A couple days ago, Moxie Marlinspike wrote an article about his first impressions with Web3. In it, he advances several valid criticisms of the Ethereum ecosystem, but overall throws the decentralization baby out with the bathwater. Although Moxie is self-admittedly new to Web3, this is one of most substantive critiques of the current Web3 commercial space. And being one of the few pioneers of encryption who is openly outspoken against decentralization, it’s important to engage with his argument and see what we all can learn from the discussion. To quote Moxie from 2020:
“I’m not entirely optimistic about the future of decentralized systems, but I’d also love to be proven wrong”.
Well, let’s attempt to do just do that! First, we’ll discuss why decentralized services are sorely needed – both by individuals and society at large – and then we will engage with Moxie’s arguments against Web3 in particular (as implemented by the Ethereum ecosystem).
What’s Wrong with Centralized Services?
For starters, there are a ton of community applications you wouldn’t even be able to even implement with centralized services, because of the deficiencies in their trust model. As just one example of many, consider running elections (see our article in CoinDesk for what is involved in that). Today, collective decision-making by a community is done rarely, and resorts to electing representatives every few years whose job it is to make the decisions for society. Today, we still think of elections as something that has to be done with pen and paper, and mutually distrusting parties checking each other’s work (aka byzantine consensus by hand). It’s like when we used to have human computers mechanical devices and telephone switchboard operators, until digital computers changed the paradigm and allowed a whole host of new applications to be created. Web3 and smart contracts can lead to new applications, of which DAOs and NFTs are just the early implementations.
But there are deeper problems with centralization itself, that need to be solved for people and society as a whole to progress through better technology, the way it did by moving from analog devices to digital computers. Let’s see what they are:
Centralization: Single Points of Failure
Moxie Marlinspike is one of the founders of WhatsApp, a centralized messaging service which eventually got acqui-hired by Facebook for $19 billion. Gradually, Facebook proceeded to exert more and more control over the service, and the founders left. Facebook continued to encroach on users’ privacy in order to help monetize and control the platform, and triggered a sizable user exodus in early 2021 when they unilaterally changed the terms.
Now let’s give credit where credit is due: Moxie is an anarchist who has built end-to-end encrypted systems since 2010, founded WhisperSystems a decade ago, and launched a very successful centralized messenger service called Signal. Here he is on TechCrunch Disrupt, talking about it:
Guess what… there’s another entrepreneur from Russia, who is an even more hardcore anarchist, founded the Russian Facebook years ago, refused to hand over user data to the Russian government – and was forced to sell all his shares in a fire sale to Russia’s Mail.ru conglomerate, while fleeing the country to France (he is now in Dubai).
While Moxie started Signal, Pavel Durov started Telegram, which has grown to be used the world over. Both are centralized messaging services championing user sovereignty and end-to-end encryption, run by billionaires who had (voluntarily or not) lost control of their previous centralized services (WhatsApp and VKontakte, respectively). Both new centralized services have already had their developers (and founders) been approached by intelligence services, and their technology confiscated and scrutinized at airports etc. If these guys are our last line of defense against blackmail against government spies installing backdoors, or targeted advertising arrangements from economic partners, then perhaps we need a better system.
Pavel routinely criticizes WhatsApp, and even the government-sponsored encryption it uses, with Telegram preferring to hire its own Ph. Ds and roll its own encryption that, to date, has never been broken according to Telegram’s own website.
But we can’t just go off what Telegram, WhatsApp and Signal claim on their own sites and twitter accounts about their own products. Even if what they say is true at one point, it takes a single person in their organization to ship a backdoor in an update, that immediately ends that whole guarantee.
Centralization: Lack of Control
Privacy, as important as it is, is only one aspect of a greater issue with centralized services: the lack of control users have. Today, we all live in a Feudal Society, with a few large landlords (Google, Microsoft, Facebook, et al) who do not give you their back-end software. You just have to trust them to have your best interests at heart when they host your files, and manage your data and implement your privacy settings. Just recently, Google banned distribution of “misleading content”. Individuals and organizations around the world trust them with their very online identity and brand every time they choose to “log in with Facebook/Google/etc.”. If you don’t like it, don’t use it, right? But what about that open source alternative?
When all you have is a choice between one landlord or another, you shake your fist at WhatsApp and yell “I’m leaving to Telegram or Signal!” Let’s see why that is, and why under a capitalist market system with unlimited private ownership (of networks as they grow), and profit motives (by shareholders), the end result is inevitable. And we’ll then see how Web3 is different.
