Hacker News new | past | comments | ask | show | jobs | submit login
My First Impressions of Web3 (moxie.org)
3385 points by natdempk 11 days ago | hide | past | favorite | 1128 comments





All: this is quite an interesting article. It deserves much better than the tedious flamewar that this topic has routinely been converging to, so let's give it a go.

If you're going to comment, please focus on specific, interesting things in the article that you're curious about.

Please don't post generic, shallow, obvious, indignant, and/or dismissive comments—those are repetitive and predictable, we've had more than enough of them, they're tedious, not what this site is for, and we don't need more.

https://news.ycombinator.com/newsguidelines.html


This is a really well-thought-out, nuanced take. I really appreciate mixture of "but there are still servers", not being able to stop a gold rush, and (refreshingly) the technical take on the implementation details.

It stands in such stark contrast to other content. For example, a web3 chat app announcement I saw yesterday [1]. I even joined the Discord to learn more and just found...hype.

I found this parenthetical to be amusing:

> (visualizing this financial structure would resemble something similar to a pyramid shape)

Pyramid-shaped financial setups indeed :).

[1] https://twitter.com/MessagePartyApp/status/14791510011813765...


The centralization of apis (infura, opensea and ethscan used by metamask) is the biggest problem. I could be wrong, but I don't think we've seen that fast consolidation in other early tech. I remember in the late 90s there were a number of search engines but no one really owned the space. Only 20 years later did Google emerge as the winner and is (IMO) by far the best in terms of relevant results. But that didn't happen overnight, and there wasn't a search engine dominating 90% of the market within a few years of the beginning of mainstream acceptance.

How hard is it to create a competitor to infura? MetaMask should be incentivized to do this as they're core offering is controlled by one party.

[edit] Never mind, metamask and infura are owned by the same company (ConsenSys). It's even worse than it appears...


Tally is a community-owned, open-source fork of MetaMask. From first impressions it looks like it will also solve some of the issues brought up in Moxie's (excellent) blog post, i.e decentralizing the node-> NFT->wallet Metadata routes.

Regarding the immutability of NFT image pointers:

Some emerging solutions to this issue are:

Use ERC2477 (DRAFT). This allows you to have some control over the metadata to ensure the name is as you want it. Note that this will require you to implement a zero-knowledge proof or a JSON parser on-chain which validates the new metadata.

Use 0xcert Framework. The 0xcert framework is specifically designed to provide metadata integrity for ERC-721 tokens, it uses a different hashing technique (Merkle tree). But it requires you to use the same schema across metadata versions. Ceramic Network is doing some interesting work on schema coordination amongst other things.

https://ceramic.network/

https://tally.cash/community-edition/


The Firefox extension for tally seems to be absent... https://addons.mozilla.org/en-US/firefox/addon/tally/

> The centralization of apis (infura

> How hard is it to create a competitor to infura?

Infura is merely hosting nodes for you and exposing their JSON RPC endpoints. They did not _create_ the API.

There's already plenty of competitors in that space. QuickNode and GetBlock for instance, if you want mutualised/managed nodes. You can also host your own node yourself, or use e.g. AWS Blockchain to host it for you, or even use the public free hosted nodes that most blockchain project provide. It's just a Metter of trade-off between cost, time and security.

If you are using JSON RPC APIs (which most people do) there is nothing that locks you to Infura or any other provider.


Cloudflare is also in the business of offering access to Ethereum nodes: https://developers.cloudflare.com/distributed-web/ethereum-g...

> If you are using JSON RPC APIs (which most people do) there is nothing that locks you to Infura or any other provider.

How do you switch to another provider in Metamask?


When you open metamask there's a dropdown in the top right. It lets you choose which network you're using, and defaults to "Ethereum Mainnet". If you hit the "Add Network" button you can configure which server your metamask talks to.

How many people switched default search in Google Chrome from Google ? Probably less than 1%, because the overall Google market share is 91%.

Unless there's another equally popular extension, not made by Consensys the presence of that option is irrelevant.


How many more switched it to Google from Bing from Microsoft Edge? Google having 91% market share is an effect, not a cause; they have it because their product is the best and does what I want it to 91% of the time.

If Google’s market share was only a result of a superior product then they wouldn’t feel compelled to pay Apple billions of dollars to be the default search engine on iPhones. Defaults matter.

As other comments mentioned, you can change your endpoint in metamask.

Also, metamask is not the only wallet there is... Some dApps only accept Metamask buts it's becoming rare. Most dApps implement multiple alternatives, like WalletConnect, which is more of a dapp/wallet protocol, which allows you to use any wallet software.


> I don't think we've seen that fast consolidation in other early tech

I actually struggled with this point throughout the article. I'm not sure I see this as a parallel trend toward centralization like we saw with web2 - but rather that this is how software is built today and this is what we're comfortable with. It doesn't seem unnatural or problematic to me that we will start with something that approximates the world around us today and move toward the decentralized end state that apologists are hoping for.


>and move toward the decentralized end state that apologists are hoping for.

Is there any evidence that this is actually happening? It seems rather backwards! Is the maximalist argument here that these companies are going to build out all this infrastructure, move the global financial system onto it, and then rip it apart and rewrite it to be entirely distributed afterwards? Why? If the point is to be distributed, wouldn't they want it to be distributed first?

Where are the blockchains with full-fat clients that can actually run on normal mobile devices? And if they actually exist, does anybody use them? Like, for normal, actual uses, not "shilling this app makes my portfolio go up 300% before I dump it on some clueless bagholder, to the moon rocket emoji rocket emoji".


The crux of the article is that the front-ends are all routing calls through centralized APIs to get their message included on the blockchain. Infura and Alchemy don't do much. They just pass a JSON-RPC message to an Ethereum node running on their servers. There is some additional indexing services they provide, but there are many open, decentralized alternatives for that such as TheGraph Protocol. And it's not unfeasible for an application to run its own Postgres instance to index data from the ETH blockchain.

As for full-fat clients on normal mobile devices, the main issue is the data requirements. Running a full node can take hundreds of gigabytes. It is possible on light hardware. People are running Beacon chain nodes on Raspberry Pis. But you do need the storage and that tends to be scarce on mobile.

Meanwhile, the Ethereum core devs are aware of this issue and are actively working towards it. They shipped the Altair hard fork this year that has adds sync committees which make it possible to do without needing the whole chain history (using merkle trees): https://github.com/ethereum/annotated-spec/blob/master/altai...

The light clients to follow from those improvements are forthcoming but here is one in progress: https://our.status.im/nimbus-fluffly/


It's almost as if there's only the bare minimum decentralization needed to avoid regulation and taxation and the rest is good old fashioned centralized web apps.

So "decentralized" doesn't necessarily mean "no servers" it means "the servers don't matter". If Infura went down tomorrow, nothing would be lost, because Infura was just hosting something anyone could have hosted. You want to be the next Infura? You just download the same code they did and run it: Infura isn't holding any state. If Facebook goes down tomorrow, everyone's accounts and all of their data is destroyed.

> If Facebook goes down tomorrow, everyone's accounts and all of their data is destroyed.

Facebook stores data with replication. I’m not sure which scenario involves FB being wiped off the face of the earth, while retaining blockchains.

Regardless, your comparison makes no sense. It’s like comparing a recursive and authoritative DNS server.


“Goes down” could be substituted for a lot of things, for example, “becomes evil”, “disables API access”, “arbitrarily bans you”.

Lots of developers including myself have had things break when Twitter decided to abandon its liberal approach to APIs. There was no alternative endpoint I could just point my app at.


> “Goes down” could be substituted for a lot of things

For clarity, you are now arguing a tangential point.

> Twitter decided to abandon its liberal approach to APIs

I just don’t understand the comparison between Twitter/FB to a blockchain.

Are crypto maximalists arguing that social networks are only about the database itself and access to it?

> There was no alternative endpoint I could just point my app at.

The article already has a great example about this not working as intended - opensea removing his NFT from their API despite it existing on-chain. And every NFT viewer using the opensea view of things than the chain’s view.


> For clarity, you are now arguing a tangential point.

I don’t think I am; all these fall under GP’s first sentence; I took “goes down” in the next sentence as one example, WLOG.

> Are crypto maximalists arguing that social networks are only about the database itself and access to it?

I can’t speak for crypto maximalists (I’m probably as skeptical of this stuff as you are), but I think the best argument is that the existence of a viable off-ramp forces the centralized player to be a good actor. Similar to how many open source projects are very centralized, but the possibility of a fork (like mariadb) is enough of an incentive that it’s rare for a project to screw up so badly that a fork can gain steam.


FWIW, you aren't (arguing a tangential point to me): I didn't say "one of Facebook's servers goes down", I said "Facebook goes down". Companies go out of business or simply get tired of operating product lines constantly. I can sort of appreciate the idea "well maybe by goes down I just meant temporarily", but then I think one needs apply that to the entire sentence: if it goes down permanently, the accounts are no longer usable permanently (aka, "destroyed"); and, if it goes down temporarily, the accounts and data are no longer usable temporarily.

> Is the maximalist argument here that these companies are going to build out all this infrastructure, move the global financial system onto it, and then rip it apart and rewrite it to be entirely distributed afterwards

I haven't heard anyone articulate this as their vision lol. I would think they distribute the systems somewhere between trading monkey JPEGs and actually moving the global financial system onto it.

As to why start with it centralized, it's easier to get a POC working with the systems and conventions we have in place today than alongside rethinking all of the infrastructure at the same time. Work on the UI, trade some stupid goods that finance the development of these distributed systems, etc. I just don't understand the argument that this whole thing will or should be binary. Huge migrations like that fall over all the time. Gradual rollouts take longer but are generally safer and in this case probably the only option.


"You should check out my new car company, ThreeWheel. We're completely revolutionizing the business of getting around. The key innovation is that our cars have three wheels. This reduces tire cost, improves aerodynamics, and reduces rolling friction. Our three wheeled cars are the future of all wheeled transport!"

"Okay."

"But our prototype has four wheels, as a temporary prototype to test out the technology."

"That doesn't seem like it tests the technology very well."

"I don't see why you're quibbling about the details. We've sold thousands of ThreeWheels to people who are very enthusiastic about living in a three wheeled future!"

"You've sold four wheeled cars to people who want three wheeled cars?"

"They then resell them for tens of thousands of dollars more than they paid! They're ecstatically happy! Nobody is bigger fans of the three wheel car future than our customers."

"Even though these cars, the cars they purchased, have four wheels."

"Well, they could remove one wheel later, if they wanted."

"Would that work?"

"Oh no, absolutely not. You couldn't drive it at all, then. It would be much worse than a regular car. A lot of work remains to be done to gradually transition current ThreeWheels to a three wheeled form. We plan to send robots to each customer's garage to cut sections from the frame and re-weld them together. Then we need to swap out the steering rack, re-route the driveshaft, change suspension components, brakes..."

"That sounds hard."

"Yes, we think it will take hundreds of changes over years to move current generation ThreeWheels to a three wheeled mode."

"Instead of just building three wheeled cars today?"

"Wow John Cena bought a ThreeWheel and posted it on his instragram! My collection of ThreeWheels is going to explode in value! I love my job!"


I thought you were going after Aptera and Arcimoto for a second and I was wondering what they had done to deserve to be associated with that debate…

I'm sure this is funny but a much better example would be the Prius and electric vehicles.

Was the Prius ever intended to be an evolutionary step toward widespread EV adoption?

Not GP but I have to say I love getting 50mpg in the city and having the same range as any gas powered car. So I don't quite see how Prius is a better example than the awesome analogy made above.

The Prius had user benefits right away.

Fun fact, Toyota is not a big fan of the transition to fully electric: https://www.theverge.com/2021/7/26/22594235/toyota-lobbying-...

