Cautionary Tales from Cryptoland

All of a sudden, it feels likeWeb3 is everywhere. The money, the buzz, the name all make it seem like Web3 will inevitably be the next big thing. But is it? And do we even want it to be?

As the hype has reached a fever pitch, critics have started to warn of unintended and overlooked consequences of a web with a blockchain backbone. And while Web3 advocates focus on what the future of the internet could be, skeptics such as Molly White, a software developer and Wikipedia editor, are focused on the very real problems of the here and now.

White created the website Web3 Is Going Just Great, a time line that tracks scams, hacks, rug pulls, collapses, shady dealings, and other examples of problems with Web3. HBR.org spoke to White over email about what people aren’t hearing about Web3, how blockchain could make internet harassment much worse, and why the whole project might be “an enormous grift that’s pouring lighter fluid on our already-smoldering planet.” This interview has been lightly edited.

You make it very clear that you don’t have a financial stake in Web3 one way or another. So what led you to start your project and write about Web3’s problems?

Late 2021 was when I really began to notice a huge shift in how people talk about crypto. Instead of being primarily used for speculative investments by people who were willing to take on a lot of risk in exchange for hopes of huge returns, people began to talk about how the whole web was going to shift toward services that were built using blockchains. Everyone would have a crypto wallet, and everyone would adopt these new blockchain-based projects for social networks, video games, online communities, and so on.

This shift got my attention, because until then crypto had always felt fairly “opt-in” to me. It was previously a somewhat niche technology, even to software engineers, and it seemed like the majority of people who engaged with it financially were fairly aware of the volatility risks. Those of us who didn’t want anything to do with crypto could just not put any money into it.

Once crypto began to be marketed as something that everyone would need to engage with, and once projects began trying to bring in broader, more mainstream audiences — often people who didn’t seem to understand the technology or the financial risks — I got very concerned. Blockchains are not well suited to many, if not most, of the use cases that are being described as “Web3,” and I have a lot of concerns about the implications of them being used in that way. I also saw just an enormous number of crypto and Web3 projects going terribly: people coming up with incredibly poorly thought-out project ideas and people and companies alike losing tons of money to scams, hacks, and user error.

In the examples you’ve collected, what are some of the common mistakes or misapprehensions you see in companies’ efforts to launch Web3 projects, whether they’re NFTs (non-fungible tokens) or something else?

My overwhelming feeling is that Web3 projects seem to be a solution in search of a problem. It often seems like project creators knew they wanted to incorporate blockchains somehow and then went casting around for some problem they could try to solve with a blockchain without much thought as to whether it was the right technology to address it, or even if the problem was something that could or should be solved with technology at all.

Kickstarter might have been the most egregious example of this: Late last year they announced, much to the chagrin of many in their user base, that they would be completely rebuilding their platform on a blockchain. In an interview to explain the decision, COO Sean Leow gave the distinct impression that he had no idea why they were reimplementing their platform this way — what governance problems they were trying to solve, why a blockchain would be effective in solving them.

Companies also seem to announce NFT projects without doing much research into how these have gone for other companies in their sector. We’ve seen enough NFT announcements by video game studios that have gone so badly that they’ve chosen to reverse the decision within days or even hours. And yet somehow a new game company will do this and then be surprised at the backlash over NFTs’ considerable carbon footprint or the sense that they’re just a grift. The same is true for ostensibly environmentally conscious organizations announcing NFTs — even in some cases projects that are entirely focused on environmentalism, like the World Wildlife Fund, which tried and failed to launch a less carbon-intensive NFT series.

I firmly believe that companies first need to identify and research the problem they are trying to solve, and then select the right technology to do it. Those technologies may not be the latest buzzword, and they may not cause venture capitalists to come crawling out of the woodwork, but choosing technologies with that approach tends to be a lot more successful in the long run — at least, assuming the primary goal is to actually solve a problem rather than attract VC [venture capital] money.

One of the most surprising (to me, anyway) arguments you make is that Web3 could be a disaster for privacy and create major issues around harassment. Why? And does it feel like the companies “buying into” Web3 are aware of this?

Blockchains are immutable, which means once data is recorded, it can’t be removed. The idea that blockchains will be used to store user-generated data for services like social networks has enormous implications for user safety. If someone uses these platforms to harass and abuse others, such as by doxing, posting revenge pornography, uploading child sexual abuse material, or doing any number of other very serious things that platforms normally try to thwart with content-moderation teams, the protections that can be offered to users are extremely limited. The same goes for users who plagiarize artwork, spam, or share sensitive material like trade secrets. Even a user who themself posts something and then later decides they’d rather not have it online is stuck with it remaining on-chain indefinitely.

Many blockchains also have a very public record of transactions: Anyone can see that a person made a transaction and the details of that transaction. Privacy is theoretically provided through pseudonymity — wallets are identified by a string of characters that aren’t inherently tied to a person. But because you’ll likely use one wallet for most of your transactions, keeping one’s wallet address private can be both challenging and a lot of work and is likely to only become more challenging if this future vision of crypto ubiquity is realized. If a person’s wallet address is known and they are using a popular chain like Ethereum to transact, anyone [else] can see all transactions they’ve made.

Cautionary Tales from Cryptoland

Imagine if you went on a first date, and when you paid them back for your half of the meal, they could now see every other transaction you’d ever made — not just the public transactions on some app you used to transfer the cash but any transactions: the split checks with all of your previous dates, that monthly transfer to your therapist, the debts you’re paying off (or not), the charities to which you’re donating (or not), the amount you’re putting in a retirement account (or not). What if they could see the location of the corner store by your apartment where you so frequently go to grab a pint of ice cream at 10 PM? And this would also be visible to your ex-partners, your estranged family members, your prospective employers, or any number of outside parties interested in collecting your data and using it for any purpose they like. If you had a stalker or had left an abusive relationship or were the target of harassment, the granular details of your life are right there.

