Don’t Let Web 3 Repeat Web 2’s Mistakes

Web 3 must be private by default, Tor Bair of the Secret Foundation writes for CoinDesk’s Privacy Week.

AccessTimeIconJan 26, 2022 at 3:38 p.m. UTC
Updated Sep 19, 2023 at 4:03 p.m. UTC
AccessTimeIconJan 26, 2022 at 3:38 p.m. UTCUpdated Sep 19, 2023 at 4:03 p.m. UTCLayer 2
AccessTimeIconJan 26, 2022 at 3:38 p.m. UTCUpdated Sep 19, 2023 at 4:03 p.m. UTCLayer 2

Crypto has undergone an impressive spate of growth recently. We’ve gone from a few hundred users of non-fungible tokens (NFT), a couple of thousand Ethereum node operators and maybe a multitude more of bitcoin holders to several million investors and users across the industry. It’s wonderful there’s an open online world where anyone can create, build and explore without permission. That value is being created, and freedom preserved. But there’s something being lost in the mix: privacy.

Web 3, the buzzy corner of crypto that spans everything from play-to-earn gaming to collectibles to decentralized finance (DeFi), seems to be repeating the same missteps of Web 2. Although touted as a solution to the perils of internet centralization by letting people own their own data and earn rewards for the value they create, Web 3 is failing on these big promises. And with some of the biggest Web 2 builders entering the Web 3 space, the problems may only get worse.

Tor Bair is the founder of the Secret Foundation, an organization dedicated to building, researching and scaling adoption of open-source, privacy-first technologies. This article is part of CoinDesk’s Privacy Week series.

The Web 2 economy was built on a simple idea: collect a cheap resource at scale, user data, then repackage and monetize access to it as an expensive product. It gave users near unlimited ability to create content and connect globally while giving advertisers a captive audience. Companies including Facebook and Google built trillion-dollar businesses and “walled gardens” around this arbitrage, then changed their names (Meta, Alphabet) to distance themselves from the extractive platforms that allowed for their obscene growth.

Along the way, user privacy was not merely ignored – it was abandoned. It was only after the Cambridge Analytica whistle-blowers came forward that we truly became aware of how our data was being misused and resold, occasionally at the expense of democracy itself. Almost every Web 2 company has dealt with massive privacy failings and data breaches, from Uber to Equifax to LinkedIn to Alibaba.

Despite all the lofty promises of Web 3, it has not solved this core issue. While the blockchain world is indeed far more open than Web 2, it is actually far less private. Blockchains leak all user data by default, and not just to Cambridge Analytica but to anyone who glances at the blockchain. The dominant public-by-default model means users must give up control of their data by default as well.

This failure means Web 3 is not becoming user-centric after all. Public-by-default systems and blockchains recentralize and converge to winner-take-all structures. Whoever has the resources to make best use of all the publicly available data will capture the majority of value. In other words, the rich get richer, and users lose their control.

Web 3 companies like Chainalysis have achieved multi-billion- dollar valuations on this play. Miners, the computers that secure and order blockchains, routinely frontrun users based on their privileged view into publicly available data.

Meanwhile, Web 2 companies like Meta (the former Facebook) are clearly seizing the next multi-trillion dollar opportunity by concentrating their entire focus on the emerging metaverse. The same companies that shattered online privacy in the age of social media are now angling to control our open metaverse, wielding war chests of billions of dollars in hopes of capturing trillions.

These are two bad choices: an open metaverse that leaks all data by design and a metaverse owned and operated by the same companies that routinely exploit user data. We need to actively reject both.

As we watch the metaverse emerge and build its foundation, we must be aware of and actively work towards a better model. Web 3 and the open metaverse must embrace privacy by design, protect users by default and allow them to consent to and benefit from the use of their data.

It’s not just a dream: Tens of thousands of users in our community around the world are already building and using private-by-default, decentralized, and self-sustainable applications that are truly empowering. We’ve been working towards this vision since 2015, and with the stakes higher than ever, this is the perfect moment to join our fight.

A metaverse that protects our privacy is the only one worth creating, and the only one worth living in.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Tor Bair

Tor Bair is the founder of the Secret Foundation, an organization dedicated to building, researching and scaling adoption of open-source, privacy-first technologies.