Toyota is definitely behind, but they just held an event last month showing off 16 new BEVs: https://thedriven.io/2021/12/15/toyota-joins-electric-race-w...

^ for sure.

Someone should have told Toyota.

This example is not good. Hardware has a much different release cycle than software. Once you sell a car, you can't simply release a hardware update.

99.999% of internet software is built iteratively. Even programming languages and operating systems have versions. This argument about needing everything to be decentralized from the beginning is exposing bias because it's not a logical conclusion unless you're bent on antagonizing web3.

Even most DAOs start out centralized and slowly become decentralized. This is expected. You don't want to go full decentralized until everything is stable.


> Even most DAOs start out centralized and slowly become decentralized

This is also how democratic governance works. A core group of “trusted” leaders makes decisions that are ratified by elected representatives. It is then disseminated through the various layers of governance and implemented in a distributed fashion.


This is golden. Thanks!

Why would the global financial system move to a blockchain?

If key financial institutions had more trust in a blockchain than in the Federal Reserve, and the European Central Bank, and the Bank of England, and maybe the Central Bank of Japan to hold an account of their assets.

Do we have any reason to think that would be the case, or they’d enrich the early adopters of one of the existing blockchains by using it rather than creating their own? Central banking doesn’t need to pay the overhead for trustless anonymity since all of the participants are known and have ongoing working relationships.

Surely development of the full fat clients will lead to the required innovations to provide light, mobile clients for blockchains that are properly distributed.

I agree there are many scams but we really are in more of a research period with regards to the tech. The research will continue through the hype cycles.


But why would it do that though? I’d like to hear a falsifiable theory of how that would happen, because as of right now it’s not happening, and no one seems able to explain what big thing is going to change. If the biggest part of the change (using the blockchain) isn’t causing the dynamic to shift, what future change will?

To me the argument here is because it's easy. Even if the interaction layer is centralized the underlying tech is decentralized so everything can easily be validated and that's the key difference.

I think he touched on that in the article. The masses are trusting the centralized API, not the blockchain. His NFT exists in the chain, but not the API, so it effectively doesn't exist in the eyes of the market.

That feels like an argument that could be applied to web2 too though, and it falls apart there too: It’s never been easier to spin up some servers and whip up a basic social media site or search engine or online store, but it’d still be hard to displace Facebook, Google or Amazon. The problem isn’t with the ease of starting a competitor, it’s the psychological and social forces that cause people to prefer having one default place where they can go for a certain thing.

But as noted in the article, that's not the case. OpenSea stores data that then isn't on any blockchain, like royalties. That's done as just a regular web2 feature, a database on OpenSea's backend.

So no, it can't be validated, and it can't be migrated.


Royalties is a funny example because a) they’re being standardized, see eips.ethereum.org/EIPS/eip-2981 and b) royalties are entirely opt-in. You can happily transfer NFTs without having to pay royalties if you forgo an exchange that respects them.

That’s literally one of the most salient points of TFA: protocols move dog slow and provide too little too late, platforms iterate fast and give people what they want right now.

But there will be other features over time, that would not be standardized. As per article centralized platforms progress faster than decentralized standardization. Switching cost will grow.

Kinda sounds like RSS and Google Reader, and how did that work out?

Why would we ever move toward decentralization? It is almost always easier to have at least some central point of control in any distributed system, even the Internet (IANA, RIRs, etc.). It is also very difficult to remove a centralized control point after a system is already deployed, especially if the system supports heterogenous clients (as it is likely that some clients will be slow to switch to the new design, and many will make bad assumptions about the system architecture).

There is a point to be made here that is an important difference between web2 and web3+centralized apis. On the latter companies do not have lock-in of the data, which provides a big incentive to not be evil. the moment someone can make a case for bad play they have the advantage to shift the market to a different platform. Unfortunately this is not so easy on web2 because of the data that locks users on those platforms.

> There is a point to be made here that is an important difference between web2 and web3+centralized apis. On the latter companies do not have lock-in of the data

This is only true of the data stored on the blockchain itself. As described in the article, that isn’t anywhere near enough to replace the centralized systems being billed as “web3”, and it’s completely unworkable for data which can’t be public, which is updated frequently, or which needs to be deleted. Combined with blockchains being unavoidably quite expensive and slow, and the challenges of standardizing protocols while the competition is shipping it seems quite unlikely that this will change.

It doesn’t reduce lock-in meaningfully if Google were to continue to store and process all of your data but now you’re using an outside authentication system. I’m sure they would love, however, the way “web3” makes their job of tracking users so much easier.


Deletion and/or non-public is an interesting problem. Obviously, you can store it encrypted and delete the key, but advances in compute and algorithms might render that encryption breakable.

For data that needs to be updated, all you need is an override mechanism, which sounds simple enough.


Storing it encrypted also means you have to ask what happens if the key is leaked — for example, if I tried to sell movies that way rightsholders would be unlikely to accept a system where you could pay $10 and then give the decryption key to all of your friends, leaving me no way to revoke it.

For updates, you can definitely replace things but that's expensive if you have to pay a transaction fee regularly and it could quickly get to non-trivial storage sizes if you have to store obsolete versions in perpetuity, especially with non-trivial metadata overhead.


> the moment someone can make a case for bad play they have the advantage to shift the market to a different platform.

As we have clearly seen with OpenSea and rampant fakes, copies, plagiarism etc. Oh wait...


I don't think making all data public is the best solution for preventing companies from selling my data, or withholding it from me.

Distributed storage does not make any difference for lock-in with a centralized API. For example, imagine a system for storing photos on some distributed system and a popular, centralized web front-end for users. Now what I will do with the centralized front-end is to give users a "value-add" by encrypting their photos, thus protecting their privacy, and better still I will use my proprietary key management technology to relieve end users of the various problems with losing private keys. Lock-in achieved, and all you accomplished with distributed storage was to outsource the maintenance of the storage infrastructure.

We already see this with blockchain payments. The vast majority of merchants who accept cryptocurrency payment do so through a service that manages their wallet and typically offers some kind of value-added features to lock them in. There is no reason to believe the same will not happen with Web3, if it is not happening already.


This is probably the best argument I have seen in favour of web3

> Why would we ever move toward decentralization?

for all of the reasons that web3 apologists are excited about decentralization. I'm not really one of them, so I'm not going to advocate on their behalf, but lots of people are very excited about this.

> It is almost always easier to have at least some central point of control

I don't think anyone is going to argue that decentralization is the easiest solution.

I agree that it's hard to remove this point of centralization once it's there. My guess would be that, if this goes the way many are hoping, new places emerge over time with increasing levels of independence from these central providers.


This discussion would benefit from a Ramsey, graph, random matrix person to expound on "random" graphs as seen in nature. Nodes with n edges in, 1 out are around but not without some centralization. Surely not robust?

decentralization in the blockchain world is really to provide security and interoperability by emulating centralized services. So essentially it looks like a centralized service, but it's more secure than a centralized service.

From a cryptographic perspective, centralized and decentralised services are equally secure. From a user perspective, blockchains are less secure as there is no authority you can approach for chargebacks

The point of blockchain was removing trust from a single person and spreading it around over a network


> From a user perspective, blockchains are less secure as there is no authority you can approach for chargebacks

This actually proves the point that security is relative. There are instances when I would feel more secure when an outside party can refund my money, say when the seller never ships the product I ordered. There are also times when I would feel less secure with chargebacks, like when I sell something on eBay and the buyer files a complaint with PayPal after taking delivery of exactly what they ordered.

Security wasn't an original goal of bitcoin. Privacy, anonymity, and immutability were, though the first to were lost a decade ago and immutibly is pretty well solved but also the primary cause for so much wasted resource consumption.


> There are instances when I would feel more secure

Your comparative examples make no sense - you like refunds as a customer and hate refunds as a vendor.

Surprise, surprise…? I mean this is already the case in web2/fiat.


It sounds like you did understand my two examples, not sure how they could have made no sense. The two scenarios point to competing ideas of what "secure" would mean, and my point was that security can't be a goal because its relative

can you explain how web3 solves your issue?

Oh it doesn't, I haven't found any value in web3 yet. I may just be missing something, but I still don't get what problem web3 can solve that isn't solved easier with web1 or web2 technologies.

> From a cryptographic perspective, centralized and decentralised services are equally secure

That’s just not true


I would argue consolidation and centralized elements are inevitable, the promise of true decentralization is like socialism: a promising theory but failed application.

It's really not that hard (or even expensive) to run your own.

Here's[0] an example doing it on k8's. I had something similar running on GCP in a couple hours. It's been running for a month with no issues.

0 - https://messari.io/article/running-an-ethereum-node-on-kuber...


As someone who has run nodes, no it is hard and expensive. Every time a geth node dies it has to resync and no persistent volume mounts and stateful sets are not solutions. They are problems. If you need to scale horizontally you get strange consistency issues with the API. All of this makes for a very unpleasant experience. It's built for TLC on a beefy box not a herd.

What version of geth were you using? How many CPUs? When one of my geth nodes dies, another spawn without issue.

And that's the rub. The new node doesn't have the same state as the old one. So clients making requests assuming that latest is the same start having problems. If you haven't seen them you just haven't been running a production quality service.

But one of the main points of article is that people don't want to run servers, developers included. Even being easy, letting someone else do it will always be easier.

But the question was how hard is it to run a competitor to Infura. And the answer is trivially easy. Infura is just an Ethereum node API that's publicly exposed. Building an Infura competitor literally is nothing more than $100/month it costs to run a Geth node on AWS.

This is true today. But the standard approach in this industry is to start by offering access to an open service and then quickly build in value-add services that aren’t available in the open service. So for example, the smart move would be for Infura to offer a proprietary chain or rollup that gets widely used but isn’t available outside of Infura. If they can pull that off, competition could get much harder.

I second this. If history has thought us anything is that every web3 company will work toward increasing the competitive gap.

Right, this was my point. People don't usually run Postgres themselves (e.g. set up Postgres in a docker container), but it's not very hard to do.

The article makes it sound like Infura has a moat. There's no moat, it's as easy to switch as it is to switch Postgres clouds.

To be clear, I agree with most of their findings, this on is just a bit off.


> People don't usually run Postgres themselves (e.g. set up Postgres in a docker container), but it's not very hard to do.

It's easy to do a basic install.

It's quite hard to do it right, at scale, with workload-appropriate configuration, replication, backup etc.

My point... neither Postures nor Indira, or any other blockchain solution are easy to install and maintain in a fully scaled-up, fault-tolerant, multi-node deployment


How many (large) companies, governments, etc... run their own email servers? If there's a strong enough need, people will run their own servers even if they'd rather not. "people don't want to run servers" arguably could be rephrased as "people don't have a reason (today) to run their own servers". I'd argue this is a key difference between web1 and cryto centralization and the web2 centralization. If Google announced tomorrow that anyone can buy the gmail contents of any gmail address, you'd bet a lot more individuals would either switch to alternatives or start running their own severs.

> How many (large) companies, governments, etc... run their own email servers

Every year a decreasing number as everything moves to SaaS and the cloud.


> How many (large) companies, governments, etc... run their own email servers?

Office 365 financials alone suggest that the answer is "very few, and rapidly decreasing". I work for a ~30k employee technology company that doesn't run it's own email servers.


Should be pretty easy to find the top 100/1000/10000 companies and look at their MX records.

I’d imagine it’s a large number of Office 365, GSuite by Google and Barracuda/ProofPoint which may point to a SaaS thing or an internal server.


In a discussion about people not wanting to run their own servers the fact that your first instinct was to use GCP is telling.

Metamask lets you enter your own RPC endpoints

Don't get me wrong its good that the option is there, but short of coding and operating your own full node Metamask will still be trusting a centralized third party

I'm not sure I understand, running a full node requires some consumer hardware and a few days. And most infura usage doesn't even need a full node, so it's easier to run.

