Below the fold, I explain the details of yet another failure of decentralization.
Marlinspike starts with his explanation of why although "web1" was decentralized, "web2" ended up centralized:
People don’t want to run their own servers, and never will. The premise for web1 was that everyone on the internet would be both a publisher and consumer of content as well as a publisher and consumer of infrastructure.This is partly an example of Economies of Scale in Peer-to-Peer Networks; massive economies of scale make running services "in the cloud" enormously cheaper. But it is also an issue of skill. I've been running my own servers for decades, so I can testify that the skills needed to do so now are exponentially greater than when I started. Not that they were trivial back then, but I was a professional in the technology. There are two main reasons:
We’d all have our own web server with our own web site, our own mail server for our own email, our own finger server for our own status messages, our own chargen server for our own character generation. However – and I don’t think this can be emphasized enough – that is not what people want. People do not want to run their own servers.
Even nerds do not want to run their own servers at this point. Even organizations building software full time do not want to run their own servers at this point. If there’s one thing I hope we’ve learned about the world, it’s that people do not want to run their own servers. The companies that emerged offering to do that for you instead were successful, and the companies that iterated on new functionality based on what is possible with those networks were even more successful.
- The environment in which servers run these days is extremely hostile, keeping them reasonably secure demands constant attention.
- The devoted efforts of thousands of programmers over the decades have made the software the servers run much more complex.
His key observation is:
When people talk about blockchains, they talk about distributed trust, leaderless consensus, and all the mechanics of how that works, but often gloss over the reality that clients ultimately can’t participate in those mechanics. All the network diagrams are of servers, the trust model is between servers, everything is about servers. Blockchains are designed to be a network of peers, but not designed such that it’s really possible for your mobile device or your browser to be one of those peers.Ethereum nodes need far more resource than a mobile device or a desktop browser can supply. But on a mobile device or in a desktop browser is where a "decentralized app" needs to run if it is going to interact with a human. So:
With the shift to mobile, we now live firmly in a world of clients and servers – with the former completely unable to act as the latter – and those questions seem more important to me than ever. Meanwhile, ethereum actually refers to servers as “clients,” so there’s not even a word for an actual untrusted client/server interface that will have to exist somewhere, and no acknowledgement that if successful there will ultimately be billions (!) more clients than servers.
companies have emerged that sell API access to an ethereum node they run as a service, along with providing analytics, enhanced APIs they’ve built on top of the default ethereum APIs, and access to historical transactions. Which sounds… familiar. At this point, there are basically two companies. Almost all dApps use either Infura or Alchemy in order to interact with the blockchain. In fact, even when you connect a wallet like MetaMask to a dApp, and the dApp interacts with the blockchain via your wallet, MetaMask is just making calls to Infura!So once again we see that "decentralized" is just a marketing buzzword that implies "not controlled by big corporations you can't trust", thus obscuring the fact that each layer of the system is controlled by a few not yet as big corporations that are actually far less trustworthy that the big corporations that centralized "web2".
How do we know that the two companies centralizing this layer of the "decentralized" stack aren't trustworthy? Marlinspike looked at their APIs:
These client APIs are not using anything to verify blockchain state or the authenticity of responses. The results aren’t even signed. An app like Autonomous Art says “hey what’s the output of this view function on this smart contract,” Alchemy or Infura responds with a JSON blob that says “this is the output,” and the app renders it.One of the major reasons advanced for why centralization of "web2" in the hands of huge corporations is bad is that they can censor the Web. Marlinspike built an NFT to demonstrate the fragile nature of NFTs. It looked different depending on which NFT service you used to view it:
This was surprising to me. So much work, energy, and time has gone into creating a trustless distributed consensus mechanism, but virtually all clients that wish to access it do so by simply trusting the outputs from these two companies without any further verification.
but when you buy it and view it from your crypto wallet, it will always display as a large 💩 emojiHow did OpenSea react to this demonstration of the problems with NFTs?
After a few days, without warning or explanation, the NFT I made was removed from OpenSea (an NFT marketplace)The reason is that the wallets simply call OpenSea's API, so OpenSea can simply decide to refuse to display NFTs they don't like. Russell Brandom reports on another instance of OpenSea's censorship in Messy NFT drop angers infosec pioneers with unauthorized portraits:
The takedown suggests that I violated some Term Of Service, but after reading the terms, I don’t see any that prohibit an NFT which changes based on where it is being looked at from, and I was openly describing it that way.
What I found most interesting, though, is that after OpenSea removed my NFT, it also no longer appeared in any crypto wallet on my device.
Released on Christmas Day by a group called “ItsBlockchain,” the “Cipher Punks” NFT package included portraits of 46 distinct figures, with ten copies of each token. Taken at their opening price, the full value of the drop was roughly $4,000. But almost immediately, the infosec community began to raise objections — including some from the portrait subjects themselves.Censorship can also be useful in the wake of thefts, as Edward Ongweso Jr. reports in ‘All My Apes Gone’: NFT Theft Victims Beg for Centralized Saviors:
Tuesday morning, the ItsBlockchain team announced in a Medium post that it would be “shutting down” the collection in response to the backlash, offering full refunds to any purchasers and covering any gas fees involved in the transfer.
In the wake of the post, OpenSea appears to have taken central action to remove the collection, which is no longer visible on the platform.
Chelsea art gallery owner Todd Kramer had 615 ETH (about $2.3 million) worth of NFTs, primarily Bored Apes and Mutant Apes, stolen by scammers and listed on the peer-to-peer NFT marketplace OpenSea.More than seven years ago I provided a detailed description of the economic forces driving centralization. Why has there been almost no progress since in developing ways to push back against these forces? No-one cares that their "decentralized" system isn't actually decentralized because even if it isn't they can use the buzzword to ensure their "number go up".
"We take theft seriously and have policies in place to meet our obligations to the community and deter theft on our platform. We do not have the power to freeze or delist NFTs that exist on these blockchains, however we do disable the ability to use OpenSea to buy or sell stolen items. We've prioritized building security tools and processes to combat theft on OpenSea, and we are actively expanding our efforts across customer support, trust and safety, and site integrity so we can move faster to protect and empower our users.”
OpenSea did not answer, however, why it had frozen the trading of these NFTs and not others stolen just weeks ago that were announced on Twitter by Bored Ape Yacht Club and Jungle Freak NFT owners.