If you can just leave GitHub at any time, then they're less likely to add gigantic banner ads to every page, or bundle "third party offers" into installers - they know what happened to SourceForge, after all.

That is like saying that some people bother to host their own email.
Not really.

The barrier to hosting your own email is that you'll spend a day configuring everything, and a year later, the big providers will slightly change a spam detection algorithm, your mail won't be delivered, you won't know, and there will be bad consequences for you.

The barrier to changing your git origin is spending five minutes setting up an account and repo somewhere else. Everything will work absolutely fine, you'll still have all your git history, you'll just be slightly less discoverable and some potential contributors might not want to create an account.

You’re still relying on one central server though because of the fundamental problem OP laid out: the blockchain is designed for servers, not clients. There is no API inherent to any chain and thus one must be grafted over it by a web server. Things will tend toward one or two companies because those will be the ones who can afford to run such services and then they will have funding to create more features and better documentation and do dev evangelism and you know the rest. Just look what happened already once OpenSea removed his NFT.
The web3 frontends appear to be in the same place that Chrome is: yes, technically you can always switch to another browser, but if Chrome decides to boycott a new feature, it will never exist as a practical matter. If Chrome blocks a website, it will be as though it doesn't exist for most people. That in theory it still does doesn't change anything. What makes OpenSea different than Chrome in this respect?
Actually, this was his point exactly. OpenSea must start on a decentralized block chain (due to market forces) and must move to a more centralized (faster moving) protocol in order to remain relevant.

And the byproduct is lock-in.

I think it's good to remember that bitcoin and ethereum were the very first cryptocurrencies. They are flawed, bitcoin in particular failed at everything it was idealized to be and will probably never improve. Ethereum seems to be moving forward at least. Slowly, but still.
The fact that a problem exists doesn't mean it can't be solved, but any solution which does not go deep enough to address why Ethereum nodes are centralized is simply hype.
It's a step up from the "crypto isn't crypto" mantra that many used to repeat, refusing to even look at how it works. Not sure why it took something as silly as art NFTs, but it does seem that now even those who previously tried avoiding cryptocurrencies at all cost have at least started looking at them critically.

He does point out some real problems. Yes, all this has been discussed in the Ethereum community already and many in the community have voiced the same criticisms as well. But a lot of the issues are still unsolved for regular mainstream users, who rely on a lot of centralized services and are often herded into solutions that may bring more convenience but are also less secure. It's good we're having discussions about this, and the more people that point out flaws the better. After all the entire point of a blockchain is to be public and robust. If this is our future money or notary service, the more probing the better.

This is exactly the attitude that moves us forward. "Us" not being just those who happen to get in early on the solutions to the solvable problems, but hopefully including everyone who can get a benefit from using truly decentralized services.
> is tying web3 to several centralized front ends (Metamask/OpenSea).

You can't really lump both of those into the same bucket of "front-end". Metamask is a front-end, a user interface. OpenSea is more like middlewear that connects various front-end clients like Metamask to the backend database, and provides some additional functionality that's in any of the database's stored procedures or views. OpenSea also has its own front-end UI to its own service, but its core service is its API to the Ethereum database.

For a non-tech regular user who just want to get some work done Internet Explorer was indeed the internet.

In India even to this day for a vast majority YouTube/FB/WA is all the internet is. It's not at all unusual for people to walk up to a mom-and-pop store to top-up their data plan asking them to "recharge my WhatsApp balance". Even carriers have specialised data packs that are tied to a specific product/service.

And to be fair this is just how it'll be with any product/tech. As an example, in India Xerox literally stands for photocopy https://imgur.com/a/66TnCog

The Xerox-copy thing is pretty interesting. Here in Egypt, Pampers is the word used for diapers, and for a while, IPad meant any kind of tablet.

I wonder what type of cultural memes exist for other cultures, similar to these examples.

> Feels like the "distributed web" portion of it has just been an over-exaggeration all along.

It has, but only a small portion of people with the engineering skills to recognize knew it. Those profiting off it hyped it, and those not either called it a scam or stayed out of the fray.

This somewhat reminds me of reading IPFS documentation (which is fucking excellent BTW) and realizing the same thing: nobody is going to run their own pinning service and Piñata is the only one they mention by name which means it’ll be the platform everyone (to a first approximation) will use.
The lack of a a few "chains" though means an ephemeral node might actually not suck though.

Put another way, even IPFS nodes that for all intents and purposes are "clients" can still speak the same protocal to talk to the pinning service.

The single-ish central chain idea was always terrible. "Trustless" or not, that much synchronization is a misfeature! The real world really is partial-order time/causality, that is a feature not a bug.

I make content. I put it on IPFS. I pin it to Piñata because my laptop isn’t on all the time. Piñata decides my content isn’t acceptable and removes it. You can’t access my content. Not a problem?
With torrents people actually participate. Piñata should not be viewed as the "database of record", but as a something that complements the desktop at home.

I understand that is still not satisfactory.

I think the real goal is to find institutional users who are not interested in a profit. For example I am involved with https://nlnet.nl/project/SoftwareHeritage-P2P/. Software Heritage would be not a high bandwidth pinner, but a pinner of last resort. Universities were very important to the original internet, and should also host public data sets, software artifact, and hopefully if Sci Hub prevails the journal articles themselves.

None of that is a pinning service, but if it catches on the big cloud companies might feel compelled to get into the pinning service game, if only so they can get those university and government contracts! The current cloud computing business as a racket, but them offering support for a protocol that reduces switching costs might make for some real competition.

Basically "web2" problems are Captialism problems, and the stuff needs to become a low-margin business or state-run not-for profit to be better. There is no secret magic short cut, it is a political problem. SV is of course completely uninterested in low-margin businesses. The regular web3 will have a hard time being anything but a Ponzi scheme per its design, but IPFS itself at least doesn't have those characteristics baked in, and so these alternative futures are possible.

I keep saying that there are exactly two kinds of people in the crypto space: scammers who know exactly what they are doing, and gullible fools
Naw, there’s also naive optimists which are similar but distinct from gullible fools. Kind of half and half. They know exactly what they're doing for half the equation.
(comment deleted)
I want to run my own servers.

Honestly.

It has always been a somewhat easy task if you pick an OS that is secure and stable.

And today with all the Foss/oss there are plenty of reasons why I would do it.

More Decentralised Please.

Same. I'd like to make this experience better rather than give up and give in to centralization. I know others have different priorities, but I don't need them to use my servers. I just need them to interoperate minimally.
> rather than give up and give in to centralization

As for why Marlinspike might have abandoned the goal of decentralization, I think Upton Sinclair might have some insight.

I don't follow ¯\_ (ツ) _/¯
Marlinspike is the CEO of Signal Messenger LLC, and he also coincidentally believes that people shouldn't make clients which are compatible with the official Signal messenger (even though the protocol and code are freely available), and shouldn't even try to distribute Signal from app stores that he doesn't approve of.[0]

I don't actually know if he receives a meaningful salary from his CEO role, but Upton Sinclair's adage still seems relevant for explaining Marlinspike's views on decentralization: “It is difficult to get a man to understand something, when his salary depends on his not understanding it.”[1]

It's also worth pointing out that non-official Signal clients would be less likely to include support for MobileCoin, which "gained over 450% [in value] since" Signal announced support for it.[2]

[0] https://www.reddit.com/r/fdroid/comments/q1jnbb/why_isnt_sig...

[1] https://www.goodreads.com/quotes/21810-it-is-difficult-to-ge...

[2] https://rankacoin.com/encrypted-messenger-company-signal-fac...

>When you think about it, OpenSea would actually be much “better” in the immediate sense if all the web3 parts were gone. It would be faster, cheaper for everyone, and easier to use.

That sums up the situation for me. Having a marketplace for purely digital goods might be a concept with a future. Having standard ways to interoperate between different platforms and query and update these goods might make sense (although I still think it goes opposite to the general trend of walled gardens vs. decentralized web, I don't see why the IP owners would play ball and accept the loss of control).

The thing is that in most case those NFTs wouldn't be trustless. I see people putting forward that a use case would be an NFT that proves that your Rolex is real, or for Fortnite skins, or for the ownership of your house. But in all these situations, there's a very clear authority (Rolex, Epic Games and the municipal authorities, respectively). These authorities will be allowed to mint new NFTs at will (because who else?) and as such have to be trusted. That opens up interesting questions btw, like "who is Rolex exactly?" which creates a chain of custody of trusted authority involving trademark management among other things. But I digress.

But then as soon as an authority is identified, why bother with the extreme overhead (it terms of resources and costs) of blockchain tech? Couldn't Rolex issue a PGP signed CSV of all valid Rolex serial numbers once a month on IPFS and you'd get the exact same security and trust profile without having to involve any "web3" feature?

Like cryptocurrencies, the subset of problems that can only be solved using NFTs is incredibly tiny and speculators rush to make up use cases that, if you think about it for five minutes, clearly make no sense and could be better solved using good old centralized tech.

> Couldn't Rolex issue a PGP signed CSV of all valid Rolex serial numbers once a month on IPFS and you'd get the exact same security and trust profile without having to involve any "web3" feature?

A serial number can be copied and engraved onto a forged watch, so not really.

A more analogous scenario would be if Rolex embedded an NFC hardware chip with a private key inside the watch, such that anyone could wave their phone over their watch and verify that the chip’s cert was indeed signed by Rolex.

> NFC hardware chip with a private key inside the watch, such that anyone could wave their phone over their watch and verify that the chip’s cert was indeed signed by Rolex.

This is an excellent idea and I am now wondering why luxury brands haven't started doing this. It would be super hot. One would do it and suddenly they would all be doing it. Watches, handbags, shoes, whatever

Luxury watch brands prevent copycats by making the watches hard to copy using special alloys (Rolex), glass techniques (AP) etc.

And fashion brands iterate quickly on their designs so when you see fake LV bags it already looks dated.

This is one of the few usecases of crypto that kinda make sense. If those certs were on a blockchain, Rolex could fold and people in the future might still be able to check for authenticity.

There's more steps involved that I'm not sure could be solved, like, who controls the authenticity Oracle? Is it an API that gets pinged? Do you have to pay a gas or network fee to check authenticity? Could a smart contract be made to automate the work? Maybe it could work like credit card chips, which give out a one-time code to the retailer, who then gets it checked by an online service... except somehow replace the web API with a smart contract.

For larger scale operations, tagging individual items with NFC chips might be cost prohibitive.

>Rolex could fold and people in the future might still be able to check for authenticity.

That's why I mentioned distributing the file over IPFS so that it could be easily backuped by anybody forever. If eventually there's no longer any interest in this database it could be lost to bitrot of course, but this is also true of blockchains.

So the idea would be to create a giant file of every Rolex transaction made in the future. And then search through that file for a given NFC tag to determine authenticity. Doing all of this in case Rolex goes out of business and can no longer maintain a hypothetical authenticity server?

Gotta say, it sounds kind of crazy

This is about as good as it gets with crypto.
Couldn't agree more. Supply chain verification is inherently authority-based... if only at some point in the creation of the internet we had invented a system for verifying authoritative claims on things ;) Not to mention that with certificates... Rolex can totally disappear into the wind, yet you can still verify the certificate provided you know Rolex's root. And all this for <$300M year in mining fees!
> Rolex could fold and people in the future might still be able to check for authenticity.

Well, what if Rolex folds and sells their private keys, and an unscrupulous buyer then starts minting Rolex NFTs for fake watches? What if this happens surreptitiously, and not out in the open?

Further, it's far more likely at the moment that Rolex will exist 50 years from now than that Ethereum or Bitcoin will.

Well sure but that's the "analog gap" problem. NFTs don't fix that, do they? In the end there'll have to be something that will tie a given NFT to a given watch, and one way or the other it'll be the same issue as tying my CSV to a given watch.
I agree, one can’t easily tie an NFT to a physical object. Nothing guarantees that the watch and NFT change ownership in tandem.

All I’m saying is that a serial number doesn’t really prove anything because it’s trivial to copy. A private key inextricable from the object would be better, because it could generate timestamped signatures as proof.

But whatever you use would still be easier to implement using traditional tech than web3, because the problems they solve are orthogonal.
Yes. I regret not being more clear in my original comment, because the scheme I alluded to is an application of public key cryptography, such as Certificate Authorities, and is not about cryptocurrencies specifically.
Even with time stamped signatures you can clone the signature onto a fake watch.
The point of a signed timestamp (and/or challenge string) is that it demonstrates the signature is freshly generated, proof that the device is authentic right then and there. An old copied signature would not have this property.
(comment deleted)
This is sort of true. In the case of the watch, if you read the blockchain for the serial-number on the Rolex, you could engrave that too? The storage medium of the data wouldn't make a difference. The same could be said for the NFC chip. Those are copied all the time. Just purchase a blank and overwrite it with an original.
As the article points out, many NFTs are implemented by storing a URL in the blockchain; the digital artwork sits on some server and is reachable by that link. Fine, you can prove that you own the URL. But what that URL points to can change out from under you, so there's no way to make that trustless. If you own the domain and the server that it points to, the registrar can take the domain away from you and give it to someone else.

In a sense, NFTs are a lot like those schemes we used to see where some company will promise to name a star after you, even though no one recognizes their authority to do this. Fine, that URL is "yours". You just own a sequence of bytes, the ones in the URL, not the ones that the URL (temporarily) points to.