Web 1.0 Disrupts Human Institutions
Web 1.0 quickly disrupted the centralized online services of the day (America Online, CompuServe, Prodigy, Microsoft Network), as well as newspapers, magazines, cable channels, TV networks, and other gatekeepers that were necessary for getting the word out. It allowed anyone to deploy some code on a web server, and serve anyone in the world through an open decentralized protocol called HTTP. Voice Over IP (or VOIP) quickly brought down the cost of telecommunications, disrupting the capitalist telecommunications industry – a feat that the government was unable to achieve in decades with its tools (antitrust, regulations, etc.) In both cases, open protocols and technology replaced institutions that historically used human gatekeepers (editors, switchboard operators). The new technology would route packets around costs, outages and other obstacles.
Web 2.0: Public Forums on Privately Owned Platforms
The centralized Web 2.0 companies were built with money from Venture Capitalists, who propped up money-losing unit economics for years (to “remove friction”) before selling the shares to the public via an IPO. Then, the companies are perpetually beholden to Wall Street bigwigs to make sure they keep their backend code, AI training data, patents, etc. closed so they can extract enough rents and profit from their users’ content and customers’ money, to satisfy the “quarterly earnings” that the capitalist machine requires. Moreover, since Zuck built it, he owns it, and investors couldn’t vote him out even if they wanted to. So there isn’t much of a democratic mechanism there, either.
If Facebook is going Meta, that’s where we’re all going, kicking and screaming. They’re building a brave new world, moving fast and breaking things. “Calm Down, Breathe, We Hear You” said Zuck when he rolled out his first unilateral decision, which has since shaped the world in many ways. Before that, a younger Zuck may have correctly assessed how stupid it is to hand over your data and passwords to his services. But Facebook’s first big funder was Peter Thiel, who openly wrote
Thiel and Clarion Capital was just taking Moxie’s arguments in favor of centralization to their logical conclusion, plus an extra helping of profit motive with no limit (at the expense of users and society). Many VCs still have that same mindset (but not all). Moxie celebrates platforms “moving fast”, but what about “breaking things”?
Web 3.0: Derailed by the Profit Motive
Web 3.0 was supposed to smash a lot of the “landlord-tenant” relationships of Web 2.0, replacing centralized databases with decentralized ones, and secret back-end code with open code that all nodes can verify. The premise of Web3, indeed, is very powerful:
“Web 3.0 allows us, for the first time in human history, to simply trust code to do what it says.” - Greg Magarshak
This is the main feature of Web 3.0, regardless of the underlying technology (blockchain, hashgraph, IOTA DAGs, etc.) Trust in institutions, promises and audits is replaced with trust in computer programs. This can gradually bring about a revolution as significant as when people moved from analog devices to general-purpose digital computers. But the space stagnated as projects got stuck on “blockchain” technology. As a result, we are still in many ways in the equivalent of the “mainframe computers” era with punch cards and renting time slices.
Going by the title of Satoshi’s whitepaper, Bitcoin was originally supposed to be a “Peer to Peer Cash System”. Even the staunchest bitcoin maximalists have to admit that, 10 years later, it failed at becoming the kind of mainstream medium of exchange that a “cash system” would suggest. Following a similar trajectory, Ethereum became a “world computer”, an extremely expensive way to run transactions. We’ve written a lot on this forum about Ethereum’s lack of scalability and what it means for the whole space.
The problems are rooted in the underlying “blockchain” technology (which we will eventually help solve with Intercloud technology). Whether it’s secured by proof of stake, or proof of work, all transactions in the world have to go through a bottleneck (miners, or their delegates) before going into a block (which has limited space). Making that block bigger by a constant factor doesn’t solve the main problem: the entire network is bottlenecked. No one asks how many websites the Web can support per second, or how many emails the Email protocols can support per second, because the more computers join, the more the network can handle. There is no topology like this:
The other problem is, of course, that everyone stores everything. Even if they don’t run an “archive node” to store historical state, an Ethereum “full node” takes so many resources to store data and sync it, that people outsource it to others.
Now, on to Moxie’s actual arguments. Here are the main points:
1. People don’t like to run servers, they pay others to run them
The sentiment behind what Moxie says is mostly true, however, as we can easily see with Web hosting companies and their “one-click install” of Wordpress, Drupal, etc. However, that doesn’t mean you can’t have open source software and a free market of hosting companies. That’s the difference between Medium.com and Wordpress, between Google Maps and OpenStreetMap, and so forth.
