Common Web 3 Narratives goes:
- Web1 was decentralised
- Web2 is centralised and dominated by GAFAM/BigTechs.
- Web3 will be decentralised, and we will liberate the people.
Is that true? Actually, this narrative is full of myths and needs to be reevaluated with facts.
Let us look back to Web 1.0.
Web 1 started around 1991.
Web1 was about publishing web pages that were linked to other pages. The publishing sites were decentralised all over and were connected by hyperlinks. Schematics resembled spider webs. Thus, the name “web”.
It was followed by Web 2.0 in 2004. The API Economy is a key component of Web 2.0, allowing for the decentralisation of data and services.
This has enabled the development of innovative applications and services that are transforming the way we interact with the world.
The main player of Web2.0 is not a monolithic system represented by the word “site”, but individual functions provided as APIs. These individual functions are offered as REST APIs, and by combining these APIs like LEGO, new services can be quickly created.
In a way, this was the ultimate decentralisation. This is because the unit known as an ‘application’ was broken down/distributed into individual functional units. At the same time, data can be fetched as needed from each API, eliminating the need for a centralised database.
And when this happened, GAFA, the BigTechs were not dominating the world.
2004 is the year when Facebook was born. YouTube was in 2005. AWS was in 2006. It was a time before the iPhone, which came out in 2007.
Figure 1 – Growth of GAFAM/BigTechs
Since they were just established, their revenues were still quite low. Google is still only 3.2B. Facebook is only 0.38M, even smaller than my own company.
Compared to it, Microsoft has 37B, and IBM 96B. It is apparent who the BigTechs were then. (See fig.2)
Figure 2 – GAFA v.s. Microsoft/IBM in 2004
From this perspective, GAFA (Google, Apple, Facebook, Amazon) were clearly the revolutionary forces, while IBM/Microsoft represented Ancien Régime.
I still remember the fervour of the revolution back then, advocating power to the people.
Did we realise the decentralisation Revolution?
Clearly not. We are now in the GAFAM-dominated world.
We may have dismantled the old regime, but what came after was the emperor as this famous painting depicts.
This can also be seen in the numbers. GAFA, which once seemed to be so much on our side, have now become mega-corporations that dominate the world.
Indeed, the old regime represented by IBM has fallen. However, what replaced it was an even more immense power, and it wasn’t the case that the power was distributed to the people.
Why did we end up here? Why so much concentration despite Web 2.0 being decentralized to the extreme technically?
The key is in these figures.
Here, you can see Google’s annual revenue is growing exponentially.
The same applies to Facebook. It is showing the symptom of increasing return.
Indeed, it was the combination of free market competition and technology that exhibited increasing returns that led to where we are today. Any IT technology has decreasing cost/increasing return on investment. Under the circumstances, it will end up in a winner-takes-all – monopoly/oligopoly. That’s how we ended up.
In other words, it was inevitable that we end up in this kind of oligopoly situation.
Would Web 3 make a difference?
Likely not. It still is an information technology.
It exhibits increasing return, and it is likely that we end up at the same place as we did in Web 2.0 – Centralisation.
Now, let us take a look at what is meant by centralised and decentralised. For this purpose, I have brought this slide titled “Gradation of decentralisation”.
When we talk about decentralisation, we need to specify what is bing decentralised. When the subject of decentralisation is distributed equally to the number of entities in the ecosystem, it is perfectly decentralised. The opposite case is when the subject is concentrated on one entity, then it is perfectly centralised. Note that it is not binary between “centralised” and “decentralised”.
Usually, it is in between. It is represented by the shade of grey in this figure.
As an example, let us think about the decentralised ledger and traditional ledger.
When there are N entities that record in a ledger, there will be N traditional ledgers. Thus, it is completely decentralised. In contrast, in the case of a distributed ledger, there is exactly one ledger. So, despite the name, it is completely centralised.
What a marketing genius to name a “completely centralised ledger” a “distributed ledger”!
I should certainly learn from that.
Now, let’s turn to figures to further see how centralised they are.
According to Bitinfocahts.com, 0.34%of addresses own 82.28% of Bitcoin.
DAO IT Right (which is defunct now) calculated the lowest and highest Gini coefficients of DAOs being 0.761 (LimitSwap) and 0.93 (LidoDAO) while South Africa, the country with the highest Gini coefficient in the world, only is 0.63.
Centralisation of the ability to drain funds is also apparent. In the case of Polygon, which uses an 8-key-multi signature for the code base, it turns out that the collusion of the four co-founders and another key holder, potentially a lawyer, is enough to drain Polygon.
Crazy centralised.
Now, let us look at the Decentralised Identity and Wallets.
First, we will look at the instances of IdPs. A Wallet is an IdP.
The number of instances will be greater than the number of devices (N) belonging to individuals.
In the context of decentralised identity, this aspect seems to be called out as “decentralised”.
On the other hand, in the Wallet model, personal data get accumulated in the wallet and thus exhibit hyper-centralisation in this sense, whereas the “fetch from authoritative data source” model exhibits complete decentralisation.
NOTE that not only the data but liability also gets accumulated to individuals.
This centralisation of personal data is a very attractive target for attackers. Until now, they had to attack each authoritative source individually, but now they can try to drain all the data from the targeted wallet instance. This is going to be extremely efficient.
Next, let us think about the number of IdPs.
In Web 2.0, 100s of thousands of IdPs. It is true that huge IdPs like Google and Apple draw our attention, but there are many others. For example, in the field of education, each academic institution has its own IdP, and I have my own IdP as well.
Of course, this number is minuscule when compared to the world population, but it can be said to be neither completely centralised nor decentralised.
What about that in the wallet model?
In the Wallet model, the number of wallet providers is likely to become significantly smaller than in the case of the Web 2 IdP model.
Moreover, even among those wallets,
“All wallets are equal but some are more equal than others.”
— Adopted from the speech of Napoleon in George Orwell’s Animal Farm.
In the end, it will be centralised to the Platform wallet (Apple Wallet, Google Wallet) OR result in OS mediated wallet selection model, and it will be centralised to the platforms.
Under such circumstances, we tend to make a policy intervention.
For example, several jurisdictions are moving towards forcing certain large providers of services to accept any certified wallets and even going as far as forcing to allow independent app stores to download these wallets.
However, I am not optimistic about it.
Why would a user install an independent app or app store to just use wallets while the platform-supplied wallet works? It sounds pretty unlikely.
Moreover, there are issues of trust. It is often said that big IdPs spy on you but wallets will not. Is that so?
How can you believe the code that runs on your phone does not spy on you?
Big brother may be watching you.
— Adopted from George Orwell’s dystopian novel: “1984”.
They may say,
“Do not worry. Do not think. Ignorance IS Power”
— Adopted from George Orwell’s dystopian novel: “1984”.
Devil’s Dictionary of Linguistic Dark Patterns, which was compiled at Internet Identity Workshop 2022, defines “decentralised” as “We run our code on your machine at your own risk.”
Well, I sincerely hope that it is not going to be the case – those wallet providers that run code on our phone has no intention of tricking us, and they are not trying to push the liability to the individuals, which was traditionally assumed by the operators of IdPs.
Most stakeholders probably are going to act benevolently, but we are at the risk of precipitating to the global minimum, just like the Fallacy of Composition, such as the paradox of saving.
In the paradox of saving, each autonomous individual tries to increase the saving. This leads to a decrease in aggregate demand and, thus, a decrease in gross output, which will in turn, lower total saving. If such behaviour continues, it will lead us to the global minimum – zero saving.
Similarly, in the decentralised identity context, everyone may try to increase the degree of decentralisation, but in aggregate, we may end up with more centralisation. I am calling this symptom a Fallacy of Decentralisation.
Is there no light?
Can web 3.0 help?
Certainly not the web 3 that can be found between A and Z that Jack Dorsey points out.
(source) https://twitter.com/jack/status/1473165759224463360?lang=en
But perhaps there is a chance that we find in Cypherpunk’s Idealistic Dream.
One of the biggest innovations of Web3 is that it commits the running code into the ledger so that it is immutable, publicly visible and auditable.
In Web 2, the belief that the code that is being run is behaving correctly needs to be based on organisational trust. Web 3 has the potential to move the trust anchor to the running code itself — Trust in the running code.
Right now, mainstream smart contracts seem to lack the scalability needed, but it can be a hint to the next step.
Let us think together now before it gets too late.