So, this has a really easy fix. The NFT points to a content hash, and the content is uploaded to the Internet Archive (and they're compensated for the storage) as part of the NFT minting process.

Your ownership is now on a distributed ledger, with a cryptographic hash of the content, paired with long term storage of said digital artwork. The Internet Archive's costs are ~$2/GB to store content in perpetuity, which seems insanely cheap to carve off as part of a transaction (Eth gas fees aside).

But then it’s just back to trust based web2, you’re trusting internet archive. That’s his point: this isn’t leading to trust less decentralization in practice. To do that, you’d have to store the NFT data on chain, which is prohibitively expensive
> But then it’s just back to trust based web2, you’re trusting internet archive.

Correct, because it's clear storing the content in web2 Internet Archive is superior ("you’d have to store the NFT data on chain, which is prohibitively expensive"). They will persist regardless of web3 shenanigans, and hash addressing ensures content integrity. You could even use a torrent to store and serve the content (again, which uses hashes to identify and preserve integrity of content).

Why would one trust a distributed ledger over a centralized archive run by folks whose primary focus is on preservation of the bits they're storing? The economic benefit of running storage nodes of encrypted content is unlikely to ever be sufficient to provide the same economic incentives a corporation or non profit realizes by offering the durability a centralized service provides (due to scale).

EDIT: @Ragnarork It seems like web3 is making some promises it can't keep?

> Why would one trust a distributed ledger over a centralized archive

Isn't that the polar opposite of the promise of web3...?

I'm not sure it's even necessary to use Internet Archive or a torrent? If I own an NFT whose hash is stored on-chain, I can just ensure the availability of the preimage by storing it myself.

Then when I want to interact with a centralized NFT marketplace, I can upload the preimage to their server. They'd verify the hash and store the image. I'd continue storing it myself though, so if that marketplace goes away, I can follow the same process with another one.

tying back to the article... so you want to own a server?
This is where it falls apart for me too, people are paying huge sums for artificially scarce links to someone else’s server? I keep feeling like I’m missing something.
No, they are paying huge sums for a digital certificate of ownership of the content on some else’s server; the link is just the description of what they are certified to own, like the address on a deed.

(There's all kinds of problems with it, sure, but they aren't paying for the link.)

But they don't even get the ownership of the content. The original creator still owns the copyright, and as a the buyer you don't even get a license to use the work in the NFT. The copyright is the only meaningful way you can own digital art.
ok so you own a certificate that describes the content of a link
I think it's worse than that since, as described in the article, NFTs don't include a hash of what the link points to. So you own a certificate that describes the content of a link in the very literal sense of describing the characters in the link URL and not really anything more.
> ok so you own a certificate that describes the content of a link

More precisely you have a certificate that says you own something (often ambiguous, though this could be precise; ambiguity is a choice in the minting of an NFT rather than a fundamental issue with the technology) relating to the content described by means of a link (the NFT may or may not include additional description of the content via metadata.)

As I understand, most NFTs don't confer any copyrights. So unlike a deed, it's not a certificate of ownership of the content at all. Some other entity still owns the content in the legal sense.
> As I understand, most NFTs don't confer any copyrights.

Yes, one of the “all kinds of problems” I mentioned upthread (this one isn't an inherent problem with NFTs, but seems to be a practical one with many current NFTs) is that while NFTs certify ownership of something with regard to the linked content, exactly what that is (beyond the certificate that is the NFT itself) is often not clear, even, AFAICT, to the purchasers.

"the link is just the description of what they are certified to own"

No a link isn't a description of its content, just like the article demonstrated the content can change to anything, anytime, in many ways. Even if the URL contains the hash of the content like with IPFS URLs it's not a description of the content but one step better because you can check if it's pointing to the content it supposed to be.

More importantly, they don't own the original item. An unofficial version of a deed registry says they own the link to the item. That's not the same as actually transferring the copyright or anything.
The value of a deed is that it's recognized by a legal system, which is backed by a police force, who you can call if some guy shows up claiming that your house actually belongs to him.

With an NFT, you don't get that. It's equivalent to your county clerk's deed registry, including the $100 filing fee, and excluding the legal machinery which gives the deed registry its value.

On the other hand that same legal system can decide you are no longer entitled to said property and that same police force can come and drag you out of it. That physically (as far as we know) can't happen on a cryptographic blockchain. They can some how convince you that giving up ownership of your NFT is a good idea, but it still has to be of your own volition.
Why not? If NFT ownership ever became meaningful, the people with the guns can simply keep a list of ownership amendments separate from the blockchain.
It kind of sounds like you're arguing that since the blockchain can just be ignored it's somehow less meaningful. But I'll bite:

Then the people with guns now have to expend resources to maintain and enforce those amendments. If they are not somehow just discarding the entire blockchain subsequent to their amendment, they're maintaining an every increasingly complex set of merges. Furthermore their amendment (very probably) isn't a cryptographic blockchain, so it's subject to all the problems that the actual blockchain list are not (forgery for example).

What makes blockchains unique is that they are the first example of these various records (ledgers, titles, etc) that physically cannot be manipulated in certain ways.

> Furthermore their amendment (very probably) isn't a cryptographic blockchain, so it's subject to all the problems that the actual blockchain list are not (forgery for example).

Their amendments are theirs. This is like saying that keeping your own accounting is worse for you than putting it on a blockchain, since someone might forge your own accounting books - it just makes no sense.

I don't follow.

"They" can do just about anything they want. They can make their amendment. They can declare the blockchain null and void. They can hold a gun to your head and tell you to sell your NFT. They can even pull the trigger, in an attempt to make an example out of you for the next fool that tries to defy their authority. But the one thing they cannot do is seize your NFT without your volition. Not without breaking some of the fundamental mathematical ideas behind encryption.

Is there value in that in present day society? Maybe not. But there is undeniably something special about it.

> But the one thing they cannot do is seize your NFT without your volition

That’s not true.

I mean, even if the access to the NFT relies solely on material in your head, there are pharmacological approaches, among others, that while not necessary reliable, can cause you to give up information without meaningfully willing it.

And private information will probably one day no longer exist. Imagine some kind of device that can scan the neurons in your brain along with the electrical/chemical state and somehow extract information from that (such as a memorized cryptographic private key). Let's just throw our hands up and give up on cryptography altogether.

Even a pharmacological approach is a side channel attack which no one seems to care to distinguish between attacks on or flaws with the underlying idea. When discussing the merits of blockchain technology we are allowed to take for granted its very obvious underlying assumptions. Namely that there exists private information held by a user of the system.

His example of his NFT that gets shut down is showing that because of this layer of centralization, anything that can happen to normal assets can happen to blockchain. Governments can force OpenSea to take your NFTs, OpenSea can delete your ownership at their discretion, etc. All he is left with is a meaningless string of data on chain, while the NFT visual is gone. It’s not immune and protected like people think
Not true. The legal authority can compel you with force to transfer your nft in exactly the same way they’d drag you out of the house.
There's a difference. You can drag someone out of their house without consent, but forcing a transfer requires consent. Does this difference matter?
Forcing a transfer does not require consent. They’ll seize the hardware that holds your private key.

If you’re worried about the government forcing you out of your home at gunpoint, what makes you think they can’t seize a private key or force a few keystrokes?

Hardware wallets usually have a password enabled, in addition to other security mechanisms. Like I said, not sure the difference matters, but there is a difference.
But what's the difference of just authority making your NFT URL invalid and moving the item under a different URL? That would be equivalent of forcing you out of your home, they cannot force you to give them keys, but they can change the lock.
This whole "files stored on Google Drive" is growing pains. NFTs must all be hosted on IPFS.
If they really want they can analyze the memory on your desktop or install a keylogger. There’s so many ways to extract a private key barring a deadman switch and a cyanide tooth capsule.

Again, you’re seriously arguing that it’s harder for the government to take your house rather than give up your password?

Houses also have locks and yet presumably the police can and will bypass that security measure in this scenario. The point is that nothing will protect you in the face of overwhelming force.
Obligatory XKCD reference: https://xkcd.com/538/
That probably would not happen in a first world country.
Depends on who you are — Gitmo comes to mind – but at least in the United States you can substitute being beaten by agents of the government with being imprisoned where the other prisoners and possibly agents of the government will beat you until you give up the password.
> The value of a deed is that it's recognized by a legal system

Sure, I’m not saying an NFT is substantively like a deed, I’m saying the link in an NFT serves a broadly similar purpose to the address in a deed.

An NFT is perhaps more akin to a certificate from one of those star name registry outfits that were popular for a while, but with less specificity as to what you supposedly bought with respect to thing it describes.

They don’t own anything in a meaningful sense except the url, and even that is controlled by someone else.
Do they even own the URL? Is no one else allowed to post the same URL (even disregarding how/by whom this would be enforced)?
Well I imagine opensea at least prevents url collisions on their own service, but yes as the article demonstrates someone could sell the same url on several services while changing what that url points to whenever they like. I think most of the time the url points to the marketplace itself though?

So I suppose it is more accurate to say they own that particular citation of the url embedded in the blockchain, for certain values of own.

> I keep feeling like I’m missing something.

Nope, you're not missing anything. NFTs are the world's most convoluted and expensive way to store a bookmark.

Thanks for that comment
>I keep feeling like I’m missing something

You are missing something - a huge position in crypto. Like the article points out, your existing investment would benefit from all the hype that a slew of crypto-oriented services and products could give. Irrespective of whether those same services could be implemented "better" using standard centralized tech. And - amusingly - irrespective of whether those services offer products that you would ever in a million years have paid for without the novelty of crypto sprinkled on top - e.g. paying big bucks for receipts for jpgs.

Yes, well, the fundamental reason is not what any individual owns, it's that (as the article brilliantly points out) these positions make it a gold rush.
Yes you are missing incoming money transfers to your account.

People that earn money on NFT don't have feeling that they miss something.

If the NFT contained the content hash, your and the creators public keys, a signed timestamp, and the signature of those parts by the content creator, then the content could be stored elsewhere no?

Obviously you'd want to keep a copy yourself, but at least you could then prove to others the file you have really is the one the creator sold, no?

No expert at these crypto things, in either sense, am I missing something?

Yes, but the problem is many of them don't even include the hash, and you also need a way to verify the creator and his/her public key.
Say you add all that information to the transaction, to verify it in the future you still need to run the original file through the same hash function to prove they match.

Its common for image files to be modified, many times even automatically by the hosting service. They might compress it, remove unnecessary metadata, or add metadata for themselves. Any of that would break the hash, so you'd need to make sure any host you use to store the original absolutely never changes the file.

Then what? Well the image exists and you can verify it wasn't changed off-chain since the transaction finalized, so that's good. There's now an image publicly available online BUT a specific block chain says you own it, so that's also cool.

But wait, that hash isn't guaranteed to be unique so really anyone could make another NFT pointing to the same URL and file hash, now they also own it? And anyone could just download the file, so they own it to? And there are no legal protections for NFTs, so what was the benefit of paying to have one block chain transaction say you own it in the first place?

I thought we were talking about the problem of someone pulling the rug out from under you by changing the content at a URL. The hash solves the problem, but what you are talking about is an entirely different subject, and a problem which all NFTs suffer. Or not a problem, but just a general property of NFTs and crypto as well. The network effect is extremely important with blockchains. You could also fork BTC right now and claim you own everything on the chain. Doesn't mean people will honor it.
> The hash solves the problem

Not really. The hash would prevent someone to pull the rug unnoticed, but it wouldn't prevent rug pulling in the first place.

With a hash, you would be able to prove that what's currently at that url isn't what you bought, but (since hashes are by definition non-reversible) you wouldn't be able to show or see what it was you bought (unless you stored it somewhere else yourself).

> unless you stored it somewhere else yourself

Which is usually trivial.

A hash doesn't really solve the core of the rug pull problem. If the hash doesn't match you know the file at that URL changed, but how was it changed? Was it just a metadata that didn't really change the artwork, or is it a totally different file?

And what does it mean for the transaction on the block chain if both the URL and the hash no longer match? Is it worthless now and unsellable? Or do you sell it with a note that says ignore the URL, ignore the hash, or both?

I did point out other issues and that may have been unnecessary, but a hash doesn't solve the rug pull problem if the art isn't part of the encrypted and (mostly) immutable transaction block.

> so you'd need to make sure any host you use to store the original absolutely never changes the file

Which is trivial, just download the file. The place where you bought the NFT would ideally have some facility where they guarantee you can download the correct file, otherwise why buy from them?

> But wait, that hash isn't guaranteed to be unique so really anyone could make another NFT pointing to the same URL and file hash, now they also own it? And anyone could just download the file, so they own it to?

Preimage attacks are quite hard to accomplish from what I understand against modern, secure hashes. If the hash used is later broken and a preimage attack is possible then yeah you're screwed. That's a risk you take.

As for exclusive ownership, I forgot in my initial reply to add another aspect I thought about which was the license. That is, some well-defined licenses should be specified, similar to the Creative Commons stuff, and the NFS should specify one of them. Then you know if you get copyright or not etc.

Enforcement of the license would of course be similar to other digital assets, ie hard to do unless you're big, that's just the nature of digital things.

Now, just to be clear, please don't take this to mean I'm advocating NFTs. I just think the way they're currently used seems to make them completely worthless, while in theory it might be possible to make them not quite worthless.