The problem is that Web 3.0 is built around these “monolithic blockchains” that have an ever-growing snowball of data that needs to be synced. Due to the bottlenecks of “blockchain”, it is totally not like hosting a website.
Moxie is right that, when it’s so expensive to interface with “the blockchain”, only a few large providers will run it, and trust once again will follow a power law, with centralized services Infura, Etherscan and OpenSea approaching the status of trusted centralized Web 2.0 with APIs that everyone relies on, instead of the blockchain itself. If they want to ban something, many of the wallets stop showing it too. Not so “decentralized”.
2. The returned blockchain data isn’t even signed
This is the most egregious problem Moxie pointed out, and we’ve seen it ourselves. In the current Web3 world, the blockchain is the single “source of truth” for all these pieces of data. While it’s true that the blockchain is constantly forking into multiple chains, and in the short term it may not be clear which chain is a winner, it’s still possible for Infura or Etherscan to provide proof that enough proof of work or stake has been heaped on it.
This problem can, in theory, be easily solved by having market participants introduce these proofs as a feature, and clients would move to using only those gateways which provided these proofs. Why the clients haven’t demanded it en masse, and why Moxie has to point out the obvious, however, remains a mystery.
3. People will never want to run servers
First off, many protocols (like BitTorrent, Beaker Browser, and SAFE do let people easily run servers on their desktop computer, but certainly this is harder to do on mobile devices, where a program can’t be listening for requests all the time.
On the other hand, why do people need to run servers in order to participate in or secure a decentralized network? A client can simply connect once in a while and do its part: pick up some mail, validate some transactions, and so forth. Servers are simply programs that are listening 24/7 for requests. One can argue that, in a truly anonymous, unlinkable, decentralized system, you don’t want to expose yourself to the world via such availability. (For example, servers behind the Tor network can be readily doxxed and or undergo denial of service attacks.)
In fact, entire networks can be run via clients doing most of the work, leaving an open market of servers to be operated as dumb hubs following a protocol, such as WebSub or secure scuttlebutt. Arguably, this is how Voice Over IP turned the telecom industry into “dumb hubs” routing packets, rather than tying up phone lines the way blockchains currently tie up blocks.
4. Centralized Services Move Faster than Protocols
Protocols are way more resilient and open. People can implement a web extension or app and have it speak to others. We don’t have to trust Signal to merely say they won’t store your contacts’ data. While it’s commendable that Signal turned to Intel and its SGX extensions, it still means the whole scheme is based on a few trusted companies.
Users in Control
By contrast, control and privacy can be enforced by users having their own keys on their own wallets, interfacing with autonomous networks that are run by many distrusting participants. Sharing access with others would boil down to sharing encryption keys. Signing transactions would be up to the user, or the user agent software they installed on their own computer – not something they were forced to install unilaterally by WhatsApp, Telegram or Signal.
Ethereum wallets like MetaMask and TrustWallet have finally made it mainstream that you can sign actions using your own keys, such as directly requesting to log into a site without asking Facebook or Google to do it for you. The keys are kept inside an app like TrustWallet, or browser extension like MetaMask. Using your mobile phone to scan a QR code on a computer (e.g. through WalletConnect) is a great feature that lessens the control one particular browser or OS maker has over, say, an election in a country.
There is still a problem with Ethereum wallets’ approach to storing keys: they let you export the actual private key and import it on another device. This has led to a cottage industry of scammers asking people for their secret passphrase, and even sites like this one which offer to generate a vanity address for you (who knows if they store your private key!) Instead, the proper convention would be for wallets (user-agents) to never implement key export, so each key never leaves a device. People would simply have keychains where they grant or revoke access from some keys to their accounts, which are stored in the cloud. But this would be better implemented with BLS signatures that require no trusted dealer, something newer than the ECDSA that Bitcoin and Ethereum uses.
It seems that companies like Intercoin, SAFE and Holochain are building a “Web 4.0” where the Intercloud will replace Blockchain as the back-end for the new breed of decentralized applications, that can actually go mainstream.
What’s next for Web 2.0 and 3.0?
Intercoin’s founder Greg Magarshak has also been building a social platform called Qbix since 2010, but it was built to be open source and decentralized. Here is a photo from 2014 with Greg and his cofounder Zak meeting with Tim Berners-Lee and his team at MIT to discuss ways a decentralized web users can take control back:
You can read Greg’s article in CoinTelegraph about how the Web can find its way, or read about what Qbix is doing to move the Web from Feudalism to a Free Market. Or you can learn more about Qbix from the following two videos: