83 comments

[ 3.2 ms ] story [ 162 ms ] thread
All I can say is... I've seen it all before now? on "web2", nothing ever prevented someone using cert/key based auth, and there were libraries to abstract over proprietary APIs, but if you didn't want to go that way, there is also https://remotestorage.io/ et al

biggest hugest problem though: no one cares, go ask your mom about the difference between web1, 2, and 3

Setting aside the arbitrary fuzziness of the "WebN" labels, Web 2.0 addressed two clear shortcomings of the WWW stack: (1) no protocols for persistent user identity, and (2) no protocols for value transfer.

The trade-off of the 2.0 era was (is): solving those required out-sourcing to private, pseudo-feudal institutions: Google/Facebook/etc in the first case, PayPal/Venmo/etc in the second. (One could argue that WWW did in fact have affordances to make this possible, in the form of cookies and SSL; but the point is, those affordances were insufficient on their own, requiring integration with centralized "cloud" providers, and in the case of value transfer, central banks as well.)

The alleged intent of "web3" is to address these shortcomings in a user-sovereign, platform-native way. No doubt, a huge number of projects operating in the space are glorified rug-pulls and Ponzi schemes; I don't blame skeptics at all, considering the history of moral hazards, perverse incentives, and blatant scams in crypto-economics. All the same, I wouldn't write off the category wholesale; there are some fascinating things happening in non-blockchain FOSS projects [0], voluntary creation of public goods [1], and community revivification of the Commons [2].

[0] https://taler.net/en/index.html

[1] https://commonsstack.org/

[2] https://commonsengine.org/

Wasn't Web2.0 essentially XMLHttpRequest together with more featureful servers like Wordpress?
I think the general consensus is that Web 2.0 was the shift from personal content and sites to consolidation of content onto social media, SaaS and content aggregators, but that may be just an abstraction over a shift from a synchronous, mostly static web to an asynchronous, mostly dynamic web.
> nothing ever prevented someone using cert/key based auth,

It's a pain to set up and use. Which is why nobody did.

less of a pain if someone makes an extension for it, which afaik no one did neither (without cryptocurrencies being mentioned)
I'm holding out for Web8.
In the spirit of Asimov's Zeroth Law, I think it's time for the prequel, Web0 (since we all know zero-indexing is objectively correct). Bring back the simple purity of Usenet and BBS: everything that's old is new again ;)
Is this satire? I honestly can't tell anymore with projects surrounding cryptocurrencies.
The project is serious, but the name is making fun of Web3.
How are they making fun of web3 when everything about the project aligns exactly with every other web3 project? Is there a page highlighting the difference between this project and web3?
Unlike web3, there is no flood of altcoins that early VC investors got in ICOs and are trying to dump onto retail.

It's all based on bitcoin as the foundational timechain that periodically locks in state changes.

As bitcoin is the most immutable database to ever exist in human civilization, it only makes sense to use it rather than try to spin up some new network.

That just sounds like they're strawmanning web3 to try and differentiate themselves. If that's their marketing angle then sure, but to everybody else they're web3
I mean, no, the proposed architectures are fundamentally different.

Web3 is proposed as building on a slew of disconnected, smaller blockchains with feeble security guarantees. There's a strong profit incentive to go this way because early investors can pump and dump the tokens on these alternative blockchains. But it's fragile and doesn't scale well because it's so disorganized.

Web5 is proposed as building non-blockchain decentralized and censorship resistant systems, using the extremely secure bitcoin blockchain as it's only foundation. They're not trying to put absolutely all data on the base blockchain, which is incredibly inefficient and will never scale. They aren't issuing new tokens that insiders have privileged early access to.

Web3 is a scam. Web5 is an attempt at the real deal.

Web3 doesn't put everything on-chain though? IPFS doesn't put data on the blockchain, and scales plenty fine
IPFS isn't web3. In fact, raw IPFS is closer to the spirit of web5 than it is web3, although the foundation building it submitted to the altcoin craze with Filecoin.

