What will Web3 actually deliver?

It's increasingly impossible to avoid the hype around Web3 and depending on who you speak to it's going to deliver different things

  1. Easier monetization by content creators
  2. Improved privacy
  3. Decentralisation: Removal of the centralisation onto gatekeepers/platforms that occurred with Web 2.0
  4. A trustless, self-governing model

I find that Web3 presents an interesting conflict within me. I've long identified with many of the ideals held by Cypherpunks, including building anonymous tools to defend privacy. One of the tools explicitly called out, even back in 1993 when the Cypherpunk's Manifesto was written, is crypto currency

We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.

On the face of it, I should support Cryptocurrency and Web3 and yet, I just don't buy it.

I've had discussions about Web3 on Reddit as well as various forums lately, and of course, there's the recent fantastic analysis by Moxie Marlinspike.

I thought it might be helpful (to me) to put some of those thoughts into some sort of order. This post is going to explore some of the claims around Web3 and the issues I see with them.


Web3 vs Web2 vs Web1

It's probably helpful, first, to clarify what people mean when they talk about different iterations of the Web.

Web1

When people talk about Web1 they mean the first iterations of the web - creators built image and text based websites, usually served through their own (sub)domains from their own infra (or infra they were renting). The content you viewed in your browser was static, and didn't have much interactivity.

Where content was monetised, it was usually via banner ads - the companies/products being advertised often had a direct relationship with the site operator.

Web2

Web2 is the web as we currently know it - lots of dynamic content, often targetted at the specific user who's viewing the page at the moment. Users can trivially post content/comments etc - you don't need to be particularly IT aware to publish onto the web.

You can still run your own site/infra, but many just create an account on a number of Platforms: Youtube, Instagram, Facebook, Twitter etc etc.

Viewers therefore start to centralise onto these platforms too, meaning that the platforms develop a disproportionate insight into viewing habits, as well as being able to exercise control over what may be seen and by whom.

Monetisation is very different: ads are published via brokers such as Google and Facebook. As a content creator, you may get a share of the advertising revenue generated, or you may receive nothing at all.

Web3

First, lets begin with the elephant in the room. The current "Web3" is not the first to try and claim version 3.

Quite some time back (near the turn of the century in fact), it was claimed by some that the Semantic Web would become Web 3.0 (it being fashionable back then to include a decimal point).

This point is important only in that it highlights that it's all too easy for proponents to build hype and claim that $this will be the next big thing. It's also relevant here, that just like Web3, Web3.0 claimed to help with decentralisation.

Getting back to the here and now, though, Web3 claims to be a reimagining of the current web, but with blockchain at it's core. Proponents claim that this means that Web3 is

  • Verifiable
  • Trustless
  • Self-Governing
  • Permissionless
  • Distributed and robust
  • Stageful
  • Provides native built-in payments

How these get interpreted differ by person, so lets go back to the claims I laid out at the beginning of this post

  1. Easier monetization by content creators
  2. Improved privacy
  3. Decentralisation: Removal of the centralisation onto gatekeepers/platforms that occurred with Web 2.0
  4. A trustless, self-governing model

Decentralisation

The centralisation of Web2 was never really intended, and is undeniably problematic.

It creates powerful gatekeepers who have a disproportionate say over the types of content that can be published, the ability to prevent millions of eyeballs from viewing content (for whatever reason), and the ability to see who viewed specific bits of content.

On the privacy and freedom front, it's not quite at the level of a dystopian hellscape, but it's certainly got the makings of one.

One of the Web3 claims is that it will remove this centralisation. Take, for example, this statement in a forum discussion

Web3 .... is about shifting from the current web 2 model where internet users are effectively working for the tech giants producing content for the likes of Google, Facebook, etc.

This, undoubtedly, is a nice idea.

Unfortunately, like so many claims around Web3, it's somewhat lacking in technical depth.

The growth of centralisation

Once you understand how the centralisation of Web2 developed over time, it becomes difficult to see how Web3 could avoid this and achieve sufficient uptake.

