In web3, your wallet ID (used for purchases and proposed for logins too) is an undeletable cookie that tracks you both online and off, and one that anyone can retrieve.
This article seems to think that having a super cookie like this will make advertising less bad. I think it will be the opposite - instead of only Google/Facebook doing it, you're now going to have every single shady operation under the sun now able to use/mine/combine your data however they please with zero controls (and unlike HTTP cookies they'll need exactly zero investment & zero infrastructure to do so, so there is no barrier to entry to start using this data)
Web3 is the advertising world's ultimate dream situation.
It allows significantly more invasive tracking by tying online and offline, cannot ever be deleted or changed, and the same cookie ID is shared across all aspects of your life (unless you use multiple wallets with one-per-site, but my understanding is that an anathema to web3 concepts about data ownership)
>In web3, your wallet ID (used for purchases and proposed for logins too) is an undeletable cookie that tracks you both online and off, and one that anyone can retrieve.
Purchases sure on most chains (though not on e.g. Secret) but the chain isn't recording your logins via your address in most cases. You are just showing to the site that you have the key without making any transactions. So no, advertisers won't have much extra data on your site visiting habits that they don't have now.
Based on just a few transactions they can figure out that you're a middle aged guy, living in Nowhereville, Iowa, that's into samba, anime and drives a Toyota Corolla, etc. and then from that it's not hard to actually figure out who that person is.
I don't see a particular reason to conduct every transaction on-chain, or at least on a public L1. At any rate, I was mostly replying about your login data being public which isn't true.
I use both PayPal and my bank for different transaction with no issues. I won't care to use some crypto app if that's popular, too. At any rate, I'm not personally advocating for crypto here, and the projects in crypto which I'm following are less about pure payments (which I don't mind doing via debit card or equivalent, whether built via banks or on top of crypto) and more about more complex smart contracts (e.g. the dex approach vs traditional exchanges and its assosiated different profit incentives, mechanisms and safety profile).
PayPal and your bank both transact in dollars. In the crypto space, presumably, you’d need to operate with different currencies at varying exchange rates. Or use some kind of “wrapped” currency at significant complexity and risk (see recent Ethereum-Solana bridge exploit and associated massive loss).
End users didn't suffer a loss after that exploit and I expect my risk from holding usdc and it crashing without Coinbase paying to fix things is already lower than the risk of my PayPal account being closed which I've seen happen to people.
I think no one really knows whether DeFi can be really safer than OldFi. Since it's old, we sort of know what to expect. In DeFi we obviously are still discovering.
I dislike OldFi and want to contribute to a new, healthier system to serve people in general. But, short term, risk of DeFi is obviously higher due to its imaturity.
OldFi has been maturing for 100's of years. Perhaps we could argue 1000's. It'll take at least 20-50 more years to reach a similar maturity in DeFi.
By maturity I mean: people understand the risks and know what to expect.
Crypto is sort of like the increasing plethora of streaming services, except crypto projects seem to reproduce at a much higher rate and further deprioritize UX. It's not every day, if ever, that I'm dealing with fiat currency conversion. In crypto, it's another one of those seemingly unnecessary hassles that is tolerated as a matter of course.
Registration via NFTs is already a thing. You join the yacht club by buying an ape. In this manner, everybody can know who is a member of the club.
If you are just doing login by registering your public key with a service.... then you are just doing signature-based-authentication that you could have done two decades ago.
I think it's worth puzzling out why nobody actually has been doing signature based authentication for the last two decades though. I'm honestly not sure whether that's a flattering exercise for web3 or the opposite.
1. Users understand passwords. While password stuffing is a concern, almost nobody actually makes product decisions based on rational security analysis.
2. Only a small number of users are concerned about centralized login via OpenID Connect. The privacy and account access weaknesses of logging in with Google or Facebook aren't concerns for the huge majority of users.
3. Creating and maintaining a key pair is less ergonomic than creating and maintaining a password.
#3 is now different for people who are regularly using blockchain systems so it doesn't surprise me that uptake is larger than now than in the past. More people have a Coinbase account than use PGP. But I am not convinced that people actually care enough to swap if they aren't already ideologically aligned with blockchain technology.
This is all reasonable, but you're a lot more certain it's the full answer than I would be.
For #1: New people come to technology all the time. They don't understand passwords yet, so if something is better than passwords it can make inroads.
For #3: It's not clear to me why this is the case, besides just that it has always been the case. It's really un-ergonomic to create and maintain passwords. It just seems the alternatives have been even more so.
(Interestingly, I don't think Coinbase actually gives you a keypair you can use to login to stuff...)
I think the underlying technologies behind web3, i.e blockchain cannot really evolve beyond ponzinomic pump and dump schemes without some kind of legitimate commercial purpose, maybe that's some kind of incentivised advertising.
People always say the likes of Google and FB treat us as a product, so perhaps we can at least get some kind of magic bean tokens as a reward :D
It's been tried and tried and tried. Generally when they want to increase profits the same outcome - they either flame out of VC money or start selling your data.
The real problem in Web3 (as EVM does it) is that almost all wallets lets you export your private keys. This leads to a lot of scams that trap people. Got rugpulled? Joined Metamask chat on Telegram? Hi, I’m an admin. Just paste your 12 word phrase into this official-looking site and we’ll help you. There’s even a site that will generate vanity addresses for you! (Don’t use it.)
Instead, all this could have been avoided if they took the Keybase approach: keys never leave the device. Just have a keychain of devices which you authorize or repudiate, and use THAT to retrieve your actual accounts from the network and sign things.
This would work best with BLS signatures without a trusted dealer. I am not sure it can work with ECDSA or Shnorr signatures if you want to collapse all multisigs down to one signature.