> The term "Web3" was coined by Polkadot founder and Ethereum co-founder Gavin Wood in 2014, referring to a "decentralized online ecosystem based on blockchain."[1] In 2021, the idea of Web3 gained popularity.[21] Particular interest spiked toward the end of 2021, largely due to interest from cryptocurrency enthusiasts and investments from high-profile technologists and companies.[6][7] Executives from venture capital firm Andreessen Horowitz traveled to Washington, D.C. in October 2021 to lobby for the idea as a potential solution to questions about regulation of the web, with which policymakers have been grappling.[22]

https://en.wikipedia.org/wiki/Web3

This is the strawmanning that I was talking about. Gavin Woods alone doesn't define Web3. Most people consider IPFS to not just be part of web3, but a pretty major part. Look up Web3 articles and you will find many include IPFS. It's really starting to seem like Web5 is just Web3.

Edit: I think this discussion is quickly losing it's value and turning into a debate about definitions. But overall I'm just not sure if I agree with Jack Dorsey alienating the entire Web3 community when his vision aligns so closely. I understand being put off by the more scammy parts of crypto, and that is something that crypto has to address, but the majority of Web3 is full of developers honestly working towards decentralization and personal ownership. If Jack Dorsey and Web5 wants to cut themselves away from that community, I guess we'll see how it works out for them

This is technology looking for a problem. When users own their data, what will they do, sell it to make money on it back to the companies we don't with their data.

If the companies making money (Google, FB, etc) on users Data aren't making money, then we have a Catch-22. Users can have their data, but there are no viable services around to be profitable enough to operate.

Jack is making a big deal out of something b/c he's trying to make a legacy beyond the dumpster fire that is Twitter, or a fancy looking cash register system.

Interesting! Seems to have a fair bit of crossover with what the Fission team is doing. Yesterday I stumbled upon a web page re: a presentation that a key Fission dev/founder (former Ethereum Core Dev) will be making in late September[1].

I ended up spending some time playing with Fission Drive[2] and looking at their Guide[3], and just generally reading their dev[4] and marketing materials[5].

Anyway, looking at the Web5 site, it seem to strike some of the same notes.

I'm not affiliated with or participating in Fission or the Web5 projects in any way, but am working as part of a different team developing an open protocol for decentralized storage, which is focused on incentivized data durability.

[1] https://www.thestrangeloop.com/2022/a-distributed-file-syste...

[2] https://drive.fission.codes/

[3] https://guide.fission.codes/

[4] https://github.com/fission-suite

[5] https://fission.codes/

There’s a number of projects circling around this architecture (mine included). DIDs, signed or encrypted user data, personal data servers, and essentially federated sync.
Without crypto incentives how will users be drawn to this architecture?
Hopefully, with a good product
Web apps won't implement it. Users won't demand it. Of course this would go a lot smoother if Jack had stayed at Twitter and implemented it there.
(web2)(web3) = (web5)

(web)(2)(web)(3) = (web)(5)

[SNIP]

(web) = (5/6)

Nailed it.

Er.. Or web = 0.

Hmm.

Woah woah woah! You can't just blow right past web 4. Unless you are following the rule that all web versions must be prime numbers. Then it's okay.
Pfff it's time for web2022
You clearly missed that all web versions actually have to follow the Fibonacci sequence.

And I've already called dibs on Web8

This idea depends on two non-starters:

1. A completely centralized data authority (in this case, Bitcoin). 2. User's running their own infrastructure.

"Put everything in one giant bucket, and make users 100% responsible for managing that bucket without any room for error" is not a workable path forward.

Developers may love this type of approach, and appreciate the advantages it would offer, but it's too much to ask of my 70 year old mom or 11 year old nephew.

An easier approach would be Passkeys and localStorage transferability between domains, or export feature on sites.

(comment deleted)
Developers may love this type of approach, and appreciate the advantages it would offer,...

Like all the roll-your-own security success stories. =D

We’re going to keep doing Web++ until we learn to stop worrying and love the mess that is online identity. The fact is that the distributed data model will never be clean because, in aggregate, people don’t really care and don’t neatly fit into the structures engineers want to impose on data. This is why experience started winning the app wars.
No worries. Once the numbers get to big, they just switch to years or whatever.

