And what are your thoughts on Web3?

The Moxie Marlinspike piece is pretty good, there is nothing that he writes that is factually incorrect but he is framing things from the perspective of the public view of the space, which is essentially as means exchanging digital art, and that on the basis of some lousy projects, created by people trying to ride the hype. But NFTs can do a lot more than stake a claim to a poop emoji. The projects that will endure and build real value must address the concern that Moxie raises, none of which are out of the realm of what is currently possible.

In my view web3 is the future of our industry and one of the few area where there is real life changing potential.

And what are your thoughts on Web3?

If we take web3 to mean a web which features:

i) the functionality and utility of Web 2.0
ii) the decentralization of the web of the 1990s (and very early 2000s)
iii) the re-emergence of a non-professional maker community

then I find that vision really appealing.

(Not least I am working on something at present which I very much hope might make a modest contribution to that vision.)

But I find Marlinspike's observation that platforms move faster than protocols (with all the attendant consequences) thought-provoking and I think his warning that without due care and attention, web3 might turn out to be Web2.0++ timely.

I think he is absolutely right on one point above all:

Decentralisation / Distribution is a concern far too esoteric for the general web-using public.

Me, I get really excited when I read about P2P mobile mesh networks and projects like Beaker Browser / Hypercore Protocol etc.

Marlinspike is right to consider that, for very many people, the notion of safeguarding information and communication from being privately ringfenced / privately captured has absolutely zero resonance.

The average user has no concept of any of this. All they want is everything, and they want it now.

Keep the public satisfied (even if they don't know how it all works) and things will remain the same, regardless of "delivery"...

There's some exciting things in the future ... but web3 is not one of them IMHO.

Decentralisation / Distribution is a concern far too esoteric for the general web-using public.

I agree with this as well, there is no escaping the need for centralized systems. Take a webserver, there is camp that believes that you could host your assets on IPFS and go completely serverless. But how do you that and protect your IP (intellectual property), you'll need to encrypt it such that only you can read it. Great, then when you die no one can read and it's gone, just like a centralized server. So why do it, out of principal?

But there are use cases for which blockchain technology and web3 are the only solution. Centralized apps or websites that currently try to serve those use cases will be disrupted. We are beginning to see the first waves, but a Tsunami will follow.

The biggest impediment is as Moxie points out, the interface between the public and the blockchain. Leaning on Metamask for that is not a sustainable solution.

(Not least I am working on something at present which I very much hope might make a modest contribution to that vision.)

I am also working a web3 project, and it is very challenging because there are a lot of unknowns and missing or less than optimal pieces. It's a real challenge, but it is early days and I think that if you can bring something to market now that is just good enough you will be light years ahead of anyone else as the technology catches up.

how do you [..] protect your IP (intellectual property)

... is a great question.

However, my wife is a lawyer and one of my closest friends is a patent attorney.

I suspect neither one would reach in the first instance for a technological solution like encryption.

Instead their first port of call would be Intellectual Property Law.

Most people don't reach in the first instance for a technological solution, do they?

We do - but only because that's our field and that's what naturally occurs to us.

But there's no need to be binary (or even polar) on this: some projects are better distributed, others are better centralised... and of those projects which are better distributed, some benefit more from distribution than others.

Separately, with regard to open source / open licence projects (like the one I'm currently working on) there may never be any need to resort to either IP Law or encryption.

Another thought:

(Though please correct me if there's something I've misunderstood...)

Surely something like Blockchain is very capable of maintaining an up-to-date record of who owns what (?)

In which case... determining who holds the IP rights to any openly available, unencrypted asset on a distributed network like IPFS or Hypercore is entirely straightforward (?)

A third thought:

When it comes to something like publicly accessible media, centralised servers don't offer more technological protection than a decentralised network.

YouTube is one of the great success stories of Web 2.0. But if you listen to a song via YouTube, then that data has to pass through your computer - which means (technically) you can record it.

In this case, no amount of encryption can protect the artist / recording studio. Only the law can.

I should hasten to add - I'm not seeking to be deliberately contrarian here. You raised a really good point about IPFS I'd genuinely never considered before - my responses are just me thinking aloud.

More reactions and commentary on web3:

1) New Scientist: What is Web3 and how will it change the way we use the internet?
[newscientist.com...]

2) Wikipedia: Web3 Reception
[en.wikipedia.org...]

3) Forbes: What Is Web3 All About? An Easy Explanation With Examples
[forbes.com...]

From new scientist:

At the core of Web3 are distributed applications (or dapps) built using the Ethereum blockchain,...

What?
Web3 is not exclusive to Ethereum or any Layer1* blockchain. Any blockchain that provides smart contract functionality can be used to create web3 app, other examples include Solana, Cardano. Even Bitcoin can be used but with limited scope. Smart contracts, are scripts that run code on the blockchain, typically used to save state to the chain.

continued from the quote above.

