The Truth About Web3

I’ve spent the last week or so diving into Web3 and I’ve had some revelations as well as disappointments. Before diving in to what I like, don’t like, what’s exciting, and what’s a Ponzi scheme, let’s talk about what Web3 really is.

There are a lot of interesting visualizations on the web that help describe what Web3 is in relation to Web1 and Web2. Here’s a simple one:

There appears to be some logical progression from Read -> Read & Write -> Read & Write & Own. In Web2, we interact with social media by not only consuming content, but posting our own. The content we post we do not own. In fact it’s used to target us ads. But, if you post to Youtube you can monetize a video. You do kinda own that, but you are beholden to Youtube’s Terms of Service. When you post to IG and have enough followers, you can get a sponsorship and get paid for a post. IG Terms of Service makes you add a #ad to the post. Web2 ownership is a bit more blurry than it appears. We’ll get into Web3 ownership in a bit

The image above is a bit more technical, but it correctly shows how Web3 ownership works. Web applications in Web3 are built just like Web2, except one major difference: rather than storing data on a private company’s servers, data is stored in distributed database hosted by any individual who wants to be a host (using their own servers) and accessible by anyone who access it.

Databases allow users to read data and write data. In Web3, read and write access is controlled by a standard protocol with ownership over writing controlled by private keys. Without explaining this too much, in short, if you have a private key on your computer, like a password, and you can write data to this distributed database! You can also do things like send data from one person to another. You can sell things by telling the database that if you receive a certain amount of cryptocurrency, then transfer my ownership of this thing to the person who sent me crypto money. The protocol for sending and receiving digital assets (data, as in bits and bytes) is accessible to anyone on the Internet and is secured by open standard cryptography.

Here’s some immediate applications of a decentralized protocol. If you buy a piece of digital art, I can make a game that lets you use your Bored Ape’s as characters. I can make a game that uses digital items you own from another game, like Axie Infinity. In short, you can take your digital goods with you anywhere that supports Web3. Any Web3 application can use any data stored on the blockchain and it can use data you own outside of that web3’s website or product.

Technical Explanation of Web3 Data

Most NFTs run on the Ethereum blockchain. There are others, like Flow or Polygon. Some are compatible with Ethereum and have different advantages and disadvantages. Maybe it’s worth getting into those at another time. For now, let’s stick with Ethereum.

Ethereum NFTs use what is called the ERC-721 Non-Fungible Token Standard, which is effectively provides a mapping of a TokenId to an Owner Address, which is your wallet address. If you have the private key to the Owner’s Wallet, you can do things like sell an NFT. All of this code is public and can be executed by anyone. If you don’t have the private key, you can’t do things that require a private key, like sell something that isn’t yours. If someone else gets your private key, that person is now the owner.

/// Check owner
function ownerOf(uint256, _tokenId) external view returns (address);
/// Transfer
function transferFrom(address _from, address _to, uint256 _tokenId) external payable;

I added the code just to illustrate how simple Solidity is. While the code is ‘simple’, the fact that once code is pushed to the blockchain it can never be changed encourages developers to leave backdoors in their code to make changes. Essentially developers create functions like the following

/// location of nft
mapping (uint => address) public artToOwner;
mapping (uint => address) artToCreator;
mapping (uint => string) artToUrl

/// Modifier that checks if the sender is the Creator of the NFT
modifier isCreator(uint _nftId) {
  require(msg.sender == artToCreator[_nftID];
  _;
}

/// Modifier that checks if the sender owns the NFT
modifier isOnlyOwner(uint _nftId) {
  require(msg.sender == artToOwner[_nftId];
  _;

/// Gets the owners digital art URL
function getMyArtUrl(uint _nftId) external isOnlyOwner returns (string) {
  return artToUrl[_nftId]
}


/// WTF!!! Allows someone other than the owner to change the content
function changeArtUrl(uint _nftId, string _url) external isCreator(_nftId) {
  artToUrl[_nftId] = _url;
}

That’s basically Solidity pseudocode (maybe it would run if I finished it?), but as you can see this basically leaves a backdoor for the NFT creator to literally change the location where the digital art is stored. There’s a lot of ‘What Ifs’ to explore here

What If the Owner Changes the URL? That would suck. You then own the rights to the new URL. At least there would be a record of the old URL.