In the early days content would be published onto a site under the operator's control, and from that point

  • They might post about it on a forum, or a mailing list
  • The early meta-search engines might also find it
  • Users would come across that content via links from other related comment, forum posts, emails and searches they'd run

There were places where you might find a large userbase (especially for certain topics etc) but the content being published was pretty widely distributed across domains and servers.

The early social media networks saw surprising, but still not huge uptake. Initially, they were often used in a way not dissimilar to forum posts - they linked out to the content, rather than containing that much (non-discussion) content themselves.

But platforms like Youtube came into being: making publishing, serving (and discovery) of content easy.

Even when Youtube launched (in 2005), bandwidth was still fairly expensive, so being able to serve decent quality videos for free was a huge change. Flickr brought similar benefit for images, and things like Tumblr made blogging more accessible for a general audience.

This platformisation meant that users started seeing a big benefit too: they could (and can) consume content, and then receive suggestions of other similar content. This, of course, also serves to increases views for publishers, and keeps the user's attention on the platform.

Over time, the content libraries held by these platforms has grown to enormous proportions, and a form of lock-in has developed. Whilst the content originally brought a userbase to the platforms, the userbase are what now draws content creators to the platform.

You can still serve video without Youtube (and I do), but you simply won't get the same level of views - users are extremely well served within Youtube's eco-system, so aren't even aware of what they're missing out on.

Put simply: if you boycott the major platforms, your content will simply never reach a significant number of users who now rarely look for content outside the various platform's walls.

Web3 and centralisation

This is where we bring Web3 into the fold. Proponents often claim that Web3 will break the hold that platforms have on the web.

But, there's no real technical detail given on how it's going to achieve that - it seems to be much more reliant on a "build it and they will come" mindset.

There are a number of problems with the claim:

Being itself outside the platforms, Web3 faces exactly the same issue as any other non-platform content creator: how are you going to get the attention of a sufficient number of eyeballs? Without sufficient levels of traffic, the number of creators using Web3 will start to shrink.

Even if we handwave that away and assume that sufficient adoption can be achieved/maintained, platforms came into being and persist for a number of reasons. Convenience (for the users) and discoverability (for content) being chief amongst those.

It would therefore be extremely naive to think that Web3 will not also see the growth of similarly powerful platforms (assuming the current platforms don't decide to embrace, extend and extinguish).

Even though we know the socuetal harm that it can cause, users love the convenience of having similar content suggested to them. Creators, for their part, love the increased hit rates that come with that, so it's inevitable that something will fill the void.

To summarise, Web3 has a hard issue to crack: Web2 has some extremely powerful content distributors (the platforms), and Web3 would need to overcome their reach without giving rise to their own set of centralised content distributors.

An interesting point in Moxie's post is that, even in it's infancy, Web3 is actually already seeing centralisation

All this means that if your NFT is removed from OpenSea, it also disappears from your wallet. It doesn’t functionally matter that my NFT is indelibly on the blockchain somewhere, because the wallet (and increasingly everything else in the ecosystem) is just using the OpenSea API to display NFTs, which began returning 304 No Content for the query of NFTs owned by my address!

It seems the new guard look an awful lot like the old guard: capable and willing to implement censorship as they see fit.


Easier Monetisation

Web3 is built around blockchain and cryptocurrency, giving rise to the claim that it allows "Easier monetization by content creators"

Going back to a forum discussion, we can find a statement that incorporates this

Web3 is a catch-all for the move to greater returns for creators. No longer will creators be given the kind of commission rates the likes of Google offer: compare the profits from a self-hosted Adsense click-thru to the cost Google charges the advertiser - a huge and i mean HUGE difference.

Sounds idyllic. The problem is, you don't actually need blockchain to achieve that - there are various micropayments options available.

The big sticking point with them, of course, is

  • users don't like their workflow being interrupted and there's a whole world of alternative content out there.
  • (some) users don't like paying for content, and there's a whole world of free alternatives out there

Crypto-based micropayments suffer from both too.

The latter is a particular problem, because you (again) get into a viscious circle: publishers see reduced revenue (vs Web2/Ads) and leave Web3, so there's less compelling content to draw users in.