...which pays out to users who help keep its network online

What, what?
Ethereum pays it's users? No it's users pay Ethereum in gas fees to use the network. That money then (in part) goes to the miners. The miners are tasked with computing the scripts contained in the smart contracts and thus are compensated for that work. In a proof of stake blockchains (Solana, Cardano and hopefuly and eventually Ethereum too), the are no "miners" per se, instead there are node operators that fulfill the same role of computing scripts.

Poorly researched articles like this don't help with adoption as they add to confusion and misconception that the public has of this new technology.

*What is Layer1?
Proof of work blockchains suffer from two serious problems, it is expensive to execute transactions on them and transactions take a long time, Bitcoin blocks are added roughly every 10 minutes (by design). Thus, they are not suited for applications that required low cost, fast and frequent transactions. To overcome this constraints, developers have created a second layer, essentially another blockchain that runs on top of the base layer. Transactions are then added to second layer and then intermittently those transactions are batched and sent to the base layer. Examples of Layer2 solutions are Polygon/Matic that runs on Ethereum (example one of several Ethereum layer2's) and the Lightning Network that runs on Bitcoin.

dApps can run on layer2 and basically if one is using Ethereum one basically has no choice as the gas fees are so exorbitant that it would be impossible to create a business case for any such dApp. (During peak network traffic Ethereum gas fees can be in the hundreds of dollars)

Web3 is not exclusive to Ethereum or any Layer1* blockchain.

I'm really happy you clarified that, @NickMNS, because both the Forbes article and the New Scientist article have a lot to say about blockchain technology and while I'm aware that proof-of-work and proof-of-stake are tried-and-tested methods of verifying distributed / decentralised assets, there are certainly other non-blockchain approaches to distributing assets such as... SubResource Integrity (SRI):

[developer.mozilla.org...]

Unless I've misunderstood, blockchain is only one way of enabling web3-style decentralisation. It's certainly not (or shouldn't be) a definitive and / or essential ingredient of web3.

I much prefer an approach like SRI because the whole "gas fees" thing with blockchain... makes me immediately suspicious.

If we want to decentralise / distribute an asset, that ought to be technologically possible without it somehow (why?) requiring an additonal financial transaction.

This 2021 paper from the University of Economics and Business in Athens, Greece:

Enabling self-verifiable mutable content items in IPFS using Decentralized Identifiers
[arxiv.org...]

focuses on verifying integrity and authenticity for decentralized assets and outlines an alternative to SubResource Integrity (SRI).

Apart from in the bibliographical references, Blockchain isn't even mentioned.

web3 is coming

I read "winter is coming" ...

@Ronin
Your killin' me...
I can't really provided an educated response, I'm going to have to read the links in depth. The Greek paper seems very interesting as addresses an issue I faced. I found my own solution, but I really curious to read what they propose.

because the whole "gas fees" thing with blockchain... makes me immediately suspicious.

There should be nothing suspicious about gas fees, whenever you wish to make a state change on the blockchain you need to pay for the computation. Obviously Ethereum gas fees are excessive, but there are alternatives.

Gas fees are the main reason for one of the biggest changes that web3 will bring about. That is the "free" web, which we all know is pure fiction. In Web3 the user will need to pay for the "digital products" they consume, in exchange they are granted ownership of the products. Whereas in web2 one rents a service in exchange for revealing personal information for which the value is nearly impossible for an individual to evaluate.

Also, I just saw this:
[coindesk.com...]

Google Cloud is hiring a team of blockchain experts to capitalize on the move to decentralized Web 3 applications, the company wrote in a blog post Thursday.

and the Google blog post here:
[cloud.google.com...]

Requests to the Mods:
You may want to consider creating a web3 forum.

There should be nothing suspicious about gas fees, whenever you wish to make a state change on the blockchain you need to pay for the computation. Obviously Ethereum gas fees are excessive, but there are alternatives.

What makes me suspicious is that in an environment where the priority is decentralization, the idea that the computation is explicitly paid for on a per-transaction basis just... feels... weird.

In the context of a blockchain (or any context), computation has to be paid for somewhere. I get that.

But the economics feels off.

This sounds as peculiar to me as would paying a small fee for computation every time you send an email or initiate a file download (e.g. from a peer-to-peer filesystem like Hypercore).

I imagine plausible and coherent arguments for fee-based emailing and file-downloading could be conjured up, but... we already know there are long-established alternatives which have a lot less inherent... friction.

With regard to self-verification of mutable decentralized assets...

I get that in a decentralised environment assets need to be able to self-verify without any canonical, central verification register.

