uhm... I studied and worked on authentication protocols, and I worked with a company that was into web3 (though I did not work on that part directly)
...so I might have a few insights.
while the (small) article shows only common arguments, and while I agree on those, we need to distinguish a bit the technical part with the financial part.
Technically, web3 is merely authentication with a public key. That's fine. Good, even (if only people used hardware keys instead of software keys, sigh).
I mean there is always the little catch that to actually verify stuff you need either 300+GB of data or you need to trust a webserver (thus breaking the whole point of web3), but details and details.
But the big problem is tying your identity to your financial. That to me is a deal breaker. Lost keys? lost money. Stolen Key? stolen money. To actually work with web3 you need to put your keys in every stupid little service, since we use basically only software wallets at best, and most are integrated in your application be it banking or gaming.
Some use services like metamask that are... browser only. chrome plugin browser-only. so you have to hop through things to use a normal application and constantly switch to your...browser, which by itself is the biggest attack surface in the current world.
There is no keys-with-money/key-for-authentication, there is no key revocation, main-key/subkey, monthly-spending-limits or anything. We could have gone with some small gpg-like web-of-trust for each key to revoke, substitute or compartmentalize the purpose of the key. But no. Absolutely nothing. And the bigger the project, the more static and adverse to change it is (hello bitcoin, still at 4-7 transactions/sec?)
So while I would welcome a key-is-your-id kind of web, as a security researcher I have to say that this model looks like it's built for you to lose control as easily as possible, which makes it a deal-breaker imho. The truth of course is that there is no conspiracy, just that nobody is accountable, and that looks like work, so nah, we ain't got time.
So all it means is that you have a public/private key. You end up sending and receiving money by signing stuff you don't really verify, and trust some other 3rd party website for any chain verification.
So you have a private/public key, and the rest is website. You don't really do anything on the chain by yourself
...so I might have a few insights.
while the (small) article shows only common arguments, and while I agree on those, we need to distinguish a bit the technical part with the financial part.
Technically, web3 is merely authentication with a public key. That's fine. Good, even (if only people used hardware keys instead of software keys, sigh).
I mean there is always the little catch that to actually verify stuff you need either 300+GB of data or you need to trust a webserver (thus breaking the whole point of web3), but details and details.
But the big problem is tying your identity to your financial. That to me is a deal breaker. Lost keys? lost money. Stolen Key? stolen money. To actually work with web3 you need to put your keys in every stupid little service, since we use basically only software wallets at best, and most are integrated in your application be it banking or gaming.
Some use services like metamask that are... browser only. chrome plugin browser-only. so you have to hop through things to use a normal application and constantly switch to your...browser, which by itself is the biggest attack surface in the current world.
There is no keys-with-money/key-for-authentication, there is no key revocation, main-key/subkey, monthly-spending-limits or anything. We could have gone with some small gpg-like web-of-trust for each key to revoke, substitute or compartmentalize the purpose of the key. But no. Absolutely nothing. And the bigger the project, the more static and adverse to change it is (hello bitcoin, still at 4-7 transactions/sec?)
So while I would welcome a key-is-your-id kind of web, as a security researcher I have to say that this model looks like it's built for you to lose control as easily as possible, which makes it a deal-breaker imho. The truth of course is that there is no conspiracy, just that nobody is accountable, and that looks like work, so nah, we ain't got time.
Edit: typos