>Instead, all this could have been avoided if they took the Keybase approach: keys never leave the device. Just have a keychain of devices which you authorize or repudiate, and use THAT to retrieve your actual accounts from the network and sign things.
This is what modern smart contract wallets like Argent do. There is no 24 word phrase or long private key to write down, remember or lose. Instead you set up guardians which is a group of people, organizations, and devices you create that allow you to recover your account if you drop your phone in the ocean so there's no practical way you can lose your money or identity. An example guardian setup might be your mom, best friend, lawyer, your hardware wallet and a distributed paper wallet. To recover your wallet you would need 3 out of the 5 to agree. The number of guardians and other details can be as secure and exotic as you desire.
The account is also protected by configurable safeguards that mimic your existing bank account. Sending over $500/day? Guardians must approve. Your tokens or NFTs are being sent to a non-white listed address? Guardians must approve.
The crypto ecosystem is still in the early phases of being built but these problems and ideas have already been discussed and debated for years and the foundational infrastructure that people will end up using in the real world is being built and deployed today after years of hard work. Using crypto today is a lot like using the internet in the early nineties: it was hard, easy to break, and you generally had to be good at cutting your teeth on new and quickly evolving tech. Nowadays you mostly just forget you're using it.
The problem is that this model is basically impossible with the current level of fees on ethereum. It isn't clear to me what the solution to that is supposed to be.
If I understand correctly, you're proposing that we trust a set of individuals and hope that they'll cooperate when asked to, instead of relying on a single party which can be made to cooperate whether they like or not by the judicial system. That doesn't seem like an improvement to me.
Now imagine if some app replacing 911 broadcast an emergency message to your friends or neighbors, with your location.
Who would you trust more to come to your aid when there is a situation?
How about in a rural area or one where police are overworked?
How about if each neighborhood could hire its own police agencies and police agencies would compete on how well they keep people safe and maintain order without excess brutality? If they got to know the people they are policing, and worked with the clergy and others to help them holistically?
I'm really not sure what this comment is about, sorry. Are you offering a critique or just throwing out ideas for someone to ponder?
If you're critiquing the idea that family/friends won't be able to respond when you need them the most, not everyone has family/friends. So there will naturally be companies that act as account recovery services as well.
I think the critique goes deeper than that. An informal agreement between you and your circle of friends and family is not a legally-binding agreement, and is not enforceable at all. A modern economy needs private contracts that are fully enforceable by courts of justice, it cannot rely on informal agreements like this. Further, you're asking people to become custodians of your on-line accounts? I don't think anyone wants to become custodians of someone else's on-line accounts, even if they are your friends. I find super weird that someone genuinely thinks this a workable idea or that this is something that would be appealing to the general public. It reminds me of survivalism.
The point is YOU have the choice of who YOU choose to fulfill role X, and you can spread the tiny responsibility across multiple entities, while removing the liability that one of them could just impersonate you anytime. It’s totally up to you, and you can recreate the legal custodian relationship if you wish, but then they or their employees would technically have full power over your account.
Are you the kind of person who LOVES signing in with Facebook, and trusts them to safeguard your keys and identity in their nice centralized database — if anything goes wronng you’ll have the legal system, another nice top-down system of laws and enforcement, to correct everything, right?
I don't have Facebook, but from what I gather they are not in charge of safeguarding anyone's keys or identity. So... yeah, I have trust in the rule of law. For example, banks pay millions every day to customers in compensation for improper charges as a result of court rulings. If you can't trust the rule of law you have bigger problems than worrying about Facebook stealing your identity... but I'll leave it here.
> If you can't trust the rule of law you have bigger problems than worrying about Facebook stealing your identity
Most individuals cannot bear the weight of corporate lawfare. Congrats on winning a nice case and getting a good pay out. but that is survivorship bias.
> An informal agreement between you and your circle of friends and family is not a legally-binding agreement
You’re right, it’s much deeper and more significant than laws (which are broken literally every day).
> A modern economy needs private contracts that are fully enforceable by courts of justice, it cannot rely on informal agreements like this
That may be what an economy needs, but what a society, culture, or civilization needs is the deep bonds of human relationships. Those things are built on families.
> I don't think anyone wants to become custodians of someone else's on-line accounts, even if they are your friends.
Have you ever helped your friends or family? Have you ever been helped by them?
I find this a necessary question to ask because the only people that critique this idea are those that do not have any real friends or family. And to be fair, I already addressed that in my original comment (there will be services / companies to help people in that situation).
This is just a particular implementation of "reset password". I don't have legal recourse if the sites I use don't implement a good account recovery protocol... They could implement it as "if you lose your password you're SOL" if they want. It's just a nicety for me to be able to "implement" this myself by configuring a set of people or of technical steps I can use to recover my account.
My family and friends aren't qualified and don't have the necessary medical equipment to keep me alive on the way to the hospital. Also, they're busy during the day and sleep at night and I don't want to burden them with being available 24/7 to come to my aid. Also, like most social situations, people generally assume that others will care enough to respond, which leads to no one responding.
Emergency services are generally funded to be able to respond to an emergency, are available 24/7, and know that if you call them, they're the ones that need to come. I trust them nearly absolutely to come if I call them, though I do know that if they are funded poorly, they may come too slowly to help me, which is why I want them to be funded properly, and in a way that operates at a loss (I don't believe these services need to turn a profit).
If I'm in a rural area, I know that response times are going to be very slow, but they will also be slow if it's friends or family, because it's a rural area, and everyone lives far away from each other. If it's the middle of the night, my assumption is that my friends and family won't be reachable at all, but maybe the police will be.
Neighborhoods funding their own services mean that rich people get great service and poor people are on their own.
I understand that this is how libertarians think, and this is why I think that libertarians live in a fantasy world where they believe things will work out exactly the way they've planned them in their mind.
