PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Digitized NFT Assets Aren’t Safe and NFTs Aren’t Web3

Tim Sloane by Tim Sloane
January 10, 2022
in Analysts Coverage, NFT
0
Digitized NFT Assets Aren’t Safe and NFTs Aren’t Web3

Digitized NFT Assets Aren’t Safe and NFTs Aren’t Web3

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

The day after I published my rant regarding Web3, Signal founder Moxie Marlinspike took my rant several steps further. This is a must read blog for those interested in the technology and business models associated with Web3 and NFTs.

Moxie’s blog also argues that Web3 is moving to a centralized model, not a distributed model, and identifies the companies taking advantage of this fact. More importantly, his analysis expands all of this to point out that the centralized implementations fail to employ cryptographic techniques needed to protect the NFT assets madly being purchased today. As an example, he created NFT digital artwork that would present a different picture depending on where you accessed the NFT from. The NFT operator removed his assets and eliminated any trace they ever existed. Below are several excerpts, but go read the full blog!

“This was surprising to me. So much work, energy, and time has gone into creating a trustless distributed consensus mechanism, but virtually all clients that wish to access it do so by simply trusting the outputs from these two companies without any further verification. It also doesn’t seem like the best privacy situation. Imagine if every time you interacted with a website in Chrome, your request first went to Google before being routed to the destination and back. That’s the situation with ethereum today. All write traffic is obviously already public on the blockchain, but these companies also have visibility into almost all read requests from almost all users in almost all dApps.

Instead of storing the data on-chain, NFTs instead contain a URL that points to the data. What surprised me about the standards was that there’s no hash commitment for the data located at the URL. Looking at many of the NFTs on popular marketplaces being sold for tens, hundreds, or millions of dollars, that URL often just points to some VPS running Apache somewhere. Anyone with access to that machine, anyone who buys that domain name in the future, or anyone who compromises that machine can change the image, title, description, etc for the NFT to whatever they’d like at any time (regardless of whether or not they “own” the token). There’s nothing in the NFT spec that tells you what the image “should” be, or even allows you to confirm whether something is the “correct” image.

MetaMask doesn’t actually do much, it’s just a view onto data provided by these centralized APIs. This isn’t a problem specific to MetaMask – what other option do they have? Rainbow, etc are set up in exactly the same way. (Interestingly, Rainbow has their own data for the social features they’re building into their wallet – social graph, showcases, etc – and have chosen to build all of that on top of Firebase instead of the blockchain.)

All this means that if your NFT is removed from OpenSea, it also disappears from your wallet. It doesn’t functionally matter that my NFT is indelibly on the blockchain somewhere, because the wallet (and increasingly everything else in the ecosystem) is just using the OpenSea API to display NFTs, which began returning 304 No Content for the query of NFTs owned by my address!

This isn’t a complaint about OpenSea or an indictment of what they’ve built. Just the opposite, they’re trying to build something that works. I think we should expect this kind of platform consolidation to happen, and given the inevitability, design systems that give us what we want when that’s how things are organized. My sense and concern, though, is that the web3 community expects some other outcome than what we’re already seeing.

When you think about it, OpenSea would actually be much “better” in the immediate sense if all the web3 parts were gone. It would be faster, cheaper for everyone, and easier to use. For example, to accept a bid on my NFT, I would have had to pay over $80-$150+ just in ethereum transaction fees. That puts an artificial floor on all bids, since otherwise you’d lose money by accepting a bid for less than the gas fees. Payment fees by credit card, which typically feel extortionary, look cheap compared to that. OpenSea could even publish a simple transparency log if people wanted a public record of transactions, offers, bids, etc to verify their accounting.”

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Tags: BlockchainCryptographic keysEthereumNFT
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    credit card tumbling

    How to Detect, and Prevent, Credit Card Tumbling

    January 30, 2023
    Why Businesses Need to Adopt Real-Time Payments as a Competitive Differentiator

    Why Businesses Need to Adopt Real-Time Payments as a Competitive Differentiator

    January 27, 2023
    faster payments

    Faster Payments Are Set to Revolutionize Modern Digital Payments

    January 26, 2023
    How AI can Help Manage Payments Risk in 2023

    How AI can Help Manage Payments Risk in 2023

    January 25, 2023
    cross-border payments

    How to Implement Effective and Innovative Cross-Border Payment Strategies

    January 24, 2023
    credit card experiences, digital payments, b2b payments

    Will Consumer-to-Business Payment Trends Drive B2B Global Growth in 2023?

    January 23, 2023
    Faster Payments Faster Identity Verification, connected car, payments

    2023 Predictions: Authentication, Digital Identity, and In-Car Payments

    January 20, 2023
    bank data

    Interconnectivity, Data Sharing, and Security Are Vital for Banks to Thrive

    January 19, 2023

    • Advertise With Us
    • About Us
    • Terms of Use
    • Privacy Policy
    • Subscribe
    ADVERTISEMENT
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • News
    • Resources

    © 2022 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download the U.S. Bank report - Real-time payments