The centralization of apis (infura, opensea and ethscan used by metamask) is the biggest problem. I could be wrong, but I don't think we've seen that fast consolidation in other early tech. I remember in the late 90s there were a number of search engines but no one really owned the space. Only 20 years later did Google emerge as the winner and is (IMO) by far the best in terms of relevant results. But that didn't happen overnight, and there wasn't a search engine dominating 90% of the market within a few years of the beginning of mainstream acceptance.
How hard is it to create a competitor to infura? MetaMask should be incentivized to do this as they're core offering is controlled by one party.
[edit] Never mind, metamask and infura are owned by the same company (ConsenSys). It's even worse than it appears...
Tally is a community-owned, open-source fork of MetaMask. From first impressions it looks like it will also solve some of the issues brought up in Moxie's (excellent) blog post, i.e decentralizing the node-> NFT->wallet Metadata routes.
Regarding the immutability of NFT image pointers:
Some emerging solutions to this issue are:
Use ERC2477 (DRAFT). This allows you to have some control over the metadata to ensure the name is as you want it. Note that this will require you to implement a zero-knowledge proof or a JSON parser on-chain which validates the new metadata.
Use 0xcert Framework. The 0xcert framework is specifically designed to provide metadata integrity for ERC-721 tokens, it uses a different hashing technique (Merkle tree). But it requires you to use the same schema across metadata versions.
Ceramic Network is doing some interesting work on schema coordination amongst other things.
> How hard is it to create a competitor to infura?
Infura is merely hosting nodes for you and exposing their JSON RPC endpoints. They did not _create_ the API.
There's already plenty of competitors in that space. QuickNode and GetBlock for instance, if you want mutualised/managed nodes. You can also host your own node yourself, or use e.g. AWS Blockchain to host it for you, or even use the public free hosted nodes that most blockchain project provide. It's just a Metter of trade-off between cost, time and security.
If you are using JSON RPC APIs (which most people do) there is nothing that locks you to Infura or any other provider.
When you open metamask there's a dropdown in the top right. It lets you choose which network you're using, and defaults to "Ethereum Mainnet". If you hit the "Add Network" button you can configure which server your metamask talks to.
How many more switched it to Google from Bing from Microsoft Edge? Google having 91% market share is an effect, not a cause; they have it because their product is the best and does what I want it to 91% of the time.
If Google’s market share was only a result of a superior product then they wouldn’t feel compelled to pay Apple billions of dollars to be the default search engine on iPhones. Defaults matter.
As other comments mentioned, you can change your endpoint in metamask.
Also, metamask is not the only wallet there is... Some dApps only accept Metamask buts it's becoming rare. Most dApps implement multiple alternatives, like WalletConnect, which is more of a dapp/wallet protocol, which allows you to use any wallet software.
> I don't think we've seen that fast consolidation in other early tech
I actually struggled with this point throughout the article. I'm not sure I see this as a parallel trend toward centralization like we saw with web2 - but rather that this is how software is built today and this is what we're comfortable with. It doesn't seem unnatural or problematic to me that we will start with something that approximates the world around us today and move toward the decentralized end state that apologists are hoping for.
>and move toward the decentralized end state that apologists are hoping for.
Is there any evidence that this is actually happening? It seems rather backwards! Is the maximalist argument here that these companies are going to build out all this infrastructure, move the global financial system onto it, and then rip it apart and rewrite it to be entirely distributed afterwards? Why? If the point is to be distributed, wouldn't they want it to be distributed first?
Where are the blockchains with full-fat clients that can actually run on normal mobile devices? And if they actually exist, does anybody use them? Like, for normal, actual uses, not "shilling this app makes my portfolio go up 300% before I dump it on some clueless bagholder, to the moon rocket emoji rocket emoji".
The crux of the article is that the front-ends are all routing calls through centralized APIs to get their message included on the blockchain. Infura and Alchemy don't do much. They just pass a JSON-RPC message to an Ethereum node running on their servers. There is some additional indexing services they provide, but there are many open, decentralized alternatives for that such as TheGraph Protocol. And it's not unfeasible for an application to run its own Postgres instance to index data from the ETH blockchain.
As for full-fat clients on normal mobile devices, the main issue is the data requirements. Running a full node can take hundreds of gigabytes. It is possible on light hardware. People are running Beacon chain nodes on Raspberry Pis. But you do need the storage and that tends to be scarce on mobile.