What's the benefit of having the URL permanently stored on the blockchain in that case? If I have to download the original file as soon as the transaction completes to make sure they don't change the photo on me, why bother?

And then what am I spelling later? A transaction immortalized in a block chain with nothing more than a broken URL and, at best, a hash of the original file?

Edit: I realize I sound a bit dickish in how I'm replying. Don't take it that way, I'm really confused at how NFTs solve anything but really appreciate the conversations here and am glad to hear differing opinions!

> What's the benefit of having the URL permanently stored on the blockchain in that case?

Not much as far as I can tell. I mean it would kinda be like a signature on a painting, in that it's a visual indication of who made it. But the proof would be in the digital, cryptographic signature.

> I'm really confused at how NFTs solve anything

I'm in the same boat. I'm just trying to figure out how they might be useful if they implemented them differently.

I don't even know if I like this idea, but it'd be a different ball game if NFTs held legal status. That goes pretty counter to many of the usual benefits claimed of crypto projects,but if an NFT was treated as legally binding ownership that could make them really useful
Right but without any legal aspects, what use could they be?

Anything in them can be copied trivially, so on their own they are per definition not unique hence fairly worthless.

If they're only useful when two parties agree they are worth something during an exchange, how are they different from plain cryptocoins?

I mean this is a bit similar to the GPL, it would be useless if courts declared it can't be enforced.

There is arweave which is trying to bring permanent storage. You could store the nft on arweave chain and mint the NFT on the same.

https://www.arweave.org/

Though, I'm not sure how this will "scale".

> Though, I'm not sure how this will "scale".

It fundamentally can't - you need X amounts of storage * replication factor to store X amounts of data * replication factor.

It’ll scale like S3, et al.: replicated storage requires ongoing payments because sysadmins need to be paid, storage needs to be bought & replaced, network bandwidth is metered, etc.

It could be cheaper if someone can finally make a P2P network which becomes and stays popular[1] but it’ll always require more than a one-time payment. That could be donor funded (Internet Archive) but I’d be leery of assuming anything long-term unless you’re paying for it.

1. Abuse is the hard problem here: if I host a node, when the police download something illicit my IP is the one they see and I have to prove that it was done without my knowledge. This is why nobody does this except for known sources.

> It’ll scale like S3, et al.: replicated storage requires ongoing payments because sysadmins need to be paid, storage needs to be bought & replaced, network bandwidth is metered, etc.

That's what they are trying to solve with their tokenomics model.

The value of token will appreciate over time whereas the price of storage will keep getting cheaper.

It's simpler than s3 in many aspects so I'm not sure you would need a system administrator. Everyone can run a node and things are replicated many times over. The failover model is to look for the next node. There are no API, security, access, etc consideration to be maintained at the node level.

Data itself is public by default.

> Abuse is the hard problem here: if I host a node, when the police download something illicit my IP is the one they see and I have to prove that it was done without my knowledge. This is why nobody does this except for known sources

Yeah, that's important.

> The value of token will appreciate over time whereas the price of storage will keep getting cheaper.

That's not a given, however, and it's not just raw storage but also network bandwidth and operator time which all require regular ongoing payments. Expecting newcomers to pay for the early adopters' storage in perpetuity is tricky because you need high demand for an otherwise useless token but there's a limit on the price for most users in the form of all of the competing options, which are currently faster and more reliable.

> It's simpler than s3 in many aspects so I'm not sure you would need a system administrator. Everyone can run a node and things are replicated many times over. The failover model is to look for the next node. There are no API, security, access, etc consideration to be maintained at the node level.

It's not that simple: anyone running much storage will need to spend time replacing failed drives, managing their bandwidth relative to demand, etc. That time needs to be paid for. Massive replication is necessary to deal with the reduced node reliability but that means the network needs to pay for considerably more storage in total than, say, Amazon does and adds significant scaling issues managing all of those extra nodes with more frequent status changes.

This has been tried a number of times before and it always founders due to being slower and less reliable, with considerably more complicated software required to deal with all of those issues which the competitors don't have. It's possible that this will be more successful but I think it's really important to look at how the market pressures have consistently gone in the other direction. Amazon didn't end up with exabytes of storage in S3 because it started there — people migrated their data there because it was faster, cheaper, and easier to have it there — and that is a competitive challenge for a replacement trying to build on nodes which aren't maintained with comparable levels of service.

Thanks for the thoughtful response. I appreciate it. All of what you say make sense.
Thanks — I’m trying to keep an open mind here but it often feels like there’s a lot of history which people could benefit from. I’m not terribly old but I’ve seen a few iterations of these ideas crash on the {freeloader,abuse} rocks so I’ve been reconsidering whether my earlier enthusiasm was more a mirage than practical.
You're not fully trusting them. They can't change the content.
They can change the content, you’ll just know they did it. Much like if my watch gets stolen I’ll know, but I still don’t have a watch anymore.
They can delete the content. That's the only "change" they can do. It's like your watch analogy, except you can easily back up an image, but cannot back up a watch.
I see no reason they couldn’t change the content rather than just delete it. In fact the article shows an example of exactly that in practice.

Sure you can back up an image, but the backup is worth the same as a copy of the NFT: zip. You now own a pointer on the blockchain to nothing and a jpeg on your disk. I’ve got a lot of that going on already with zero expenditure.

The article was about the NFT containing a name. This thread is about "NFT points to a content hash", to quote toomuchtodo. You can't change the content and keep the same hash.

Similarly, you can prove to others that the version on your disk the version pointed to by the blockchain by having people check the hash.

What if the URL points to a decentralized and immutable file storage system instead of a regular URL with a domain/IP?
This solves the problem while creating a new (big) one: make this decentralized and immutable file storage work.
They already exist, and work. IPFS, for example.
IPFS is famously slow/unreliable, not widely used, and you still need to pay for hosting of anything you don’t want to lose because storage, bandwidth, and operator time aren’t free and someone needs to get paid to deal with abuse.
No you're not - it could be stored in multiple places. It's, a hash, not a URL, and if it's a properly constructed hash it would hard or impossible to fake. The content on server other than internet archive would have the same hash.
Why's there a need to trust internet archive in this situation? If the content hash is no the ETH blockchain, then it's immutable. You can make as many copies of the underlying image as you want so that sticks around permanently.
Isn't the solve for this to store it on a decentralized storage network like Filecoin?!?
Is there any market pressure that will demand a change to the cryptographic hash? Is any of the current speculation concerned in any way about the content hosted at the URL, or just the current value of the NFT and what you can sell it for.
There is. Not from the entire space, but there's a bit of street cred you get by being entirely 'on-chain', as they say.

Within the smart contracts themselves is a read function for that content uri that provides all the data needed (from what I've seen, a hashed string) to generate an .svg file. But it obviously taxes the system and costs a lot more in gas fees (not to read it, that doesn't cost gas fees, but to deploy the contracts and mint), especially the more complex those are, which is why you mostly see it with 8-bit or very low-res artwork.

Cryptopunks being the most well-known (and also the most valuable) NFT project is all on-chain, and Anonymice being the most open and forked project that does this. EtherOrcs does it a little differently but is also on-chain and has completely open contracts you can refer to as well.

There's quite a few more besides this, but I don't know what percent it is, probably pretty small. Some people won't buy anything that's not entirely on-chain. But you're right that most people don't really care, they just care about the price or the image.

I've been digging through the Anonymice and EtherOrcs contracts to get a better understanding of the different approaches they took (and I still wouldn't say I completely understand it yet). It's pretty interesting, though.

[1]: https://www.larvalabs.com/blog/2021-8-18-18-0/on-chain-crypt...

[2]: https://anonymice.org/

[3]: https://etherorcs.com/

EDIT: Sorry, you only said cryptographic hash. Cryptopunks started by providing that, but then moved to entirely on-chain (so above and beyond that), where you could query and get a full SVG file or stream of pixels for any given image directly from the contract.

So the answer is centralized storage?
So why hasn't this been deployed yet then?

And why are NFT links so common, because they just seem short sighted to me and borderline dumb considering how volatile everything in the crypto space is?

Nothing about NFT's seems long term viable as they are now.

So long as "number go up", nobody cares. The moment number start going down, there'll be a magic new buzzword (ICO, token, smart contract, enterprise blockchain, DeFi) for people to speculate on and distract from the fundamental problems.
Or even just include a content hash along with the URL in the NFT payload. Just a way to verify the referent of the URL hasn't changed since the NFT was minted. Where you can find the content with that hash if not the URL can be left arbitrary or out-of-band, but it's at least capturing a fingerprint of the content, not just an address.

It seems like this would be absolutely trivial to implement, right? Just... add a separator token (say `#`) and a content hash (say with `sha1:` prefix, urn-style) to the end of the URL that's already in NFTs.

I don't really understand why NFT's don't already do this. I don't understand why they didn't do it from the start. It seems an obvious choice to me in designing such a thing. Like, it's so easy, and such a step up in making NFT's do something closer to what people think they do... it leaves me thinking that the design of NFT's just wasn't done seriously, and nobody using it really cares.

What am I missing?

Despite the various claims about how the worlds smartest most talented developers are working on web3… that’s not true. It was a significant oversight and I think technical leadership in the space is lacking. You have people who know lots and lots about crypto stuff but they are focused like a laser.

It’s like that crypto thought-leader on Twitter who didn’t know his NFT’d pfp was being served to various web clients over http.

It’s also why web3 startups are throwing huge cash at engineers from “web2” companies because, while they may not be crypto experts, they know how to build scalable systems, how web tech works etc. That knowledge is sorely lacking in the crypto space.

(comment deleted)
I don't know for sure, but I'd guess they don't do file hashes because image hosts so often change the file you uploaded. They might compress it, remove unnecessary metadata, or add their own metadata. All of that would change the file contents, breaking the hash.

A permenantly verifiable has still doesn't really solve it though. Someone can still change or remove the file later, even if you downloaded the original before you now have a transaction with a bad URL but a good hash. You can't update the transaction to change the URL, so what would that mean for anyone wanting to buy the NFT from you?

There's also the much bigger issue - say we solve the above problem as well. There are no legal protections for NFT ownership and there is nothing stopping people from just copying the artwork you own. What's the point of paying so much money for the right to kind of own a piece of art that anyone can legally copy and use?

> What's the point of paying so much money for the right to kind of own a piece of art that anyone can legally copy and use?

I don't fully understand the "collector" mindset. But let's assume there are people, similar to whales in free-to-play games, that are willing to pay ridiculous large sums for what the majority would not be willing to pay anything for.

Now, think of those collectors as being willing to pay for ownership over original artwork.

The Mona Lisa itself has many replicas, you can buy prints of it, and you could probably easily find paintings of it for much cheaper. Those are all copies as well, but their monetary value is much lower, because people know they are not the original.

Now, think of photography, there are people collecting prints, sometimes of digital photography. Similarly, the 1st print is worth a lot more. Think of Vinyl records, or CD/cassette tapes for music, the worth of the 1st pressed record is a lot more, and collectors are willing to pay a lot for them.

Now think of complete digital art, that which is not even printed. Which is the "original"? Unless you were to own the HDD or the RAM stick where it was first recorded, all instances are perfect copies of the same bits. So instead, the "original" is the first person the artist publicly acknowledged as the owner of the "original". It is like the artist signing the print. This is recorded in a public ledger, that people trust and believe to be very hard to manipulate or fake. That is what an NFT is.

You might find it absurd, but is it anymore absurd than paying lots of money for the 1st print of a photo? Or the first pressed vinyl? Or the first book as signed by the artist?

The value is in people's head and emotional attachment. Someone was given by the artist themselves recognition of the piece signed in a public ledger. That's now the "original" and people assign it value.

You can think of it a bit how a lot of collectors offer public showing of their collection, the fact others can "see" the artwork for themselves isn't what make it valuable, it's the emotional knowledge around it, that of having it handed directly by the artist itself.

This is what I've understood of it at least.

Edit: Now the article still makes good point, that as it stands, some NFTs are ambiguous as to what artwork they even relate too or if they were truly created by the "artist".

That's a good explanation and it looks like people do value NFTs for those reasons. But it still doesn't compare to the Mona Lisa which if I possessed it I would know that only those physical brush strokes came from Leonardo's hand. The vinyl example is better. But even then the vinyl is physically old and unique. I can take it out and know that it was pressed in 1972. The NFT is just pixels on my screen that are a copy of a copy of.. and will be destroyed when I close the viewer.
> But it still doesn't compare to the Mona Lisa which if I possessed it I would know that only those physical brush strokes came from Leonardo's hand

There's probably a whole industry around recognizing a true or a fake painting. I'd say if you possessed the Mona Lisa, you might still doubt its authenticity, or find yourself in a big debate with others who claim to also possess the "true" Mona Lisa. In a way, NFTs don't (or could be made not to) have this problem. I think this is actually something that people in the market of art collecting and trading actually value. I think especially in private collections, you can claim to have sold me the original bible of Pope Pius XII for 10 million and hand me a bible that is a fake, I believe to now have the real one. And then I can go and resell it to someone else for 11 million, while you also go and sell the real one you still have for 20 million to another person, and now three people believe to all have the real one. The NFTs being in a global ledger, it would be clear who owns it truly, even if three people have a copy of the same PDF.

> But even then the vinyl is physically old and unique. I can take it out and know that it was pressed in 1972.