Yes, and lots of people end up on the bad end of the judicial system as well. There is no perfect solution for this, it isn't computer code, it's people, it's all just shades of gray. I think the "expected value" of having people I trust help me keep my accounts safe but recoverable is much higher (and much much cheaper) than that of thinking I'm going to successfully sue someone to achieve the same thing.
Well, there's a reason why civilisation is built upon private contracts and the rule of law, and not upon unenforceable agreements between individuals. It's because, even though none of the solutions may be perfect, one is clearly better than than the other.
> There’s even a site that will generate vanity addresses for you! (Don’t use it.)
Asymmetric split key generation is a well understood cryptographic technique, sure, don't trust a service that just spits one out but if you give them a public key to use in generation then you can verify the result only works with the paired private key you control.
Nitty gritty of the elliptical curve cryptography involved:
Identity and Authentication are related but separate topics. Identification is uniquely associate a user in a system or application while Authentication is proving that this identity is yours.
Intriguing. How do you do backups of your keybase keys? My understanding is that this is the purpose of being able to export private keys for blockchains.
Just replace the backup with what I said: an “account” you pre-created, which you don’t use until you need it.
You can create N “accounts” which are not tied to devices. In fact, that would also be good for a quotum to “outvote” whoever found M devices, to repudiate them. (Otherwise it would have been a stalemate.)
Using “virtual accounts” you can bootstrap from one private key + U of V keys from a set that you gave to friends + family, to reconstitute your account should something go wrong and you lose ALL your devices.
So, just to be clear: either a private key is stored in a device, or it would have to be paired with U of V other keys that you gave out, in order to activate a new device one time with that key.
But the real provisioning and repudiation of keys would be in a smart contract on the blockchain. That is — pardon the pun — the key to the whole thing :)
Yes, those are better at least. But only if “this” is your individual use case, not if “this” is the general state of crypto custody in EVM ecosystem.
People think they need fancy airgapped computers and hardware wallets when all they need is to copy their 12 word phrase three times on paper, cut into 9 pieces and bury in 9 different places.
Better yet —- wallets normally shouldn’t allow people to export keys.
Alternately, Web3 marks the moment that advertising transforms from an industry into a product feature.
Consider that our basic premise of advertising is that we must compete for attention to influence consumers. This premise requires a "captive audience", and must insert the ad into some span of time and space where it is viewed.
Because these businesses will also operate on Web3, their data is also ripe for the picking. Not all of it, but enough that users will have products available that evaluate the business and make suggestions about the course of action to take, or even select a purchase given a rough specification. If insufficient data is available, independent reviewers will endeavor to create it. And businesses that resist will become dinosaurs. The influencing function of advertising will then begin to collapse as more people delegate decisions to an AI, adding a privacy barrier. Increasingly, businesses will build to the specs generated by analysis of this request data. There will be no market for selling the data, except that of voluntary user disclosure.
I wonder how all this Web3 thing works with GDPR, especially with part 17 - "Right to erasure". Seems like if you go down the blockchain route to store any user data, you're pretty much non-GDPR compliant from day 1. I have a feeling the judge will not like the "it's a feature, not a bug" argument...
I don't see anything so specific as "personally identifiable data". The GDPR Article 17 says all personal data. What makes you think activity data is fine to keep?
That's incorrect. If the psuedonymized data is enough to fingerprint a specific individual (maybe with some additional data), the GDPR says you still can't keep it.
Good luck truly anonymizing the activity feed of any user on any social network. Good luck anonymizing support tickets that include stuff like "I'm running this version, on this device, and trying to do that". Good luck anonymizing messages between users that includes nicknames.
Blockchain is such a terrible idea because even if today you're thinking "Well, I guess storing X is fine, it can't identify a user", tomorrow you might learn that it can. And there will be nothing you could do about it. And we haven't even started talking about bugs, which all software has (including DAOs and smart contracts...), that might cause you to store stuff on the chain, publicly and irreversibly. The future is going to be fun!
For GDPR, that could not be enough. If the data you hold can be used to indirectly identify someone, that information is subject to GDPR. The main example is when information can is combined with other information that allows individuals to be identified.
You can fight what is PII in European courts. I'm just saying how things actually work.
When a company deletes you as a user under GDPR, it does not delete your purchase history for example, because it needs to link the transaction that happened, what was sold, for how much, from which merchant etc. Just because you ask to delete your data does not mean everything associated with you is deleted. The merchant for example will still need to see that the item was sold to someone for a given price etc. That data was not just "yours".
Yes, if you mean true anonymization – i.e. not pseudonymization (e.g. replacing names with a pseudonym) or in any other way retaining personal data (internal identifiers, usage patterns or attributes that combined result in a unique enough fingerprint to identify a specific person, etc.)
Why does it need to link the transaction that happened to a specific account? They certainly need to keep inventory records, but it's enough to note that an item was sold without linking that to a specific account.
Are we using different definitions of the term "purchase history"? To me, that means a list of purchases by a single person. You can derive PII from that, so that's a no-no under GDPR. If you just have transaction records but can't group them by customer, then that's (probably) fine.
Also note that sometimes you're legally required to keep PII for a certain amount of time, e.g., invoices with PII for tax reasons. GDPR says that's fine but you have to keep them for no longer than needed.
> Also note that sometimes you're legally required to keep PII for a certain amount of time
I'm not talking about legal reasons. You can keep the data regardless for any purposes as long as you remove the "personally identifiable information".
For example, you will be required to remove their exact address but you can replace that with the general area (eg. post code) as a part of your anonymization.
Most likely, the upcoming generation web3 big tech companies won't be founded in Europe. The US could go either way. Singapore, India and much of SE Asia will probably do well, though.
