After connecting OpenSea and Metamask, I found that my NFT is still on Web2

Original translation: Block unicorn

Original translation: Block unicorn

Although I consider myself a cryptographer, but I didn't find myself particularly fond of "cryptography". I don't think I've ever actually said "get off my lawn," but I'm more likely to click on Pepperidge Farm remembering flavorful memes about how "encryption" used to mean "encryption" than the latest NFT drop.

Also -- the card here -- I'm not as excited as a generation is about moving every aspect of life to an instrumented economy.

However, even strictly on a technical level, I have yet to succeed in becoming a believer. So, given all the recent attention on what is now called web3,first level title

How do I see Web1 and Web2

web3 is a somewhat nebulous term, and it's hard to rigorously assess what web3's ambitions should be, but the general argument seems to be that web1 is decentralized, web2 centralizes everything on the platform, and web3 decentralizes everything again. web3 should give us the richness of web2, but decentralized.

It might be nice to have some understanding of why centralized platforms exist, and the explanation, in my opinion, is simple:

1. People don't want to run their own servers, and never will.The premise of web1 is that everyone on the Internet is both a publisher and a consumer of content, and a publisher and consumer of infrastructure.

We all have our own web server with our own website, our own mail server for our own email, our own finger server for our own status messages, our own responsible server for our own character generation . However -- and I don't think this can be emphasized enough -- this is not what people want. People don't want to run their own servers.
Even nerds don't want to run their own servers at this point. Even organizations that build software full-time don't want to run their own servers at this point. If there's one thing I wish we'd learned about the world, it's that people don't want to run their own servers. Those that provide you with these services are successful, and those that iterate new features based on the possibilities of these networks are even more successful.

2. The protocol runs much slower than the platform.Over 30 years later, email is still unencrypted; meanwhile, WhatsApp never encrypted to full e2ee in a year. People are still trying to standardize reliable sharing of video over IRC. Meanwhile, Slack lets you create custom reaction emoji based on your face.

It's not a question of funding. If something is truly decentralized, it becomes very hard to change and often gets stuck in time. This is a problem for technology because the rest of the ecosystem is moving fast, and if you don't keep up, you fail. There's a whole parallel industry focused on defining and improving methods like agile, trying to figure out how to organize large numbers of people so they can move as quickly as possible because it's so critical.

This is a problem when the technology itself favors stillness over movement. A surefire recipe for success is to take a protocol from the 90s that was stuck in time, centralize it and iterate quickly.

first level title

Make some distributed applications

To get a feel for the web3 world, I made a dApp called Autonomous Art that lets anyone mint a token by making a visual contribution to an NFT. The cost of making visual contributions increases over time, and the funds paid to mint by contributors are distributed among all previous artists (visualizing this financial structure resembles a pyramid shape). As of this writing, over $38,000 has been spent on creating this collective work of art.

I also made a file calledFirst DerivativeA dApp that allows you to create, discover, and exchange NFT derivatives that track the underlying NFT, similar to financial derivatives that track the underlying asset.

Both gave me an idea of ​​how space works. To be clear, there's nothing particularly "distributed" about the apps themselves: they're just plain React websites. "Distributed" refers to where the state and the logic/authority to update the state reside: on the blockchain rather than in a "centralized" database.

One thing I've always found strange about the world of cryptocurrencies is the lack of focus on client/server interfaces. When people talk about blockchains, they talk about distributed trust, leaderless consensus, and all the mechanics of how it works, but often gloss over the reality that clients ultimately can't participate in those mechanisms. All network diagrams are of servers, trust models are between servers, everything is about servers. Blockchain is designed to be a network of peers, but not so that your mobile device or browser actually has the potential to be one of those peers.

With the shift to mobile, we now live firmly in a client and server world - the former completely incapable of acting as the latter - and these questions seem more important to me than ever. Meanwhile, Ethereum actually refers to servers as "clients", so there's not even a word for the actual untrusted client/server interface that has to exist somewhere, and there's no acknowledgment that if successful there will eventually be billions (!) client than server.

For example, whether running on mobile or on the web, a dApp like Autonomous Art or First Derivative needs to interact with the blockchain in some way—in order to modify or render state (collectively produced artwork, its editorial history, NFT derivatives, etc.). However, this is not really possible from the client side, since the blockchain cannot live on your mobile device (or indeed your desktop browser). So the only option is to interact with the blockchain through a node running remotely on a server somewhere.

a server!However, as we all know, people don't want to run their own servers. As it happens, companies have emerged that sell API access to Ethereum nodes running as a service, while providing analytics, enhanced APIs they build on top of the default Ethereum API, and access to historical transactions. It sounds... familiar. At this point, there are basically two companies. Almost all dApps use Infura or Alchemy to interact with the blockchain. In fact, even if you connect a wallet like MetaMask to a dApp, and the dApp interacts with the blockchain through your wallet, MetaMask is just calling Infura!