That's because you value the artifact. But I'd say in this case the NFT IS the artifact. The NFT is what will live on, because in 2125 (assuming the chain still exists), someone will have this token tied to their own wallet. They can know that it was minted in 2021 with the same certainty (and possibly even more certain) that it was truly minted in 2021 by the artist himself (or at least the person whose key society believes was the true artist).

Finally, if the NFT contains say an IPFS URL, or some other content describing attribute, its even more clear. You know you own the first "copy" if you want.

Let me put it some other way. I create some JPEG drawing. I then hash it and have a hash of its content. I then register my art (the JPEG) on some chain by creating an NFT for it which contains said hash (maybe in the form of an IPFS URL). At this point, the world through the public blockchain ledger knows about my JPEG art, and as the first in the chain, I prove to be the creator, or it is known that I am the creator through some other means, like posting it to my blog.

I own the NFT for my own JPEG art at this point. I can host it myself on IPFS, or maybe I just post it on my blog, or even keep it secret on my computer. Now you want to buy it from me. At that point you pay me money and I transfer the NFT to you, the ledger now says that the token started from me and was transferred to you. You now own the token that says that the IPFS hash URL or the hash of my JPEG art belongs to you and was given to you by me, the artist. I also give you a copy of the JPEG itself through whatever means, maybe you download it from my IPFS hosting, or I send it to you by email, or you download it from my blog, etc.

In the digital world, it is all copies, but only you have the token.

Ya, if the token doesn't include the content description like a hash, it's a bit fuzzy and a lot crappier, because while it would show you got some token from me the artist, its not clear which of my artwork would be the one you have, assuming in 100 years the URLs were to no longer exist for example, or to point to something else. But I think this will become the norm eventually to have the hash or use IPFS.

I agree with you, I still would prefer a physical artifact, something that you can see the wear and tear, something from an old era, maybe it doesn't even look the same, maybe bits of it are gone and forgotten. But that's just me and what I'm willing to value. If people are willing to value a digital good the same, knowing the token traces back to the original artist, and they see the value in that, then it can be worth just as much.

> But it still doesn't compare to the Mona Lisa which if I possessed it I would know that only those physical brush strokes came from Leonardo's hand.

I think the idea of NFTs is that you know that the original artist (Beeple or whoever) issued the NFT, they clicked the buttons and saw the same hash you see on your screen.

Like if Leonardo da Vinci sent you a cryptographically signed email with something in it indicating that you specifically owned it, you'd probably find that valuable even though it's "just pixels" and the email can be copied - the ownership is embedded in the signed email (your name or public key, let's say) and can't be copied.

I think that's the point, anyway, I still don't think I really get it...

Yup. It works because there's a 1:1 and onto mapping between 64 bit hashes and pixel maps of arbitrary size ;-) /s
Honest question: at this point why don't we skip the NFT part and just keep the URL and the content in the Internet Archive?
This gives me an idea: Internet Archive could sell Internet Tokens™ that function exactly like NFTs (but stored on the Archive instead of blockchain). Holders would be incentivised to make sure that the Archive continues to exist via donations. It's a win win for everyone
What does it mean to keep a URL in the Internet Archive?
I think they mean you keep the URL and the content stays in the Internet Archive.

But it could also mean that the Internet Archive creates a special page, say, "Owned URLs", where they list a username owner for each URL that someone has payed for. If you wanted to trade your URL, the IA would get a small cut to modify the contents of that page with the new owner.

This is 1:1 equivalent to the proposed scheme, but cuts out the inefficient "mint NFT on Ethereum blockchain" step, replacing it with a simple database on the IA side.

There are on chain NFTs like cryptopunks. The rest of articles details around API centralization stand true.
If your solution is to trust the Internet Archive, why not just skip the blockchain part?

Any hash can match virtually unlimited number of different turd images.

And even if you trust the hash function to never be broken or brute forced with future technology, it can only verify the image, not prevent it from being deleted or altered, rendering the NFT broken and useless. Verifiably broken and useless, but still...

We can add the hash of the content but what happens if the URL goes 404 or the web server disappears? I'll be the owner of a useless pair of URL and hash.

Or those NFT contents (and the URL domain!) are guaranteed not to disappear unless many web 1.0 and 2.0 services people was paying for and went out of business?

An article about this: https://www.theverge.com/2021/3/25/22349242/nft-metadata-exp...

Many NFTs already do this, but the hash is for IPFS, which is a decentralized file storage system.

In fact decentralized storage being integrated into web3 is I think an element that the OP missed in his analysis.

IPFS is unfortunately not durable, nor very reliable when attempting retrieval through IPFS (versus a gateway, such that Cloudflare offers).
IPFS allows for more durability than the traditional way people point to content on the internet.

You can attach a IPFS hash to your NFT (or w/e) while still using clients that use a more reliable gateway.

Some NFT platforms operate with IPFS whose URLs are hashes of content. This solves that problem.
I’m not terribly up to date with IPFS (so feel free to correct me), but if I’ve understood it correctly, it’s not dissimilar to Bittorent where files are seeded by interested parties and if no one happens to be seeding any longer, the file is essentially dead?

It’s almost like you want some centralised entity to preserve copies of the images these NFTs link to.

I wonder how many IPFS-backed NFTs are only being seeded on nodes run by the big players like OpenSea?

Filecoin that you pay to have any files you like mirrored by many people, in a decentralized way.

Arweave is also a one off fee to have the file mirrored forever, the hosters are paid from the yield earned on that fee.

Sorry hacker news had an outage and somehow removed the first half of this comment and it's too late to edit now. Top was:

You are correct about IPFS, it's just like torrents. There are services like Arweave, Sia and Filecoin where you can pay...

Arweave nodes can choose not to store data (and will likely drop data that's not profitable over time also), so I'm not sure that it's really a solution.
Individual nodes can choose not to store it, but your data is sharded amongst many nodes. Usually it's something like 64/96 redundancy - it's sharded across 96 nodes and at least 64 must be online to retrieve the data. It gets re-distributed if some nodes are offline for a while (not sure on specific numbers)
I guess at least if you keep a copy of your NFT you can start serving it over IPFS yourself if whoever is hosting it can't be bothered anymore, or pay a service to on your behalf. It's sort of the ideal use-case for content-based addressing, I would think, since you're trying to prove some sort of connection with/ownership of/patronage over a piece of content. And it should be more long term resilient than a centralized solution as long as the NFT owners themselves don't lose their own files. At least the incentives are aligned (if you own the NFT you will want to keep at least one copy, if only so you can show it to potential buyers!)

It seems a substantially less silly idea than pointing a token at a url that you don't control. I guess I'm surprised that NFTs aren't all hosted on IPFS or something like it, if only as a backup. Like, have these people not heard of linkrot?

But I guess as long as the buyers don't realize yet that their immutable ledger entry can become a dangling pointer in a puff of smoke, it doesn't matter.

> But I guess as long as the buyers don't realize yet that their immutable ledger entry can become a dangling pointer in a puff of smoke, it doesn't matter.

I was surprised too, but only for a moment. In the end it's basically just a record that you "own" a small amount of data (url, ipfs hash, 'coin'). Unless my ownership gets me some utility (like exclusive access to the jpeg, maybe? Ability to transfer the ownership to El Salvadorian govt to pay my taxes?), I don't see how it has value

(comment deleted)
Yes, not dissimilar from torrents. Instead of being name-addressed and requiring the name owner to provide the infrastructure to serve the data (as with HTTPS), data are content-addressed so that anyone can serve the data.

Many NFTs are hosted by NFT platforms, and also by services such as https://nft.storage/ (backed by IPFS & Filecoin). It's quite trivial though to take the IPFS CID and pin it somewhere else (local computer, a pinning service like Pinata, etc.), and anyone can do it at any time. If all you want to do is be able to prove ownership at some point in the future, you don't really need to host the content indefinitely on IPFS...just host it when you need to.

This is trivially solved by including a hash of the object in the ownership certificate.
Would that be effective for low-res images like cryptopunks? Or can I create other 24 x 24 px images that have the same hash?
You can’t efficiently create hash collisions in a cryptographic hash
This was insanely surprising to me - I actually always thought the jpeg/art was stored as a kind of ‘blob’ on the blockchain that it was authenticated against the owners wallet/private key.
Some NFTs are stored this way (e.g. Blitmaps, Terraforms, Corruption(*s), &c); it's a more restrictive artistic medium since storage costs are high and technical limits feel like a trip back to the 80s. If you can fit nice art into the constraints then it can become quite popular/valuable since fully on-chain NFTs are actually decentralized (rather than the more common practice of linking to an external image).
Well the image could also be embedded in the data of the blockchain and/or a irreversible (currently) hash made for the image sitting on the server. Now will a court enforce that digital contract as a legal contract if the person takes down the server or puts up a different image? shrug I doubt it under current law.
Isn't storing the actual image data on-chain usually prohibitively expensive?
We need a version of Freenet, where the network _guarantees_ that your content is always highly available. Well, at least as long as the tech/network itself is still alive.

Every user of the network has to provide some storage for the network itself. If there's not enough storage to safely store your new content on the network as highly available, the network would just say sorry, can't do right now, please wait on the line while we get new storage (users).

Sure, it would need some massive network effect to work at scale, but we have now, what, billions of devices connected to Internet? That ought to be enough.

I never really understood this current "decentralized" tech. Decentralized hashes with centralized gate keepers, and mixed with "old school SPOF tech", e.x. the VPS's that store the actual content. wat.

edit: 10GB per device/user and 1 billion devices. That's 10 exabytes. https://www.wolframalpha.com/input/?i=10GB+*+1+billion

> Sure, it would need some massive network effect to work at scale

And nobody wants to participate. These projects are doomed to be extremely niche. As TFA points out, even nerds do not want to run their own servers at this point.

It could have worked in the days of casual piracy (kazaa, napster, certain private torrent sites etc had a shitton of users) if you managed to sell it as a way to do exactly that..

But getting people to install apps today to donate their bandwidth and disk space for.. what cause? Let alone when they figure out that gasp your storage may then be used for illegal material. Nah, it just doesn't work.

>Nah, it just doesn't work.

This is why we can't have nice things. :D

>your storage may then be used for illegal material

Then forget about the anonymization features of Freenet, and build something that ties to your Google Auth, Facebook ID, Government ID, whatever.

And let LEA access all of the content and seize/prosecute illegal content. Really not that different than storing your content on any of the cloud storage providers. With the exception that your data would be always guaranteed to be highly available, and not on just one or two centralized cloud storages.

>But getting people to install apps today to donate their bandwidth and disk space

That's just a marketing headache. ;)

> And let LEA access all of the content and seize/prosecute illegal content. Really not that different than storing your content on any of the cloud storage providers. With the exception that your data would be always guaranteed to be highly available, and not on just one or two centralized cloud storages.

It’s not that simple: if you host anyone’s content, you’re taking on personal risk (do you want to have to convince law enforcement that the pirated Disney movie or child pornography served from your home IP was served entirely without your knowledge?), giving up your resources (“Netflix is slow, turn off the mirror and see if it gets better!”), and getting slower performance/reliability (e.g. why OpenSea uses GCP instead of IPFS) immediately in the hopes that it will at some point in the future become worthwhile.

Note also that cloud storage is centralized administratively but distributed for reliability. I would give very long odds that you’re more likely to lose data through random IPFS nodes disappearing / dropping your data than on S3, and if you have to run your own geographically replicated nodes it’ll cost more in your time until you have a very large amount of data.

Statistically nobody does that, and because P2P networks need to significantly over-provision to compensate for unreliable nodes it’s hard to get anywhere close to competitive. The Linux world has the freedom ethos, no concerns about copyright/malware/etc., and still few people torrent ISOs because it’s usually slower.

No, we don't. IPFS guarantees that the owner can host their own NFT forever (there are multiple pinning services if they don't want to run a server). This is the best possible model. If even the owner doesn't give a shit, why should anybody else?

It's true that most NFT buyers have zero idea how this works. In 2 years multiple shitty NFTs are going to turn into 404. This is fine - people will learn to only buy images that use ipfs.

>IPFS guarantees that the owner can host their own NFT forever

I always thought IPFS just as a BitTorrent but with blockchainy tech stack.

But if it can indeed guarantee that my content would always be available, then IPFS is the answer.

BitTorrent also guarantees that your content would always be available – if you're hosting it.
Your response is different from what I posted. You can always pin the image on your ipfs node and it's going to resolve to the same, unique, hash (well, unless preimage resistance of sha2 is broken...) allowing everyone in the world to download it. That doesn't mean it guarantees availability - nothing does - someone has to host it.

Ultimately, the owner has to host it, or pay someone to host it, or hope someone else hosts it. Although nfts are small enough that any semi-popular ones may stay alive potentially forever as long as someone, somewhere, hosts it on an ipfs node. Potentially long forgotten by literally everyone alive.

I definitely agree that most people/projects/etc gloss over that fact that there still needs be a 'start of authority' to be trusted with NFTS. I think a major upside of doing the digital transactions on a Blockchain (as opposed to the system you described) is that the start authority does not need to be present or keep track of any future transactions. In your Rolex example, I believe that there would be no way of person A selling their Rolex (and digital rights of the Rolex) without notifying Rolex and Rolex having to keep track of transaction. With a Blockchain, the people could agree that the 'start of authority' matches the public address that is associated with Rolex and then proceed with the transaction with no need for any middle party.