The API is the same, swapping out for another node is just a config change


> running a full node requires some consumer hardware and a few days

There are monthly utilities and regular maintenance as well. Networking could also be a problem, you'd really want a static IP and an unlimited high-speed network which isn't always supported by many home ISPs

> And most infura usage doesn't even need a full node, so it's easier to run

I don't know as much about the protocol details of infura. Have they found a way to verify transactions with a partial node? That'd be huge if they have, regardless of what happens to the current NFT platforms!

Many projects have chased pruning, but it always seems to get stuck when people realize that means adding trust into Tue system since you can't trace back to the genesis block


Perhaps I'm mixing up terminology but by full node I mean an archive node as that has larger hardware requirements.

You don't need to code a full node. It's software than you run via a cli interface

If the goal is to remove trust in a third party you would either need to code or verify the software before running it. Short of that and you still have to trust whoever coded it and all the distribution infrastructure that let you download it.

There's more than one codebase though, and having more is something commonly talked about.

More options is good for sure, but doesn't solve centralization or trust concerns

The level of centralization is a spectrum and I don't mean to fall into the trap of describing it as all or nothing. The question is how close to decentralization web3 is or can be, and my concern with regards to picking your own API endpoint is just how similarly it is to the original point Moxie was making with regards to there only really being two API hosts in use


There are voices within the space that have been talking about this issue for many years. There is at least one project which aims to use economic incentives within the design of the protocol to mitigate. Check out Saito.

> The centralization of apis (infura, opensea and ethscan used by metamask) is the biggest problem. I could be wrong, but I don't think we've seen that fast consolidation in other early tech. I remember in the late 90s there were a number of search engines but no one really owned the space. Only 20 years later did Google emerge as the winner and is (IMO) by far the best in terms of relevant results. But that didn't happen overnight, and there wasn't a search engine dominating 90% of the market within a few years of the beginning of mainstream acceptance.

> How hard is it to create a competitor to infura? MetaMask should be incentivized to do this as they're core offering is controlled by one party.

> [edit] Never mind, metamask and infura are owned by the same company (ConsenSys). It's even worse than it appears...

Currently working in the space (graduated from doing systems-level . My hot take is what is considered a "full node" can potentially use significantly less resources. The base word size is 256-bit (size of SHA256), most is either 1s or 0s, the entire raw Ethereum blockchain is roughly 350 GiB uncompressed, probably can be much better with zstd compression on multi-core. Let's just quietly ignore that most is not using an assembly-level optimized implentations of uint256 arithmetic operations. Also all the current clients (a) afaik run transactions single-threaded, and (b) no on-disk compression, (c) at best use mmap relying on OS level paging even though you're going to have 32-byte random reads invalidating entire 4K or 16K pages out of ~3TiB of read/write space. I'm more than certain execution can be ran speculatively using STM (software transaction memory). I seriously doubt that most Ethereum transactions within a single block have that much r/w contention if you were to execute them in arbitrary order in parallel. Basically application level speculative execution (except you know the ending hash ahead of time, so you know of the ending state is valid or not). Anyhow...


What is your point? Sounds to me you're just regurgitating technical mambo jambo that doesn't realy have any relation whatsoever to any of the points quoted!

Are you trying to say that by optimizing a node's software, people will be able to run a full node on their devices?? That's patently false currently, even more if the technology actually goes viral one day (small system-level optimisations simply won't scale to compensate for the fast increase in the blockchain size).


The fundamental problem with decentralisation is that it will always be less efficient than a centralised solution due to the overhead necessary for coordinating the system. This means increased costs of some nature. In order to justify those costs, the decentralised system has to add a sufficient amount of value compared to the centralised solution. And not only is that usually not the case, but, as Moxie points out, it is usually the opposite, because a centralised system can iterate more quickly.

And that is also true for the crypto/web3 world: Outside of some niches, it does not add any value. Almost anything it can do, existing centralised technologies can do better. The only reason they haven't so far is that most of these things are not terribly useful to begin with.


This is the exact argument for authoritarianism over democracy. Centralization is easier and often cheaper, but you have to trust the group in charge completely. Even then, the collective loses out on innovation and new ideas because only a small subset of the population is in a position to change anything.

Centralization is often a short term win, decentralization is a long play. Unfortunately, we almost always seem to chose immediate gratification which is why we see decentralization abandoned early, and why we see democratic freedoms being replaced by authoritarian control.


This is what representative democracy with an executive function is for. The government / executive acts without the need of democratic micromanagement, but is subject to popular oversight through a number of mechanisms.

Even in the case of democracy, you have to put trust in the sovereign.

And whenever the sovereign enforces a law, the person facing the enforcement will consider it tyranny. It’s a known paradox of the power we, the people, grant to the sovereign.


A thousand times no. A true democracy earns trust through the integrity of its institutions: executive, legislative and judicial, and the respectfully balanced and constitutionally limited powers they share.

Never in a sovereign.


democracies are highly centralized.

delegation is not the same thing as decentralization.

democracies and authoritarianism are both centralized, the difference is that one is a cooperative model, the other one is not.


My point wasn't to draw a direct line between democracy and a decentralized network. I just thought it was important to point out the risks and potentially short sidedness of giving up on decentralization because its slower and more difficult. That line of thought leads to more authoritarian control, and that's never worked out well for the average person in the long run.

I don't recall that argument in practice. In Kazakhstan just now for the leader has recently used the argument "Those who don't surrender will be eliminated" which seem more common than "centralization is easier and often cheaper" as far as I can tell in such situations.

I was speaking generally not to any one authoritarian. I can't imagine many, if any, authoritarian leaders would be using the "it's easier and cheaper" argument when grabbing more power, but its a very common argument used in more general and philosophical debates.

Look into any of the writings that led to the USSR and you'll find it all over. The goal was total government control would be the best way to optimize resource allocation. They were making the case that Soviet communism would win out against fascism because they could make everything faster and cheaper.


I might be crazy, but reading this I imagine a blockchain based temporary democracy: full proof-of-whatever correct voting scheme choosing a temporary centralized “government” with measurable goals to move the system to eventual decentralization.

This is actually one of the few uses I know of that I have a lot of hope for. I worked on a digital voting system in college a decade ago, we were researching accessibility concerns mainly related to visually impaired voters. The voting industry in the US is just as much of a tire fire now as it was then but it could easily be improved.

A blockchain based voting system with each state acting as a PoW validator could actually work. The main challenge is how to centralize key distribution in a way that is accessible to everyone without compromising anonymity. If anyone knows your public key they know exactly who you voted for in every election.


The fundamental problem is that problems with centralized platforms are attributed to centralization, and thus decentralization is seen as the answer. This is entirely false. Centralization and decentralization are just words that have an objective definition. Neither is inherently better than the other and choosing either as a solution to your problem is entirely context dependent. Anyone that has a stake in crypto / web 3 conveniently leaves this crucial piece of information. E.g. it's a different solution to the same problem, not a _better_ solution the same problem. Having options by itself can be a valuable use case, but I'm afraid the gold rush is not driven by the excitement for having options, but rather for the excitement of becoming rich quick.

Do you know of any financial structures or corporate structures that are not pyramid shaped?

Only looming at financial and corporate systems is a seriously limited pool of data. There are non profits, collectives, employee owned businesses, etc that are not a hierarchical structure but I don't think they would fall into the pool of financial or corporate structures.

fwiw I follow a lot of crypto people on Twitter and 0 of them are following this message app, it has 700 followers and you decide to jump into the discord? To me that’s like getting a random email about a product and saying “yes tell me more” I’m not sure what you are expecting.

>When you think about it, OpenSea would actually be much “better” in the immediate sense if all the web3 parts were gone. It would be faster, cheaper for everyone, and easier to use.

That sums up the situation for me. Having a marketplace for purely digital goods might be a concept with a future. Having standard ways to interoperate between different platforms and query and update these goods might make sense (although I still think it goes opposite to the general trend of walled gardens vs. decentralized web, I don't see why the IP owners would play ball and accept the loss of control).

The thing is that in most case those NFTs wouldn't be trustless. I see people putting forward that a use case would be an NFT that proves that your Rolex is real, or for Fortnite skins, or for the ownership of your house. But in all these situations, there's a very clear authority (Rolex, Epic Games and the municipal authorities, respectively). These authorities will be allowed to mint new NFTs at will (because who else?) and as such have to be trusted. That opens up interesting questions btw, like "who is Rolex exactly?" which creates a chain of custody of trusted authority involving trademark management among other things. But I digress.

But then as soon as an authority is identified, why bother with the extreme overhead (it terms of resources and costs) of blockchain tech? Couldn't Rolex issue a PGP signed CSV of all valid Rolex serial numbers once a month on IPFS and you'd get the exact same security and trust profile without having to involve any "web3" feature?

Like cryptocurrencies, the subset of problems that can only be solved using NFTs is incredibly tiny and speculators rush to make up use cases that, if you think about it for five minutes, clearly make no sense and could be better solved using good old centralized tech.


As the article points out, many NFTs are implemented by storing a URL in the blockchain; the digital artwork sits on some server and is reachable by that link. Fine, you can prove that you own the URL. But what that URL points to can change out from under you, so there's no way to make that trustless. If you own the domain and the server that it points to, the registrar can take the domain away from you and give it to someone else.

In a sense, NFTs are a lot like those schemes we used to see where some company will promise to name a star after you, even though no one recognizes their authority to do this. Fine, that URL is "yours". You just own a sequence of bytes, the ones in the URL, not the ones that the URL (temporarily) points to.


So, this has a really easy fix. The NFT points to a content hash, and the content is uploaded to the Internet Archive (and they're compensated for the storage) as part of the NFT minting process.

Your ownership is now on a distributed ledger, with a cryptographic hash of the content, paired with long term storage of said digital artwork. The Internet Archive's costs are ~$2/GB to store content in perpetuity, which seems insanely cheap to carve off as part of a transaction (Eth gas fees aside).


But then it’s just back to trust based web2, you’re trusting internet archive. That’s his point: this isn’t leading to trust less decentralization in practice. To do that, you’d have to store the NFT data on chain, which is prohibitively expensive

This is where it falls apart for me too, people are paying huge sums for artificially scarce links to someone else’s server? I keep feeling like I’m missing something.

>I keep feeling like I’m missing something

You are missing something - a huge position in crypto. Like the article points out, your existing investment would benefit from all the hype that a slew of crypto-oriented services and products could give. Irrespective of whether those same services could be implemented "better" using standard centralized tech. And - amusingly - irrespective of whether those services offer products that you would ever in a million years have paid for without the novelty of crypto sprinkled on top - e.g. paying big bucks for receipts for jpgs.


Yes, well, the fundamental reason is not what any individual owns, it's that (as the article brilliantly points out) these positions make it a gold rush.

> I keep feeling like I’m missing something.

Nope, you're not missing anything. NFTs are the world's most convoluted and expensive way to store a bookmark.


Thanks for that comment

No, they are paying huge sums for a digital certificate of ownership of the content on some else’s server; the link is just the description of what they are certified to own, like the address on a deed.

(There's all kinds of problems with it, sure, but they aren't paying for the link.)


The value of a deed is that it's recognized by a legal system, which is backed by a police force, who you can call if some guy shows up claiming that your house actually belongs to him.

With an NFT, you don't get that. It's equivalent to your county clerk's deed registry, including the $100 filing fee, and excluding the legal machinery which gives the deed registry its value.


> The value of a deed is that it's recognized by a legal system

Sure, I’m not saying an NFT is substantively like a deed, I’m saying the link in an NFT serves a broadly similar purpose to the address in a deed.

An NFT is perhaps more akin to a certificate from one of those star name registry outfits that were popular for a while, but with less specificity as to what you supposedly bought with respect to thing it describes.