These client APIs do not use anything to verify the blockchain state or the authenticity of the responses. The result is not even signed. An app like Autonomous Art says "hey, what's the output of this view function on this smart contract", Alchemy or Infura responds with a JSON blob saying "here's the output", and the app renders it.

This surprised me. A lot of work, effort, and time have gone into creating a trustless distributed consensus mechanism, but nearly all clients who wish to access it do so by simply trusting the output of these two companies without any further verification . It also doesn't seem like the best privacy situation. Imagine if every time you interacted with a website in Chrome, your request was first sent to Google, where it was routed to its destination and back. This is the situation with Ethereum today. All write traffic is obviously already public on the blockchain, but these companies can also see almost all read requests from almost all users in almost any dApp.

first level title

Let me give you an example: making an NFT

I also want to create a more traditional NFT. Most people think of images and digital art when they think of NFTs, but NFTs usually don't store this data on-chain. For most NFTs of most images, this is too expensive.

Instead of storing data on-chain, NFTs contain a URL to the data. What amazes me about these standards is that there is no promise of a hash for the data located at the URL. Looking at the many NFTs sold for tens, hundreds, or millions of dollars on popular marketplaces, the URL usually just points to some VPS running Apache. Anyone with access to the machine, anyone who buys the domain in the future, or anyone who breaks the machine can change the NFT's image, title, description, etc. to whatever they want at any time (whether they don't "own" it or not) " token). There is nothing in the NFT specification that tells you what an image "should" be, or even allows you to confirm whether something is the "correct" image.

image description

image description

image description

The same NFT in the wallet

A few days later, without warning or explanation, the NFT I made was removed from OpenSea (an NFT marketplace):

but,

but,What I found most interesting was that after OpenSea deleted my NFT,It also no longer appears in any crypto wallets on my device, which is web3, but, how is this possible?

Crypto wallets like MetaMask, Rainbow, etc. are "non-custodial" (keys are kept client-side), but it suffers from the same problem as my dApp above: the wallet must run on a mobile device or in a browser. Meanwhile, ethereum and other blockchains are designed with the idea that it's a peer-to-peer network, but it's not designed so that your mobile device or browser could actually be one of those peers.

Wallets like MetaMask need to do basic things like displaying your balance, your recent transactions, and your NFTs, as well as more complex things like structuring transactions, interacting with smart contracts, etc. In short, MetaMask needs to interact with the blockchain, but the blockchain is built so that clients like MetaMask cannot interact with it. So, like my dApp, MetaMask does this by making API calls to the three companies integrated in the space.

For example, MetaMask shows your recent transactions by making an API call to etherscan:

GET https://api.etherscan.io/api?module=account&address=0x0208376c899fdaEbA530570c008C4323803AA9E8&offset=40&order=desc&action=txlist&tag=latest&page=1 HTTP/2.0

Display your account balance by making an API call to Infura:

POST https://mainnet.infura.io/v3/d039103314584a379e33c21fbe89b6cb HTTP/2.0
{
   "id": 2628746552039525,
   "jsonrpc": "2.0",
   "method": "eth_getBalance",
   "params": [
       "0x0208376c899fdaEbA530570c008C4323803AA9E8",
       "latest"
   ]
}

Reveal your NFT by making an API call to OpenSea:

GET https://api.opensea.io/api/v1/assets?owner=0x0208376c899fdaEbA530570c008C4323803AA9E8&offset=0&limit=50 HTTP/2.0

Again, like my dApp, these responses are not authenticated in some way. They don't even sign it so you can later prove they were lying. It reuses the same connection, TLS session tickets, etc. for all accounts in your wallet, so if you manage multiple accounts in your wallet to keep some kind of identity separation, the companies know they are linked.

MetaMask doesn't really do much, it's just a view into the data provided by these centralized APIs. This isn't a problem specific to MetaMask - what other options do they have? Rainbow etc. are set up in exactly the same way. (Interestingly, Rainbow owns their own data for the social features they've built into the wallet -- social graph, showcase, etc. -- and chose to build all of that on top of Firebase instead of the blockchain.)

first level title

recreate the world

Given the history of web1 becoming web2, what strikes me strangely about web3 is that a technology like Ethereum has built many of the same implicit pitfalls as web1. To make these technologies available, the space is consolidating around... platforms. again. Someone who will run the server for you and iterate on new features as they come out. Infura, OpenSea, Coinbase, Etherscan.

Likewise, the web3 protocol has been slow to evolve. When building a First Derivative, it is best to price minted derivatives as a percentage of the underlying value. These data are not on-chain, but in the API provided to you by OpenSea. People are excited about the way NFT royalties can benefit creators, but royalties are not specified in ERC-721 and it is too late to change that, so OpenSea has its own way of configuring royalties that exist in the web2 space. Rapid iteration on centralized platforms has outpaced distributed protocols and integrated control into platforms.

