Is Moxie Marlinspike Right About Web 3?

Crypto may not be as decentralized as its proponents claim.

AccessTimeIconJan 10, 2022 at 9:28 p.m. UTC
Updated Jun 14, 2024 at 6:23 p.m. UTC

“Web 3″ isn’t all that easy to critique, since it tends to mean different things to different people.

Critiques abound, each with slightly different operating definitions of the term, but it’s rare to encounter one with the kind of technical depth you might expect from a crypto developer – someone who’s played around with the code and gotten a feel for how these systems really work.

This article is excerpted from The Node, CoinDesk’s daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.

Late last week, the cryptographer and privacy expert Moxie Marlinspike, who is best known for creating the encrypted messaging service Signal, released a longish essay on the current state of “Web 3″ and the ways in which utopian rhetoric around cryptocurrencies tends to obscure the technical realities of the blockchain-backed internet as it exists today.

For Marlinspike, “Web 3″ is a decentralized internet backed by blockchains and cryptocurrencies. If “Web 2″ is the internet as we know it today, where companies like Amazon Web Services, Google and Microsoft provide the back-end tools for users to make their own websites (i.e. cloud computing structures and rentable servers), then “Web 3″ should be an internet built on public blockchains, without centralized corporate mediators.

But as Marlinspike points out, that’s not how the crypto ecosystem is developing in practice.

Because most personal computers aren’t running a node, and therefore don’t maintain a whole copy of the blockchain locally, they need another way of accessing the data on the ledger. Enter application programming interfaces (APIs): code libraries that offer handy shortcuts for pulling data from a given blockchain.

Infura, a product of the blockchain software giant ConsenSys, and Alchemy, a startup recently valued at $3.5 billion, are the two main purveyors of these APIs, as Marlinspike points out. So-called “decentralized applications,” or “dapps,” like Mirror, OpenSea and Zora rely on those systems to retrieve data from public blockchains – sort of like middlemen.

That is true for most sites that ask you to log in with a “connect wallet” button as opposed to a username and password, and for online wallets like MetaMask, which exist as both dedicated websites and add-on extensions for internet browsers. They live on the centralized internet we’re already used to.

Here’s what Marlinspike has to say about MetaMask’s reliance on APIs from private companies:

“A wallet like MetaMask needs to do basic things like display your balance, your recent transactions and your non-fungible tokens, as well as more complex things like constructing transactions, interacting with smart contracts, etc. In short, MetaMask needs to interact with the blockchain, but the blockchain has been built such that clients like MetaMask can’t interact with it. MetaMask accomplishes this by making API calls to three companies that have consolidated in this space.”

Those three companies are Etherscan, now the leading explorer service for perusing transactions on the Ethereum blockchain; Infura, which offers a shortcut for accessing a wallet’s balance; and OpenSea, which provides a list of the wallet’s NFTs. (Though Etherscan is considered a “public good” in the crypto sphere, it’s a Malaysian company that happens to be backed by Digital Currency Group, which also funds CoinDesk.)

Here’s that command in MetaMask’s source code, which Marlinspike reproduces in his piece:

GET[PASTE YOUR ETH ADDRESS HERE]&offset=40&order=desc&action=txlist&tag=latest&page=1 HTTP/2.0

Whatever Etherscan coughs up is then plugged into MetaMask. That isn’t a problem as long as Etherscan – a centralized service from a private company – is behaving correctly. It’s another step in the process, one without which MetaMask wouldn’t function.

The same goes for OpenSea. To prove his point, Marlinspike minted an NFT that displays a different image depending on the server you view it from. For some reason – Marlinspike said he never learned why – OpenSea took it down.

OpenSea, a multibillion dollar private company, is within its rights to take down images, and does so fairly often. The issue is that MetaMask, purportedly a non-custodial, censorship-resistant wallet controlled by its users, stopped displaying the NFT, too. The token was still on the blockchain, but MetaMask was scanning data only from OpenSea, as opposed to the blockchain itself. And because it’s built to operate without a working node, MetaMask can’t pull the data directly from Ethereum.

This is all a very technical way of looking at a larger-scale issue with the state of crypto infrastructure in 2022. What does it mean for an application to be truly decentralized? Maybe the benefits of crypto are such that mainstream users won’t care whether a few large companies end up playing this crucial role in the data pipeline. But the reality is that the market is already somewhat consolidated, just like “Web 2.”

Vitalik Buterin, one of the inventors of Ethereum, responded to Marlinspike on Reddit, essentially conceding many of these points. “Moxie’s critiques in the second half of the post strike me as having a correct criticism of the current state of the ecosystem… but they are missing where the blockchain ecosystem is going,” he wrote.

Marlinspike anticipated that response.

“Even if this is just the beginning (and it very well might be!),” reads Marlinspike’s blog post, “I’m not sure we should consider that any consolation. I think the opposite might be true; it seems like we should take notice that from the very beginning, these technologies immediately tended towards centralization through platforms in order for them to be realized, that this has ~zero negatively felt effect on the velocity of the ecosystem, and that most participants don’t even know or care it’s happening.”

On Twitter, Jake Brukhman, the founder of a crypto investment firm called CoinFund, made the bold claim that “Web 3 is in its early stages, it is not built or adopted yet.” Which is to say, the real promise of Web 3 is in the idea that you can run your own node. Even if consumers don’t want to, or don’t even know what a node is, argues Brukhman, it’s the potential that matters.

That’s the thing with crypto: It’s always arriving. Although the total market was worth some $3 trillion as recently as November, we’re still working out what it’s good for, what problems it actually solves for a mainstream audience.

There’s enough money and development going into these systems that it’s not unreasonable to expect certain aspects of the space could become more decentralized over time, as Buterin and Brukhman predict. But there’s also a huge amount of money to be gained by staking a centralized claim in the new internet, selling the vision of trustless computing from a venture capital-backed private company.

If Buterin is right, Web 3 could offer something genuinely new. Otherwise, it risks enshrining the very power dynamics it’s always tried to escape.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Will Gottsegen

Will Gottsegen was CoinDesk's media and culture reporter.