Yes but it matters for how the law is capable of being enforced. The EU does not have as much leverage over entities that have no legal presence there. This is not a value judgment, it is just descriptive.
The EU has no jurisdiction whatsoever over a service outside its borders. It can ban various apps and then penalize its citizens for using them (or just block them) but it can't dictate to companies in other countries what they can put on the internet.
In the extreme case, consider that Tencent and other Chinese companies with social media platforms are required by law to collect user information that violates the GDPR. Do you think they'll follow the laws of their own country where the business is based or EU regulations?
“An undeletable cookie” seems seems like a contrived usage of the word “cookie”. That’s like saying an email login is an “undeletable cookie” because people typically use the same email to login to multiple sites. Just like with an email, an address used for different websites can be changed and ether can be transferred to new addresses (in a way that reduces the chance of linking the old and new accounts) using mixers.
With regard to data ownership, I wouldn’t say the requirement of that is linking everything you have to one wallet. Many people typically have a private wallet and a public one. One that’s used to publicly attest ownership of things for bragging rights and may be sued to link some sort of personal identity, and one that could be used solely for defi applications or tied to another social identity completely.
Another cool thing about using wallets on the web is that it’s always been a design requirement to always obtain user consent when sharing address info and of course when making transactions as well. At the very least when you’re sharing your information it has to be intentionally done unlike with cookies that I can set on any visiting user’s browser (GDPR regulation doesn’t technically stop me from doing it non-transparently, it just has legal consequences if I do)
Further, anyone can put anything into your “wallet” without your consent or approval, and removing something horrible added without your consent can then trigger a smart contract that can do even worse things to your unmodifiable “profile”.
Each time you are adding more immutable data to the Blockchain, which cannot be undone. Each of your identities - to which all of your digital content is tied - is permanently associated with that ID.
So if you just have throw-away wallets, how do you use that with your content? You cannot "own" your content if you keep having to abandon wallets to get a fresh advertising ID. And if you keep several different compartmentalized wallets around, as soon as you move something from one to the other or use a different wallet with the same login, you have permanently and irredeemably linked those identities.
Yeah but at that point it’s up to the user. There’s a way to stay anonymous but just like anything relating to privacy, users have to be well informed about their risks and mitigations to be able to manage their data effectively.
I've studied blockchains a little bit but I don't understand how you can transfer funds between two wallets that you own without linking them. How would that be possible without either having some kind of zero sum proof (which none of the popular blockchains are using) or allowing an exploit which enables people to mint new tokens from thin air?
Generating a new public key doesn't add data to the blockchain. Only when you sign a transaction. And if you're talking identities, as in moving around websites, there's no way to link your various public addresses (logins) unless you explicitly do so using the private key you used to generate the public address. Or, you could use the same public address. So, it depends on what you want to do. Do you want privacy? Or, do you want the site to know your activity history?
Wouldn't doing so detach past activity I do want aggregated?
How is a site I'm interacting with supposed to know it can use my previously-configured settings if I'm showing up with a new public key every time I authenticate?
Yes. I get that in the current ecosystem via doing business with sites I trust, and ceasing to do so when I cease to trust them. It's not impregnable (sites get hacked, companies get sold), but it's preferable to an alternative where I must either stay one-time-padded continuously or have my activity recorded in a global public ledger.
You could use a public blockchain key to log in to a site you trust which stores all of its data somewhere private and have this same functionality. It is only transactions you write to a public blockchain that are public. The act of authenticating using a key stored there does not write anything down.
This is becoming a meme. Anyone can post a comment containing the words web3, ponzi, scam, hype and add literally no value but still get upvoted.
My take on crypto at this point is very simple: At least we have the transparency. There are so many scams going on in the financial industry. But it's hard to undercover, because all is opaque.
It is the same with energy costs. Has anyone dared to calculate the CO2 release of traditional core banking systems or even running a large network of physical branches. No, because it's difficult and opaque. With the public blockchain these things actually can be calculated, which is a good thing I believe.
Same with art. Is the broad public aware of the crazy price tags paid in the art scene over the last two decades? NFTs make this public.
If more people would embrace the transparency created instead of complaining about the space all the time, we would create a better world.
You say that Web3 and NFT results in more transparency.
But I work for a bank and our money laundering systems and processes automatically kick in for suspicious transactions and those over a certain amount. We will freeze transactions until we conduct due diligence aiming to identity the true parties e.g by unsheathing shell companies as well as the nature and intent of the transaction.
And this is through a range of methods including requesting supplemental documentation and involving law enforcement.
Can you clarify for any of the million dollar Bored Ape Yacht Club purchases who the true parties are given that supposedly this information can be derived from the blockchain ?
Interesting, we have different view points on similar industries. I work for an insurer and we see a lot cyber related theft and fraud, especially in the financial industry but also in other industries. Often the people are from outside the company, but very often they have people inside the company.
In most cases the money can’t be recovered because it gets quickly wired to countries like Nigeria or HK. It’s a whole industry. Completely opaque because no company likes to talk about the losses. These things are handled quietly.
On a different level: I believe many structured products purchased by private consumers are at least a rip-off and could be categorized as scam. Take for example life insurances sold by brokers with lifetime contracts yielding almost no interest whatsoever. There is a constant battle between regulators, lawyers and companies.
> There is a constant battle between regulators, lawyers and companies
Which has unquestionably benefited consumers.
If you look at the financial system 50 years ago and compare it to today consumers have far more rights and protections. And the system continues to learn and improve e.g. requiring banks to hold more reserve capital and increasing the amount of deposit insurance.
Problem for Web3 is that governments, regulators and the legal system do not play a central role like in Web2. And so all of the safety nets built up over these years will evaporate and consumers will suffer.