Meanwhile, the Ethereum core devs are aware of this issue and are actively working towards it. They shipped the Altair hard fork this year that has adds sync committees which make it possible to do without needing the whole chain history (using merkle trees): https://github.com/ethereum/annotated-spec/blob/master/altai...
It's almost as if there's only the bare minimum decentralization needed to avoid regulation and taxation and the rest is good old fashioned centralized web apps.
So "decentralized" doesn't necessarily mean "no servers" it means "the servers don't matter". If Infura went down tomorrow, nothing would be lost, because Infura was just hosting something anyone could have hosted. You want to be the next Infura? You just download the same code they did and run it: Infura isn't holding any state. If Facebook goes down tomorrow, everyone's accounts and all of their data is destroyed.
“Goes down” could be substituted for a lot of things, for example, “becomes evil”, “disables API access”, “arbitrarily bans you”.
Lots of developers including myself have had things break when Twitter decided to abandon its liberal approach to APIs. There was no alternative endpoint I could just point my app at.
> “Goes down” could be substituted for a lot of things
For clarity, you are now arguing a tangential point.
> Twitter decided to abandon its liberal approach to APIs
I just don’t understand the comparison between Twitter/FB to a blockchain.
Are crypto maximalists arguing that social networks are only about the database itself and access to it?
> There was no alternative endpoint I could just point my app at.
The article already has a great example about this not working as intended - opensea removing his NFT from their API despite it existing on-chain. And every NFT viewer using the opensea view of things than the chain’s view.
> For clarity, you are now arguing a tangential point.
I don’t think I am; all these fall under GP’s first sentence; I took “goes down” in the next sentence as one example, WLOG.
> Are crypto maximalists arguing that social networks are only about the database itself and access to it?
I can’t speak for crypto maximalists (I’m probably as skeptical of this stuff as you are), but I think the best argument is that the existence of a viable off-ramp forces the centralized player to be a good actor. Similar to how many open source projects are very centralized, but the possibility of a fork (like mariadb) is enough of an incentive that it’s rare for a project to screw up so badly that a fork can gain steam.
FWIW, you aren't (arguing a tangential point to me): I didn't say "one of Facebook's servers goes down", I said "Facebook goes down". Companies go out of business or simply get tired of operating product lines constantly. I can sort of appreciate the idea "well maybe by goes down I just meant temporarily", but then I think one needs apply that to the entire sentence: if it goes down permanently, the accounts are no longer usable permanently (aka, "destroyed"); and, if it goes down temporarily, the accounts and data are no longer usable temporarily.
> Is the maximalist argument here that these companies are going to build out all this infrastructure, move the global financial system onto it, and then rip it apart and rewrite it to be entirely distributed afterwards
I haven't heard anyone articulate this as their vision lol. I would think they distribute the systems somewhere between trading monkey JPEGs and actually moving the global financial system onto it.
As to why start with it centralized, it's easier to get a POC working with the systems and conventions we have in place today than alongside rethinking all of the infrastructure at the same time. Work on the UI, trade some stupid goods that finance the development of these distributed systems, etc. I just don't understand the argument that this whole thing will or should be binary. Huge migrations like that fall over all the time. Gradual rollouts take longer but are generally safer and in this case probably the only option.
"You should check out my new car company, ThreeWheel. We're completely revolutionizing the business of getting around. The key innovation is that our cars have three wheels. This reduces tire cost, improves aerodynamics, and reduces rolling friction. Our three wheeled cars are the future of all wheeled transport!"
"Okay."
"But our prototype has four wheels, as a temporary prototype to test out the technology."
"That doesn't seem like it tests the technology very well."
"I don't see why you're quibbling about the details. We've sold thousands of ThreeWheels to people who are very enthusiastic about living in a three wheeled future!"
"You've sold four wheeled cars to people who want three wheeled cars?"
"They then resell them for tens of thousands of dollars more than they paid! They're ecstatically happy! Nobody is bigger fans of the three wheel car future than our customers."
"Even though these cars, the cars they purchased, have four wheels."
"Well, they could remove one wheel later, if they wanted."
"Would that work?"
"Oh no, absolutely not. You couldn't drive it at all, then. It would be much worse than a regular car. A lot of work remains to be done to gradually transition current ThreeWheels to a three wheeled form. We plan to send robots to each customer's garage to cut sections from the frame and re-weld them together. Then we need to swap out the steering rack, re-route the driveshaft, change suspension components, brakes..."
"That sounds hard."
"Yes, we think it will take hundreds of changes over years to move current generation ThreeWheels to a three wheeled mode."
"Instead of just building three wheeled cars today?"