I played a decent amount of Runescape growing up, so when I first heard of NFT's I naturally thought of that game. I would definitely find intrinsic value in truly owning an NFT of some of the rare in game items. And knowing that even if Jagex (parent company) disappears that I still have ownership over the items definitely adds a lot of value.

But see, this is where I get lost in this concept.

Should Jagex fold and the game become unplayable, what do you own? An entry in a database that says that you once had this item but you can't do anything with it? Why is that valuable?

I can sort of see the argument if other game developers allow for these items to be reused in other environments, and that's something pushed by NFT enthusiasts, but I don't see how that makes economical sense.

For one thing that puts a lot of work on the table of other game developers. If every NFT of every game needs to be usable in other games, can you imagine the headache? It's a combinatorial nightmare.

Besides devs want to make money selling their own NFTs, not adding items made by others for free, so what incentive is there for adding support for your rare Runescape item in some other game? Seems like devs would rather sell you a special "Runescape retro item set pack, only $9.99!"

And then we haven't even touched on IP issues. If you have an NFT of Lara Croft, can the devs of another game just clone the model in order to let you import her?

I feel like all of these issues by far dwarf whatever convenience NFTs bring to the table. The problems I outline above are the ones that need solving, and if you find a way around those you could very easily achieve what you want without "web3" tech (see Steam trading cards and Nintendo's Amiibos for instance).

Indeed. What's more, even if publishers wanted this, it's all possible without a blockchain. If game publishers decided to coordinate on respecting shared digital assets they could just agree on a common "digital item" spec where a connected client could prove item ownership using public key cryptography and digital signatures, similar to how JWTs let a client prove claims about another system. The same spec could allow users to trade digital assets in a peer to peer manner by signing a record of transfer to another user's public key - it'd then be up to the buyer (i.e. the software they use to verify the signing) to register the updated signature chain with the relevant game vendors.
>Should Jagex fold and the game become unplayable, what do you own? An entry in a database that says that you once had this item but you can't do anything with it? Why is that valuable?

Sometimes just ownership of something is valuable in itself. That's the whole idea of collectibles, it's not always tied to its original utility. Think having an original SNES versus an emulator on a computer or an original Picasso vs a digital jpeg copy.

>For one thing that puts a lot of work on the table of other game developers. If every NFT of every game needs to be usable in other games, can you imagine the headache? It's a combinatorial nightmare.

Every NFT of every game doesn't have to be usable in other games, but the option to easily access the in-game ownership records of another game can allow for some asset sharing.

>And then we haven't even touched on IP issues. If you have an NFT of Lara Croft, can the devs of another game just clone the model in order to let you import her?

No but maybe I can give a Croft-esque outfit to an in-game character if the player has the Lara Croft NFT. It could be a selling point to some players to be able to play with assets inspired by another game they love. It could also add some unrelated mechanic to a game in which case the NFT is just used as a marketing ploy to advertise to a certain demographic. Re-using NFTs could also be completely unrelated to 3rd parties and can allow developers to allow easy migration of old assets from old games to new ones without having to maintain teh records themselves.

>I feel like all of these issues by far dwarf whatever convenience NFTs bring to the table. The problems I outline above are the ones that need solving, and if you find a way around those you could very easily achieve what you want without "web3" tech (see Steam trading cards and Nintendo's Amiibos for instance).

Again, the idea is to have a digital asset that can be traded (in terms of ownership) like a physical asset would -- without the need for a centralized mediator. Just because certain applications typically act as centralized gateways doesn't mean the blockchain itself is centralized. The hope is for the blockchain to be used as a reliable source of information for decades to come with the ability for anyone to participate if given the very accessible minimum resource requirements.

> Sometimes just ownership of something is valuable in itself. That's the whole idea of collectibles, it's not always tied to its original utility. Think having an original SNES versus an emulator on a computer or an original Picasso vs a digital jpeg copy.

But with a Picasso the scarcity is inherent in its physicality: there is only one in existence. With digital data, it is infinitely reproducible and fungible. If I replaced a JPG with a bit-for-bit copy, no one would notice nor care. Not so with a Picasso. So, NFTs are supposed to come in a make a record of your purchase of this JPG, but unlike the Picasso, this JPG does not physically exist. It must be stored somewhere and, unlike the Picasso, this has an ongoing cost. You don’t need to pay to store the Picasso (although most collectors certainly don’t just keep it in their house, they could). But you do need to pay someone - whether a company or a decentralized network - to keep storing your JPG and once you stop, it’s gone forever. It seems like it would be more future proof if Jagex just mailed you a physical print of the JPG and a certificate of authenticity.

I think saying "an original Picasso vs a high quality knockoff" would better clarify my point. I would also like to add that scarcity is not inherent in physicality, especially when a physical copy of said physical item can be made. I would argue the recorded ownership and verifiable provenance of the item make an original Picasso valuable. People don't care about just having the art because the art can be easily replicated, physically or digitally.

And yes there may be an ongoing cost associated with storing a digital image, but you could also download it on your computer, print out the image, or try one of the decentralized solutions. Ideally the metadata and image would be stored on something like Arweave (which only requires a one-time payment) since reliability through decentralization is one of the goals of the web3 movement.

>It seems like it would be more future proof if Jagex just mailed you a physical print of the JPG and a certificate of authenticity.

If the hosting of the image goes down then you still have the attestation of owning the asset on the blockchain (signed by a private key that has been associated with Jagex on creation of the NFT). As for the physical print option, I'd say since physical things can be destroyed much easier than digital items, I'd prefer it if the certificate of authenticity was just an NFT (trying to enforce an NFT to belong to the same owner of a physical asset is a losing battle).

All in all I'd say NFTs bring value to asset collection by providing stronger attestations of ownership, public provenance, and resilient record-keeping.

> No but maybe I can give a Croft-esque outfit to an in-game character if the player has the Lara Croft NFT. It could be a selling point to some players to be able to play with assets inspired by another game they love

Why would a company do this? They spend a load of dev time to create a valuable in-game asset linked to a non-fungible token created by a third party which only one person can possess at a time and then... hope the NFT owner pays $34.99 for a retail copy of the game, otherwise the asset goes unused?

That doesn't sound like a scalable marketing strategy.

Typically people don't build features around individual NFTs but NFT collections. If 20k Lara Croft NFTs were minted in a special Tomb Raider NFT collection, then the access to the new skin would be available to any of the owners of the 20k Lara Croft NFTs in the collection. I think the misunderstanding here is that an individual NFT gives unique access to an in-game asset, sometimes NFT collections give unique ownership to a copy of the same game asset.
That doesn’t really change the question, though: the Tomb Raider developers don’t need an NFT to do that, and any other company isn’t going to spend much of their money giving something for free to a handful of someone else’s customers. Why spend time on that instead of, say, charging $10 for the homage DLC which gives them actual revenue and from a much larger number of people?

For example, how many of those NFTs would have been lost or stolen — and do you want to tell potential buyers “sorry, nothing we can do about it - blockchains mean no margin for error!”

Fair enough, creating an asset which 20k people with access to a collection theoretically might use is more attractive than creating a unique asset for a unique token. It does seem strange that the supposed "killer app" for NFTs in exchangeable game stuff wouldn't have any use for their core feature (uniqueness on the blockchain) though.

If a developer wanted to market games by offering inducements to players of other games in the form of unique content it seem like a lot of other solutions would be more attractive than the blockchain. Partnership with other developers or platforms like Steam gives you an actual marketing channel to hype the special add on for Tomb Raider players, and to a lot more than 20k people. The only case where I can see them preferring to attract small numbers of players of a third party game who paid that developer for NFTs rather than every player of that game is if their game is pure pay-to-win bullshit and there's no point in targeting the sort of player who doesn't buy NFTs...

> In your Rolex example, I believe that there would be no way of person A selling their Rolex (and digital rights of the Rolex) without notifying Rolex and Rolex having to keep track of transaction.

What does "digital rights of the Rolex" mean? Also, why is it harder to notify Rolex of this transaction than it is to notify some blockchain?

> the subset of problems that can only be solved using NFTs is incredibly tiny

What problems can only be solved by using NFTs?

>>Rolex issue a PGP signed CSV of all valid Rolex serial numbers once a month on IPFS and you'd get the exact same security and trust profile without having to involve any "web3" feature?

This doesn't enable real-time transfers of NFTs.

Ideally, the blockchain allows the NFTs to be traded without Rolex relying on another company acting as a trusted third party platform keeping track of ownership, or Rolex itself running its own transaction database. The blockchain is a common open platform for transactions, and that's useful.

The NFTs are useless. The watches - the thing people care about - can still be traded without relying on Rolex or any other company.
That's a different topic. I was addressing why Rolex might prefer a blockchain ledger over their own internal one.
> I don't see why the IP owners would play ball and accept the loss of control).

The main reason would be if they could make more money on their digital goods by floating them in a large, open, heterogeneous market rather than in their smaller walled-garden. That's what traditional capital markets are good for, and the name of the game here is figuring out how to recreate those benefits in decentralized digital markets.

ehh.. why sell the item once to a person in a large open market, when you can sell the item multiple times to the same person in multiple markets.
The problem with traditional authority models is that the authority may disappear or be subverted. In regions with unstable governments you cannot rely on the government to keep saying that your house is your house.

This is why I think the really valuable and underserved use case of the blockchain is decentralized identity. You can prove you are who you say, you’ve studied where you claim, you’ve worked at the places on your resume, and do this in ways that cannot be subverted or lost. This would be invaluable for refugees who often struggle for months or years with proving they are who they are.

For people that live in stable countries with reliable governments and strong enforcement of contracts this does not provide much value however, and I think this is why this subdomain of web3 remains underserved.

> This is why I think the really valuable and underserved use case of the blockchain is decentralized identity. You can prove you are who you say, you’ve studied where you claim, you’ve worked at the places on your resume, and do this in ways that cannot be subverted or lost. This would be invaluable for refugees who often struggle for months or years with proving they are who they are.

That's a very interesting use case, but it's hard for me to see exactly how this can be made to work.

Suppose you study at the National University of Unstabilia, which is located in a disaster-prone and conflict-riven environment. You complete your B.A. there, and you get the NUU to record this fact on a public blockchain.

A few years later, things are really bad in Unstabilia, so you move to Belgium. After you arrive there, you tell someone (maybe a prospective employer?) "hey, I'm Joeri, I'm a refugee from Unstabilia, and I have a B.A. degree!". For some reason this person is skeptical, so you say "it's OK, just look up the blockchain record with the following hash!".

Sure enough, the public blockchain contains an entry reflecting that someone named Joeri did, indeed, earn a B.A. at NUU a few years back. This is great, because maybe

* Unstabilia City was mostly destroyed in an earthquake, making it hard to contact people there, and many of the people who would have known you during your studies have likely died or become refugees themselves; and

* Lately, the new NUU administration really hates your ethnic group, so much so that it prefers to deny that people of your ethnicity were just recently widely represented among its student body; and

* Many of NUU's records were previously lost in a fire; and

* Before that, someone reputedly hacked NUU's computer systems and stole all of their records, and probably all of their cryptographic keys.

But thanks to the blockchain records, your new Belgian friends can still confirm that you actually studied at NUU, right?

But, how do they know that that record is really from NUU? How do they know that NUU really exists? How do they know what its signing keys were, and how long they remained under the university administration's control? How do they know whether it's a legitimate university? And, maybe most significantly, how do they know that you're the same Joeri who earned that degree back in the day, as opposed to some other Joeri? Are these records including some kind of digitally signed biometrics?

> But, how do they know that that record is really from NUU? How do they know that NUU really exists? How do they know what its signing keys were, and how long they remained under the university administration's control? How do they know whether it's a legitimate university? And, maybe most significantly, how do they know that you're the same Joeri who earned that degree back in the day, as opposed to some other Joeri? Are these records including some kind of digitally signed biometrics?

Asking blockchain to solve those problems is a bit ridiculous. Those are problems that need to be solved in any system, and are solved enough in many today. For starters, its not hard to archive your signing keys somewhere safe and public, especially on the blockchain - the group of Universities and employers who care about that validity will have some central organization in identifying that archive.

If they can verify that, how much does the blockchain add then?
Well the example clearly stated an issue of redundancy. Things which can be done off chain which as little trust should be done off chain - that doesn't mean a distributed file storage protocol which runs off some chain and uses economic and cryptographic incentives isn't the solution.
So now remove the blockchain entirely and what value was lost?

This is what the article demonstrates. All the value is in the trusted authorities issuing things, not the transaction record on a blockchain.

Trust is important and trustless transactions with pseudo anonymous entities are not worth much.

The issue being discussed is putting college degrees on the blockchain such that viewers can be sure they are genuine and robustly hosted without tampering - no revocation.

The blockchain solves the last two, but if your conception of them is as a magical technology that can solve every issue by virtue of hosting data then you're going to be a dissapointed simpleton.

Your core issue is that colleges are a centralized institution which decide who gets rewarded - that's what it boils down to when you say "all the value" is in trusted authorities issuing things. For starters that's a ridiculous assumption that trust is still necessary for value, but more importantly stating that blockchains are useless because they cannot replace colleges is disingenuous.

My problem with blockchains as the proposed solution here is that they solve none of the hard problems, introduce some new problems, (and no they are not an irrevocable record (as if that were even desirable), look up the DAO Hack or Bitcoin Cash fork and they certainly aren't proven to be permanent or reliable) and removing them would make the solution simpler and cheaper - the essential problem here is trust, not recording and sharing data.