If you're old enough to remember windows 2000

Fun fact: windows 95 and 98 are the reason why it is Windows 10 and not 9.

Cause you know, kernel_version.startsWith("9") and good old programming methodologies.

That's a fake fact. The number windows exposes doesn't work that way and also pretends to be an older version to older programs. Some people pointed at java code doing something like that, but that code never would have failed either.
It was a convenient story to cover up wanting to not seem behind "Mac OS Ten".
same thing when the Xbox 2 was going to go up against Playstation 3, they went with "Xbox 360", and then after that, god knows why, "Xbox One"
You sure?

Code like this is all over the place, at least on GitHub [1] so it still seems plausible from a dev's perspective. The account on reddit that commented it (claiming to be a Microsoft dev) is deleted meanwhile, though :-/

While I agree that the underlying GetVersion() [2] and GetVersionEx() [3] and VerifyVersionInfo() [4] functions were returning "4.xx.yy" as a specific version number, most platforms and runtimes (including NSIS, and even python at the time) were using the platform string to compare whether or not they were on a supported Windows environment.

[1] https://github.com/search?q=startsWith("windows+9")&type=Cod...

[2] https://web.archive.org/web/20001020025217/http://msdn.micro...

[3] https://web.archive.org/web/20001020032031/http://msdn.micro...

[4] https://web.archive.org/web/20010112015900/http://msdn.micro...

Basically all of the results it's giving me are looking for "windows", not "windows 9". Is there a way to make this search work better?

Can you be more specific about "the platform string"? Where is that being loaded from?

The java code I saw back when this story first came out was looking at a string that the runtime itself generates, and the string it would have generated at the time was something like "NT (unknown version)".

GitHub code search is in closed beta right now. You have to request an invite to get access to actual text search.
All of this stuff is built upon the premise that decentralization is a good thing, but I have yet to see much supporting evidence. I do however see a ton of evidence to the contrary.

(I see centralization as more like clustering than a unifying of everything.)

Decentralization happens in the real world out of necessity, not because it's preferred. In fact, we centralize everything that is convenient to centralize because of its efficiency. And decentralization tends to occur at the boundaries of cooperation, where the problems lie.

So why would I want enforced decentralization when doing so would be inconvenient or inefficient?

Centralization can lead to inefficiencies and ineffectiveness (and other problems) at large scales.

It is possible to have hierarchical authority and decentralized decision-making work together over the long haul, to alleviate those obstacles, even if the two bump heads on occasion:

https://en.wikipedia.org/wiki/Subsidiarity_(Catholicism)

Agreed that the current (incorrect) web3 narrative is that all decentralization is good. There will be use cases where it’s good and use cases where it’s bad. The process to a valuable endpoint will involve a lot of duds and failed companies.
(comment deleted)
My underdeveloped understanding is that the big problem is thinking you can build all of these tools ignoring the whole political aspect. And I don't even mean literal politicians, I mean the whole sociological landscape.

I would like to see one of these projects actually involving political scientists, sociologists, etc

The problem with centralisation is privacy. Big tech is hostile to privacy. Both directly (Cambridge Analytica) and indirectly (Snowden) and accidentally (Staff abusing access to servers, exploits).

Another concern is Google is well known for killing accounts because “computer says no”. Using their auth means risking losing all your accounts around the web.

That said, username, password, password manager is an effective decentralised system for authentication and has been the way since the 90s. Make a standard for programmatically changing a pssword and have more foss password managers and that would be good enough.

Blockchain decentralization combats this by... making all the activity public knowledge for everyone?

I mean, I guess it "solves" a problem. No one company can gain an economic advantage via the dossiers they keep on people. At the expense of... nobody having any privacy ever again.

Companies will move from "data as competitive advantage" to "analytics as competitive advantage." The compa ies with the most and best ML scientists will dominate, even if all the data is public.
I mean... that sounds worse. That sounds worse than what we have already. What we have is shit, and that sounds worse.
People seem to conflate a whole bunch of things with decentralization. It is not a 'keep data secret', 'avoid centralization', pick one type of thing.