"Wow John Cena bought a ThreeWheel and posted it on his instragram! My collection of ThreeWheels is going to explode in value! I love my job!"
Not GP but I have to say I love getting 50mpg in the city and having the same range as any gas powered car. So I don't quite see how Prius is a better example than the awesome analogy made above.
This example is not good. Hardware has a much different release cycle than software. Once you sell a car, you can't simply release a hardware update.
99.999% of internet software is built iteratively. Even programming languages and operating systems have versions. This argument about needing everything to be decentralized from the beginning is exposing bias because it's not a logical conclusion unless you're bent on antagonizing web3.
Even most DAOs start out centralized and slowly become decentralized. This is expected. You don't want to go full decentralized until everything is stable.
> Even most DAOs start out centralized and slowly become decentralized
This is also how democratic governance works. A core group of “trusted” leaders makes decisions that are ratified by elected representatives. It is then disseminated through the various layers of governance and implemented in a distributed fashion.
If key financial institutions had more trust in a blockchain than in the Federal Reserve, and the European Central Bank, and the Bank of England, and maybe the Central Bank of Japan to hold an account of their assets.
Do we have any reason to think that would be the case, or they’d enrich the early adopters of one of the existing blockchains by using it rather than creating their own? Central banking doesn’t need to pay the overhead for trustless anonymity since all of the participants are known and have ongoing working relationships.
Surely development of the full fat clients will lead to the required innovations to provide light, mobile clients for blockchains that are properly distributed.
I agree there are many scams but we really are in more of a research period with regards to the tech. The research will continue through the hype cycles.
But why would it do that though? I’d like to hear a falsifiable theory of how that would happen, because as of right now it’s not happening, and no one seems able to explain what big thing is going to change. If the biggest part of the change (using the blockchain) isn’t causing the dynamic to shift, what future change will?
To me the argument here is because it's easy. Even if the interaction layer is centralized the underlying tech is decentralized so everything can easily be validated and that's the key difference.
I think he touched on that in the article. The masses are trusting the centralized API, not the blockchain. His NFT exists in the chain, but not the API, so it effectively doesn't exist in the eyes of the market.
That feels like an argument that could be applied to web2 too though, and it falls apart there too: It’s never been easier to spin up some servers and whip up a basic social media site or search engine or online store, but it’d still be hard to displace Facebook, Google or Amazon. The problem isn’t with the ease of starting a competitor, it’s the psychological and social forces that cause people to prefer having one default place where they can go for a certain thing.
But as noted in the article, that's not the case. OpenSea stores data that then isn't on any blockchain, like royalties. That's done as just a regular web2 feature, a database on OpenSea's backend.
So no, it can't be validated, and it can't be migrated.
Royalties is a funny example because a) they’re being standardized, see eips.ethereum.org/EIPS/eip-2981 and b) royalties are entirely opt-in. You can happily transfer NFTs without having to pay royalties if you forgo an exchange that respects them.
That’s literally one of the most salient points of TFA: protocols move dog slow and provide too little too late, platforms iterate fast and give people what they want right now.
But there will be other features over time, that would not be standardized. As per article centralized platforms progress faster than decentralized standardization. Switching cost will grow.
Why would we ever move toward decentralization? It is almost always easier to have at least some central point of control in any distributed system, even the Internet (IANA, RIRs, etc.). It is also very difficult to remove a centralized control point after a system is already deployed, especially if the system supports heterogenous clients (as it is likely that some clients will be slow to switch to the new design, and many will make bad assumptions about the system architecture).
There is a point to be made here that is an important difference between web2 and web3+centralized apis. On the latter companies do not have lock-in of the data, which provides a big incentive to not be evil. the moment someone can make a case for bad play they have the advantage to shift the market to a different platform. Unfortunately this is not so easy on web2 because of the data that locks users on those platforms.
> There is a point to be made here that is an important difference between web2 and web3+centralized apis. On the latter companies do not have lock-in of the data
This is only true of the data stored on the blockchain itself. As described in the article, that isn’t anywhere near enough to replace the centralized systems being billed as “web3”, and it’s completely unworkable for data which can’t be public, which is updated frequently, or which needs to be deleted. Combined with blockchains being unavoidably quite expensive and slow, and the challenges of standardizing protocols while the competition is shipping it seems quite unlikely that this will change.
It doesn’t reduce lock-in meaningfully if Google were to continue to store and process all of your data but now you’re using an outside authentication system. I’m sure they would love, however, the way “web3” makes their job of tracking users so much easier.
