The road to decentralization is long and hard. Let’s map out the way to get there. The journey will necessitate some key innovations.
Today’s Big Tech platforms exert centralized control over the service, the protocol, and the software mechanisms for our applications. These are vulnerable to government coercion and force to deprive us of rights, such as through censorship, denial of service, embargos, or deprivation of rights. A truly decentralized architecture could not be coerced or forced to obey any law or authority. Code is law, and code can have a life of its own once unleashed so that even if you imprison or kill some coders, you could not control what people choose to run.
Similarly, markets are free. No amount of government regulations and laws can deny the truth that the more tyrannical control is exerted over legal markets (such as with restrictions or bans), the greater such markets fall outside of the government’s control, as demand will motivate supply to shift to black markets.
Cryptography
The fight for freedom requires many technologies. Chief among them is cryptography from which the “code is free speech” mantra was born to protect cryptographic algorithms from being controlled by government as munitions. Internet commerce is built on this foundation.
Decentralization
However, decentralization is not yet at its infancy. The Internet has evolved in the direction of centralization (Big Tech service providers), which positions platforms to become tools of tyranny. We have not yet built a sufficient system of technologies to decentralize the applications we are accustomed to.
Money
We are beginning to see Bitcoin as sound censorship-resistant money evolve toward being usable. It has a ways to go. The hurdles will be immense, as the goal is necessarily to burn the current system to the ground. We know it. They know it. Resistance is futile, as the system is burning itself without regard for BTC. But the incumbents will hang on in desperation until the bitter end.
Identity
We are confused by digital identity. Having a technology for identity is essential, but we know a government-imposed technology would be dangerous. Bitcoin has one of its own. We need a generalized mechanism so you can own your data and your access to your application services. This depends on having some mechanism to identify you. However, we must not adopt any tech that entrusts the government. Central control (by government or a corporation) over identity would make you vulnerable to being unpersoned by that authority. We need Self-Sovereign Identity (SSI), where the person owns their own credentials (create and hold your own private key). Prolific SSI technology does not exist yet. Some point to a Nostr nsec/npub pair with hope.
Social Network
Having identity we can now form relationships. Connections between people enable social interactions. You need to be able to take your connections with you, so your social network is not held hostage by any platform.
Self-Sovereign Data
Your identity enables ownership over your data. This includes access control, privacy, and integrity. You need to be able to store your data securely (encrypted with your key, replicated), so that it is broadly accessible by all your applications (in the cloud). Everything associated with you on every application should be considered your own, including your profile, settings, preferences, social network, authorizations, and your application data (e.g., content, documents). No one should be able to rug-pull you or hold your data hostage.
Web of Trust
With a social network that we can take with us to any application without worrying about rug-pulls, we can rely more heavily on it. If everyone carefully curates their connections for credibility and reputation, we now have a Web of Trust. This is useful for calculating how trustworthy another person is based on intermediate relationships. This also gives us a good mechanism for distinguishing legitimate content from spam.
Unstoppable Services
There will be many more protocols (especially to enable peer-to-peer), platform capabilities (i.e., higher level virtual machines that span infrastructure providers), and architectural patterns that need to be invented to enable application components to become unstoppable by state and other malicious actors. Everything needs to be built to be resistant to censorship, denial of service, and deprivation of rights. Users must have an exit to take their business elsewhere.
Alternatives should be ubiquitous. Protocols and standard interfaces should enable uniformity so that platforms can be commoditized. That way if one provider does not live up to their promises, users can take their identity and data to a competitor or to a platform for self-hosting. Open source applications are preferred for self-hosting, but it’s foreseeable that as decentralization becomes the norm, commercial services will enable self-hosting as well. This reverses the shift to SaaS, but increases demand for IaaS and PaaS for self-hosting.
We have much work to do to manifest this vision. We are years away. Perhaps the time line we should expect is somewhat aligned to the burning down of the fiat world. The rise of decentralization of money should be accompanied by the decentralization of everything money can buy.