On the other hand that same legal system can decide you are no longer entitled to said property and that same police force can come and drag you out of it. That physically (as far as we know) can't happen on a cryptographic blockchain. They can some how convince you that giving up ownership of your NFT is a good idea, but it still has to be of your own volition.

No, the centralised url selling service decides who owns which monkey url and they have already used that power.

https://blockzeit.com/opensea-nft-marketplace-stops-hacker-f...

There is another example in the article - his nft was deleted from the marketplace, and nobody buying monkeys cares what is on the blockchain.


His example of his NFT that gets shut down is showing that because of this layer of centralization, anything that can happen to normal assets can happen to blockchain. Governments can force OpenSea to take your NFTs, OpenSea can delete your ownership at their discretion, etc. All he is left with is a meaningless string of data on chain, while the NFT visual is gone. It’s not immune and protected like people think

Not true. The legal authority can compel you with force to transfer your nft in exactly the same way they’d drag you out of the house.

There's a difference. You can drag someone out of their house without consent, but forcing a transfer requires consent. Does this difference matter?

Forcing a transfer does not require consent. They’ll seize the hardware that holds your private key.

If you’re worried about the government forcing you out of your home at gunpoint, what makes you think they can’t seize a private key or force a few keystrokes?


Hardware wallets usually have a password enabled, in addition to other security mechanisms. Like I said, not sure the difference matters, but there is a difference.

But what's the difference of just authority making your NFT URL invalid and moving the item under a different URL? That would be equivalent of forcing you out of your home, they cannot force you to give them keys, but they can change the lock.

This whole "files stored on Google Drive" is growing pains. NFTs must all be hosted on IPFS.

If they really want they can analyze the memory on your desktop or install a keylogger. There’s so many ways to extract a private key barring a deadman switch and a cyanide tooth capsule.

Again, you’re seriously arguing that it’s harder for the government to take your house rather than give up your password?


Houses also have locks and yet presumably the police can and will bypass that security measure in this scenario. The point is that nothing will protect you in the face of overwhelming force.

Obligatory XKCD reference: https://xkcd.com/538/

That probably would not happen in a first world country.

Depends on who you are — Gitmo comes to mind – but at least in the United States you can substitute being beaten by agents of the government with being imprisoned where the other prisoners and possibly agents of the government will beat you until you give up the password.

Why not? If NFT ownership ever became meaningful, the people with the guns can simply keep a list of ownership amendments separate from the blockchain.

It kind of sounds like you're arguing that since the blockchain can just be ignored it's somehow less meaningful. But I'll bite:

Then the people with guns now have to expend resources to maintain and enforce those amendments. If they are not somehow just discarding the entire blockchain subsequent to their amendment, they're maintaining an every increasingly complex set of merges. Furthermore their amendment (very probably) isn't a cryptographic blockchain, so it's subject to all the problems that the actual blockchain list are not (forgery for example).

What makes blockchains unique is that they are the first example of these various records (ledgers, titles, etc) that physically cannot be manipulated in certain ways.


> Furthermore their amendment (very probably) isn't a cryptographic blockchain, so it's subject to all the problems that the actual blockchain list are not (forgery for example).

Their amendments are theirs. This is like saying that keeping your own accounting is worse for you than putting it on a blockchain, since someone might forge your own accounting books - it just makes no sense.


I don't follow.

"They" can do just about anything they want. They can make their amendment. They can declare the blockchain null and void. They can hold a gun to your head and tell you to sell your NFT. They can even pull the trigger, in an attempt to make an example out of you for the next fool that tries to defy their authority. But the one thing they cannot do is seize your NFT without your volition. Not without breaking some of the fundamental mathematical ideas behind encryption.

Is there value in that in present day society? Maybe not. But there is undeniably something special about it.


> But the one thing they cannot do is seize your NFT without your volition

That’s not true.

I mean, even if the access to the NFT relies solely on material in your head, there are pharmacological approaches, among others, that while not necessary reliable, can cause you to give up information without meaningfully willing it.


And private information will probably one day no longer exist. Imagine some kind of device that can scan the neurons in your brain along with the electrical/chemical state and somehow extract information from that (such as a memorized cryptographic private key). Let's just throw our hands up and give up on cryptography altogether.

Even a pharmacological approach is a side channel attack which no one seems to care to distinguish between attacks on or flaws with the underlying idea. When discussing the merits of blockchain technology we are allowed to take for granted its very obvious underlying assumptions. Namely that there exists private information held by a user of the system.


"the link is just the description of what they are certified to own"

No a link isn't a description of its content, just like the article demonstrated the content can change to anything, anytime, in many ways. Even if the URL contains the hash of the content like with IPFS URLs it's not a description of the content but one step better because you can check if it's pointing to the content it supposed to be.


More importantly, they don't own the original item. An unofficial version of a deed registry says they own the link to the item. That's not the same as actually transferring the copyright or anything.

As I understand, most NFTs don't confer any copyrights. So unlike a deed, it's not a certificate of ownership of the content at all. Some other entity still owns the content in the legal sense.

> As I understand, most NFTs don't confer any copyrights.

Yes, one of the “all kinds of problems” I mentioned upthread (this one isn't an inherent problem with NFTs, but seems to be a practical one with many current NFTs) is that while NFTs certify ownership of something with regard to the linked content, exactly what that is (beyond the certificate that is the NFT itself) is often not clear, even, AFAICT, to the purchasers.


But they don't even get the ownership of the content. The original creator still owns the copyright, and as a the buyer you don't even get a license to use the work in the NFT. The copyright is the only meaningful way you can own digital art.

ok so you own a certificate that describes the content of a link

I think it's worse than that since, as described in the article, NFTs don't include a hash of what the link points to. So you own a certificate that describes the content of a link in the very literal sense of describing the characters in the link URL and not really anything more.

> ok so you own a certificate that describes the content of a link

More precisely you have a certificate that says you own something (often ambiguous, though this could be precise; ambiguity is a choice in the minting of an NFT rather than a fundamental issue with the technology) relating to the content described by means of a link (the NFT may or may not include additional description of the content via metadata.)


They don’t own anything in a meaningful sense except the url, and even that is controlled by someone else.

Do they even own the URL? Is no one else allowed to post the same URL (even disregarding how/by whom this would be enforced)?

Well I imagine opensea at least prevents url collisions on their own service, but yes as the article demonstrates someone could sell the same url on several services while changing what that url points to whenever they like. I think most of the time the url points to the marketplace itself though?

So I suppose it is more accurate to say they own that particular citation of the url embedded in the blockchain, for certain values of own.


Yes you are missing incoming money transfers to your account.

People that earn money on NFT don't have feeling that they miss something.


as long as they’re the ones not holding the bag

> But then it’s just back to trust based web2, you’re trusting internet archive.

Correct, because it's clear storing the content in web2 Internet Archive is superior ("you’d have to store the NFT data on chain, which is prohibitively expensive"). They will persist regardless of web3 shenanigans, and hash addressing ensures content integrity. You could even use a torrent to store and serve the content (again, which uses hashes to identify and preserve integrity of content).

Why would one trust a distributed ledger over a centralized archive run by folks whose primary focus is on preservation of the bits they're storing? The economic benefit of running storage nodes of encrypted content is unlikely to ever be sufficient to provide the same economic incentives a corporation or non profit realizes by offering the durability a centralized service provides (due to scale).

EDIT: @Ragnarork It seems like web3 is making some promises it can't keep?


> Why would one trust a distributed ledger over a centralized archive

Isn't that the polar opposite of the promise of web3...?


I'm not sure it's even necessary to use Internet Archive or a torrent? If I own an NFT whose hash is stored on-chain, I can just ensure the availability of the preimage by storing it myself.

Then when I want to interact with a centralized NFT marketplace, I can upload the preimage to their server. They'd verify the hash and store the image. I'd continue storing it myself though, so if that marketplace goes away, I can follow the same process with another one.


tying back to the article... so you want to own a server?

If the NFT contained the content hash, your and the creators public keys, a signed timestamp, and the signature of those parts by the content creator, then the content could be stored elsewhere no?

Obviously you'd want to keep a copy yourself, but at least you could then prove to others the file you have really is the one the creator sold, no?

No expert at these crypto things, in either sense, am I missing something?


Say you add all that information to the transaction, to verify it in the future you still need to run the original file through the same hash function to prove they match.

Its common for image files to be modified, many times even automatically by the hosting service. They might compress it, remove unnecessary metadata, or add metadata for themselves. Any of that would break the hash, so you'd need to make sure any host you use to store the original absolutely never changes the file.

Then what? Well the image exists and you can verify it wasn't changed off-chain since the transaction finalized, so that's good. There's now an image publicly available online BUT a specific block chain says you own it, so that's also cool.

But wait, that hash isn't guaranteed to be unique so really anyone could make another NFT pointing to the same URL and file hash, now they also own it? And anyone could just download the file, so they own it to? And there are no legal protections for NFTs, so what was the benefit of paying to have one block chain transaction say you own it in the first place?


> so you'd need to make sure any host you use to store the original absolutely never changes the file

Which is trivial, just download the file. The place where you bought the NFT would ideally have some facility where they guarantee you can download the correct file, otherwise why buy from them?

> But wait, that hash isn't guaranteed to be unique so really anyone could make another NFT pointing to the same URL and file hash, now they also own it? And anyone could just download the file, so they own it to?

Preimage attacks are quite hard to accomplish from what I understand against modern, secure hashes. If the hash used is later broken and a preimage attack is possible then yeah you're screwed. That's a risk you take.

As for exclusive ownership, I forgot in my initial reply to add another aspect I thought about which was the license. That is, some well-defined licenses should be specified, similar to the Creative Commons stuff, and the NFS should specify one of them. Then you know if you get copyright or not etc.

Enforcement of the license would of course be similar to other digital assets, ie hard to do unless you're big, that's just the nature of digital things.

Now, just to be clear, please don't take this to mean I'm advocating NFTs. I just think the way they're currently used seems to make them completely worthless, while in theory it might be possible to make them not quite worthless.


What's the benefit of having the URL permanently stored on the blockchain in that case? If I have to download the original file as soon as the transaction completes to make sure they don't change the photo on me, why bother?

And then what am I spelling later? A transaction immortalized in a block chain with nothing more than a broken URL and, at best, a hash of the original file?

Edit: I realize I sound a bit dickish in how I'm replying. Don't take it that way, I'm really confused at how NFTs solve anything but really appreciate the conversations here and am glad to hear differing opinions!


> What's the benefit of having the URL permanently stored on the blockchain in that case?

Not much as far as I can tell. I mean it would kinda be like a signature on a painting, in that it's a visual indication of who made it. But the proof would be in the digital, cryptographic signature.

> I'm really confused at how NFTs solve anything

I'm in the same boat. I'm just trying to figure out how they might be useful if they implemented them differently.


I don't even know if I like this idea, but it'd be a different ball game if NFTs held legal status. That goes pretty counter to many of the usual benefits claimed of crypto projects,but if an NFT was treated as legally binding ownership that could make them really useful

Right but without any legal aspects, what use could they be?

Anything in them can be copied trivially, so on their own they are per definition not unique hence fairly worthless.

If they're only useful when two parties agree they are worth something during an exchange, how are they different from plain cryptocoins?

I mean this is a bit similar to the GPL, it would be useless if courts declared it can't be enforced.


I thought we were talking about the problem of someone pulling the rug out from under you by changing the content at a URL. The hash solves the problem, but what you are talking about is an entirely different subject, and a problem which all NFTs suffer. Or not a problem, but just a general property of NFTs and crypto as well. The network effect is extremely important with blockchains. You could also fork BTC right now and claim you own everything on the chain. Doesn't mean people will honor it.

A hash doesn't really solve the core of the rug pull problem. If the hash doesn't match you know the file at that URL changed, but how was it changed? Was it just a metadata that didn't really change the artwork, or is it a totally different file?