Deletion and/or non-public is an interesting problem. Obviously, you can store it encrypted and delete the key, but advances in compute and algorithms might render that encryption breakable.
For data that needs to be updated, all you need is an override mechanism, which sounds simple enough.
Storing it encrypted also means you have to ask what happens if the key is leaked — for example, if I tried to sell movies that way rightsholders would be unlikely to accept a system where you could pay $10 and then give the decryption key to all of your friends, leaving me no way to revoke it.
For updates, you can definitely replace things but that's expensive if you have to pay a transaction fee regularly and it could quickly get to non-trivial storage sizes if you have to store obsolete versions in perpetuity, especially with non-trivial metadata overhead.
Distributed storage does not make any difference for lock-in with a centralized API. For example, imagine a system for storing photos on some distributed system and a popular, centralized web front-end for users. Now what I will do with the centralized front-end is to give users a "value-add" by encrypting their photos, thus protecting their privacy, and better still I will use my proprietary key management technology to relieve end users of the various problems with losing private keys. Lock-in achieved, and all you accomplished with distributed storage was to outsource the maintenance of the storage infrastructure.
We already see this with blockchain payments. The vast majority of merchants who accept cryptocurrency payment do so through a service that manages their wallet and typically offers some kind of value-added features to lock them in. There is no reason to believe the same will not happen with Web3, if it is not happening already.
for all of the reasons that web3 apologists are excited about decentralization. I'm not really one of them, so I'm not going to advocate on their behalf, but lots of people are very excited about this.
> It is almost always easier to have at least some central point of control
I don't think anyone is going to argue that decentralization is the easiest solution.
I agree that it's hard to remove this point of centralization once it's there. My guess would be that, if this goes the way many are hoping, new places emerge over time with increasing levels of independence from these central providers.
This discussion would benefit from a Ramsey, graph, random matrix person to expound on "random" graphs as seen in nature. Nodes with n edges in, 1 out are around but not without some centralization. Surely not robust?
decentralization in the blockchain world is really to provide security and interoperability by emulating centralized services. So essentially it looks like a centralized service, but it's more secure than a centralized service.
From a cryptographic perspective, centralized and decentralised services are equally secure. From a user perspective, blockchains are less secure as there is no authority you can approach for chargebacks
The point of blockchain was removing trust from a single person and spreading it around over a network
> From a user perspective, blockchains are less secure as there is no authority you can approach for chargebacks
This actually proves the point that security is relative. There are instances when I would feel more secure when an outside party can refund my money, say when the seller never ships the product I ordered. There are also times when I would feel less secure with chargebacks, like when I sell something on eBay and the buyer files a complaint with PayPal after taking delivery of exactly what they ordered.
Security wasn't an original goal of bitcoin. Privacy, anonymity, and immutability were, though the first to were lost a decade ago and immutibly is pretty well solved but also the primary cause for so much wasted resource consumption.
It sounds like you did understand my two examples, not sure how they could have made no sense. The two scenarios point to competing ideas of what "secure" would mean, and my point was that security can't be a goal because its relative
Oh it doesn't, I haven't found any value in web3 yet. I may just be missing something, but I still don't get what problem web3 can solve that isn't solved easier with web1 or web2 technologies.
I would argue consolidation and centralized elements are inevitable, the promise of true decentralization is like socialism: a promising theory but failed application.
As someone who has run nodes, no it is hard and expensive. Every time a geth node dies it has to resync and no persistent volume mounts and stateful sets are not solutions. They are problems. If you need to scale horizontally you get strange consistency issues with the API. All of this makes for a very unpleasant experience. It's built for TLC on a beefy box not a herd.
And that's the rub. The new node doesn't have the same state as the old one. So clients making requests assuming that latest is the same start having problems. If you haven't seen them you just haven't been running a production quality service.
But one of the main points of article is that people don't want to run servers, developers included. Even being easy, letting someone else do it will always be easier.
But the question was how hard is it to run a competitor to Infura. And the answer is trivially easy. Infura is just an Ethereum node API that's publicly exposed. Building an Infura competitor literally is nothing more than $100/month it costs to run a Geth node on AWS.
This is true today. But the standard approach in this industry is to start by offering access to an open service and then quickly build in value-add services that aren’t available in the open service. So for example, the smart move would be for Infura to offer a proprietary chain or rollup that gets widely used but isn’t available outside of Infura. If they can pull that off, competition could get much harder.
> People don't usually run Postgres themselves (e.g. set up Postgres in a docker container), but it's not very hard to do.
It's easy to do a basic install.