There are some blockchains that try to obfuscate these types of details for privacy purposes. But there are trade-offs here: While transparency can enable harassment, the features that make it possible to achieve privacy in a trustless system also enable financial crimes like money laundering. It is also very difficult to use those currencies (and to cash them out to traditional forms of currency). There are various techniques that people can use to try to remain anonymous, but they tend to require technical skill and quite a lot of work on the user’s end to maintain that anonymity.

This point of view seems almost totally absent from the conversation. Why do you think that is?

I think a lot of companies haven’t put much thought into the technology’s abuse potential. I’m surprised at how often I bring it up and the person I’m talking to admits that it’s never crossed their mind.

When the abuse potential is acknowledged, there’s a very common sentiment in the Web3 space that these fundamental problems are just minor issues that can be fixed later, without any acknowledgment that they are intrinsic characteristics of the technology that can’t easily be changed after the fact. I believe it’s completely unacceptable to release products without any apparent thought to this vector of user risk, and so I am shocked when companies take that view.

One of the mainstays of the pitch made by Web3 proponents is that blockchain can democratize (or re-democratize) the web and provide new sources of wealth and opportunity — even banking the unbanked. What’s your take on that?

It’s a compelling pitch; I’ll give them that. But crypto has so far been enormously successful at taking wealth from the average person or the financially disadvantaged and “redistributing” it to the already wealthy. The arguments I’ve seen for how this same technology is suddenly going to result in the democratization of wealth have been enormously uncompelling. The emerging crypto space is very poorly regulated, especially the newer parts of it pertaining to decentralized finance. It’s difficult for me to see a future where poorly regulated technology with built-in perverse financial incentives will magically result in fairer, more accessible systems.

As for “banking the unbanked” and the democratization of the web, people are falling into a trap that technologists have fallen into over and over again: trying to solve social problems purely with technology. People are not unbanked because of some technological failure. People lack access to banking services for all sorts of reasons: They don’t have money to open a bank account to begin with, they’re undocumented, they don’t have access to a physical bank or an internet or mobile connection, or they don’t trust banks due to high levels of corruption in their financial or judicial systems.

Subscribe to our Bimonthly Newsletter The Big Idea A special series on the most pressing topics facing business today. Sign Up Thanks for subscribing,!You can view ourother newsletters or opt out at any time by managing youremail preferences.

These are not problems that can be solved solely through the addition of a blockchain. Indeed, crypto solutions introduce even more barriers: the technological know-how and the level of security practices required to safeguard a crypto wallet; the knowledge and time to try to distinguish “scammy” projects from those that are trying to be legitimate; the lack of consumer protections if something happens to an exchange where you are keeping your funds; and the added difficulty of reversing fraud when it does occur.

In my view, the places where crypto has done some good — and I do openly acknowledge that it has done some good — have primarily been in situations where there are enormous societal and political failings and any replacement is better than what exists. For example, some people have successfully used crypto to send remittances to people under oppressive regimes. These examples are fairly limited, and the fact that it’s worked seems largely because crypto hasn’t been deployed in such a widespread way for those regimes to try to become involved.

Given all of this, what do you think is the cultural draw of Web3?

The ideological argument for Web3 is very compelling, and I personally hold many of the same ideals. I strongly believe in working toward a more equitable and accessible financial system, creating a fairer distribution of wealth in society, supporting artists and creators, ensuring privacy and control over one’s data, and democratizing access to the web. These are all things you will hear Web3 projects claiming to try to solve.

I just don’t think that creating technologies based around cryptocurrencies and blockchains is the solution to these problems. These technologies build up financial barriers; they don’t knock them down. They seek to introduce a layer of financialization to everything we do that I feel is, in many ways, worse than the existing systems they seek to replace. These are social and societal issues, not technological ones, and the solutions will be found in societal and political change.

Should HBR.org even be doing this package on Web3? Are we buying into — or amplifying — the hype cycle?

I think we are comfortably beyond the “ignore it and hope it goes away” phase of crypto. I know I decided I was beyond that phase late last year. I think the best thing that journalists who report on crypto can do at this stage is ask the tough questions, seek out experts wherever they can, and try not to fall for the boosterism.

Crypto and Web3 are complex on so many levels — technologically, economically, sociologically, legally — that it is difficult for any single person to report on all issues, but there are extremely competent people who have examined crypto through each of these lenses and who are asking those tough questions.

One of the biggest failures of the media in reporting on crypto has been uncritically reprinting statements from crypto boosters with little reflection on the legitimacy or feasibility of those statements. It doesn’t have to be that way. That is not to say that there needs to be a double standard, either — I think most, if not all, crypto skeptics welcome pushback and critical editing of what they say and write (though I do think the financial incentive to be skeptical of crypto is dwarfed compared to the incentive to be positive about it).

Kevin Roose recently suggested in “The Latecomer’s Guide to Crypto” in the Sunday New York Times that, in the Web 2.0 era, the early skeptics were to blame for the ills of social media because they weren’t “loud enough” in their skepticism. I would counter that they were not given the opportunity to be as loud as they wanted to be and that those who did hear them did not listen, or at least did not meaningfully act upon what they heard. Perhaps there is an opportunity for history not to repeat itself.

Popular Articles