You have not demonstrated any added value, and the straw-man insults sprinkled with spelling mistakes do not help persuade.

Yes I am straw-manning when you've built your original critique off a single niche use case (I believe the progenitor even used the phrase 'what if') and cite failing projects at least attempting to innovate as evidence of the uselessness of a technology which has achieved its original goal and continues on.
Bitcoin is a dismal currency.

It has thus failed at its original goal (a useful currency to rival state backed currencies).

I have an idea! Why not create a _second_ blockchain which verifies the identity of NUU? :)
None of that requires a blockchain. The same level of investment in digitization to get all of this info on to a blockchain could be used to publish it to the cloud, secured and authenticated by cryptography.

The blockchain gets you exchange, with completely transparent meditation, in the form of the smart contract / script code.

> In regions with unstable governments you cannot rely on the government to keep saying that your house is your house.

You can say it's your house all you want, but if the new regime sends soldiers to evict you, no amount of evidence that it belongs to you is going to help you.

I don't really see how that works.

Do you propose that "all" authorities provide digital certificates, in preparation for the region becoming unstable? If yes, paper certificates already exist, and seem to go missing -- why would it be harder for digital certificates to go missing? Or for the thing that ties one person to their digital certificates?

Or do you propose that authorities in unstable regions provide digital certificates? If yes, how can you trust them, given the unstable nature?

I value thinking about these things, but somehow I still struggle to see where the proposed extra value comes in. Maybe I'm thinking too much in extremes, and the value breaks down in extreme cases.

> Couldn't Rolex issue a PGP signed CSV of all valid Rolex serial numbers once a month on IPFS and you'd get the exact same security and trust profile without having to involve any "web3" feature?

They totally could. But what’s interesting about NFTs is they standardize this process across all kinds of assets and issuers. Instead of a CSV for Rolex, a Twitter history for an artist, a deed for a house, a rental agreement for an Airbnb, it’s all just one format.

In the past, there’s been tremendous value that’s come out of standardizing stuff, allowing infrastructure and new kinds of businesses to be built on top.

It would be easy to create standards for Digital Asset and Identity so that producers could represent ownership on their servers and allow for trade. The only thing NFTs give you is hosting for this in a logically centralized network. Hypothetically, this allows for operations on different contracts to be composible, but I don't think this happens much in practice.
It’s two sides of the same thing, I think.

Some things are standardized with protocols: IP, TCP, SQL, etc.

Other things are standardized with storage formats: FAT, NTFS, etc.

NFTs fall into the latter bucket, with some conventions for the former but nothing as mature as a protocol.

I am only interested by money aspect of crypto and especially on ability to fund companies easily via labor (actually that worked well in Communism). Will see if central bank currencies will allow for the same. That could be big boost to economy and big hit to VCs so I expect this to come from EU.

All those creator economy apps show that there's a need to democratise economy. I am again tempted to quote hustlers here.

> and especially on ability to fund companies easily via labor

Not sure I'm following. How would that work, and how would crypto facilitate this?

What he says about NFTs is embarrassing, lmao. I've personally never bought them myself but I am enthusiastic about blockchain tech. Is there really no commitment saved for an art work? You would think this was basic shit. Maybe there is more than one NFT protocol?

He also has a good point about centralization in 'blockchain oracle' services. In major wallets I've often seen them just make calls to blockchain / TX lookup services -- no cryptographic proofs there (though in theory easy to add with 'spv proofs'?) I also like that he went as far as to make two dapps before critiquing it. This is one of the better criticisms of 'web3' out there.

I don't think what he says about OpenSea being better as a 'centralized' service is valid. Most of his critiques for the downside of blockchain-tech seem to be Ethereum-specific. For example, Solana transactions are blazingly fast, low-cost, and there are nice stable coins on there. OpenSea seems like it would be 'better' if it were an actual cryptographic protocol. Maybe link it with IPFS + Filecoin.

I like Moxie's work and writings, and this article has some great points, but I can't get behind this:

We should accept the premise that people will not run their own servers by designing systems that can distribute trust without having to distribute infrastructure.

I'm not ready to give in. I am happy to leave "normal" (tech illiterate and politically apathetic) people behind to reach my decentralization goals.

I think instead of building centralized infrastructure that does not require trust, we can make it easier to host decentralized infrastructure. Including allowing a "server" to be offline for months at a time, come online for a minute or two, then disappear again. P2P networking is also an area we can improve on, IMO. Too much information is going across the internet instead of point to point. Bluetooth is a terrible protocol, but airdrop (and reverse engineered implementations) seems to be promising.

> I am happy to leave "normal" (tech illiterate and politically apathetic) people behind to reach my decentralization goals.

You realize this approximates to roughly "everyone that isn't you"?

I doubt it. Definitely 2-3 standard deviations. But that leaves something like 0.05% of the population.
What does it mean to leave normal people behind? Surely you need to interact with them.

For example, you can run your own mail server, but you will need to play by Google’s rules if you want anyone on Gmail to get your emails.

So, it’s hard for me to picture what it means to personally decentralize without caring what the bulk of people do.

Email is inherently centralized due to DNS being centralized. Furthermore there is no rule that says I have to federate with any particular entity.

They will take the loss.

Hm, I think my point might not have been clear enough. I would find it hard to function without interacting with central system, like sending an email to someone on gmail. Just today, I emailed a plumber on gmail, but it could easily have been an old friend or a relative or whatever.

How do you email the plumber, is my question?

Email doesn't require DNS. Modern spam solutions for DNS do. You can most definitely use something like `spiped` to create a mutually authenticated, secure channel over IP, and just send mail over that. Or build a VPN overlay network and send mail to raw IPs. If you're going to cloister yourself with your fellow monks^W nerds then this is simple.
Thanks for the info. Yeah a monastery would be nice. Definitely goals.
> I'm not ready to give in. I am happy to leave "normal" (tech illiterate and politically apathetic) people behind to reach my decentralization goals.

Which should be already possible with with the current offerings around selfhosting applications and p2p technologies.

But as the same time you need to accept that the "normal" people would probably be happy to, in turn leave you behind to reach their goal of being able to use all service available without needing to concern themself with running their own server.

> I'm not ready to give in. I am happy to leave "normal" (tech illiterate and politically apathetic) people behind to reach my decentralization goals.

I don't think we have to "leave "normal" [...] people behind". I don't like devices like Alexa, but FFS, look at what millions of people have installed and running 24/7 in their homes. Is someone seriously telling me that a dedicated engineering and marketing effort couldn't build a similar consumer-centric device that functioned as a server (purposes to include but not necessarily limited to http and smtp).

> Is someone seriously telling me that a dedicated engineering and marketing effort couldn't build a similar consumer-centric device that functioned as a server

They already have, and their name is Synology: https://www.synology.com/en-us/products/DS120j

> Including allowing a "server" to be offline for months at a time, come online for a minute or two, then disappear again.

Neo-NNTP!

NNTP with enforced GPG authentication and PoW like spam prevention could work today (in the narrow technical sense, not in the wide product sense.) It wouldn't even be that large of a lift from current NNTP architecture. Create a moderated Usenet group that only accepts posts that complete a PoW challenge and that sign their messages.
Some of this echoes Matt Levine's take on crypto and DeFi generally: you will repeatedly see the re-learning the lessons of hundreds/thousands of years of traditional finance.

I'm not sure that the "mobile device can't act as a node" is fundamental (it's more a quirk of the current systems), but "nobody wants to run their own server" => "centralization" is a great reminder:

> I think this is very similar to the situation with email. I can run my own mail server, but it doesn’t functionally matter for privacy, censorship resistance, or control – because GMail is going to be on the other end of every email that I send or receive anyway. Once a distributed ecosystem centralizes around a platform for convenience, it becomes the worst of both worlds: centralized control, but still distributed enough to become mired in time.

The views on centralized services such as Infura really resonate with me. A few months ago I looked into how Ethereum and smart contracts work and got excited that there is basically this shared "virtual machine" with persistent, public state that can only be altered by interacting with those smart contracts.

But soon after it became clear that it is not really possible for me (or any regular "client" as the article calls it) to look at the state of the virtual machine and evaluate view functions myself. The block chain is so large already that we need to rely on big servers which are operated by other people to do this.

But there are other L1 blockchains already that aren’t like that (eg. Mina) and who knows in future what will come..
Good to know! I don't know much about the blockchain space and have only looked more closely at Ethereum so far.
Yeah that’s fair enough, and it’s changing so fast. I imagine alot of the current problems will be fixed over time… it’ll get there eventually. There are some good educational resources cropping up now e.g. Web3 University and rabbithole.gg
I think you can use geth --syncmode snap to get a snapshot quickly with which you can interact with the Blockchain.
You can do this locally though, it just takes like 200 GB. I've run an Ethereum full node + eth2 beacon chain node on my Macbook Pro for local development, took like 10 hours to sync IIRC and just worked afterwards. I still use Infura for projects though bc I don't really see the value in running my own hosted client for pet projects. If I was doing a production app I'd likely use my own w/ a 3rd party service for backup/HA.
That's the size now. If web3 manages to take off, the requirement will grow exponentially.
But that's just it.. One would have to stand up a server that hosted the 200gb, so their Iphone users could consume the data. Or they'd go through a central server.
Running nodes is pretty easy with setups like DappNode. Full eth nodes arent that big, i synced a new one in a couple of days last week onto an old ssd.

Most heavy contract data is stored offchain on ipfs, so you can just pin the stuff you are interested in.

Where i would agree is indexing/searching lots of data is a pain. You cant just give an address and get a list of tokens associated with it, you have to call every token and get its balance. It makes sense, but its annoying, and is why opensea api is so popular for nfts. But i have hope with services like TheGraph growing that search and index also has distributed and resilient design and we become less dependant on one endpoint api.

Doesn't matter how easy it is if no one wants to do it to begin with.

I hate running servers even for my business. I want someone else to do that as the article pointed out.

This is the first enlightening article I have read about Web3. Maybe that says more about how little I have read than about how good the article is.

Anyway, Moxie seems very focused on the decentralization aspect - that Web3 doesn’t decentralize as much as we would like.

An alternative aspect is the “global ledger of ownership and transferrence” though. Yes, interacting with blockchains is hard so it is some through APIs… but there does still seem to be something important about the idea that my ownership of something on a blockchain is permanent, and exists outside of any corporate notion of ownership, in a deep mathematical way. That’s fundamentally appealing!

But is it appealing enough to overcome market forces? I think Moxie is right to spend a lot of time on the “nobody wants to run servers” thing because it shows that most users are powerfully motivated by convenience; if the mathematically-beautiful blockchain ownership records remain inconvenient then they are likely to be a niche attraction (like running your own mail server).

I'll be honest I had no idea that access to Ethereum is effectively gate-kept by two centralized entities (Infura, Alchemy). I knew there were only one or two true Ethereum full-nodes, but the impact of that never quite clicked.

[edit] By "full node" I meant "archival node."

  only one or two true Ethereum full-nodes
source?
I should have said archival nodes, the ones that keep state back to the genesis block. I don't know if that number is even tracked anywhere. I've read estimates ranging from 2 to 5. I'm trying to find where I read that, happy to be wrong - or right, if anyone has data.

[edit] Here. [1] And here. [2]

  After examining every which way we could think of to add the Trie state to our Ethereum state, we asked Vitalik for assistance. His first comment to us was “oh you’re one of the few running one of those big, scary nodes.” We asked him if he knew of anyone else running a “big, scary node” to see if we could possibly sync with them. He knew of no one, not even the Ethereum Foundation keeps a full archival copy of the Ethereum chain. [2].
[1] https://librehash.org/ethereum-archival-node-review/

[2] https://blog.blockcypher.com/ethereum-woes-d9b2af62da67

I've run quite a bit of analytics on ethereum and have downloaded the entire chain multiple times for processing and it's freely available from multiple providers. All the major API providers (infura, etherscan, etc) have the all the raw blocks available readily.
everyone running erigon nodes (like myself) are running full archival nodes, currently there are ~300, https://www.ethernodes.org/.

Many geth nodes are archival, but we cant see which ones are.

Some Erigon nodes run with pruning enabled. You can't tell which ones those are, or how much pruning.

Technically you can tell which Geth nodes are archive nodes with a GetNodeData query over devp2p, although that call is deprecated and will eventually be removed. Its replacement, GetTrieNodes, cannot be used for this.

Erigon nodes are full archival by default, and dont use much space, about 1.7TB, which is quite thrifty consider geth uses like 10TB.

So, many people run full archive nodes now. Thanks erigon team!

Archival nodes also keep state back to the genesis block, it's just stored in delta format so you could say that it's not "unpacked" out to the disk. It's a common misconception that "full nodes" don't have all this data.

> Every now and then someone will argue on CT that Ethereum full nodes are not complete nodes because archive nodes exist. I decided to run a little experiment to disprove a few things

> The goal was to convert a full node into an archive node, demonstrating that Ethereum full nodes contain all the necessary blockchain data.

> 28 days later, I can confirm that it worked. I started with a 150 GB full node and expanded it to an archive node weighting 2.3 TB, without external network connectivity.

[1] https://twitter.com/marcandu/status/1116807660882530305 [2] https://medium.com/@marcandrdumas/are-ethereum-full-nodes-re...

The fact that all the data is there is kind of irrelevant if you can't query it.
Why would you want to query it, though?