Whoever's going to push web3 will still want that opacity, it's a feature, not a bug. They'll want it to make money and to protect and hide their money.
Plus you can't have it both ways, either cryptocurrencies are somehow, magically, privacy protecting and anonymous, or you have transparency. It's impossible to have both.
It would be possible to derive who the million dollar purchasers of bored apes are. Crypto has fiat on-ramps that are mostly controlled these days. And if the crypto changed hands in the meantime then it would be clear where it originated.
Realistically, the buyers of bored apes are not really of interest to anyone and the NFTs probably won't be worth anything in the future.
When crypto is used to purchase things that actually matter then it will most likely be a trivial matter to identify whether the coins are "tainted".
> My take on crypto at this point is very simple: At least we have the transparency. There are so many scams going on in the financial industry. But it's hard to undercover, because all is opaque.
How do you square this idea with the fact that the cryptocurrency ecosystem is widely recognized as being disproportionately riddled with scams?
I am not sure if I understand your question? My whole point is that it is "recognized as being disproportionately riddled with scams" because of the transparency.
You have summarized my main problem with cryptocurrencies: it's cool to have that technology available, but it doesn't really improve on having first world institutions.
Basically it's great for poorer countries, first world criminals and potentially for a dystopian future.
You don't understand how decentralized systems that provide cryptographically-assured accountability improves on existing institutions in the first world?
I find that curious. Usually people get lost on the tech side.
Decentralized systems don't provide cryptographically-assured accountability, they require cryptographically-assured accountability in order to function correctly. If you give up the decentralization requirement, and instead federate authority across well-regulated entities, then you don't need the crypto, not as a base requirement anyway. And you still need the regulation, because all this fancy cryptographical assurance does is prevent man-in-the-middle attacks that arise from the decentralization requirement, and you still need to regulate the input and output--which is where all fraud occurs anyway.
Exactly. The hard problem is to build and maintain the democratic institutions required by a developed country. I find some people seem to be willing to gamble that for a tech solution.
I usually find it's the opposite to be honest. Most people that I know that have a good understanding of how the technology works are far more sanguine about what it can and cannot do. Whereas those friends and acquaintances who understand the technology the least tend to be far more zealous in its potential.
I don't understand it either. In fact, I don't think it's true at all. I think if you think technology is a substitute for well-functioning democratic institutions you're an ignorant fool.
The technology does not replace democratic institutions, but it makes them enforceable and accountable. The real ignorant fools are those kidding themselves into thinking their "democratic institutions" are well-functioning.
You could say that Turkey was a well functioning democracy. But look now with Erdogan, and Turkeys inflation is at 49%.
Having access to some stablecoin like UST could saved a lot of people troubles. Without really having the burden to go buy dollars or euro's in some form or another.
The fact that inflation is at 49% should be the first clue that Turkey does not have well-functioning institutions. In addition to Turkey's numerous economic problems, there was a coup attempt as recently as 2016, and the government has been accused by international human rights groups of using the judiciary to persecute journalists and political opponents. How does Tether, or crypto in general, help solving any of these problems? Not to mention that Tether Inc., the corporation that issues Tethers, has never been audited, and has zero accountability to holders of Tethers. Holding Tethers entails a huge risk.
That's a good example. My current favorite example would be the UK, and the so-called democratic British government. The democratic façade has fallen away spectacularly over the last few years. There is no way to hold anyone to account when there is corruption at the top. They don't even need to hide it anymore.
The borders are gerrymandered, fair voting is hamstrung by FPTP, funding is withheld from constituencies where the MP doesn't tow the party line, and both public money and foreign bribes go into the pockets of the elite few. Clearly a well functioning democracy, a pillar of the West, where government officials may place themselves above the law. Lying in Parliament? Free pass. Calling out lying in Parliament? Ejected from the discourse.
But at least Sir Boris led an inquiry into Sir Boris and found Sir Boris free of guilt.
I really don't think it's so crazy to think that the adequate application of crypto can lead to well-functioning democracies for precisely this reason; we can have real accountability.
>It is the same with energy costs. Has anyone dared to calculate the CO2 release of traditional core banking systems or even running a large network of physical branches. No, because it's difficult and opaque. With the public blockchain these things actually can be calculated, which is a good thing I believe.
I think every major bank has got some folks doing that. It's a prerequisite of green washing.
That might be available on company but not on a system level. So I don't think there is no way to compare it with the energy consumption of an entire blockchain.
But just a very public example: Look-up the company Wirecard or google cum-ex fraud. Fraud on a huge level. All going on behind the curtains. We sometimes get a sneak peak when something on the level of Wirecard blows up. Just extrapolate that for a second to the entire economy.
I agree and I am not trying to defend those people. At the same time you rarely ask for the identities of bankers or people running scam company since you don't know about the fraud in the first place. You need the New York Times to go investigate and uncover.
With web3 you just need to login into twitter and follow-up the transactions. That's a huge advantage from my perspective.
For federally chartered banks the names of all the executives and major shareholders are public records and I do search such things before doing business with a bank.
I just realized I haven't had coffee so off to have that so I can write in a way that doesn't make me sound like a jerk.
After several months of reading Reddit's r/metaverse, I have to agree. The number of crypto-related projects which have actually produced a working 3D world is very small. Most don't even try. The ones that work are mostly some web browser thing that looks like a Shockwave Flash game from 1999 or so.
I'm interested in large 3D virtual worlds with user created content.
I've read at least twenty metaverse "white papers" and "roadmaps" which go on and on about their "tokenomics" but have little or no info about how they actually intend to build a 3D world.
The contribution of the crypto crowd to actually making it happen is near zero. I'm disappointed. I've seen "fake it til you make it" before, but a lot of those guys aren't even trying.