What If the Owner of the URL’s Server Changes the Content? Then the NFT owner owns whatever replaces it. There are some interesting solutions for this problem. Technically speaking, you could just have the URL be a hash value of the contents of data. So if the data ever changed, so would the URL. There’s actually a solution for this called IPFS or Interplanetary File System, which uses content-addressing to uniquely identify each file in a global namespace connecting all computing devices. Cool…(to me it is)?

Can Anyone Find the URL of My NFT? Not always, but as a developer, why bother writing the extra code. Also, someone will always be able to access it. Just maybe not everybody.

Why Data Storage is So Expensive?

I hope you didn’t think the digital art was somehow on ‘The Blockchain’. Storing any data on the blockchain is wildly expensive. It’s hard to get exact estimates, but adding a single word to the blockchain can cost over $10. It costs between $100 – $300 to mint a single NFT. The only thing that is free is reading data.

I’m not sure it will ever be ‘cheap’ to store data on a blockchain. Because blockchains are distributed by nature, an entire copy of the data must exist on every Node (computer or server) and those Nodes must verify that every addition to the database agrees with all the other Nodes. Furthermore, these databases can never be modified, so they can only grow.

The Answer to Web3’s Data Problems is Web2

I’m being facetious, but making a ton of copies of data and adding a ton of redundancy to a database for literally anything requires quite a lot of computing power. I don’t see how there’s ever going to be a way around that. Any company that says they are building the next generation of Web3 is lying. The next Social Media company that is built on Web3 will store the bulk of the data on private servers. The Blockchain will just be pointers these servers. Websites will employ the very cool web3.js and ask you to connect your Metamask account, but at the end of the day they will simply ask the blockchain for the location on A PRIVATE SERVER for all of your data. Sure, reading and writing data from the blockchain provides a standard protocol, an API that will never change, and data that is immutable, but it’s just a pointer to the good stuff. Private companies will always control your data. Well…

Here’s an idea to solve the issue of private data. Everyone has their own server for writing data their own data. A user goes to a Web3 site. The site asks them to create an account and connect their ‘wallet’. Any data you upload to the site – a profile picture, a Tweet, this blog post, whatever – is stored directly on your private server. The hosting website simply sends the payload to your server and marks the location on the blockchain.

Now, you’d have to specifically grant read and write access to this web3 website to your private server. All this security is just extra code that slows me down! Also, this web3 company is going to have a hell of a time aggregating this data since it won’t be stored in a central location. In fact, if they want to speed up performance, maybe they choose to go ahead and read all of the data for each user every hour and aggregate and cache this data. Whoops, I just rebuilt Web2. Pretend that last part didn’t happen…if a user now wants to delete their account, they can just wipe the data on their server and voila, their data is off of the internet. Unless someone copied it that is.

Maybe there’s something in this idea, but no one wants to host their own server. Why go on…

There’s So, So Much More

I’m not sure where to stop with this blog post, so I’ll stop here. You can watch this 2 hour YouTube video mercilessly documenting all the problems with NFTs. There was this ‘bug’ on OpenSea that allowed people to buy NFTs significantly below market price and immediately sell them again realizing profits of $190k+. Apparently it wasn’t a bug, but a known issue. These ‘hackers’ exploited the fact there were multiple listings for the same NFT. The lower priced listings were mistakes, but due to the nature of the Blockchain, these mistakes can’t get taken back.

The best article out there is Moxie’s My First Impressions of Web3. He actually builds Dapps, mints NFTs, and changes the content of these NFTs after he sells them depending on the IP address used to access the art. He also discovers that OpenSea does monitor its market place and took down his NFTs.

The last point I want to make is nothing is private. Once someone sees your Ethereum address, they can trace every payment ever made to and from the address. Good luck hiding when everything is public. It would be pretty easy to aggregate every single piece of data written to every single Web3 site for any person. The only thing that is private is the identity of the address, but to do anything meaningful in society identity might be the last form true authenticity left in this digital world. We should really invest more in identity and control over identity. Web3 isn’t the solution, but it might play a role in the solution coupled with taxation for bad actors and more innovation. I didn’t want to say regulation. I do believe if you put a tax, or a fine on every action that causes a negative externality the market will figure itself out. If you want privacy in society, fine anyone responsible for violating privacy.