A full node lets you fully verify the chain's historical states and it lets you interact with the current state. Unless you're running a service that exists solely to allow people to query historical states (like a block explorer service), I don't see why it would be useful to be able to query historical state.

You need an archival node to see a list of all transaction that transfer eth into an address.

A full node can only give you the current balance, and a list of all transactions that directly transfer eth to that address. Any transaction that transfers eth as the side effect of a smart contract is invisible.

I personally see it as a flaw in the design of eth. You shouldn't need the complete history of states just to find all relevant transactions, but you do.

Besides, the argument that regular users shouldn't need to query such information it doesn't change the fact that the information is unqueriable in a full node, short of spending 28 days transforming it into an archival node.

I'll give you that. If you need to query a list of all contract transactions that have ever transferred ETH to your address, I believe you would need an archive node to do so although don't quote me on that.

> Besides, the argument that regular users shouldn't need to query such information it doesn't change the fact that the information is unqueriable in a full node, short of spending 28 days transforming it into an archival node.

If you don't need to query the data, then the data doesn't have to be unpacked and indexed for querying. Seems simple to me.

It's kind of misleading to claim the archival is packed. It's not compressed into some archival format. Instead, the full node contains all the inputs to regenerate the data.

To transform into an archival node, a full node has to rewind to the very first block, and replay every single transaction.

Since the EVM is Turing complete, this is roughly equilvent to stimulating a computer with years of recorded keyboard and mouse inputs, taking care to record how each input effects state of the computer.

You can't jump to the middle, you have to replay the whole thing.

I don't think it's misleading to call Git history "packed", and the mechanism for regenerating historical states is similar to Ethereum's (though of course Git's delta function is changeset-only with no turing-completeness). In fact, Git calls its own delta-storage "Git packfiles".

The EVM is a very simple and rudimentary virtual computer, so replaying the whole thing isn't an impossible task. According to the tweet, it took this guy's computer 28 days to replay 4 years of history.

Git also adds snapshots to the mix, which makes it possible to rapidly jump to fixed points in history and only use deltas for the fine grained seek. Git also has indexes to find stuff.

Git justifies the viability of it's "packing scheme" by actually making everyday use of it.

A full eth node has no snapshots or useful indexes into the archival data. It has to apply the deltas linearly from the beginning. Applying the deltas is very slow, very IO bound, seeking all over the disk.

The data might be there, but it's practically useless. A user who discovers they need some archival data is never going to consider waiting weeks for the nearly 7 years of history to be replayed before running their query. Instead they will head over to etherscan and trust whatever it says.

Those all sound like local database features that one could add to an Ethereum client if they found them useful enough to bother, they aren't protocol-level concerns or "flaws in the design of eth" as you put it earlier.

> The data might be there, but it's practically useless.

The availability of the packed data is useful, just not to the end user of the node. Having this data widely available on the network means that anyone can spin up an archive node by peering with other full nodes, they don't need to discover and peer with the very limited number of other archive nodes, and the network doesn't need to worry about losing that data permanently if all archive nodes go offline.

> A user who discovers they need some archival data is never going to consider waiting weeks for the nearly 7 years of history to be replayed before running their query. Instead they will head over to etherscan and trust whatever it says.

Call me unprincipled but I don't think it's an issue that if a user needs data above and beyond what's needed to fully verify the chain and read and write to it, they're expected to either spin up a more resource-intensive node or retrieve the data from a specialized history service. Statelessness is on the roadmap, so in the long-term the historical data that Etherscan and similar services serve up to you will come with a validity proof anyways.

I'm fine with you dropping the principles of decentralization and accepting that the current situation is ok.

You can construct many great arguments that the increased centralization is a good thing, or that the upsides are better than the downsides.

What I take issue with is attempts to classify ethereum "Full Nodes" as more than what they are. Yes, they technically contain all the information requires to reconstruct an archival node (at least until statelessness becomes a thing).

They are simply not anywhere near the same thing, and attempts to brand them as the more or less same thing just comes across as denial.

> They are simply not anywhere near the same thing, and attempts to brand them as the more or less same thing just comes across as denial.

They are the same thing specifically when it comes to:

* Downloading, verifying, and storing every transaction that has ever happened on the network

* Maintaining a tamper-proof, data-complete copy of the blockchain

* Interacting with the blockchain in a maximally verified, maximally secure way

I never said that they were exactly the same thing or that they should be branded as the same thing, I said that they store the same data (by which I mean from an information-theoretic standpoint), which is true.

> What I take issue with is attempts to classify ethereum "Full Nodes" as more than what they are.

I take issue with the attempts to classify them as less than what they are.

What needs to be squashed is the common idea in the OP that "full nodes are not actually full" because there's a "fuller" "archive" node that has the states indexed on-disk. The difference between a full node and an archive node is perfomant historical queryability, not security or data-completeness.

OP says that "access to Ethereum is effectively gate-kept by two centralized entities", which is untrue because you don't need an archive node to access Ethereum, only a full node. OP's idea that an archive node is the only "true Ethereum full-node" is common baloney that pops up often in the cryptocurrency community.

This is where the difference between theory and reality start to become an issue.

Yes, in theory the full node contains the full blockchain. Yes, it's all you need to verify that any transaction happened. Yes it's tamper proof.

But in reality, it can't show you the full side-effects of every transaction. In reality there are occasionally things things that require archival data. In reality, it's always easier to go to a centralised block explorer, or pay one of the few centralised API services (And I know this from experience, I've synced a full archival node back in 2019, and build a product that required querying it. It was such a pain that these days I'd highly recommend not doing that and just paying for API access)

In reality, the fact that you occationally need to go to etherscan to get the data you need, results in you just going to etherscan anyway, even for the simpler queries when you have a perfectly fine full node sitting there (again, personal experience). Hell, etherscan actually provides more data than an archival node, where else are you going to find the source code for contracts?

In reality... Most people don't even run light nodes. They certainly don't run full nodes. They just use etherscan, or whatever API their 3rd party wallet uses.

That's why in reality, access to ethereum is partially centralised around API providers. Yes, in theory anyone can go around them, set up their own node or create a competing API service at any time. But that's not what happens in reality, and when it comes to the topic of centralisation vs decentralisation, I'd argue that reality is far more important than theory.

This is highly unlikely to be true. I've got the full thing working with erigon, the idea it's 5 at most is hilarious.
There’s no real reason for this to be honest. The Web3 projects I’ve worked on tends to fall for centralized services like Infura because of development needs at first and then it’s just easier to use it for production. I’ve made a decent living for the last two years setting up test infrastructure for Web3 projects due to its complex nature. This is true across all blockchains, not just Ethereum. It’s an area ripe for new DX products.
New products? Would those be more centralized platforms, or is it feasible for me to connect to the blockchain, verify stuff, and so on if I am running my own server?

It still seems that my users on phones and browsers would need to trust me in that case, right?

Oh it’s totally doable to run your own node on your own server! And thanks to the protocols consensus rules your users can trust that for a transaction to go through your node and be accepted onto main net your node is a good actor.

So one example I’d give - every team I’ve worked on has had to build a local development environment with several nodes to easily spin up with a clean slate for deterministic testing. Teams get sucked into tools like Infura to set these up and then it’s so easy to do the same for deployment they do just that. I think there’s tons of room for Blockchain-as-a-Service tools to improve development and testing processes without forcing centralization on main net deployments.

Okay. Why doesn’t everyone do that, then? Why use Infura?

As is hopefully obvious, I am totally naive here; my questions are genuine. Thanks!

Economies of scale basically.

It's way simpler to just connect to Wikipedia.org and download the pages you want to read instead of downloading the whole Wikipedia.org database and keeping it stored and updated on your devices. Same principle.

Mostly the cost of hiring a DevOps engineer to set it up and maintain it and taking on the additional risk of having to deal with upgrading the node etc... It's just cheaper and easier to go centralized at the moment.
Though things are never cheaper to maintain than at the beginning of a tech bloom. Its only going to get more expensive to create and maintain as the node and the APIs get more complex.
Sure but these aren't crazy complicated beasts - a binary installation and some unix experience gets you 90% of the way there! I don't think they'll get far more complex in the next few years at least, and documentation/user support is really good
Its all the dependencies, security updates and keeping all of them up to date and in check. One word, Log4j.
same reason people are moving to aws, and people which used to use aws instances are moving to serverless.

Leave infrastructure work for other people.

> And thanks to the protocols consensus rules your users can trust that for a transaction to go through your node and be accepted onto main net your node is a good actor.

Usually, you still have the “server is selectively lying” problem; unless the users are talking to each other, how do the consensus rules help with this?

(Related to the https://en.wikipedia.org/wiki/Byzantine_fault problem, though that's about forming consensus rather than determining trustworthiness.)

> Usually, you still have the “server is selectively lying” problem; unless the users are talking to each other, how do the consensus rules help with this?

If you're submitting txs to a node that doesn't communicate to the mainnet (they're isolated from it) then any txs that go to it would be void. You could just use that Eth on the proper mainnet as it wouldn't be on the chain. If the node decided to then come onto the mainnet it's chain would be vetoed by the other nodes states and would fork back onto the main chain. Ethereal has Byzantine-Fault Tolerance up to 50% and you don't gain anything by running an isolated node to try trick people.

That's not the only way to lie. You could, for example, lie that a transaction that doesn't exist has gone through – say, in a cross-chain “currency exchange”. Or perform a double-spend attack. Or many other things, because the Byzantine fault tolerance doesn't apply in this case.
> Blockchain-as-a-Service tools

You mean something like AWS, but that allows me to quickly setup an server containing a node?

Yes, but with a few other things! Setting up ad-hoc chains with custom genesis files would be a huge improvement for dev teams as they'd not have to make their own solution (which everyone I've worked with has ended up doing).
> I think there’s tons of room for Blockchain-as-a-Service tools to improve development and testing processes without forcing centralization on main net deployments.

The big Blockchain-as-a-Services shut down - both IBM and Azure are gone.

I don't mean these sorts of simple host-a-node services but something where you can run custom chains for your dev and testing. For example, this week I had to build a separate Polkadot chain for a client that had reduced governance term durations so they only took 5 minutes instead of 120 day and with a smaller council size so tests are easier to manage. This needs to run in CI so has to be in a position to spin up and tear down on command and the genesis block has to fund the appropriate accounts for testing. This could be pretty easily abstracted to a Web App for people to build this without needing to know how the underlying nodes operate, what to change, etc...
Bit that it'd be very practical, but the data itself is shared so in theory every company could set up their own API to render the blockchain into a readable, quick to access format. Even the vanished poop emoji NFT would reappear once someone else renders their view on the blockchain in the right way.

The problem with this is that running servers that store and process one or even multiple blockchains in a searchable way is terribly costly and inefficient. In theory the public ledgers are all safe against locking away data, like Google or Microsoft could do with your accounts in the real web, but in practice nobody wants to be the guy making a loss on serving blockchain views.

If web3 ever gets off the ground, it needs more of these access provider companies. Perhaps even a prebuilt system you can throw onto your own server to participate, like IPFS and other existing decentralised systems provide.

I'm still not clear on the actual benefit of the cryptocurrency web other than the concept of "owning things without legal protection or oversight" which I (and I believe most people) have very little interest in if it comes at the premium it comes at today. From a technical standpoint all of this blockchain stuff is awesome, but it's an awesome solution in search of a problem.

Problem is who cares if you run your own servers when everyone you know is viewing NFTs through servers which are manipulating the data like Opensea is.
That's true, but if the NFTs show up on some places and not on others then you could start a "resistance" against the existing market places. Outside of DMCAs and other such legal requirements, an exchange needs to be impartial about the stuff being sold and published on there to remain credible.

The cryptocurrency crowd is usually drawn to the decentralised, unregulated market, and OpenSea has turned out to be the exact thing blockchains are trying to overthrow.

Except that OpenSea is successful.

So it shows that people don't really care about (a) decentralisation or (b) manipulation of the true blockchain output.

>Except that OpenSea is successful.

thanks to VC money looking to centralize the web3 economy.

But that's the point. So many people hyping web3 like it's going to be fundamentally different which is why it's worth all these resources (both people and energy), when it appears already heading down the same path as web2. Consolidated companies growing very large and getting a bunch of already known VCs even richer.

It's like a populist movement whose goal is to enrich the existing rich.

In theory you should be able to build a new NFT marketplace and airdrop the shit out of it to replace OpenSea.
And in theory I can build a social network and become bigger than Facebook.

The reality however is that market dynamics, acquisition costs, network effects etc prevent this from happening. And these aren't things that crypto can really solve.

No you can't - the social graph is private.
Why would that stop you?
The social graph is 90% of the value of a social network and the hardest resource to build. Without it an exact copy of Facebook built by someone else is useless.
It's only useless if your goal is to have an archival copy of the entire social network. That isn't the goal for most social networks. The build around communities and grow/evolve over time.
In practice none of this is happening. All the major wallets query OpenSea to determine what NFTs an account has (according to the article). anyone can access the data but that doesn't change what the wallets query. I can start my own wallet that directly calculates who owns what using the blockchain, but that sounds computationally expensive and there's no guarantee that anyone would use it.

"In theory" the data is open. but I believe that the point of the article is that unless I'm running my own node, data visibility is limited to what someone else tells me. and here, in reality, OpenSea has decided to delist the author's NFT and they have no recourse.