Jack is backing an alternative to the Web3 vision called Web5 (Web2 + Web3) through an organization named TBD with open source projects for decentralized identity and decentralized web nodes for personal data storage that work with distributed web apps. On the surface, as I have not had an opportunity to look deeper into this Web5 initiative, the overview seems closely aligned with what I independently have imagined. I feel the potential kinship to what this project is doing.
The Web5 project appears to be directionally attractive with regard to how the problem space is framed. However, we need to examine the solution approach to see if the protocols and architecture being proposed are also attractive. The Web3 approach is decidedly not attractive for the reasons that Jack has highlighted. I credit him for being a vocal dissenter, when honest dissent is warranted.
I will dig deeper into Web5 and offer some insights from my own perspective. If this turns out to be closely aligned to my own passions, I may volunteer to contribute.
Is it possible to build tech to track reputation for a digital identity across services without having it gamed or turned into a social credit system of institutionalized cancel culture?
The topic of reputation came to mind was promoted by this tweet. Saifedean Ammous (The Bitcoin Standard) had this idea for how Twitter could be improved. It is about reputation. To determine whether someone should be distrusted, a person can look to their own social network to see how often the counterparty is distrusted. Apply the Web of Trust pattern toward distrust. The same system for tracking certification (a form of trust) can be leveraged to track distrust also. This would be a very valuable service for reputation tracking and analysis.
My humble proposal for improving Twitter:
Each user profile page should show you who the user is blocked by from people you know, just like it currently shows you who follows them.
People will think twice about dumb tweets if the resulting block was permanently displayed.
Reputation may not be an absolute measure. Saifedean’s observation suggests to me that it should work more like Web of Trust, except in the case of blocking it would be a measure of distrust. Each block is an attestation of distrust of the blocked user. The users who Saifedean follows form his web of trust. To some lesser degree the connections to others through his follow list deserve some trust as a transitive relationship. Those blocked by these trusted users can each be assigned a distrust score based on the attestations from Saifedean’s web of trust.
From your perspective, the reputation of someone else would be based on your own web of trust. It is subjective, relative to your social network and the attestations of each member. Attestations of trust contribute to a score for how much a person deserves to be trusted. Attestations of distrust contribute to a score for how much a person deserves to be distrusted.
Calculating reputation scores based on attestations on social networks raises questions and concerns. Scoring can be gamed and abused. Bot nets can be deployed to skew scores by contributing many bogus attestations. This can be used to smear a hated enemy or to fraudulently raise someone’s public stature. We see such gaming in search engine optimization, in likes and dislikes of content on social networks, and in product rating and review sites. Personal and professional reputation is a high stakes affair.
Reputation is not Social Credit Score
Everyone is aware of China’s social credit system. It enables the government to track every citizen’s activities. Individuals are scored according to the government’s preferred behaviors. The government uses the scoring to punish citizens by denying low scoring individuals from participating in society (i.e., economic transactions, travel, etc.). If we introduce reputation scoring, such abuse cannot be permitted.
A reputation system exists to facilitate individuals to freely associate with others or to deny such associations. This system must forbid the government or other powerful entities from being able to coerce others into and out of associating with individuals these powerful entities target for punishment, which would be tyrannical.
Is it possible for such a reputation system to be deployed prolifically without enabling tyrannical regimes or angry mobs from exploiting it in violation of individual rights? Lives are destroyed in this way, as they are cast out of society. Ideally, the system’s protocols would make it impossible for such power to be abused. Reputation is tied to a person’s digital identity. If a person is shackled to a single identity, they are vulnerable to that identity being smeared and targeted for cancellation by adversaries.
There must be some recourse. If a person can change identities and recertify their verified credentials for their replacement identity, this could effectively renounce any references to the old identity. Attestations of distrust of the old identity would have no effect on the new identity. However, attestations of trust for the new identity would need to be earned and reestablished. This makes changing identity a costly migration, only worthwhile if shedding a highly disreputable identity to start fresh.