And what does it mean for the transaction on the block chain if both the URL and the hash no longer match? Is it worthless now and unsellable? Or do you sell it with a note that says ignore the URL, ignore the hash, or both?

I did point out other issues and that may have been unnecessary, but a hash doesn't solve the rug pull problem if the art isn't part of the encrypted and (mostly) immutable transaction block.


There doesn't have to be a URL.

> The hash solves the problem

Not really. The hash would prevent someone to pull the rug unnoticed, but it wouldn't prevent rug pulling in the first place.

With a hash, you would be able to prove that what's currently at that url isn't what you bought, but (since hashes are by definition non-reversible) you wouldn't be able to show or see what it was you bought (unless you stored it somewhere else yourself).


> unless you stored it somewhere else yourself

Which is usually trivial.


Yes, but the problem is many of them don't even include the hash, and you also need a way to verify the creator and his/her public key.

No you're not - it could be stored in multiple places. It's, a hash, not a URL, and if it's a properly constructed hash it would hard or impossible to fake. The content on server other than internet archive would have the same hash.

Why's there a need to trust internet archive in this situation? If the content hash is no the ETH blockchain, then it's immutable. You can make as many copies of the underlying image as you want so that sticks around permanently.

There is arweave which is trying to bring permanent storage. You could store the nft on arweave chain and mint the NFT on the same.

https://www.arweave.org/

Though, I'm not sure how this will "scale".


It’ll scale like S3, et al.: replicated storage requires ongoing payments because sysadmins need to be paid, storage needs to be bought & replaced, network bandwidth is metered, etc.

It could be cheaper if someone can finally make a P2P network which becomes and stays popular[1] but it’ll always require more than a one-time payment. That could be donor funded (Internet Archive) but I’d be leery of assuming anything long-term unless you’re paying for it.

1. Abuse is the hard problem here: if I host a node, when the police download something illicit my IP is the one they see and I have to prove that it was done without my knowledge. This is why nobody does this except for known sources.


> It’ll scale like S3, et al.: replicated storage requires ongoing payments because sysadmins need to be paid, storage needs to be bought & replaced, network bandwidth is metered, etc.

That's what they are trying to solve with their tokenomics model.

The value of token will appreciate over time whereas the price of storage will keep getting cheaper.

It's simpler than s3 in many aspects so I'm not sure you would need a system administrator. Everyone can run a node and things are replicated many times over. The failover model is to look for the next node. There are no API, security, access, etc consideration to be maintained at the node level.

Data itself is public by default.

> Abuse is the hard problem here: if I host a node, when the police download something illicit my IP is the one they see and I have to prove that it was done without my knowledge. This is why nobody does this except for known sources

Yeah, that's important.


> The value of token will appreciate over time whereas the price of storage will keep getting cheaper.

That's not a given, however, and it's not just raw storage but also network bandwidth and operator time which all require regular ongoing payments. Expecting newcomers to pay for the early adopters' storage in perpetuity is tricky because you need high demand for an otherwise useless token but there's a limit on the price for most users in the form of all of the competing options, which are currently faster and more reliable.

> It's simpler than s3 in many aspects so I'm not sure you would need a system administrator. Everyone can run a node and things are replicated many times over. The failover model is to look for the next node. There are no API, security, access, etc consideration to be maintained at the node level.

It's not that simple: anyone running much storage will need to spend time replacing failed drives, managing their bandwidth relative to demand, etc. That time needs to be paid for. Massive replication is necessary to deal with the reduced node reliability but that means the network needs to pay for considerably more storage in total than, say, Amazon does and adds significant scaling issues managing all of those extra nodes with more frequent status changes.

This has been tried a number of times before and it always founders due to being slower and less reliable, with considerably more complicated software required to deal with all of those issues which the competitors don't have. It's possible that this will be more successful but I think it's really important to look at how the market pressures have consistently gone in the other direction. Amazon didn't end up with exabytes of storage in S3 because it started there — people migrated their data there because it was faster, cheaper, and easier to have it there — and that is a competitive challenge for a replacement trying to build on nodes which aren't maintained with comparable levels of service.


Thanks for the thoughtful response. I appreciate it. All of what you say make sense.

Thanks — I’m trying to keep an open mind here but it often feels like there’s a lot of history which people could benefit from. I’m not terribly old but I’ve seen a few iterations of these ideas crash on the {freeloader,abuse} rocks so I’ve been reconsidering whether my earlier enthusiasm was more a mirage than practical.

> Though, I'm not sure how this will "scale".

It fundamentally can't - you need X amounts of storage * replication factor to store X amounts of data * replication factor.


Isn't the solve for this to store it on a decentralized storage network like Filecoin?!?

What if the URL points to a decentralized and immutable file storage system instead of a regular URL with a domain/IP?

This solves the problem while creating a new (big) one: make this decentralized and immutable file storage work.

They already exist, and work. IPFS, for example.

IPFS is famously slow/unreliable, not widely used, and you still need to pay for hosting of anything you don’t want to lose because storage, bandwidth, and operator time aren’t free and someone needs to get paid to deal with abuse.

You're not fully trusting them. They can't change the content.

They can change the content, you’ll just know they did it. Much like if my watch gets stolen I’ll know, but I still don’t have a watch anymore.

They can delete the content. That's the only "change" they can do. It's like your watch analogy, except you can easily back up an image, but cannot back up a watch.

I see no reason they couldn’t change the content rather than just delete it. In fact the article shows an example of exactly that in practice.

Sure you can back up an image, but the backup is worth the same as a copy of the NFT: zip. You now own a pointer on the blockchain to nothing and a jpeg on your disk. I’ve got a lot of that going on already with zero expenditure.


The article was about the NFT containing a name. This thread is about "NFT points to a content hash", to quote toomuchtodo. You can't change the content and keep the same hash.

Similarly, you can prove to others that the version on your disk the version pointed to by the blockchain by having people check the hash.


Or even just include a content hash along with the URL in the NFT payload. Just a way to verify the referent of the URL hasn't changed since the NFT was minted. Where you can find the content with that hash if not the URL can be left arbitrary or out-of-band, but it's at least capturing a fingerprint of the content, not just an address.

It seems like this would be absolutely trivial to implement, right? Just... add a separator token (say `#`) and a content hash (say with `sha1:` prefix, urn-style) to the end of the URL that's already in NFTs.

I don't really understand why NFT's don't already do this. I don't understand why they didn't do it from the start. It seems an obvious choice to me in designing such a thing. Like, it's so easy, and such a step up in making NFT's do something closer to what people think they do... it leaves me thinking that the design of NFT's just wasn't done seriously, and nobody using it really cares.

What am I missing?


Despite the various claims about how the worlds smartest most talented developers are working on web3… that’s not true. It was a significant oversight and I think technical leadership in the space is lacking. You have people who know lots and lots about crypto stuff but they are focused like a laser.

It’s like that crypto thought-leader on Twitter who didn’t know his NFT’d pfp was being served to various web clients over http.

It’s also why web3 startups are throwing huge cash at engineers from “web2” companies because, while they may not be crypto experts, they know how to build scalable systems, how web tech works etc. That knowledge is sorely lacking in the crypto space.


There was an "interesting" thread yesterday by some people who were surprised that static analyzing a contract and a once-over code review weren't enough to prevent the author from instantly stealing all their money.

https://twitter.com/cat5749/status/1476813266462539779


They can't see the wood for the merkle trees.

I don't know for sure, but I'd guess they don't do file hashes because image hosts so often change the file you uploaded. They might compress it, remove unnecessary metadata, or add their own metadata. All of that would change the file contents, breaking the hash.

A permenantly verifiable has still doesn't really solve it though. Someone can still change or remove the file later, even if you downloaded the original before you now have a transaction with a bad URL but a good hash. You can't update the transaction to change the URL, so what would that mean for anyone wanting to buy the NFT from you?

There's also the much bigger issue - say we solve the above problem as well. There are no legal protections for NFT ownership and there is nothing stopping people from just copying the artwork you own. What's the point of paying so much money for the right to kind of own a piece of art that anyone can legally copy and use?


> What's the point of paying so much money for the right to kind of own a piece of art that anyone can legally copy and use?

I don't fully understand the "collector" mindset. But let's assume there are people, similar to whales in free-to-play games, that are willing to pay ridiculous large sums for what the majority would not be willing to pay anything for.

Now, think of those collectors as being willing to pay for ownership over original artwork.

The Mona Lisa itself has many replicas, you can buy prints of it, and you could probably easily find paintings of it for much cheaper. Those are all copies as well, but their monetary value is much lower, because people know they are not the original.

Now, think of photography, there are people collecting prints, sometimes of digital photography. Similarly, the 1st print is worth a lot more. Think of Vinyl records, or CD/cassette tapes for music, the worth of the 1st pressed record is a lot more, and collectors are willing to pay a lot for them.

Now think of complete digital art, that which is not even printed. Which is the "original"? Unless you were to own the HDD or the RAM stick where it was first recorded, all instances are perfect copies of the same bits. So instead, the "original" is the first person the artist publicly acknowledged as the owner of the "original". It is like the artist signing the print. This is recorded in a public ledger, that people trust and believe to be very hard to manipulate or fake. That is what an NFT is.

You might find it absurd, but is it anymore absurd than paying lots of money for the 1st print of a photo? Or the first pressed vinyl? Or the first book as signed by the artist?

The value is in people's head and emotional attachment. Someone was given by the artist themselves recognition of the piece signed in a public ledger. That's now the "original" and people assign it value.

You can think of it a bit how a lot of collectors offer public showing of their collection, the fact others can "see" the artwork for themselves isn't what make it valuable, it's the emotional knowledge around it, that of having it handed directly by the artist itself.

This is what I've understood of it at least.

Edit: Now the article still makes good point, that as it stands, some NFTs are ambiguous as to what artwork they even relate too or if they were truly created by the "artist".


That's a good explanation and it looks like people do value NFTs for those reasons. But it still doesn't compare to the Mona Lisa which if I possessed it I would know that only those physical brush strokes came from Leonardo's hand. The vinyl example is better. But even then the vinyl is physically old and unique. I can take it out and know that it was pressed in 1972. The NFT is just pixels on my screen that are a copy of a copy of.. and will be destroyed when I close the viewer.

> But it still doesn't compare to the Mona Lisa which if I possessed it I would know that only those physical brush strokes came from Leonardo's hand.

I think the idea of NFTs is that you know that the original artist (Beeple or whoever) issued the NFT, they clicked the buttons and saw the same hash you see on your screen.

Like if Leonardo da Vinci sent you a cryptographically signed email with something in it indicating that you specifically owned it, you'd probably find that valuable even though it's "just pixels" and the email can be copied - the ownership is embedded in the signed email (your name or public key, let's say) and can't be copied.

I think that's the point, anyway, I still don't think I really get it...


> But it still doesn't compare to the Mona Lisa which if I possessed it I would know that only those physical brush strokes came from Leonardo's hand

There's probably a whole industry around recognizing a true or a fake painting. I'd say if you possessed the Mona Lisa, you might still doubt its authenticity, or find yourself in a big debate with others who claim to also possess the "true" Mona Lisa. In a way, NFTs don't (or could be made not to) have this problem. I think this is actually something that people in the market of art collecting and trading actually value. I think especially in private collections, you can claim to have sold me the original bible of Pope Pius XII for 10 million and hand me a bible that is a fake, I believe to now have the real one. And then I can go and resell it to someone else for 11 million, while you also go and sell the real one you still have for 20 million to another person, and now three people believe to all have the real one. The NFTs being in a global ledger, it would be clear who owns it truly, even if three people have a copy of the same PDF.

> But even then the vinyl is physically old and unique. I can take it out and know that it was pressed in 1972.