It is costly, but not inefficient. This is what we do at my company and our products monetize our blockchain indexing operations. We are doing it all open source and are in the process of decentralizing our operations, so that:

1. anyone who operates a node can contribute time on their node for a share of our revenue

2. anyone can host one of our blockchain crawlers for a share of our revenue

3. anyone can contribute storage to our platform for a share of our revenue

We currently support Ethereum and Polygon, and are expanding to more chains.

I found this an excellent article, but the HN discussion (not calling out your comment specifically) seems to miss the fact that, as programmers, it is fully within OUR power to create the world we want to operate in.

Edit: To clarify - we run our own nodes. Currently on AWS but we are running out of credits soon so soon in our offices and living rooms, and eventually in data centers.

(comment deleted)
You're not wrong, but it can be a fantastic experience if you do have your own self-hosted node. I run the geth node on a linux server and can connect to it to send blockchain transactions or retrieve information from the chain. Example: my tax prep software took my wallet addresses and found all my uniswap trades by querying the local node.
In what sense is it "gate-kept"? Isn't the complaint that in practice most people probably use those two services? As far as I know those two services don't do anything to try to force you to use them, and people just use them out of convenience because "People don’t want to run their own servers, and never will."

The potential for single points of failure (or even intentional abuse) does exist because of this de facto dominance of two service providers, but as far as I can tell there's nothing stopping anyone from running their own node and connecting their various cryptocurrency wallets to them other than the money and inconvenience of running your own server.

> As far as I know those two services don't do anything to try to force you to use them, and people just use them out of convenience because "People don’t want to run their own servers, and never will."

Indeed, but one could make the same claim re any Web 2 juggernauts like Google and Facebook. You don't need to use them, sure. You can start your own social network. It's just expensive and inconvenient. This is what causes centralization and gatekeeping in the first place. It becomes self-reenforcing.

Except that you do need to use Google and Facebook if you want to interact with their data. They literally gate-keep the access to their data. It's not just inconvenient to host your own server that discovers peers and syncs the entire log of all historical events on the Facebook social network and allows you to write new events to that log which those peers will recognize. That's impossible (or at least, it would require some significant and very illegal hacking effort).
Heh. “Illegal hacking effort”? In the EU, it's illegal for Facebook to prevent this. In fact, there's even an export button, which gives you quite a lot of the historical data (though not all of it).

To get events, just scrape the Facebook website using Selenium and Python. There are online tutorials for this. Harder than it should be, I'll be the first to admit, but easier than blockchain-based systems. (Blockchain isn't the appropriate solution for social media; use a proper federated protocol like ActivityPub or XMPP.)

That covers exporting one user’s data at one point in time, sure. But you can’t read all public events without significant work on a scraper, and you certainly can’t contribute without going through Facebook’s servers. Of course you’re not forced to use Facebook, but in order to use Facebook you must go through their computer systems on their terms.
But the goal of most people isn't to use Facebook; it's to keep in contact with their friends. Scraping just the things they care about is fairly easy; scraping what Facebook chooses to put in front of their eyeballs when they're using an account (in practice, what they'd see if they were using Facebook) is really quite easy.

Then you can just reply to Facebook messages on something other than Facebook. That'll annoy your friends a bit, but that's the cost of them still using Facebook.

The problem with Facebook is not that it's hard to get your data off. It's not, really. The problem is that you have to be a programmer to do so; and blockchain stuff doesn't fix that problem.

Totally, but as the article points out, you only have the URL. You can't store more than a few bytes on chain so the link can point to a Facebook URL, OpenSea URL, etc which you don't own. So unless you are going to store small messages, what's different?
There was a discussion recently about gmail and hotmail misbehaving in silently dropping mails sent from small mail servers.

As you can imagine it's kind of hard to push back against these bad actors by threatening them to do the same thing to them, due to their sheer size.

The concern is that since these companies are iterating faster than the protocol and providing their own API services that apps/products built on these platforms will not in fact be portable, and in practice will suffer from the same lock-in and network effects as web2.
The point is if you buy a stylized poop icon but the pseudo-gatekeeper company deems they want to shut off that part of the blockchain what are you going to do? Are you going to download and maintain 20 PiB of data on a server to keep your unique one-of-kind poop icon? The same could happen in the future to actually valuable things like a contract/NFT between you and another party.
Me either. I had no idea that accessing a link to NFT-described content went through OpenSea for content that isn't even hosted by OpenSea. That's apparently a MetaMask thing. Supposedly a MetaMask wallet can connect to any willing node, but in practice they use the Infuria->OpenSea server.

Yes, you can run your own Etherium node and server, and connect a MetaMask wallet to it.[1] As Moxie points out, nobody wants to do that.

Worse, the blockchain does not, apparently, contain the hash of the data. You can't even prove you even have access rights to the data if the hosting service goes down. All you own is a link to a URL.

There are more Ethereum full nodes than two, but how many will accept web queries? That's a service.

[1] https://media.consensys.net/how-to-install-and-synchronize-y...

> Worse, the blockchain does not, apparently, contain the hash of the data.

It very often does, and it is certainly the case for most high-value NFTs. It is indeed not the case if you create your NFT on OpenSea and do not take the additional step of freezing the metadata.

Also, there are many artworks that change, so a hash to a single file is not necessarily the right solution.

So if you purchase an NFT, you need to make a local copy of the actual data? Since the blockchain only has the hash? And if whatever server you originally got the data from the NFT for went down, you'd lose it if you didn't make a backup?

In those cases does the blockchain still have the URL as well? And you might end up with a collection of bits that matched the hash in the blockchain but was no longer at the original URL? What's the next step then?

(The "artwork may change" bit seems like it becomes even more weird and potentially nightmarish edge-case/potentially-losing-your-purchase-wise.)

the data has no value. anyone can right click copy an image. the value is that you own the blockchain address that points to a url. picture of a house = no value. deed to the house = value. even if the house is destroyed (data changed), the deed still has some kind of value
(comment deleted)
The land is still there - that's the value. With an NFT, the image is gone and what's left? Some bits on the blockchain.
A deed is to land, the land still exists if the house is gone. Your example is more like owning a title to a car that's been shot into the sun. It has 0 value.
(comment deleted)
A URL pointing to nothing with no way to view the art that supposedly lives there anymore? I don't think that "deed" is gonna be worth much for long.

Sounds like it has the same value as saying "I used to own this one famous painting before it burned down in a fire."

A hash corresponding to the bits in your file? Sure, that works, you can say "yep, this is the image, I own it." A URL plus a hash + the bits. Sure, that makes sense, even if the URL goes away, you can prove that those particular bits belong to you. A URL that's now dead and nothing else? Nah.

Many NFTs are hosted on IPFS. If someone hosting it pulls the image, you can just start hosting it yourself instead, and since IPFS urls are based on the hash, it will never be "lost" so long as at least 1 person still has the content pointed to by the NFT.
IPFS isn't magic. Someone has to store it.

IPFS is basically Bittorrent plus a financing system. Arweave charges US$5/gigabyte for permanent storage on IPFS. This is supposed to be forever, funded by investing the money and speculating in the declining future price of storage.

You can supposedly put academic papers on Arweave's version of IPFS.[1] But if you try "Browse", nothing appears. This acts like another one of those distributed systems that isn't.

[1] https://ss6puabcq3ch.arweave.net/5Yeg3wT4COQL6Bz-tdp9xlmeiwg...

I haven't heard of Arweave before, but yes, the [1] link above doesn't show any results either in the "Browse" or "Search" mode. The premise sounds interesting though. Is this a bug of some sort or does someone with more info know what's up?
`IPFS is basically Bittorrent plus a financing system.`

That doesn't match my definition of IPFS at all which is simply "P2P immutable content hosting". How is it a "financing system"?

You're not getting it. This is a game where the point is to collect deeds to houses, not the houses themselves. What's valuable to NFT enthusiasts is owning the deed to a famous home, even if the home is destroyed. Like saying you have the deed to Lincoln's first cabin

You can say that this is a stupid game and people shouldn't be playing it. I didn't make it up and I don't take part in it. I'm just trying to tell you what they're doing

This is leaving out the real reason: they hold lots of Ethereum and were concerned that not enough people wanted to buy their tokens. So many NFTs have been made under suspicious circumstances that I wouldn’t take the stated goals at face value.
> So if you purchase an NFT, you need to make a local copy of the actual data?

If you purchase one that’s worth say >4 figures then, yes, yes you should! Also at that point, you’re either part of the 1% or at the very least owe some due diligence to your investments.

In reality, the internet is a big copy machine and you’re probably safe. But you should still back it up.

So if I own an NFT and make sure to store the hash, does that mean I also own all collisions?
You don't even own the hash. You just own a database entry pointing at the hash.

There is no mechanism on the Blockchain preventing someone else creating a new NFT with the exact same hash.

I'd argue you don't even own the database entry. You own _a private key for a wallet that appears in_ the database entry for the hash of the image.

But to truly _own_ something, all the cryptographic guarantees in the world won't change the fact that true ownership can only be enforced through violence. And if your private key can be stolen by hackers in countries without extradition treaties, one could argue that anything digital is only "owned" in the absolute weakest sense of the word: no one has tried disputing it yet.

What about the same url? Or one with query parameter adds?

What's to prevent another NFT from pointing to the same data and copying the hash?

The centralised marketplaces themselves (like OpenSea) are able to and might try to police duplicate NFTs, or other counterfeit near-matches. I'm not actually sure if they actually do.

But on the blockchain itself, the NFT is just a smart contract (bit of code, bit of data) that knows it's current owner, it's name and a URI pointing at the image. There zero mechanism preventing duplicates.

Hell, it's such an unregulated market that the NFT might be based on a custom smart contract with a backdoor that allows the creator to steal it back at any time.

Ok, yeah, that's what I thought. So someone could sell a multimillion-dollar NFT, then someone else could duplicate it manually and "re-sell" it, and if they didn't do proper due diligence...
I don't think any sha256 collision has ever been found. That seems kind of the smallest problem.
It's not gate-kept by two centralized entities at all, there are a lot of alternatives many completely decentralized. This author is clearly new to the space and hasn't really done much research, outside 5 minutes of google.
Sure, but if everybody just uses the two big guys, does it matter that the little guys exist?
But everyone doesn't, that's just his impression and not researched whatsoever.
(comment deleted)
All these arguments apply to email as well - there are plenty of small providers and you can run your own email server. But, in practice, almost everybody uses gmail or outlook so we still say it's heavily centralized.

What good is running your own full Ethereum node if OpenSea blocks the NFT you're trying to sell and most of the customers who would want to buy it are going through OpenSea's node?

This is the exactly how the current web works and what web 3 is trying to change, regardless of opensea.
full nodes have access to all the data in an archive node.
Analysis of blockchain transactions is also consolidating around middlemen too! If you're trying to read data off of the blockchain for professional analysis purposes, you'll find a lot of working analysts are using sites like Dune.xyz, which stick a SQL interface in front of data slurped from the blockchain and charge a pretty penny to access it.

(Wouldn't be surprised if they're slurping from middlemen services themselves)

We have built an open source tool that you can connect to any node (on an Ethereum-based blockchain) and instantly start building datasets about contracts that you care about. All you need is their ABI.

https://github.com/bugout-dev/moonworm

We are committed to keeping this code free. Our policy is only to charge for our operational expertise, but all the code that we use is open source. We are in the process of opening our platform up for decentralization (so anyone can contribute node time, storage, etc.).

Intellectual property is theft.

I'm curious what would happen if somebody uploaded illegal data (e.g. child porn, sensitive PII, or government secrets) to an Ethereum contract. Would these nodes be legally required to filter it? If you look at something like the Pirate Bay, it's not simply enough that you are an allegedly content-unaware service -- once you become aware of your service being used for or distributing something illegal, you are required to mitigate it. At the end of the day, these are businesses which operate within a jurisdiction and must act in self-preservation.

But at the point where they start filtering transactions/addresses, there's going to be big questions about what is the true view of the blockchain.

IIRC this happened years ago on the bitcoin blockchain. I guess that nobody seems to care about that data being shared across every full wallet because bitcoin's primary use case is too remote from data sharing ?
It's not gate-kept, it's just that it's not easy to run your own node and synchronize to the chain (especially if you're on mobile) so people don't do it and instead decide to trust public nodes.

It's the early days, remember how long the internet worked with http:// ? It's only in 2009 I believe that Facebook switched to https://

Check my other comment to see that the future doesn't look that bad: https://news.ycombinator.com/item?id=29847881

Check out Pocket Network, it's a web3 network protocol that incentivizes node operators to run ethereum nodes (and other blockchains). Effectively decentralizes Infura / Alchemy https://www.pokt.network/
Its a bit of a well kept secret. It does not represent maliciousness on the part of Ethereum or centralized node providers - its a consequence of the network doing nothing to compensate for nodes to deliver data to-and-fro. Miners and businesses stand to lose if the whole network crumbles, so the bare minimum is done to supply nodes, which means centralized node hosting.

A fully scalable, sustainable and decentralized network compensates all infrastructure important to the network, which means mining (consensus) and transaction/data routing. A nice side effect of rewarding data transmission is that you incentivize speed, so scalability can happen naturally with no conflicts of interest between miners and users.

I do not look forward to immense backlash against "techies" when normal people have been grifted out of what they thought were their "savings" in crypto and NFT's.