Decentralization is not web3, it is not blockchain.

It is: Avoid having a central point of control in the system. Facebook centralizes both the servers, and the corporatation that controls the systems, for example.

10,000 blogs run on different servers by different people are decentralized.

Better example: email. Decentralized protocol and has the ability to keep information private for one person.

The fact that the data is in available to the public does not mean that everyone can access it.

If identity is decentralized, individuals are free to create as many personas as they want. So you get privacy by creating one exclusive identity for each new relationship you have, and using that identity's "public key" to interact with the chain.

And if later on you'd like to present some type of "you" as a an aggregation of these identities, you can do it with a keybase-style system.

Yeah, no. Even assuming that's a thing people will actually do (which is unlikely, most people don't even create burner emails for every new site, and that's pretty trivial in comparison) that's still going to be pretty much trivially cross-corelatable. All those identities are going to need funding (because ultimately, web3 is about making people pay for every single thing they do. Also, yet another extreme inconvenience to the concept of single-use identities), so there will be immutable, perpetual records tying all those identities together.
> most people don't even create burner emails for every new site, and that's pretty trivial in comparison)

No, creating an email account is not "trivial". Either you have to run your own domain or you need to go through a fairly lengthy process with different email providers. An alternative would be something like Mozilla Relay, but the it is too new and too late to become a feasible alternative for identity management.

An example that I would accept (even though not really "trivial") would be the idea of creating alt accounts on reddit. If you look at those you'd see a lot more people creating separate accounts for different interests, and I could challenge you on the notion of how easy it would be to correlate accounts. Unless you work at reddit, I doubt that you can consistently identify accounts belonging to the same person by analyzing any type of patterns.

The only trivial system currently in use for identity generation is Hierarchical Deterministic wallets. One single passphrase can derive infinite key pairs. To get a new identity you literally press a button.

> All those identities are going to need funding

Nope. It only needs funding if you want to make some transaction on the Blockchain. If all you need is a signature (to login to a website, or decrypt a message or publish a software package on an repository), any crypto wallet can do that for you.

> there will be immutable, perpetual records tying all those identities together.

See point above, it is not true. Moreover, even the data that would make sense to be in a blockchain can be encrypted.

> web3 is about making people pay for every single thing they do.

Careful, your blind prejudice is showing.

Can you do me a favor? Could you stop with the strawmen and try to argue by considering the strongest and most charitable position from all the people that have been working and researching the space? If you have given 5 minutes of thought before barfing up your response, perhaps it would be more useful for both of us.

There is a middle ground - subsidiarity - the idea that things should be centralized "just enough and no more".

How that would apply to computing issues and the web isn't entirely clear, but it's likely worth considering as we head into a brave new world of everything controlled by Apple, Microsoft, or Google.

It takes a lot to look past the branding, but I think the vision is interesting. I think there _will_ be more personal ownership of data in the future, but not across all services. Decentralized, permissionless self-custody data only makes sense for narrow use cases.
No, it's just technobabble. Personal ownership of data? What is that? What do they mean by ownership of data? Like, intellectual property? DRM? What exactly? They don't know, because it doesn't matter, because it's just meaningless words that are intended to sound empowering. All web3/web5 promoters care about is that we buy their worthless, useless tokens. They can stick them where the sun don't shine!
Thank you.

Since the early days of mass internet, it seemed obvious to me that there was a need to "translate" into the digital world the legal principles that we enjoy in the physical world.

Concepts like the privacy of a "home", of "mail", the need for warrants to reach any private item, or general manners like not snooping too intimately over a customer in a shop (you may watch what they do, where they go etc., but probably not strip-search them to the bone, at least not all of them all the time).

That's why instead of going straight into tech, I studied law to have a shot at one day solving this problem, among others. We're talking constitutionalism, indeed property rights, and a slew of red lines to draw in digital terms (the sec community knows what "boundaries" mean as far as preserving the integrity of a person or system is concerned: big tech happily triple-violates those boundaries, not on occasion but as a business model and moral ethos).