It's quite hard to do it right, at scale, with workload-appropriate configuration, replication, backup etc.
My point... neither Postures nor Indira, or any other blockchain solution are easy to install and maintain in a fully scaled-up, fault-tolerant, multi-node deployment
How many (large) companies, governments, etc... run their own email servers? If there's a strong enough need, people will run their own servers even if they'd rather not. "people don't want to run servers" arguably could be rephrased as "people don't have a reason (today) to run their own servers". I'd argue this is a key difference between web1 and cryto centralization and the web2 centralization. If Google announced tomorrow that anyone can buy the gmail contents of any gmail address, you'd bet a lot more individuals would either switch to alternatives or start running their own severs.
> How many (large) companies, governments, etc... run their own email servers?
Office 365 financials alone suggest that the answer is "very few, and rapidly decreasing". I work for a ~30k employee technology company that doesn't run it's own email servers.
Don't get me wrong its good that the option is there, but short of coding and operating your own full node Metamask will still be trusting a centralized third party
I'm not sure I understand, running a full node requires some consumer hardware and a few days. And most infura usage doesn't even need a full node, so it's easier to run.
The API is the same, swapping out for another node is just a config change
> running a full node requires some consumer hardware and a few days
There are monthly utilities and regular maintenance as well. Networking could also be a problem, you'd really want a static IP and an unlimited high-speed network which isn't always supported by many home ISPs
> And most infura usage doesn't even need a full node, so it's easier to run
I don't know as much about the protocol details of infura. Have they found a way to verify transactions with a partial node? That'd be huge if they have, regardless of what happens to the current NFT platforms!
Many projects have chased pruning, but it always seems to get stuck when people realize that means adding trust into Tue system since you can't trace back to the genesis block
If the goal is to remove trust in a third party you would either need to code or verify the software before running it. Short of that and you still have to trust whoever coded it and all the distribution infrastructure that let you download it.
More options is good for sure, but doesn't solve centralization or trust concerns
The level of centralization is a spectrum and I don't mean to fall into the trap of describing it as all or nothing. The question is how close to decentralization web3 is or can be, and my concern with regards to picking your own API endpoint is just how similarly it is to the original point Moxie was making with regards to there only really being two API hosts in use
There are voices within the space that have been talking about this issue for many years. There is at least one project which aims to use economic incentives within the design of the protocol to mitigate. Check out Saito.
> The centralization of apis (infura, opensea and ethscan used by metamask) is the biggest problem. I could be wrong, but I don't think we've seen that fast consolidation in other early tech. I remember in the late 90s there were a number of search engines but no one really owned the space. Only 20 years later did Google emerge as the winner and is (IMO) by far the best in terms of relevant results. But that didn't happen overnight, and there wasn't a search engine dominating 90% of the market within a few years of the beginning of mainstream acceptance.
> How hard is it to create a competitor to infura? MetaMask should be incentivized to do this as they're core offering is controlled by one party.
> [edit] Never mind, metamask and infura are owned by the same company (ConsenSys). It's even worse than it appears...
Currently working in the space (graduated from doing systems-level . My hot take is what is considered a "full node" can potentially use significantly less resources. The base word size is 256-bit (size of SHA256), most is either 1s or 0s, the entire raw Ethereum blockchain is roughly 350 GiB uncompressed, probably can be much better with zstd compression on multi-core. Let's just quietly ignore that most is not using an assembly-level optimized implentations of uint256 arithmetic operations. Also all the current clients (a) afaik run transactions single-threaded, and (b) no on-disk compression, (c) at best use mmap relying on OS level paging even though you're going to have 32-byte random reads invalidating entire 4K or 16K pages out of ~3TiB of read/write space. I'm more than certain execution can be ran speculatively using STM (software transaction memory). I seriously doubt that most Ethereum transactions within a single block have that much r/w contention if you were to execute them in arbitrary order in parallel. Basically application level speculative execution (except you know the ending hash ahead of time, so you know of the ending state is valid or not). Anyhow...
What is your point? Sounds to me you're just regurgitating technical mambo jambo that doesn't realy have any relation whatsoever to any of the points quoted!
Are you trying to say that by optimizing a node's software, people will be able to run a full node on their devices?? That's patently false currently, even more if the technology actually goes viral one day (small system-level optimisations simply won't scale to compensate for the fast increase in the blockchain size).
How hard is it to create a competitor to infura? MetaMask should be incentivized to do this as they're core offering is controlled by one party.
[edit] Never mind, metamask and infura are owned by the same company (ConsenSys). It's even worse than it appears...