fbpx
PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • COVID-19
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • COVID-19
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Digitized NFT Assets Aren’t Safe and NFTs Aren’t Web3

Tim Sloane by Tim Sloane
January 10, 2022
in Analysts Coverage, NFT
0
Digitized NFT Assets Aren’t Safe and NFTs Aren’t Web3

Digitized NFT Assets Aren’t Safe and NFTs Aren’t Web3

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

The day after I published my rant regarding Web3, Signal founder Moxie Marlinspike took my rant several steps further. This is a must read blog for those interested in the technology and business models associated with Web3 and NFTs.

Moxie’s blog also argues that Web3 is moving to a centralized model, not a distributed model, and identifies the companies taking advantage of this fact. More importantly, his analysis expands all of this to point out that the centralized implementations fail to employ cryptographic techniques needed to protect the NFT assets madly being purchased today. As an example, he created NFT digital artwork that would present a different picture depending on where you accessed the NFT from. The NFT operator removed his assets and eliminated any trace they ever existed. Below are several excerpts, but go read the full blog!

“This was surprising to me. So much work, energy, and time has gone into creating a trustless distributed consensus mechanism, but virtually all clients that wish to access it do so by simply trusting the outputs from these two companies without any further verification. It also doesn’t seem like the best privacy situation. Imagine if every time you interacted with a website in Chrome, your request first went to Google before being routed to the destination and back. That’s the situation with ethereum today. All write traffic is obviously already public on the blockchain, but these companies also have visibility into almost all read requests from almost all users in almost all dApps.

Instead of storing the data on-chain, NFTs instead contain a URL that points to the data. What surprised me about the standards was that there’s no hash commitment for the data located at the URL. Looking at many of the NFTs on popular marketplaces being sold for tens, hundreds, or millions of dollars, that URL often just points to some VPS running Apache somewhere. Anyone with access to that machine, anyone who buys that domain name in the future, or anyone who compromises that machine can change the image, title, description, etc for the NFT to whatever they’d like at any time (regardless of whether or not they “own” the token). There’s nothing in the NFT spec that tells you what the image “should” be, or even allows you to confirm whether something is the “correct” image.

MetaMask doesn’t actually do much, it’s just a view onto data provided by these centralized APIs. This isn’t a problem specific to MetaMask – what other option do they have? Rainbow, etc are set up in exactly the same way. (Interestingly, Rainbow has their own data for the social features they’re building into their wallet – social graph, showcases, etc – and have chosen to build all of that on top of Firebase instead of the blockchain.)

All this means that if your NFT is removed from OpenSea, it also disappears from your wallet. It doesn’t functionally matter that my NFT is indelibly on the blockchain somewhere, because the wallet (and increasingly everything else in the ecosystem) is just using the OpenSea API to display NFTs, which began returning 304 No Content for the query of NFTs owned by my address!

This isn’t a complaint about OpenSea or an indictment of what they’ve built. Just the opposite, they’re trying to build something that works. I think we should expect this kind of platform consolidation to happen, and given the inevitability, design systems that give us what we want when that’s how things are organized. My sense and concern, though, is that the web3 community expects some other outcome than what we’re already seeing.

When you think about it, OpenSea would actually be much “better” in the immediate sense if all the web3 parts were gone. It would be faster, cheaper for everyone, and easier to use. For example, to accept a bid on my NFT, I would have had to pay over $80-$150+ just in ethereum transaction fees. That puts an artificial floor on all bids, since otherwise you’d lose money by accepting a bid for less than the gas fees. Payment fees by credit card, which typically feel extortionary, look cheap compared to that. OpenSea could even publish a simple transparency log if people wanted a public record of transactions, offers, bids, etc to verify their accounting.”

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Tags: BlockchainCryptographic keysEthereumNFT
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily
    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    Why Is Tax Automation Important for Small Businesses?

    Why Is Tax Automation Important for Small Businesses?

    May 26, 2022
    On-demand Webinar - SMB Banking Disruption and Innovation Webinar

    On-demand Webinar: What SMBs Want From Digital Financial Experience

    May 25, 2022
    Why Partnering with an Agile Payment Processor Is the Smart Move 

    Why Partnering with an Agile Payment Processor Is the Smart Move 

    May 24, 2022
    Secure and Transparent Data Portability with Open Finance

    Secure and Transparent Data Portability with Open Finance

    May 23, 2022
    BNPL for B2B: Exploring Business Financing Options  

    BNPL for B2B: Exploring Business Financing Options  

    May 20, 2022
    Multi-Layered Fraud Protection for All Merchants 

    Multi-Layered Fraud Protection for All Merchants 

    May 19, 2022
    Strategic Cash Flow Forecasting for SMBs

    Strategic Cash Flow Forecasting for SMBs 

    May 18, 2022
    SEC Regulations, DOJ Crypto Bust Underscore Urgency for Proactive Fraud Prevention

    SEC Regulations, DOJ Crypto Bust Underscore Urgency for Proactive Fraud Prevention

    May 17, 2022

    • Advertise With Us
    • About Us
    • Terms of Use
    • Privacy Policy
    • Subscribe
    ADVERTISEMENT
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • COVID-19
    • News
    • Resources

    © 2022 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result