That's because you value the artifact. But I'd say in this case the NFT IS the artifact. The NFT is what will live on, because in 2125 (assuming the chain still exists), someone will have this token tied to their own wallet. They can know that it was minted in 2021 with the same certainty (and possibly even more certain) that it was truly minted in 2021 by the artist himself (or at least the person whose key society believes was the true artist).

Finally, if the NFT contains say an IPFS URL, or some other content describing attribute, its even more clear. You know you own the first "copy" if you want.

Let me put it some other way. I create some JPEG drawing. I then hash it and have a hash of its content. I then register my art (the JPEG) on some chain by creating an NFT for it which contains said hash (maybe in the form of an IPFS URL). At this point, the world through the public blockchain ledger knows about my JPEG art, and as the first in the chain, I prove to be the creator, or it is known that I am the creator through some other means, like posting it to my blog.

I own the NFT for my own JPEG art at this point. I can host it myself on IPFS, or maybe I just post it on my blog, or even keep it secret on my computer. Now you want to buy it from me. At that point you pay me money and I transfer the NFT to you, the ledger now says that the token started from me and was transferred to you. You now own the token that says that the IPFS hash URL or the hash of my JPEG art belongs to you and was given to you by me, the artist. I also give you a copy of the JPEG itself through whatever means, maybe you download it from my IPFS hosting, or I send it to you by email, or you download it from my blog, etc.

In the digital world, it is all copies, but only you have the token.

Ya, if the token doesn't include the content description like a hash, it's a bit fuzzy and a lot crappier, because while it would show you got some token from me the artist, its not clear which of my artwork would be the one you have, assuming in 100 years the URLs were to no longer exist for example, or to point to something else. But I think this will become the norm eventually to have the hash or use IPFS.

I agree with you, I still would prefer a physical artifact, something that you can see the wear and tear, something from an old era, maybe it doesn't even look the same, maybe bits of it are gone and forgotten. But that's just me and what I'm willing to value. If people are willing to value a digital good the same, knowing the token traces back to the original artist, and they see the value in that, then it can be worth just as much.


Thanks for these metaphors.

If your solution is to trust the Internet Archive, why not just skip the blockchain part?

Any hash can match virtually unlimited number of different turd images.

And even if you trust the hash function to never be broken or brute forced with future technology, it can only verify the image, not prevent it from being deleted or altered, rendering the NFT broken and useless. Verifiably broken and useless, but still...


So why hasn't this been deployed yet then?

And why are NFT links so common, because they just seem short sighted to me and borderline dumb considering how volatile everything in the crypto space is?

Nothing about NFT's seems long term viable as they are now.


So long as "number go up", nobody cares. The moment number start going down, there'll be a magic new buzzword (ICO, token, smart contract, enterprise blockchain, DeFi) for people to speculate on and distract from the fundamental problems.

Honest question: at this point why don't we skip the NFT part and just keep the URL and the content in the Internet Archive?

This gives me an idea: Internet Archive could sell Internet Tokens™ that function exactly like NFTs (but stored on the Archive instead of blockchain). Holders would be incentivised to make sure that the Archive continues to exist via donations. It's a win win for everyone

What does it mean to keep a URL in the Internet Archive?

I think they mean you keep the URL and the content stays in the Internet Archive.

But it could also mean that the Internet Archive creates a special page, say, "Owned URLs", where they list a username owner for each URL that someone has payed for. If you wanted to trade your URL, the IA would get a small cut to modify the contents of that page with the new owner.

This is 1:1 equivalent to the proposed scheme, but cuts out the inefficient "mint NFT on Ethereum blockchain" step, replacing it with a simple database on the IA side.


Is there any market pressure that will demand a change to the cryptographic hash? Is any of the current speculation concerned in any way about the content hosted at the URL, or just the current value of the NFT and what you can sell it for.

There is. Not from the entire space, but there's a bit of street cred you get by being entirely 'on-chain', as they say.

Within the smart contracts themselves is a read function for that content uri that provides all the data needed (from what I've seen, a hashed string) to generate an .svg file. But it obviously taxes the system and costs a lot more in gas fees (not to read it, that doesn't cost gas fees, but to deploy the contracts and mint), especially the more complex those are, which is why you mostly see it with 8-bit or very low-res artwork.

Cryptopunks being the most well-known (and also the most valuable) NFT project is all on-chain, and Anonymice being the most open and forked project that does this. EtherOrcs does it a little differently but is also on-chain and has completely open contracts you can refer to as well.

There's quite a few more besides this, but I don't know what percent it is, probably pretty small. Some people won't buy anything that's not entirely on-chain. But you're right that most people don't really care, they just care about the price or the image.

I've been digging through the Anonymice and EtherOrcs contracts to get a better understanding of the different approaches they took (and I still wouldn't say I completely understand it yet). It's pretty interesting, though.

[1]: https://www.larvalabs.com/blog/2021-8-18-18-0/on-chain-crypt...

[2]: https://anonymice.org/

[3]: https://etherorcs.com/

EDIT: Sorry, you only said cryptographic hash. Cryptopunks started by providing that, but then moved to entirely on-chain (so above and beyond that), where you could query and get a full SVG file or stream of pixels for any given image directly from the contract.


Yup. It works because there's a 1:1 and onto mapping between 64 bit hashes and pixel maps of arbitrary size ;-) /s

We can add the hash of the content but what happens if the URL goes 404 or the web server disappears? I'll be the owner of a useless pair of URL and hash.

Or those NFT contents (and the URL domain!) are guaranteed not to disappear unless many web 1.0 and 2.0 services people was paying for and went out of business?

An article about this: https://www.theverge.com/2021/3/25/22349242/nft-metadata-exp...


So the answer is centralized storage?

Many NFTs already do this, but the hash is for IPFS, which is a decentralized file storage system.

In fact decentralized storage being integrated into web3 is I think an element that the OP missed in his analysis.


IPFS is unfortunately not durable, nor very reliable when attempting retrieval through IPFS (versus a gateway, such that Cloudflare offers).

IPFS allows for more durability than the traditional way people point to content on the internet.

You can attach a IPFS hash to your NFT (or w/e) while still using clients that use a more reliable gateway.


There are on chain NFTs like cryptopunks. The rest of articles details around API centralization stand true.

Some NFT platforms operate with IPFS whose URLs are hashes of content. This solves that problem.

I’m not terribly up to date with IPFS (so feel free to correct me), but if I’ve understood it correctly, it’s not dissimilar to Bittorent where files are seeded by interested parties and if no one happens to be seeding any longer, the file is essentially dead?

It’s almost like you want some centralised entity to preserve copies of the images these NFTs link to.

I wonder how many IPFS-backed NFTs are only being seeded on nodes run by the big players like OpenSea?


I guess at least if you keep a copy of your NFT you can start serving it over IPFS yourself if whoever is hosting it can't be bothered anymore, or pay a service to on your behalf. It's sort of the ideal use-case for content-based addressing, I would think, since you're trying to prove some sort of connection with/ownership of/patronage over a piece of content. And it should be more long term resilient than a centralized solution as long as the NFT owners themselves don't lose their own files. At least the incentives are aligned (if you own the NFT you will want to keep at least one copy, if only so you can show it to potential buyers!)

It seems a substantially less silly idea than pointing a token at a url that you don't control. I guess I'm surprised that NFTs aren't all hosted on IPFS or something like it, if only as a backup. Like, have these people not heard of linkrot?

But I guess as long as the buyers don't realize yet that their immutable ledger entry can become a dangling pointer in a puff of smoke, it doesn't matter.


> But I guess as long as the buyers don't realize yet that their immutable ledger entry can become a dangling pointer in a puff of smoke, it doesn't matter.

I was surprised too, but only for a moment. In the end it's basically just a record that you "own" a small amount of data (url, ipfs hash, 'coin'). Unless my ownership gets me some utility (like exclusive access to the jpeg, maybe? Ability to transfer the ownership to El Salvadorian govt to pay my taxes?), I don't see how it has value


Yes, not dissimilar from torrents. Instead of being name-addressed and requiring the name owner to provide the infrastructure to serve the data (as with HTTPS), data are content-addressed so that anyone can serve the data.

Many NFTs are hosted by NFT platforms, and also by services such as https://nft.storage/ (backed by IPFS & Filecoin). It's quite trivial though to take the IPFS CID and pin it somewhere else (local computer, a pinning service like Pinata, etc.), and anyone can do it at any time. If all you want to do is be able to prove ownership at some point in the future, you don't really need to host the content indefinitely on IPFS...just host it when you need to.


Filecoin that you pay to have any files you like mirrored by many people, in a decentralized way.

Arweave is also a one off fee to have the file mirrored forever, the hosters are paid from the yield earned on that fee.


Sorry hacker news had an outage and somehow removed the first half of this comment and it's too late to edit now. Top was:

You are correct about IPFS, it's just like torrents. There are services like Arweave, Sia and Filecoin where you can pay...


Arweave nodes can choose not to store data (and will likely drop data that's not profitable over time also), so I'm not sure that it's really a solution.

Individual nodes can choose not to store it, but your data is sharded amongst many nodes. Usually it's something like 64/96 redundancy - it's sharded across 96 nodes and at least 64 must be online to retrieve the data. It gets re-distributed if some nodes are offline for a while (not sure on specific numbers)

This was insanely surprising to me - I actually always thought the jpeg/art was stored as a kind of ‘blob’ on the blockchain that it was authenticated against the owners wallet/private key.

Some NFTs are stored this way (e.g. Blitmaps, Terraforms, Corruption(*s), &c); it's a more restrictive artistic medium since storage costs are high and technical limits feel like a trip back to the 80s. If you can fit nice art into the constraints then it can become quite popular/valuable since fully on-chain NFTs are actually decentralized (rather than the more common practice of linking to an external image).

We need a version of Freenet, where the network _guarantees_ that your content is always highly available. Well, at least as long as the tech/network itself is still alive.

Every user of the network has to provide some storage for the network itself. If there's not enough storage to safely store your new content on the network as highly available, the network would just say sorry, can't do right now, please wait on the line while we get new storage (users).

Sure, it would need some massive network effect to work at scale, but we have now, what, billions of devices connected to Internet? That ought to be enough.

I never really understood this current "decentralized" tech. Decentralized hashes with centralized gate keepers, and mixed with "old school SPOF tech", e.x. the VPS's that store the actual content. wat.

edit: 10GB per device/user and 1 billion devices. That's 10 exabytes. https://www.wolframalpha.com/input/?i=10GB+*+1+billion


> Sure, it would need some massive network effect to work at scale

And nobody wants to participate. These projects are doomed to be extremely niche. As TFA points out, even nerds do not want to run their own servers at this point.

It could have worked in the days of casual piracy (kazaa, napster, certain private torrent sites etc had a shitton of users) if you managed to sell it as a way to do exactly that..

But getting people to install apps today to donate their bandwidth and disk space for.. what cause? Let alone when they figure out that gasp your storage may then be used for illegal material. Nah, it just doesn't work.


>your storage may then be used for illegal material

Then forget about the anonymization features of Freenet, and build something that ties to your Google Auth, Facebook ID, Government ID, whatever.

And let LEA access all of the content and seize/prosecute illegal content. Really not that different than storing your content on any of the cloud storage providers. With the exception that your data would be always guaranteed to be highly available, and not on just one or two centralized cloud storages.

>But getting people to install apps today to donate their bandwidth and disk space

That's just a marketing headache. ;)


> And let LEA access all of the content and seize/prosecute illegal content. Really not that different than storing your content on any of the cloud storage providers. With the exception that your data would be always guaranteed to be highly available, and not on just one or two centralized cloud storages.

It’s not that simple: if you host anyone’s content, you’re taking on personal risk (do you want to have to convince law enforcement that the pirated Disney movie or child pornography served from your home IP was served entirely without your knowledge?), giving up your resources (“Netflix is slow, turn off the mirror and see if it gets better!”), and getting slower performance/reliability (e.g. why OpenSea uses GCP instead of IPFS) immediately in the hopes that it will at some point in the future become worthwhile.