It is also important for the identity protocols to be decentralized. The system should be open to many providers with no coordination, shared storage, policy enforcement. There must not be an single source of truth for human identity tied to digital identities, otherwise a person can be cancelled by tyranny or abuse of power.
We want to enable Alice to assess Bob based on Bob’s positive and negative attestations among the people connected between them. That allows Alice and Bob to associate or not based on informed consent. We do NOT want voluntary associations to be interfered with by tyrannical powers. Tyrants wish to exert control over collectives to target individuals regardless of consent. Freedom of association must be protected.
The trucker’s freedom convoy in Canada has revealed how individuals are vulnerable to tyrannical (rights violating) actions. Governments and corporations cooperated with authoritarian diktats across jurisdictional boundaries. Maajid Nawaz warns of totalitarian power over the populace using a social credit system imposed via central bank digital currency (CBDC) regimes being developed to eliminate cash. “Programmable” tokens will give the state power to control who may participate in financial transactions, with whom, when, for what, and how much. Such a regime would enable government tyranny to reign supreme over everyone and across everything within its reach. We need decentralization.
Centralized dictatorial power is countered by decentralization. Decentralization is especially effective when designed into technology to be immutable after the technology proliferates. The design principle is known as Code is law. The Proof of Work (PoW) consensus algorithm in Bitcoin is one such technology. CBDC is an attempt to prevent Bitcoin from becoming dominant. Criticism of PoW using too much electricity is another enemy tactic.
National and supranational powers (above nation states) are working against decentralization in order to preserve their dominance. The World Economic Forum (WEF) is installing its people into national legislatures and administrations to enact policies similar to those of the Chinese Communist Party (CCP). They seek to concentrate globalized power for greater centralization of control.
We look toward Web3 and beyond to enable decentralization of digital services. As we explore decentralized applications, we must consider the intent behind distributed architectures for decentralization. What do we want from Web3?
Unstoppable Availability
Traditionally, we think about availability with regard to failure modes in the infrastructure, platform services, and application components. Ordinarily, we do not design for resiliency to the total loss of infrastructure and platform, because we don’t consider our suppliers to be potentially hostile actors. However, multinational corporations are partnering with foreign governments to impose extrajudicial punishments on individuals. This allows governments to extend their reach to those who reside outside their jurisdictions. Global integration and the unholy nexus of governments with corporations put individuals everywhere within the reach of unjust laws and authoritarian diktats. It is clear now that this is one of the greatest threats that must be mitigated.
Web3 technologies, such as blockchain, grew out of recognition that fiat is the enemy of the people. We must decentralize by becoming trustless and disintermediated. Eliminate single points of failure everywhere. Run portably on compute, storage, and networking that are distributed across competitive providers. Choose a diversity of providers in adversarial jurisdictions across the globe. Choose providers that would be uncooperative with government authorities. When totalitarianism comes, Bitcoin is the countermove. Decouple from centralized financial systems, including central banking and fiat currencies. Become unstoppable and ungovernable, resistant to totalitarianism.
To become unstoppable, users need to gain immunity from de-platforming and supply chain disruption. Users need to be able to keep custody of their own data. Users need to self-host the application logic that operates on their data. Users need to compose other users’ data for collaboration without going through intermediaries (service providers who can block or limit access).
To achieve resiliency, users need to be able to migrate their software components to alternative infrastructure and platform providers, while maintaining custody of their data across providers. At a minimum, this migration must be doable by performing a human procedure with some acceptable interruption of service. Ideally, the possible deployment topologies would have been pre-configured to fail-over or switch-over automatically as needed with minimal service disruption. Orchestrating the name resolution, deployment, and configuration of services across multiple heterogeneous (competitive) clouds is a key ingredient.
Custody of data means that the owner must maintain administrative control over its storage and access. The owner must have the option of keeping a copy of it on physical hardware that the owner controls. Self-hosting means that the owner must maintain administrative control over the resources and access for serving the application functions to its owner. That hosting must be unencumbered and technically practical to migrate to alternative resources (computing, financial, and human).
If Venezuela can be blocked from “some Ethereum services”, that is a huge red flag. Service providers should be free to block undesirable users. But if the protocol and platform enables authorities to block users from hosting and accessing their own services, then the technology is worthless for decentralization. Decentralization must enable users to take their business elsewhere.
Ungovernable Privacy
Privacy is a conundrum. Users need a way to identify themselves and authenticate themselves to exert ownership over their data and resources. Simultaneously, a user may have good reason to keep their identity hidden, presenting only a pseudonym or remaining cloaked in anonymity in public, where appropriate. Meanwhile, governments are becoming increasingly overbearing in their imposition of “Know Your Customer” (KYC) regulations on businesses ostensibly to combat money laundering. This is at odds with the people’s right to privacy and being free from unreasonable searches and surveillance. Moreover, recruiting private citizens to spy on and enforce policy over others is commandeering, which is also problematic.
State actors have opposed strong encryption. They have sought to undermine cryptography by demanding government access to backdoors. Such misguided, technologically ignorant, and morally bankrupt motivations disqualify them from being taken seriously, when it comes to designing our future platforms and the policies that should be applied.
Rights are natural (a.k.a. “God-given” or inalienable). They (including privacy) are not subject to anyone’s opinion regardless of their authority or stature. Cryptographic technology should disregard any influence such authorities want to exert. We must design for maximum protection of confidentiality, integrity, and availability. Do not comply. Become ungovernable.
Composability
While the capabilities and qualities of the platform are important, we should also reconsider the paradigm for how we interact with applications. Web2 brought us social applications for human networking (messaging, connecting), media (news, video, music, podcasts), and knowledge (wikis). With anything social, group dynamics invariably also expose us to disharmony. Web2 concentrated power into a few Big Tech platforms; the acronym FAANG was coined to represent Facebook (now Meta), Amazon, Apple, Netflix, and Google (now Alphabet).
With centralized control comes disagreement over how such power should be wielded as well as corruption and abuse of power. It also creates a system that is vulnerable to indirect aggression, where state actors can interfere or collude with private actors to side-step Constitutional protections that prohibit governments from certain behaviors.
David Sacks speaks with Bari Weiss about Big Tech’s assault on free speech and the hazard of financial technologies being used to deny service to individuals, as was done to the political opponents of Justin Trudeau in Canada in response to the freedom convoy protests.
Our lesson, after enduring years of rising tension in the social arena and culminating in outright tyranny, is that centralized control must disappear. Social interactions and all forms of transactions must be disintermediated (Big Tech must be removed as the middlemen). The article Mozilla unveils vision for web evolution shows Mozilla’s commitment to an improved experience from a browser perspective. However, we also need a broader vision from an application (hosted services) perspective.
Composability is how users with custody of their own data can collaborate among each other in a peer-to-peer manner to become social, replacing centralized services with disintermediated transactions among self-hosted services. The next best alternative to self-hosting is enabling users to choose between an unlimited supply of community-led hosted services that can be shared by like-minded mutually supportive users. The key is to disintermediate users from controlling entities run by people who hate them.
State of Technology
The article My First Web3 Webpage is a good introduction to Web3 technologies. This example illustrates some very basic elements, including name resolution, content storage and distribution, and the use of cryptocurrency to pay for resources. It is also revealing of how rudimentary this stuff is relative to the maturity of today’s Web apps. Web3 and distributed apps (dApps) are extremely green. Here is a more complicated example. Everyone is struggling to understand what Web3 is. Even search is something that needs to be rethought.
The article Why decentralization isn’t the ultimate goal of Web3 should give us pause. Moxie Marlinespike, Jack Dorsey, Mark Andreeson, and other industry veterans are warning us about the current crop of Web3 technologies being fraudulent and conflicted. Vitalik Buterin’s own views confess that the technology may not be going in the right direction. Ethereum’s deficiencies are becoming evident. This demands great caution and high suspicion.