The inception of "social networks" a decade later only confirmed my initial worries, especially given the psychological profile of their executive leaders (they should know, as I do, that being socially weird means you probably shouldn't decide how people get to live their social life. Just sayin').

The real battle is ahead, it'll be played in congresses and courts around the world come a generation of digital natives in power (my guess is millennials, but history is being stalled by the oldest generations alive-and-well in human history, as you all know; so the beginning of a "legal update" process that should already have been done by now is probably still a good ten-fifteen years away).

The tech part is trivial. There are 1,001 ways to implement privacy-abiding systems, should we choose to.

Web5 doesn't have any tokens. That's one of the main reasons why Jack created this. He wants to show that tokens aren't needed for decentralized apps. This is much more focused on creating something useful.

You are right. Web3 is just useless tokens and speculation, there aren't any actually useful projects.

It uses Bitcoin. Some might consider that a token.
Yes, but in a different way. Web3 has a token for each app, and these apps are just marketing vehicles to pump the token, so nothing useful gets built. It's a thoroughly broken model.
BAT is pretty useful. I earned BAT by opting into Brave rewards and viewing ads. I donated about $20 to an open source contributor on Github (had him sign up as a creator).

My point is really that people say no token is useful but they only know about 10 out of 10,000. Imagine only knowing about 10 failed startups and then proudly claiming: the business model is broken!

Yeah, but you can do similar thing with bitcoin. BAT/Brave is cool, but every app having their own currency isn't useful, expect for speculation purposes. It's like having to use different currencies for buying different products in a grocery store.
Pretty much every major crypto exchange lists BAT. It's incredibly liquid. So I don't think your grocery store analogy works because in this case the grocery store takes like 100 currencies.

Bitcoin also has its own limitations compared to smart contract platforms. And not everyone is cool with buying the bags of Michael Saylor and Nayib Bukele.

We have multiple social media platforms and multiple search engines. We can have many cryptocurrencies.

Reminds of WinAmp 5.x, since they went from v3 straight to v5 (the best if v2 + v3 = v5)
only question I have, is the next version going to be web8 or web10?
(comment deleted)
Looks like the Fibonacci sequence, so web8 would be next, followed by web13.
Yup. Time to close the HN tab for the week.
Anyone else loves the UI or is it just me?
Old school style done in a modern way, very videogame-y, high contrast with pure colors, opinionated. I just love it too.

They say design —art, really…— trends tend to come back after a while (usually decades), and this is a cool example of early re-imaging the inception of computers.

That's Jack Dorsey for you. He has a knack for making things look cool to his target audience.
IPv6, OpenSSL 3, Web5. Success comes when you skip!
Isn’t the issue with these that ultimately it relies on someone to make good tools around, and whoever ends up owning those tools ends up owning and re-centralizing all of these decentralized entities? (e.g. Coinbase owning everyone’s wallets)

One example they posted was that Bob is a music lover. So he keeps his music on his web node. I don’t know how Bob is going to do that if it’s not painlessly easy. And it needs to be in some sort of schema-defined format, and to be honored by all decentralized apps. So Bob is going to put it in something called “MusicBase”, which now centralizes and owns all of the data + controls the schema.

A second aspect is that nothing seems to really stop the web from being decentralized. e.g. Scraping, APIs, and integrations. It’s just that orgs have learned that lock-in is advantageous and therefore found their way down that path.

Am I wrong about this?

I think there's a bit of a leap from "Bob wants to use music in any media player" to "Bob controls the schema". Decentralized governance exists (via DAOs)
There's a lot of infrastructure around DNS already, it seems to be an under-discussed tool for self-soverign identity. It does depend on ICANN and domain registrars but there is lots of precedent for transferring your domain between registrars or changing the provider you use to serve content at the domain. This is what IndieAuth[1] is built on and I'd love to see more discussion around it.

[1]: https://indieauth.net/

no one from TBD or even Jack can clearly state what the problem is, beyond some conspiracy laden, techno babble. with square stock going to 0, you'd think they would be worried about other things. But that's Jack as a CEO for you.