The first can be overcome, to some extent, with things like a standardised browser extension (a la Metamask etc). But, it only takes a little "disruption" for that to start to become fragmented, leading straight back to the issues that current micropayment providers experience.

It's funny really, the use of ads and traditional micropayments could feasibly have been replaced with non-intrusive crypto-mining. Coinhive had such a product (javascript based monero mining), but royally screwed the pooch by allowing operators to set mining rates - inevitably some were overly aggressive, poisoning the well of public opinion for all that followed.

The platform effect matters here too, because if users are centralised around a platform (whether Web2 or Web3), then as a content provider, you'll have a choice:

  • don't participate in the platform, and have lower traffic/revenue levels
  • participate in the platform and be subject to whatever commission the platform demands.

The new platform overlords might take a smaller cut than their Web2 counterparts, but there's no particular reason to expect that that'll remain the case (especially as network fees grow).

A scary proportion of users seem to be quite happy with selling their privacy via ads, convincing them to pay-per-view (no matter how automated) is likely to be a non-trivial task.


Improved Privacy

Privacy is an undeniable casualty of the Web2 world.

With most views happening within the major platforms, they've got a huge amount of insight into who viewed what, and when. Pornhub even publishes a yearly review of trends - whilst it's fascinating reading, it's also somewhat scary how normalised this kind of analysis at scale has become, even when it comes to some of people's most private habits.

Web3, of course, promises to improve on this too - things are decentralised and you're anonymous.

The reality, though, seems to be that it's currently worse. Going back to Moxie's post

Almost all dApps use either Infura or Alchemy in order to interact with the blockchain. In fact, even when you connect a wallet like MetaMask to a dApp, and the dApp interacts with the blockchain via your wallet, MetaMask is just making calls to Infura!

So we've a (small) world of distributed apps, built upon a platform/technology promising large scale privacy improvements and decentralisation, but almost every API call will ultimately transit one of just two providers?

We know from previous research that a broad enough view of someone's anonymous traffic can be enough to identify them. So the fact that these API calls are linked "only" to a wallet ID probably doesn't help much, particularly if Web3 sees widespread uptake.

To me, this feels a lot like some of the issues I have with Cloudflare - having requests transit a small set of providers is inherently hostile to privacy. The companies operating at this level have a huge level of visibility into who views what and when.

Unfortunately, the current Web3 implementation seems to simply recreate the status-quo with new incumbent providers (although, as non-blockchain content will still need to be served via other means, Cloudflare will probably still retain their privileged position).

Of course, Any transactionable event that you're involved in will be publicly recorded on the blockchain.

With browser extensions like Metamask's, you can automatically send micropayments to sites you visit, which means that (given growth in blockchain forensics) you may one day come to regret having automatically sent a micropayment to some particularly niche sexual websites.

I've written in the past about the dangers of metadata even with "innocent" browsing. Even that, though, was in the context of privately held logs collected by an ISP - the idea that you could be tracked around the Web3 via a cryptographically signed public log is a massive step beyond even that - dystopia writ large.

Given what we know about state monitoring of the Internet across the world, it's not too big a stretch to say that there's the potential for a mistake to get peopl killed.

I've written regularly about Privacy, and I work very hard to protect both my own privacy and that of my readers: Privacy improvements would be very welcome, but I simply don't see any tangible improvement in Web3's offering. All it currently seems to offer is increased risk.


A trustless, self governing model

The basic idea here boils down to: everything's verifiable on the blockchain, so bad-actors can easily be disproven, there's no need to trust a single party.

Unfortunately, as Moxie found, the current reality doesn't quite live up to this.

Although his "banned" NFTs exist on the blockchain, the vast majority of user accesses will go via a single intermediary (Opensea) who essentially deny that the content exists.

That they can be disproven doesn't practically matter, because most users aren't going to check - they can't access it in their app, and that's all that'll matter.

With the majority of calls ultimately transiting just two providers, the need for trust is greater in today's Web3 than in Web2 (which is also actually currently more decentralised). Those providers also aren't doing anything to assure trust in the connection between the client and themselves

These client APIs are not using anything to verify blockchain state or the authenticity of responses. The results aren’t even signed. An app like Autonomous Art says “hey what’s the output of this view function on this smart contract,” Alchemy or Infura responds with a JSON blob that says “this is the output,” and the app renders it.