The thing is, “utility” is easy to claim, and becoming easier in the metaverse. Consider the justification for “greater fool” economics from the last decade:
Bitcoin ponzi: “store of value” is utility!
Filecoin: storing files is actual utility
ERC20 memecoin ponzis: “shibaMUSKinu community .. utility is coming… we will um, fork an open source wallet or dex”
NFT ponzis: “join the bored ape punk community, utility is working out in our gym on a private island, only 1% ever bother to show up”
Metaverse: “virtual worlds and real estate is utility! Accessorize your avatars. First people who come get to be the kings, next people can be the landowner class, later people will work their way up from serf. You’ll be able to fight and win virtual land, play to earn…”
The thing is, many of these things can legitimately be considered something of a utility for someone.
And frankly, this is STILL better than Web2 corporations owning the metaverse. It’s bad enough they employ psychologists to figure out how to make you more addicted to your phones and spending your time outraged, contributing content in political arguments while ignoring your kids. Imagine now you will be spending hours in virtual reality. What’s next, computer chips in your brain via neuralink?
If it was open source software, at least I can sort of control the economics of it. Otherwise… by 2040… you are a slave, Neo! Think about it.
This is STILL better than Web2 corporations owning the metaverse
Centralization is worse in NFT land. The NFT industry is Axie Infinity, OpenSea, and the little guys. Back end mostly goes through Metamask. Few people interact with the blockchain directly.
Metamask can and does blacklist coins and wallets. OpenSea can and does blacklist NFTs. While in theory you can go around them, they can seriously reduce the value of assets at whim.
To get an NFT onto Decentraland, there's a US$500 "curation fee".
OpenSea has raised over $470 million in VC capital [1].
That means that they will easily crush their competition and cement themselves as the home of NFTs. And then of course their "filtered view" of NFTs will become the source of truth and not the blockchain itself. And they have shown they are happy to do this filtering when asked [2].
This comment adds no insight on the posted content and makes claims that simply aren't true. To elaborate:
1. To assert "web3 doesn't care about X" implies that there is a coordinated effort to not care about X by web3 which is false by definition. Even if it's commentary on the apparent centralization of web3 being supposed to be p2p, there are several different web3 providers (eth, poly, ipfs) with different incentives. They're not all bad.
2. There are rug pulls and pump-dumps all over the place. This is a consequence of the decentralized nature of crypto and just a pessimistic example of what's possible with web3 tech. There are several optimistic solutions that solve real world problems using web3 which have been deployed IRL.
This comment only adds a poorly informed opinion to this discussion, while not being very relevant.
> there is a coordinated effort to not care about X by web3 which is false by definition.
> the apparent centralization of web3 being supposed to be p2p, there are several different web3 providers (eth, poly, ipfs) with different incentives.
> a pessimistic example of what's possible with web3 tech.
I want to engage on these points in good faith. I'm asking you to expand these because I'm curious.
I think crypto economics are a blight in practice, while the theory might be sound.
You've presented a head and no body work, and I am genuinely curious to hear the expansion.
Yeah scams.
No one obliges you to enter and be one of the people that get scammed.
But good luck finding a non web3 platform that gives you a 20% apy on ust, a stablecoin.
Web3 isn’t one-thing. There are many web3 categories (L1 blockchain, L2 roll up, dapps, nft markets, defi) and then within those, each product has a different focus.
For example you might say Bitcoin doesn’t provide privacy you can see every transaction, but if you want complete encryption then there’s monero, secret, mina and others…
To say “web3 doesn’t care about your privacy” is like saying vacation destinations are cold. Some are for sure, but others aren’t.
Anything blockchain-based requires every user not only to trust, that their identity is private, but that it will remain so indefinitely. With all the nodes having access to all the data, you must assume nobody is ever going to find a way to use the data against you. Which in the modern world requires extraordinary optimism.
When you make online transactions sitting in a cafe you feel safe in sending websites your credit card. This admittedly requires _some_ optimism but it would be surprising if someone in that cafe could break TLS.
Systems like zcash and monero are similar: if you don't trust the cryptography then they're not useful, but it seems like a strange objection to say somebody could do unsavory things if they could break the cryptography, that's what it's for!
I think OP's claim is that even if someone breaks TLS, they only get the data from that cafe session. Finding an exploit in the not-yet-battle-hardened implementation of the cryptographic systems in popular blockchains could reveal private information that is recorded in a ledger "forever."
I don't think we need to break any cryptography here. Someone with enough ether can post private data or offense on blockchain already, and it'd be forever available to anyone.
I feel safe because my bank is responsible for that transaction.
If the cafe, thief or anyone steals my money for whatever reason other than me physically giving someone my card/PIN then the bank or credit card company is legally responsible. And they will refund you the money.
Look forward to Web3 without a similar safety net in place.
> When you make online transactions sitting in a cafe you feel safe in sending websites your credit card. This admittedly requires _some_ optimism but it would be surprising if someone in that cafe could break TLS.
The worry wouldn't be about someone breaking TLS, but someone MitM your connection with your card processor in a way you don't notice. One is much more likely than the other.
This isn't the case with (long-standing, extremely well tested) ZK technology like Monero, and future applications like privacy-focused ZK rollups. In these chains there's no feasible way to track even single transactions.
If there's no way to track a transaction, would you even consider this a blockchain given that traceability is such a key ideal to decentralized trust? Interesting perspective from Bankless blog: "What if the real threat is the separation of crypto from crypto values?What if the real threat is the separation of crypto from crypto values?"(https://newsletter.banklesshq.com/p/the-best-argument-agains...)
I feel like some of these comments are autogenerated from some GPT3 running in the cloud.