Note also that cloud storage is centralized administratively but distributed for reliability. I would give very long odds that you’re more likely to lose data through random IPFS nodes disappearing / dropping your data than on S3, and if you have to run your own geographically replicated nodes it’ll cost more in your time until you have a very large amount of data.

Statistically nobody does that, and because P2P networks need to significantly over-provision to compensate for unreliable nodes it’s hard to get anywhere close to competitive. The Linux world has the freedom ethos, no concerns about copyright/malware/etc., and still few people torrent ISOs because it’s usually slower.


>Nah, it just doesn't work.

This is why we can't have nice things. :D


No, we don't. IPFS guarantees that the owner can host their own NFT forever (there are multiple pinning services if they don't want to run a server). This is the best possible model. If even the owner doesn't give a shit, why should anybody else?

It's true that most NFT buyers have zero idea how this works. In 2 years multiple shitty NFTs are going to turn into 404. This is fine - people will learn to only buy images that use ipfs.


>IPFS guarantees that the owner can host their own NFT forever

I always thought IPFS just as a BitTorrent but with blockchainy tech stack.

But if it can indeed guarantee that my content would always be available, then IPFS is the answer.


Your response is different from what I posted. You can always pin the image on your ipfs node and it's going to resolve to the same, unique, hash (well, unless preimage resistance of sha2 is broken...) allowing everyone in the world to download it. That doesn't mean it guarantees availability - nothing does - someone has to host it.

Ultimately, the owner has to host it, or pay someone to host it, or hope someone else hosts it. Although nfts are small enough that any semi-popular ones may stay alive potentially forever as long as someone, somewhere, hosts it on an ipfs node. Potentially long forgotten by literally everyone alive.


BitTorrent also guarantees that your content would always be available – if you're hosting it.

Well the image could also be embedded in the data of the blockchain and/or a irreversible (currently) hash made for the image sitting on the server. Now will a court enforce that digital contract as a legal contract if the person takes down the server or puts up a different image? shrug I doubt it under current law.

Isn't storing the actual image data on-chain usually prohibitively expensive?

This is trivially solved by including a hash of the object in the ownership certificate.

> This is trivially solved by including a hash of the object in the ownership certificate.

This doesn’t fix any issue. If the URL changes, your NFT is worth nothing and you have no way to get the object back.


Wrapped NFTs

I was downvoted but it’s literally happening, see https://twitter.com/asvanevik/status/1479569507739856897?s=2...

Would that be effective for low-res images like cryptopunks? Or can I create other 24 x 24 px images that have the same hash?

You can’t efficiently create hash collisions in a cryptographic hash

I definitely agree that most people/projects/etc gloss over that fact that there still needs be a 'start of authority' to be trusted with NFTS. I think a major upside of doing the digital transactions on a Blockchain (as opposed to the system you described) is that the start authority does not need to be present or keep track of any future transactions. In your Rolex example, I believe that there would be no way of person A selling their Rolex (and digital rights of the Rolex) without notifying Rolex and Rolex having to keep track of transaction. With a Blockchain, the people could agree that the 'start of authority' matches the public address that is associated with Rolex and then proceed with the transaction with no need for any middle party.

I played a decent amount of Runescape growing up, so when I first heard of NFT's I naturally thought of that game. I would definitely find intrinsic value in truly owning an NFT of some of the rare in game items. And knowing that even if Jagex (parent company) disappears that I still have ownership over the items definitely adds a lot of value.


But see, this is where I get lost in this concept.

Should Jagex fold and the game become unplayable, what do you own? An entry in a database that says that you once had this item but you can't do anything with it? Why is that valuable?

I can sort of see the argument if other game developers allow for these items to be reused in other environments, and that's something pushed by NFT enthusiasts, but I don't see how that makes economical sense.

For one thing that puts a lot of work on the table of other game developers. If every NFT of every game needs to be usable in other games, can you imagine the headache? It's a combinatorial nightmare.

Besides devs want to make money selling their own NFTs, not adding items made by others for free, so what incentive is there for adding support for your rare Runescape item in some other game? Seems like devs would rather sell you a special "Runescape retro item set pack, only $9.99!"

And then we haven't even touched on IP issues. If you have an NFT of Lara Croft, can the devs of another game just clone the model in order to let you import her?

I feel like all of these issues by far dwarf whatever convenience NFTs bring to the table. The problems I outline above are the ones that need solving, and if you find a way around those you could very easily achieve what you want without "web3" tech (see Steam trading cards and Nintendo's Amiibos for instance).


>Should Jagex fold and the game become unplayable, what do you own? An entry in a database that says that you once had this item but you can't do anything with it? Why is that valuable?

Sometimes just ownership of something is valuable in itself. That's the whole idea of collectibles, it's not always tied to its original utility. Think having an original SNES versus an emulator on a computer or an original Picasso vs a digital jpeg copy.

>For one thing that puts a lot of work on the table of other game developers. If every NFT of every game needs to be usable in other games, can you imagine the headache? It's a combinatorial nightmare.

Every NFT of every game doesn't have to be usable in other games, but the option to easily access the in-game ownership records of another game can allow for some asset sharing.

>And then we haven't even touched on IP issues. If you have an NFT of Lara Croft, can the devs of another game just clone the model in order to let you import her?

No but maybe I can give a Croft-esque outfit to an in-game character if the player has the Lara Croft NFT. It could be a selling point to some players to be able to play with assets inspired by another game they love. It could also add some unrelated mechanic to a game in which case the NFT is just used as a marketing ploy to advertise to a certain demographic. Re-using NFTs could also be completely unrelated to 3rd parties and can allow developers to allow easy migration of old assets from old games to new ones without having to maintain teh records themselves.

>I feel like all of these issues by far dwarf whatever convenience NFTs bring to the table. The problems I outline above are the ones that need solving, and if you find a way around those you could very easily achieve what you want without "web3" tech (see Steam trading cards and Nintendo's Amiibos for instance).

Again, the idea is to have a digital asset that can be traded (in terms of ownership) like a physical asset would -- without the need for a centralized mediator. Just because certain applications typically act as centralized gateways doesn't mean the blockchain itself is centralized. The hope is for the blockchain to be used as a reliable source of information for decades to come with the ability for anyone to participate if given the very accessible minimum resource requirements.


> Sometimes just ownership of something is valuable in itself. That's the whole idea of collectibles, it's not always tied to its original utility. Think having an original SNES versus an emulator on a computer or an original Picasso vs a digital jpeg copy.

But with a Picasso the scarcity is inherent in its physicality: there is only one in existence. With digital data, it is infinitely reproducible and fungible. If I replaced a JPG with a bit-for-bit copy, no one would notice nor care. Not so with a Picasso. So, NFTs are supposed to come in a make a record of your purchase of this JPG, but unlike the Picasso, this JPG does not physically exist. It must be stored somewhere and, unlike the Picasso, this has an ongoing cost. You don’t need to pay to store the Picasso (although most collectors certainly don’t just keep it in their house, they could). But you do need to pay someone - whether a company or a decentralized network - to keep storing your JPG and once you stop, it’s gone forever. It seems like it would be more future proof if Jagex just mailed you a physical print of the JPG and a certificate of authenticity.


I think saying "an original Picasso vs a high quality knockoff" would better clarify my point. I would also like to add that scarcity is not inherent in physicality, especially when a physical copy of said physical item can be made. I would argue the recorded ownership and verifiable provenance of the item make an original Picasso valuable. People don't care about just having the art because the art can be easily replicated, physically or digitally.

And yes there may be an ongoing cost associated with storing a digital image, but you could also download it on your computer, print out the image, or try one of the decentralized solutions. Ideally the metadata and image would be stored on something like Arweave (which only requires a one-time payment) since reliability through decentralization is one of the goals of the web3 movement.

>It seems like it would be more future proof if Jagex just mailed you a physical print of the JPG and a certificate of authenticity.

If the hosting of the image goes down then you still have the attestation of owning the asset on the blockchain (signed by a private key that has been associated with Jagex on creation of the NFT). As for the physical print option, I'd say since physical things can be destroyed much easier than digital items, I'd prefer it if the certificate of authenticity was just an NFT (trying to enforce an NFT to belong to the same owner of a physical asset is a losing battle).

All in all I'd say NFTs bring value to asset collection by providing stronger attestations of ownership, public provenance, and resilient record-keeping.


> No but maybe I can give a Croft-esque outfit to an in-game character if the player has the Lara Croft NFT. It could be a selling point to some players to be able to play with assets inspired by another game they love

Why would a company do this? They spend a load of dev time to create a valuable in-game asset linked to a non-fungible token created by a third party which only one person can possess at a time and then... hope the NFT owner pays $34.99 for a retail copy of the game, otherwise the asset goes unused?

That doesn't sound like a scalable marketing strategy.


Typically people don't build features around individual NFTs but NFT collections. If 20k Lara Croft NFTs were minted in a special Tomb Raider NFT collection, then the access to the new skin would be available to any of the owners of the 20k Lara Croft NFTs in the collection. I think the misunderstanding here is that an individual NFT gives unique access to an in-game asset, sometimes NFT collections give unique ownership to a copy of the same game asset.

That doesn’t really change the question, though: the Tomb Raider developers don’t need an NFT to do that, and any other company isn’t going to spend much of their money giving something for free to a handful of someone else’s customers. Why spend time on that instead of, say, charging $10 for the homage DLC which gives them actual revenue and from a much larger number of people?

For example, how many of those NFTs would have been lost or stolen — and do you want to tell potential buyers “sorry, nothing we can do about it - blockchains mean no margin for error!”


Fair enough, creating an asset which 20k people with access to a collection theoretically might use is more attractive than creating a unique asset for a unique token. It does seem strange that the supposed "killer app" for NFTs in exchangeable game stuff wouldn't have any use for their core feature (uniqueness on the blockchain) though.

If a developer wanted to market games by offering inducements to players of other games in the form of unique content it seem like a lot of other solutions would be more attractive than the blockchain. Partnership with other developers or platforms like Steam gives you an actual marketing channel to hype the special add on for Tomb Raider players, and to a lot more than 20k people. The only case where I can see them preferring to attract small numbers of players of a third party game who paid that developer for NFTs rather than every player of that game is if their game is pure pay-to-win bullshit and there's no point in targeting the sort of player who doesn't buy NFTs...


Indeed. What's more, even if publishers wanted this, it's all possible without a blockchain. If game publishers decided to coordinate on respecting shared digital assets they could just agree on a common "digital item" spec where a connected client could prove item ownership using public key cryptography and digital signatures, similar to how JWTs let a client prove claims about another system. The same spec could allow users to trade digital assets in a peer to peer manner by signing a record of transfer to another user's public key - it'd then be up to the buyer (i.e. the software they use to verify the signing) to register the updated signature chain with the relevant game vendors.

> In your Rolex example, I believe that there would be no way of person A selling their Rolex (and digital rights of the Rolex) without notifying Rolex and Rolex having to keep track of transaction.

What does "digital rights of the Rolex" mean? Also, why is it harder to notify Rolex of this transaction than it is to notify some blockchain?


> Couldn't Rolex issue a PGP signed CSV of all valid Rolex serial numbers once a month on IPFS and you'd get the exact same security and trust profile without having to involve any "web3" feature?

A serial number can be copied and engraved onto a forged watch, so not really.

A more analogous scenario would be if Rolex embedded an NFC hardware chip with a private key inside the watch, such that anyone could wave their phone over their watch and verify that the chip’s cert was indeed signed by Rolex.


Well sure but that's the "analog gap" problem. NFTs don't fix that, do they? In the end there'll have to be something that will tie a given NFT to a given watch, and one way or the other it'll be the same issue as tying my CSV to a given watch.