I get that "dynamic assets" (or "mutable assets") will (by definition) be updated from time to time and that any self-verification needs to be able to handle those updates to say: "This asset doesn't look like it did before, but yes, it is still the same legitimate asset you're looking for."

I get that any known method of self-verification can be exploited by a bad actor who can then pass off a malicious update as a legitimate update.

I've been thinking about how to avoid the last problem and I've not finalised my thoughts but I've come up with something where we can use:

1) the name and version of the data
2) a Unix Timestamp representing the time the data was published
3) Lat and Long Geo-coordinates representing the location the data was published

to derive from the SRI Hash (verified by the asset):

4) a 256-character key.

That 256-character key is then used to derive from the asset itself:

5) a 16-character slug

That 16-character slug is then inserted into the named, versioned filename and becomes a canonical part of that filename,

Nearly all pieces of information (the SRIHash, the timestamp, the geo-coordinates, the 16-character slug) are referenced in the data itself so that everything can either:

i) be checked as identical by the computer (eg. Is the SRIHash in the attribute the same as the one listed in the asset? Does the filename duplicate the same 16-character sequence from the asset? Is the Asset Name the same as listed? Is the Asset Version the same as listed?); or else

ii) a human can be asked if they trust the data's signature (eg, This data reports that it was published [in the middle of the Pacific] in 1981? Do you wish to continue?)

It occurs to me that a determined exploiter who wants to generate a 256-character key for their own compromised version, where the key is consistent with a plausible publishing time and location will need to manipulate the asset itself by inserting comments. Consequently a semi-automated check would also be required to verify that the asset doesn't contain any unusual comments.

This isn't perfect by any means - and it certainly requires the user to not blindly install the data without exercising judgement with regard to the Publishing Time and Publishing Location the named, versioned data is self-reporting.

But it's another approach towards creating self-verifying mutable data - and, again, one which doesn't rely on a blockchain.

This sounds as peculiar to me as would paying a small fee for computation every time you send an email or initiate a file download (e.g. from a peer-to-peer filesystem like Hypercore).

Gas fees also prevent spam. Block space is finite, if consuming the space were free bots could be programmed to fill the block space with crap thus causing the chain uselessly "mine" new blocks, this would render the blockchain unusable. By adding gas fees, specially demand based fees this "attack" becomes impossible as the bots own transactions would cause it's fees to rise.

Given the above, fee based email sending would be great, the more a server sends mail the higher the cost. My inbox would only ever include messages that are worth my time and attention. We are slowly approaching this as we are at a point where if you want to send a legitimate email you pretty much need to pay 3rd to deliver it. Of course this doesn't apply to the spammers. This is because the payments are not going to a decentralized network, instead they go large centralized corporations.

Regards the second post:
It all seems fine, but it breaks down with this statement:

a human can be asked if they trust the data's signature

How does that work at scale? What human, can that human be trusted? We can ask your mother, you certainly trust her but can I trust her? This a fundamental problem, that is solved by blockchains and it is what makes them so disruptive. You can simply write the token (SRI hash) to a block, you then have an immutable record of the token with timestamp of when it was first saved, and what wallet address saved it there. This verified by all the nodes on the system, and can always be verified again at any time in the future. I don't need to trust anyone, in fact shouldn't trust anyone, but since all the nodes of the network agree one knows without trust that the signature is valid. This is essentially what an NFT is.

Regards the second post:
It all seems fine, but it breaks down with this statement:

a human can be asked if they trust the data's signature

How does that work at scale? What human, can that human be trusted?

Good questions. Short answer: "the human" in this instance will be someone responsible for adding an asset to a website / web presence.

So, if they get their due diligence wrong, the repercussions will be reputational damage to that website / brand.

I need to look up how Ryan Dahl and Deno are approaching the same problem of assets needing to self-verify.

They will probably have something more elegant than what I've outlined above.

Update: I've found a discussion on this precise issue at [github.com...]

A pretty good critique of blockchain, NFT's and Web3
www.youtube.com/watch?v=YQ_xWvX1n9g

A pretty good critique of blockchain, NFT's and Web3
www.youtube.com/watch?v=YQ_xWvX1n9g

I've not watched the video yet (I am very much intending to this week) but glancing through the comments just now, I came across this short analysis which resonated with me:

NFTs attempt to reproduce the one thing that antiDRM evangelists and other digital pioneers have always hated: artificial scarcity. Oh, and rent seeking. It fails at both of these, but the cognitive dissonance of those who I have known to rage against any form of copy protection, who happen to be the same people I know who are among the NFT faithful, boggles the mind.
For a dose of extra irony, many of the true believers balk at the idea of paying for software but are ALL IN on the narrative that NFTs will level the playing field for digital creators.

One has to wonder about the mentality that thinks it sensible to pay for a cartoon ape JPEG but not for the work of skilled system and application developers...

If web3 is to be primarily oriented around decentralization and peer-to-peer systems, I can accept that NFTs and blockchains might feature, but I really can't see that they are in any way essential to the third manifestation of the web.

>> web3 is coming.
But what kind of web is it? How is it distinct from Web 2.0?

It is a smarter, kinder, more global and local web - with more effective infrastructure in cooperation and support of it.

It is a global community in your own home. It is progress peacefully folded into our time.

It’s us

Reading this article (Feb 1st, 2022) from Vox:

Web3 is the future, or a scam, or both
[vox.com...]

which states:

At its core, Web3 is a rebranding of crypto and blockchain, the technology based around a worldwide network of computers that talk to each other and validate and record transactions without human intervention or centralized oversight.

Uhhh. Hold it there a second. Is it ?

That's not my understanding of web3 at all.

@Chicago writes:

It is a smarter [...] web - with more effective infrastructure

Yes. I'd agree that's a much better general summary.

For me, democratisation - making the web flatter and more accessible and making the information that passes between web nodes more important than the web nodes themselves - is a huge part of web3.

If I rephrase that last part, that pretty much sums up how I comprehend the term web3:

web3: The third manifestation of the web, defined by its prioritisation of the information which passes between nodes above the nodes themselves.

On the basis of the defintion above, we might propose that the most pertinent questions for each manifestation of the web might be:

WorldWideWeb: Are you online?

Web 2.0: Where are you online?

web3: How are you online?

Where How means:

- In what capacity are you online - to what extent are you publishing or consuming information?
- Are you publishing or consuming individually or collaboratively?
- What kinds of information are you publishing or consuming?

We might argue that these questions might just have easily been asked of a Web 2.0 user - but the difference is that in Web 2.0, where you are on the web largely determines your answers to these questions, whereas in web3 (at least as far as I understand the term) where you are on the web is almost entirely uncorrelated with your answers to these questions.

Ronin - there lie so much importance in your thoughts and I would like to keep the dialogue going. Let me propose this for the purposes of dialogue.

1- you are online
2- you rely upon the web
3- we rely upon the web

>>1- you are online
>>2- you rely upon the web
>>3- we rely upon the web

1- online footprint - person/place
2 - personalization - local, social, commerce, work
3 - shared governance and knowledge using 1 to protect 2

3 - Uses both centralized and decentralized concepts and technology.

I will use a local use-case for an example: A mom drives to the farmers market for vegetables.

Centralized tech like street cameras are actively gathering information but in passive manners (collecting only for big data patterns like traffic and accidents and crimes). At the same time, the Mom is using a map in her car (phone or car nav) which utilizes active location data and traffic information to help her to travel as conveniently as possible from point a to b. This requires centralized knowledge. This knowledge must be shared across jurisdictions and boundaries.

All of this however is in support of personalization and a better experience for the Mom's decision, in this case, to get vegetables, at a market, in a car, on a Friday, with a vegetable and vendor maybe in mind, etc. That freedom to act in a personalized manner forms an important decentralization layer that focuses on self-sovereignty, personal responsibility, and accountability. Centralized tech layers support human freedom of expression and ones ability to make, in this example, a unique local decision - safely, effectively, and with concern to what is right for them. Without the centralized technology, the mom would of lost her ability to navigate and communicate via phone, while the city would have lost its view to an accident that might have happened right in back of her that instead now costs the courts time, money, and energy to settle.

Decentralization is the trust that we are able to gain from one another by allowing technology to form a record that better rewards individual liberties, but looks to address the things that restrict these same liberties/freedoms. Decentralization is also the more effective application of privacy through online anonymity, better use of social graphs, more efficient ways to move money from party to party, direct access to specified knowledge to gain skills that are in demand, and so much more. Decentralization starts by appreciating what we have gained in our ability to affect positive change in our own homes.

Web3 relies upon IoT - The Internet of Things.

This is the essential connectivity that operates between modern hardware. Put simply it connects the things we use, need, and love from our security systems, smoke detectors, refrigerators, cars, phones, to watches and CCTV. Centralized safety and health protocols underlie this important technology. This allows for more unique and decentralized experiences and more effective use of our personal energy.

Web3 relies upon IoT - The Internet of Things.

I'm not sure that's the right way around, is it?

I'm... not persuaded that web3 relies upon IoT or vice versa.

I could agree that IoT is potentially more enabled by web3...

,,, but even then, that's only potentially.

I would certainly agree that web3 (at least as far as I imagine it) is capable of substantially disabling large, centralised, data-capturing behemoths in that it can completely sideline them and make them redundant.

In the last 18 years or so, we've seen Web 2.0 platforms replace World Wide Web protocols.

Maybe in the next 18, we will see web3 decentralised data architectures replace Web 2.0 platforms?