Cryptography ensures that transaction amounts, sender, receiver are encrypted. There is no way to decrypt the data. You can verify the encrypted data without decrypting it. Everything works similar to Bitcoin but now you and others have no way of figuring out anything valuable by looking at the blockchain, because everything on the blockchain is just encrypted bytes.
Even the node that is the first one to receive all bytes has no idea who is sending, receiving and the amount. Everything is always encrypted.
When I create a transaction that includes my wallet address and the address that receiver gave me, once the transaction is made, the receiver cannot see the original address of my wallet, the 3rd party cannot see the amounts or addresses in the transaction and the receiver can move the money to a different address and I would have no way of figuring out that happened. Similarly, receiver can send me back the amount and I would have no idea from which wallet address it came.
Generally what happens is that:
- Everyone is able to prove a transaction's correctness;
- There's no way for a third party to track the contents of a transaction adversarialy;
- there are ways for first and second parties to prove them if they so wish.
As usual, poorly informed article and poorly informed comments, eager to bash on Web3 without knowledge of the full picture and the ongoing developments.
Also, the fact that it's possible to interact with dapps without going through centralized servers it means that it's much harder to get metadata (ex. IP) about who performed a specific action.
It’s possible to interact with dapps without going through a centralized server, for certain types of client hardware. Definitely not for mobile devices.
You can use any Ethereum node, or run your own. MetaMask supports arbitrary RPC servers for this very purpose, so you can use Flashbots, for instance.
This would require more than just a mobile device, however. Perhaps a rooted Android device could self-host an Ethereum node, although your battery life may take a hit.
I think there are other chains and wallets that are designed around mobile use cases, which make it easier than on Ethereum to sync the whole chain, or use technical means to mediate the need to do so.
Read the article. There are many web3 categories but a majority of users is going to use only a different few wallets or addresses for each. It's trivial for big cos to connect the dots across categories like web2. If anything, web3 transactions are probably a stronger signal of willingness to pay/invest/gamble and can be better used for targeted ads.
Web3 is a buzz word. People that use the buzz word let you know that they don't value the things that you have been misled to believe. The people that value the important things will say the important things, not use a buzzword to try to get a few extra clicks.
The article is mainly about cryptocurrency wallets as identities. That may be a good idea or a bad idea. Worth discussing.
It does make creating a new identity expensive and difficult. If you create a wallet with coins from another wallet, that's traceable. If you create a wallet with "grey" coins that have been through a mixer, that marks your wallet as suspicious. If you create a wallet with "white" coins, with fully traceable provenance, that's expensive.
The cult of web3 has the same vibe as the Pointy-Haired Boss breathlessly repeating talking points on how Watson Deep Reinforcement Machine Intelligence On The Cloud (TM) is going to revolutionize his business.
"We barely know what it is, and of course no actual rational argument has been made for why it is needed, but... everyone's talking about it! We can't be left behind!"
To me, that's the exact parallel that comes to mind for the current hype around web3/ crypto/ etc etc.
IBM's hype campaign from the early-to-mid 2010's, on Watson, Internet of Things, Machine Learning, Cloud, and whatever other buzzwords were thrown into that PR carpet bombing campaign that was everywhere.
I still don't know what any of those technologies do, and whether or not they're implemented in anything I'm using.
But it sure sounded important and potentially revolutionary at the time!
The thing about the financial world is that it is intentionally complex and full of gibberish in order to make it inaccessible to the layperson. Cryptocurrencies are exactly the same, and are on track to become even worse.
I am really lost with this web3 thing. Is there a good resource that lays out the evolution of this concept in a "history-like" manner? Reading descriptions of what web3 is right now doesn't help me.
The same thing happened with NFT.Am I officially too old to follow up on tech?
You aren't old. I'm really into crypto and relatively young. I've stayed away from the "crypto realm" for about a year and still playing catch up as a person who was involved in it.
That would be great, a Web3 starter guide. Right now it feels like an empty container in which you’re allow to stuff anything as long as it’s vaguely crypto related.
Right now I’m questioning if Web3 is even a thing.
One thing I do know. I am learning Ethereum and the NPM library you use to interact with smart contracts either in the front end or back end is called web3. So maybe that is where the name came from or maybe the name came first and the library just used it.
I get what you’re saying and agree to an extent, but I think being overly cynical negatively affects selection pressure for who pursues an entrepreneurial path. There are people who would be perfectly happy to leave money on the table in order to increase the wide scale adoption of principles they believe to be important for society, such as privacy, eco friendliness, education, etc. If the expectation is that the business and product development world is solely about money and that principles do not have value in and of themselves, people who value principles over extracting every possible cent are more likely to avoid that world, which solidifies that image, which further reduces principled engagement, etc.
I cringe with so many web3 conversations assuming that it will replace the current web. It’ll be a layer of abstraction on top of it, the same way web 2.0 was on 1.0. Also, no one’s going to flip a switch and turn the web into something new. Finally, people tend to neglect other populations that likely won’t have access to crypto wallets, such as kids. Those will still use web 2.0, as defined here.
Web3 is just a buzzword. It has no real substance or use case. Because crypto requires an endless stream of hype-terms to keep the pyramid growing, we get increasingly nonsensical ideas like NFTs, DAOs, DeFi, and Web3. Basically no one uses any of these things for anything other than pure greater-fools speculation.
Can someone explain why privacy coins like Monero are not more popular?
There is something going on in the cryptocurrency communities that doesn't reward features that increase privacy and decentralization. Privacy and decentralization should be the core incentives to use cryptocurrencies.
Regulatory pressure. With privacy comes illicit use. With illicit use, "what about the children / terrorism / etc..." becomes enough of a reason for regulators to pressure centralized exchanges to drop support. Without widespread adoption, centralized exchanges are needed to swap with more widely accepted monetary devices. If centralized exchanges are blocked, the on/off-ramp for privacy coins suddenly becomes much more difficult.