Here is a great analysis of the critiques against today’s Web3 technologies. It is very clarifying. One important point is the ‘mountain man fantasy’ of self-hosting; no one wants to run their own servers. The cost and burden of hosting and operating services today is certainly prohibitive.
Even if the mountain man fantasy is an unrealistic expectation for the vast majority, so long as the threat of deplatforming and unpersoning is real, people will have a critical need for options to be available. When Big Tech censors and bans, when the mob mobilizes to ruin businesses and careers, when tyrannical governments freeze bank accounts and confiscate funds, it is essential for those targeted to have a safe haven that is unassailable. Someone living in the comfort of normal life doesn’t need a cabin in the woods, off-grid power, and a buried arsenal. But when you need to do it, living as a mountain man won’t be fantastic. Prepping for that fall back is what decentralization makes possible.
In the long term, self-hosting should be as easy, effortless, and affordable as installing desktop apps and mobile apps. We definitely need to innovate to make running our apps as cloud services cheap, one-click, and autonomous, before decentralization with self-hosting can become ubiquitous. Until then, our short-term goal should be to at least make decentralization practical, even if it is only accessible initially to highly motivated, technologically savvy early adopters. We need pioneers to blaze the trail in any new endeavor.
As I dive deeper into Web3, it is becoming clear the technology choices lean toward Ethereum blockchain to the exclusion of all else. Is Ethereum really the best blockchain to form a DAO? In Ethereum, writing application logic is expected to be smart contracts. Look at the programming languages available for smart contracts. Even without examining any of these languages, my immediate reaction is revulsion. Who would want to abandon popular general purpose programming languages and their enormous ecosystems? GTFO.
We need a general purpose Web architecture for dApps that are not confined to a niche. I imagine container images served by IPFS as a registry, and having a next-gen Kubernetes-like platform to orchestrate container execution across multicloud infrastructures and consuming other decentralized platform services (storage, load balancing, access control, auto-scaling, etc.). If the technology doesn’t provide a natural evolution for existing applications and libraries of software capabilities, there isn’t a path for broad adoption.
We are early in the start of a new journey in redesigning the Web. There is so much more to understand and invent, before we have something usable for developing real-world distributed apps on a decentralized platform. The technology may not exist yet to do so, despite the many claims to the contrary. This will certainly be more of a marathon, rather than a sprint.
In the journey to developing Web3, we must understand what is motivating decentralization. We are attempting to reinvent the Web to address deficiencies. These deficiencies put individuals in jeopardy of censorship, cancellation, and political persecution. They are vulnerable at the hands of Big Tech platforms, state actors, and adversarial groups intent on harm. Historical ideals to preserve the “free and open Internet” have been abandoned. If a “free and open Internet” is to be preserved, it cannot rely on the honor and voluntary cooperation of humans. Technologies must become permissionless, trustless, and unassailable, so that dishonorable and uncooperative humans can coexist.
Protect a user’s right to free speech by having the user take custody of their own data. Ensure that the user’s data cannot be made inaccessible.
Protect a user’s right to free association. Ensure that the data in the user’s custody can be published to whatever audience the owner wishes to reach.
Protect an audience’s right to free association. Ensure access to data published by others. Ensure that applications can compose that data for the intended use, including for social collaboration.
Protect a user’s access to platform capabilities for providing the application services that process that data.
Protect a user’s ability to transact business with others without being subject to third party intermediaries cancelling them.
Protect a user’s privacy. Ensure the user can share their data only with others who are granted authorization. In some circumstances, a user may want to remain anonymous, so that their real-world identity cannot be exposed for doxxing. Hostile detractors often try to cancel people by targeting their business, sources of income, reputation, relationships, sensitive information, even their personal safety.
Let’s keep these requirements in mind as we explore technologies that can help realize Web. Restore the ideal of a free and open Internet in the face of large factions of society who are hostile to (or wobbly on) freedom and openness.