This really is the antithesis of a trust-less model: client actions and output are entirely dependant on trust in their connection (indirect as it might prove to be) to a tiny circle of information brokers.

Of course, at some point in the future, clients could choose to move away from using these brokers. The problem there is that platforms tend to extend the functionality on which they rely - Moxie notes in his post that Rainbow appear to have done just that

Interestingly, Rainbow has their own data for the social features they’re building into their wallet – social graph, showcases, etc – and have chosen to build all of that on top of Firebase instead of the blockchain

DApps built to interact with Rainbow, therefore, might well find they can't easily move elsewhere - just as software today that's built in a dependency on GCP's API's might struggle to change direction.

When this lock-in occurs, the ability of a technology to effectively self-govern weakens substantially, and that lock-in is more likely to occur (and be effective) the longer that centralisation exists.

NFTs

All this, of course, is before we even consider the current golden child of Web3 - Non Fungible Tokens (NFT) - and their implementation within this supposedly trustless system.

A NFT is a token providing "ownership" of a resource, they've hit the news recently because NFT linked images have sold for crazy money.

The uninitiated could be forgiven for thinking that the NFT contains a copy of the purchased image, but that's very rarely the case.

The NFT will generally just contain a link to somewhere hosting the image (or worse, metadata about the image). So, for your £50m, you've bought an irrevocable token linking to a very fungible URL that could disappear (or change) at any point in time.

In this "trust-less" world, you've been sold an un-fakeable token of ownership, but it relies on a link to an unknown/untrusted location which may or may not be indempotent in it's responses. This, of course, is necessary because storing data in a blockchain can become quite expensive.

Letting my inner cynic run wild for a moment, the only good reason to describe this as trust-less is that it makes it easier to deflect questions about the high levels of trust needed.


Your benefit is my drawback

Moving from Web3 to a more generalised view of cryptocurrencies, proponents have a tendancy to look at something they don't like in the current system, and assume its removal is automatically beneficial or desirable to all.

An easy example would be the idea that cryptocurrency payments are irreversible: it's great because there's no third party involved who dictates the flow of your money.

Except, in the real world:

  • there are millions of chargebacks processed every day.
  • In the UK, we benefit from Section 75 protection on credit card purchases
  • Because of consumer and regulatory pressure, banks are increasingly working to spot and recover fradulent payments

For most of the world, the idea that a transaction can be reversed or blocked is seen as a feature, not a bug. Telling people that they just need to protect their wallet doesn't cut it - it's not like they've not been trying to protect their accounts, and they want there to be some comeback if the worst does happen.

Trying to sell people on the benefit of cryptocurrency by telling them that it lacks an important protection is, at best, tone-deaf.

Moving back to Web3, we can see that there are similar issues in the messaging.

Many proponents will tell you that Web3 involves a significant change in how we understand identity - your actions will be linked to your wallet address not you/your email, so you can achieve near perfect privacy and anonymity.

But, in the real world, there's increasing support in certain areas for the idea that we should require ID verification to use social media (or, in some more extreme cases, everything).

Whilst I disagree with much of the age-verification brigade, it'd be utterly tone-deaf to pretend that that demand doesn't exist in some quarters, and that driving uptake of a fully anonymous system is going to be extremely difficult unless you're able to address some of the related concerns (which brings us back toward centralisation).


Environmental disaster as an economy

Much of Web3 is built upon the Etherum blockchain - Etherum is a Proof of Work (PoW) blockchain (although Etherum 2 will be Proof of Stake (PoS)). Nodes in a PoW blockchain have to expend effort/energy in order to achieve a consensus for each block of transactions.

What this means, is that there's a fairly significant amount of energy put into verifying every transaction on the blockchain. That's energy that could (and arguably should) be used elsewhere.

NFTs are a fairly extreme example of this: in effect, we're burning a load of coal in order to sell someone a hyperlink.

It's hard to excuse, especially during a period where energy prices are rocketing.

Proponents of crypto-currency will sometimes claim that they're driving uptake of green generation technologies, whilst ignoring that an awful lot of the world still use coal and gas as fallback capacity (if not their main). Crypto miners, unsurprisingly, have tended to go whereever the power is cheapest in order to get the best return.

Whether the power running a mining rig came from hydro, nuclear or coal, the reality is that it could have been used for a wide variety of other ends, including heating homes and transport. The demand it generates on the grid helps to inflate prices, costing people in the region more.

It's important to note here, that Web3 doesn't have to use Etherum specifically (for example, NFTs can be minted on various networks), it's just that many of them do.

Although the numbers used are a little questionable, alarms have already been raised about the environmental impact of the internet, now just imagine the impact if the majority of the web is underpinned by a proof of work blockchain.


Conclusion

The current incarnation of Web3 doesn't seem to deliver what its proponents claim that it does, or will. It's easy to shrug this off as "early days", but for things to be failing this badly, this early on, doesn't instil an awful lot of confidence in the future.

  • It claims to be the way in which we overthrow our Web2 gatekeepers, but already has it's own gatekeepers installed with no apparent way to avoid further centralisation of power
  • It offers no real solution in terms of how to draw users out of those Web2 gatekeepers and onto Web3
  • It claims to improve privacy, but the majority of traffic transits just two gatekeepers giving them better (proportional) insight into read activity than even Google or Facebook achieve on Web2
  • It claims to simplify monetisation, ignoring real-world user and publisher behaviour
  • It claims to be trustless, but current implementations demand more trust that Web2
  • Some of the "benefits" aren't viewed as such by wider audiences, which'll hinder uptake

This is not the first paradigm to try and claim to be "version 3" of the web, and I've a suspicion that it won't be the last. There's no denying that it'll see some growth uptake, just as the semantic web did back in the day, but I'm really not convinced it's going to be enough to hold onto the title Web3 in the long-term (at least, so long as it doesn't bomb so badly that no future paradigm wants the name).

There are some very real issues with the Web as we know it - I've written about them extensively, in a variety of places - but they cannot be solved by simply switching out the underlying technology. Left unchecked, the tides that balkanised Web2 into a smallish set of large platforms will do exactly the same to the crypto-centric web, whether or not it comes to be known as Web3.

There's something of a balance to be struck between anonymity and accountability: much of the toxicity users experience on Web2 is because users feel unaccountable behind their layer of anonymity. In reality, of course, they can be held accountable by the platform they're operating on. That, in itself, is also a balance - platforms have the power to overstep, but COVID-19 has highlighted just how dangerous the spread of misinformation can be.

Web3's approach is to try and remove the platforms, but in doing so, also removes the ability to hold bad actors accountable and deal with problematic content.

In fact, this sounds a lot like a re-imagined Freenet, a "censorship-resistant and privacy-respecting" publishing platform. The goals are laudible, the result, unfortunately, is a lot of child sexual abuse material (CSAM).

Privacy and anonymity on the net are incredibly important, but the current incarnation of Web3 doesn't seem to offer an improvement over Web2. And, in fact, is arguably worse in that it fails to attempt to address some of the issues we know can be addressed by platforms (even if they're not always handled as well as they should be).

Elsewhere, I've previously implied that Web3 seems to be intended as a means to drive up the value of cryptocurrency assets for those already holding them. As observations go, it is a little unfair: it's unlikely that all those who work on it are doing so in bad faith. But, at the same time, it's a hard observation to avoid when many of the "benefits" don't seem to hold up to scrutiny.

Despite all I've written here, one of the biggest red flags for me continues to be the lack of technical detail given in most/any pro-Web3 posts.

I'm always a bit suspicious of anyone who's pushing something, without being able to explain how it actually works.

That's only made worse by the fact that those criticising it, are able to do so using technical detail and examples

Needless to say, it doesn't instil confidence when you find more technical info in criticism than in praise.

I won't go quite as far as to say that Web3 is Bullshit because it's proponents do - quite rightly - identify issues with the current web. Where it fails though, is in actually managing to address any of them.

There's some very real money being poured into Web3, so it's not going to be a non-event, but it seems unlikely it'll deliver on any of the promises it's supporters are currently making of it.