Why do you think the underground economy isn't more popular? I mean you can't get more privacy than that, no taxes, no regulations... it should be more popular right?
Web3 isn't about privacy or getting rid of the current middlemen, it is about new people becoming the new middlemen so they can make lots of semipassive / passive income.
The author and everyone commenting is making a categorical error here:
A wallet is not your user account. A wallet holds many private keys. Each private key can be used as a user account. You can have an unlimited number of private keys.
That means that you're only tracked as much as you want.
Also, there are private chains you can use today. And they're only going to get better. We're talking about cryptography here. It will be private if you want it to be.
Consensus is not necessary to establish identity. Normal cryptographic primitives are sufficient for all identity schemes. Blockchain is just completely unrelated to the "one login all websites" idea.
Is web3 really based on blockchain technology? When did we all agree that blockchain has any real value, let alone that it should be the central technology underpinning the next evolution of the web?
Personally, I hope blockchain is overblown. Given the amount of money in it, I know it’s not. It is here to stay in one form or another. But is it really already accepted wisdom that it will underpin the whole web?
> Is web3 really based on blockchain technology? When did we all agree that blockchain has any real value, let alone that it should be the central technology underpinning the next evolution of the web?
We didn't, but blockchain proponents hijacked the term "Web3" like Facebook hijacked the term "metaverse".
It is easy to use different wallets per site to make tracking harder, in Metamask you can easily switch?
Browsers like brave will perhaps also implement this I guess.
You would have the problem that transferring between wallets links your identity. And I saw a recent report that using services like coin mixers taints the coins so exchanges won’t touch them or locks your account.
Web3 is ~sortof~ the hypothesized future state where apps/services can use decentralized methods of identity, authentication, and payment to interact with users. This would break the network- and mitm-effects that enable current web2 services to be so dominant.
Over a long time perspective, this is probably inevitable.
But what is the probability that current crypto currencies will play any part? Not high, I think.
Web3 has great potential by changing the incentive structure of the internet. Think of it like socialism vs capitalist. Each has their strengths but taken too far both can be bad. I think the current state has taken it too far on the socialism scale so we've ended up with a very shitty internet, just like you end up with shitty products in a completely socialist economy. It might take a while to play out but we might get much higher quality digital content over time this way.
I'd love to be pointed into the direction of this socialist internet to try it out, because the only internet I'm familiar with is run by corporations that could be straight out of Neuromancer with a bunch of aging hobbyist communities hanging on for dear life in the crevasses
Under extreme socialism, think Orwellian levels, definitions of words are inverted. So the argument would be, if one believes we're already deep into Orwellian territory, that what most people think of as some kind of extreme capitalism because we have these large, unchecked corporations running around, is actually extreme socialism, aka fascism: the merger of corporation and state. And that's the reason these companies have gotten so large and unchecked. That we're not in a free market, but rather dealing with cartels that have grown like weeds and enforced their monopolies through violence through co-opting and/or cooperation with the state.
That's the idea, not trying to argue that's the case. Just giving a possible answer to your question. In reality we're all in a completely free, survival of the fittest-type situation. We're all gonna die someday and all that. It's just that society provides some nice illusions wherein we can debate about whether we're socialist or capitalist.
The term IngSoc in 1984 is a parody of Nazi, that is to say that 1984 is about the dangers of fascism masquerading as socialism or otherwise cosying up to the working class to gain enough popular support to implement a totalitarian state, not about the dangers of socialism.
We spent the last two decades watching the rise of surveillance capitalism, which financializes our behavior via advertisement. What web3 enables is the financialization of our behavior via financial derivatives. Private corporations will extract value from every transaction on the blockchain by betting on those transactions and repackaging those bets into new primitives to bet on. It is like the mortgage crisis, but for everything.
This isn't a move towards socialism. It is a move towards additional hypercapitalism accelerated by almost entirely unchecked automation controlled by technologists who have access to absolutely insane amounts of investment because they got lucky as early adopters of the coin du jour.
Web3 is just a baby. It's quite remarkable how much hate it gets for merely having a vision of the world without tech monopolies controlling it. I wonder where that hate comes from.
In web2, we are beholden to centralized entities that monopolize and profit off of our data. Web3 promises to release us from these shackles by enabling everyone to access data living on the blockchain.
While it is certainly appealing that institutions no longer have the power to hold our data hostage, it is still important to ask: what does the public and transparent nature of web3 mean for our privacy?
The rise of monopolies is absolutely unrelated to how web operates. Crypto world already has monopolies with unmatched power. And you have even less privacy there, because transactions are public.
*Some transactions are public. Where Public == an Address. Wallet-Address pairings aren't public and Wallet can have many Addresses. You can have a new one for every transaction if you want. And it'll only become linked to you as a person if you withdraw to a bank.
On any given website, you can create an endless amount of accounts revealing exactly 0 personal information. Whereas with web3 you always need to expose an address that may or may not reveal some payments info
So based on this knowledge, web3 is less private than what we have now
This article seems to think that having a super cookie like this will make advertising less bad. I think it will be the opposite - instead of only Google/Facebook doing it, you're now going to have every single shady operation under the sun now able to use/mine/combine your data however they please with zero controls (and unlike HTTP cookies they'll need exactly zero investment & zero infrastructure to do so, so there is no barrier to entry to start using this data)
Web3 is the advertising world's ultimate dream situation.
It allows significantly more invasive tracking by tying online and offline, cannot ever be deleted or changed, and the same cookie ID is shared across all aspects of your life (unless you use multiple wallets with one-per-site, but my understanding is that an anathema to web3 concepts about data ownership)