Given these dynamics, I think it's no surprise that we've come to a place where what your crypto wallet thinks of your NFT is what OpenSea thinks of your NFT. I don't think we should be surprised that OpenSea isn't a pure "view" that can be replaced, as it's been busy iterating the platform beyond strictly impossible/hard-to-change criteria.

I think it's very similar to the email situation. I could run my own mail server, but it doesn't matter functionally for privacy, censorship resistance, or control -- because GMail will be on the other end of every email I send or receive anyway. Once a distributed ecosystem is centralized around a platform for convenience, it becomes the best of both worlds: centralized control, but still decentralized enough to bog down in time. I could build my own NFT marketplace, but if OpenSea mediates the view of all NFTs in the wallets people use (and all other apps in the ecosystem), it doesn't provide any additional control.

first level title

it's still early days

"It's still early days" is the most common adverb I see when folks in the web3 space discuss this sort of thing. In some respects, the failure of cryptocurrencies to rise above relatively nascent engineering makes it possible to argue that the "early days" are behind them, since it's objectively a decade or more old.

first level title

but you can't stop the gold rush

When you think about it, OpenSea would actually be "better" in a direct sense if all the web3 parts were gone. It'll be faster, cheaper for everyone, and easier to use. For example, to accept a bid on my NFT, I would have to pay over $80 to over $150 in Ethereum transaction fees. This sets an artificial floor for all bids, otherwise you'll lose money by accepting bids for less than gas costs. Credit card payments often feel extortionate compared to credit cards, but look cheap. OpenSea can even publish a simple transparency log if people want a public record of transactions, offers, bids, etc. to verify their accounts.

But if they build a platform to buy and sell images that are nominally not based on encryption, I don't think it will take off. Not because it's not distributed, because as we've already seen, a lot of the stuff needed to make it work isn't. I don't think it will take off because it's a gold rush. People who make money speculating in cryptocurrencies who are interested in using cryptocurrencies in a way that supports their investments while providing additional returns define the environment of the wealth transfer market.

Those who are flipping NFTs fundamentally don't care about distributed trust models or payment mechanisms, but they care about where the money is. So the money draws people to OpenSea, they improve the experience by building a platform that iterates the underlying web3 protocol in the web2 space, they end up offering the ability to "mint" NFTs through OpenSea itself rather than through your own smart contracts, and eventually This all opens the door for Coinbase to access a verified NFT marketplace on their platform via your debit card. This opens the door for Coinbase to self-manage the tokens through a dark pool held by Coinbase, which helps eliminate transaction fees and avoids interacting with smart contracts entirely. Eventually, all the web3 parts are gone and you have your debit card to buy and sell JPEGS on the web. The project couldn't start with a web2 platform due to market dynamics, but the same market dynamics and fundamental forces of centralization may drive it to eventually get there.

At the end of the stack, NFT artists are excited about this progression as it means more speculation/investment in their art, but if the purpose of web3 is to avoid the pitfalls of web2, we should be worried that this is already A natural tendency for new agreements of different futures should be provided.

first level title

creativity may not be enough

I'm just dabbling in the web3 waters, but from the perspective of these little projects, I can easily see why so many people think the web3 ecosystem is so neat. I don't think it will liberate us from centralized platforms, I don't think it will fundamentally change our relationship with technology, and I don't think the privacy story is below the internet's standards (which is a pretty low one!) , but I also understand why a nerd like me would be excited about it. It's new at least on a nerdy level - it creates a space for creativity/exploration, kind of reminiscent of the early internet days. Ironically, part of this creativity may stem from the constraints that make web3 so unwieldy. I hope the creativity and exploration we're seeing will yield positive results.

If we really want to change our relationship with technology, I think we have to do it consciously. My basic idea is roughly:

1. We should accept the premise that people don't run their own servers by designing systems that can distribute trust without distributing infrastructure.This means that architectures can anticipate and accept the corollary of a relatively centralized client/server relationship, but use cryptography (rather than infrastructure) to distribute trust. Even though web3 is built around "encryption", one of the things that surprised me was how little cryptography seemed to be involved!

2. We should minimize the burden of building software.At this point, software projects are human-intensive, and even relatively simple applications require a group of people to sit in front of a computer for eight hours a day, every day, forever. This wasn't always the case, there was a time when 50 people working on a software project wasn't considered a "small team". As long as software requires such a concerted energy and such a highly specialized human focus, I think it will tend to serve the interests of the people who sit in that room every day, rather than the broader goals we might think it does. I think changing our relationship with technology may require making software easier to create, but in my lifetime I've seen the opposite happen, unfortunately.