I agree, one can’t easily tie an NFT to a physical object. Nothing guarantees that the watch and NFT change ownership in tandem.

All I’m saying is that a serial number doesn’t really prove anything because it’s trivial to copy. A private key inextricable from the object would be better, because it could generate timestamped signatures as proof.


But whatever you use would still be easier to implement using traditional tech than web3, because the problems they solve are orthogonal.

Yes. I regret not being more clear in my original comment, because the scheme I alluded to is an application of public key cryptography, such as Certificate Authorities, and is not about cryptocurrencies specifically.

Even with time stamped signatures you can clone the signature onto a fake watch.

The point of a signed timestamp (and/or challenge string) is that it demonstrates the signature is freshly generated, proof that the device is authentic right then and there. An old copied signature would not have this property.

This is sort of true. In the case of the watch, if you read the blockchain for the serial-number on the Rolex, you could engrave that too? The storage medium of the data wouldn't make a difference. The same could be said for the NFC chip. Those are copied all the time. Just purchase a blank and overwrite it with an original.

> NFC hardware chip with a private key inside the watch, such that anyone could wave their phone over their watch and verify that the chip’s cert was indeed signed by Rolex.

This is an excellent idea and I am now wondering why luxury brands haven't started doing this. It would be super hot. One would do it and suddenly they would all be doing it. Watches, handbags, shoes, whatever


Luxury watch brands prevent copycats by making the watches hard to copy using special alloys (Rolex), glass techniques (AP) etc.

And fashion brands iterate quickly on their designs so when you see fake LV bags it already looks dated.


This is one of the few usecases of crypto that kinda make sense. If those certs were on a blockchain, Rolex could fold and people in the future might still be able to check for authenticity.

There's more steps involved that I'm not sure could be solved, like, who controls the authenticity Oracle? Is it an API that gets pinged? Do you have to pay a gas or network fee to check authenticity? Could a smart contract be made to automate the work? Maybe it could work like credit card chips, which give out a one-time code to the retailer, who then gets it checked by an online service... except somehow replace the web API with a smart contract.

For larger scale operations, tagging individual items with NFC chips might be cost prohibitive.


So the idea would be to create a giant file of every Rolex transaction made in the future. And then search through that file for a given NFC tag to determine authenticity. Doing all of this in case Rolex goes out of business and can no longer maintain a hypothetical authenticity server?

Gotta say, it sounds kind of crazy


This is about as good as it gets with crypto.

Couldn't agree more. Supply chain verification is inherently authority-based... if only at some point in the creation of the internet we had invented a system for verifying authoritative claims on things ;) Not to mention that with certificates... Rolex can totally disappear into the wind, yet you can still verify the certificate provided you know Rolex's root. And all this for <$300M year in mining fees!

>Rolex could fold and people in the future might still be able to check for authenticity.

That's why I mentioned distributing the file over IPFS so that it could be easily backuped by anybody forever. If eventually there's no longer any interest in this database it could be lost to bitrot of course, but this is also true of blockchains.


> Rolex could fold and people in the future might still be able to check for authenticity.

Well, what if Rolex folds and sells their private keys, and an unscrupulous buyer then starts minting Rolex NFTs for fake watches? What if this happens surreptitiously, and not out in the open?

Further, it's far more likely at the moment that Rolex will exist 50 years from now than that Ethereum or Bitcoin will.


The problem with traditional authority models is that the authority may disappear or be subverted. In regions with unstable governments you cannot rely on the government to keep saying that your house is your house.

This is why I think the really valuable and underserved use case of the blockchain is decentralized identity. You can prove you are who you say, you’ve studied where you claim, you’ve worked at the places on your resume, and do this in ways that cannot be subverted or lost. This would be invaluable for refugees who often struggle for months or years with proving they are who they are.

For people that live in stable countries with reliable governments and strong enforcement of contracts this does not provide much value however, and I think this is why this subdomain of web3 remains underserved.


> This is why I think the really valuable and underserved use case of the blockchain is decentralized identity. You can prove you are who you say, you’ve studied where you claim, you’ve worked at the places on your resume, and do this in ways that cannot be subverted or lost. This would be invaluable for refugees who often struggle for months or years with proving they are who they are.

That's a very interesting use case, but it's hard for me to see exactly how this can be made to work.

Suppose you study at the National University of Unstabilia, which is located in a disaster-prone and conflict-riven environment. You complete your B.A. there, and you get the NUU to record this fact on a public blockchain.

A few years later, things are really bad in Unstabilia, so you move to Belgium. After you arrive there, you tell someone (maybe a prospective employer?) "hey, I'm Joeri, I'm a refugee from Unstabilia, and I have a B.A. degree!". For some reason this person is skeptical, so you say "it's OK, just look up the blockchain record with the following hash!".

Sure enough, the public blockchain contains an entry reflecting that someone named Joeri did, indeed, earn a B.A. at NUU a few years back. This is great, because maybe

* Unstabilia City was mostly destroyed in an earthquake, making it hard to contact people there, and many of the people who would have known you during your studies have likely died or become refugees themselves; and

* Lately, the new NUU administration really hates your ethnic group, so much so that it prefers to deny that people of your ethnicity were just recently widely represented among its student body; and

* Many of NUU's records were previously lost in a fire; and

* Before that, someone reputedly hacked NUU's computer systems and stole all of their records, and probably all of their cryptographic keys.

But thanks to the blockchain records, your new Belgian friends can still confirm that you actually studied at NUU, right?

But, how do they know that that record is really from NUU? How do they know that NUU really exists? How do they know what its signing keys were, and how long they remained under the university administration's control? How do they know whether it's a legitimate university? And, maybe most significantly, how do they know that you're the same Joeri who earned that degree back in the day, as opposed to some other Joeri? Are these records including some kind of digitally signed biometrics?


> But, how do they know that that record is really from NUU? How do they know that NUU really exists? How do they know what its signing keys were, and how long they remained under the university administration's control? How do they know whether it's a legitimate university? And, maybe most significantly, how do they know that you're the same Joeri who earned that degree back in the day, as opposed to some other Joeri? Are these records including some kind of digitally signed biometrics?

Asking blockchain to solve those problems is a bit ridiculous. Those are problems that need to be solved in any system, and are solved enough in many today. For starters, its not hard to archive your signing keys somewhere safe and public, especially on the blockchain - the group of Universities and employers who care about that validity will have some central organization in identifying that archive.


So now remove the blockchain entirely and what value was lost?

This is what the article demonstrates. All the value is in the trusted authorities issuing things, not the transaction record on a blockchain.

Trust is important and trustless transactions with pseudo anonymous entities are not worth much.


The issue being discussed is putting college degrees on the blockchain such that viewers can be sure they are genuine and robustly hosted without tampering - no revocation.

The blockchain solves the last two, but if your conception of them is as a magical technology that can solve every issue by virtue of hosting data then you're going to be a dissapointed simpleton.

Your core issue is that colleges are a centralized institution which decide who gets rewarded - that's what it boils down to when you say "all the value" is in trusted authorities issuing things. For starters that's a ridiculous assumption that trust is still necessary for value, but more importantly stating that blockchains are useless because they cannot replace colleges is disingenuous.


My problem with blockchains as the proposed solution here is that they solve none of the hard problems, introduce some new problems, (and no they are not an irrevocable record (as if that were even desirable), look up the DAO Hack or Bitcoin Cash fork and they certainly aren't proven to be permanent or reliable) and removing them would make the solution simpler and cheaper - the essential problem here is trust, not recording and sharing data.

You have not demonstrated any added value, and the straw-man insults sprinkled with spelling mistakes do not help persuade.


Yes I am straw-manning when you've built your original critique off a single niche use case (I believe the progenitor even used the phrase 'what if') and cite failing projects at least attempting to innovate as evidence of the uselessness of a technology which has achieved its original goal and continues on.

Bitcoin is a dismal currency.

It has thus failed at its original goal (a useful currency to rival state backed currencies).


If they can verify that, how much does the blockchain add then?

Well the example clearly stated an issue of redundancy. Things which can be done off chain which as little trust should be done off chain - that doesn't mean a distributed file storage protocol which runs off some chain and uses economic and cryptographic incentives isn't the solution.

I have an idea! Why not create a _second_ blockchain which verifies the identity of NUU? :)

None of that requires a blockchain. The same level of investment in digitization to get all of this info on to a blockchain could be used to publish it to the cloud, secured and authenticated by cryptography.

The blockchain gets you exchange, with completely transparent meditation, in the form of the smart contract / script code.


> In regions with unstable governments you cannot rely on the government to keep saying that your house is your house.

You can say it's your house all you want, but if the new regime sends soldiers to evict you, no amount of evidence that it belongs to you is going to help you.


I don't really see how that works.

Do you propose that "all" authorities provide digital certificates, in preparation for the region becoming unstable? If yes, paper certificates already exist, and seem to go missing -- why would it be harder for digital certificates to go missing? Or for the thing that ties one person to their digital certificates?

Or do you propose that authorities in unstable regions provide digital certificates? If yes, how can you trust them, given the unstable nature?

I value thinking about these things, but somehow I still struggle to see where the proposed extra value comes in. Maybe I'm thinking too much in extremes, and the value breaks down in extreme cases.


>>Rolex issue a PGP signed CSV of all valid Rolex serial numbers once a month on IPFS and you'd get the exact same security and trust profile without having to involve any "web3" feature?

This doesn't enable real-time transfers of NFTs.

Ideally, the blockchain allows the NFTs to be traded without Rolex relying on another company acting as a trusted third party platform keeping track of ownership, or Rolex itself running its own transaction database. The blockchain is a common open platform for transactions, and that's useful.


The NFTs are useless. The watches - the thing people care about - can still be traded without relying on Rolex or any other company.

That's a different topic. I was addressing why Rolex might prefer a blockchain ledger over their own internal one.

> I don't see why the IP owners would play ball and accept the loss of control).

The main reason would be if they could make more money on their digital goods by floating them in a large, open, heterogeneous market rather than in their smaller walled-garden. That's what traditional capital markets are good for, and the name of the game here is figuring out how to recreate those benefits in decentralized digital markets.


ehh.. why sell the item once to a person in a large open market, when you can sell the item multiple times to the same person in multiple markets.

> the subset of problems that can only be solved using NFTs is incredibly tiny

What problems can only be solved by using NFTs?


I am only interested by money aspect of crypto and especially on ability to fund companies easily via labor (actually that worked well in Communism). Will see if central bank currencies will allow for the same. That could be big boost to economy and big hit to VCs so I expect this to come from EU.

All those creator economy apps show that there's a need to democratise economy. I am again tempted to quote hustlers here.


> and especially on ability to fund companies easily via labor

Not sure I'm following. How would that work, and how would crypto facilitate this?


> Couldn't Rolex issue a PGP signed CSV of all valid Rolex serial numbers once a month on IPFS and you'd get the exact same security and trust profile without having to involve any "web3" feature?

They totally could. But what’s interesting about NFTs is they standardize this process across all kinds of assets and issuers. Instead of a CSV for Rolex, a Twitter history for an artist, a deed for a house, a rental agreement for an Airbnb, it’s all just one format.

In the past, there’s been tremendous value that’s come out of standardizing stuff, allowing infrastructure and new kinds of businesses to be built on top.


It would be easy to create standards for Digital Asset and Identity so that producers could represent ownership on their servers and allow for trade. The only thing NFTs give you is hosting for this in a logically centralized network. Hypothetically, this allows for operations on different contracts to be composible, but I don't think this happens much in practice.

It’s two sides of the same thing, I think.

Some things are standardized with protocols: IP, TCP, SQL, etc.

Other things are standardized with storage formats: FAT, NTFS, etc.

NFTs fall into the latter bucket, with some conventions for the former but nothing as mature as a protocol.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: