Web 3.0 Thoughts

Someone mentioned recently that they have been reading about “web 3.0” and were not entirely sure just what that was supposed to mean. So I spent a few minutes to collect my own thoughts on the subject and to put it into context.

web 1.0 - websites of the 1990s and 2000s had little client-side processing or user-generated content. A veritable “one-way street” of data being downloaded and presented to the early adopter denizens of the Internet. I call these “brochure” websites and was building them back when I worked at Organic Online during the dotcom rise and fall. It was heady days… the “roaring 20s” of my generation with IPO stock options being calculated and big names were setting up shop on the Internet for the very first time like Volvo, Levis and Starbucks.

web 2.0 - then into the 2000s and 2010s traffic becomes much more of a two-way street, with users contributing content and client-side processing power being harnessed to render experiences and new application features/functionality. The first "digital natives" of the Internet were born at this time, knowing only touch-screens (the iPad was introduced in 2010) and personal devices are infinitely more powerful than the computers that landed us on the moon. The rest of us are “digital immigrants” because we had experience of "the before times" with trips to the library to research topics of interest, reading newspapers, buying CDROMs, cassette tapes, vinyl LPs and (for some of us) 8-tracks for our musical consumption.

web 3.0 - emerging in the 2020s is an age of https-only/https-everywhere, API traffic eclipsing traditional traffic flows (API calls represent 83 percent of web traffic, according to an Akamai report), hundreds of web browser cookies tracking us *per site*, hyper-connectivity (5G, gigabit ethernet to the home) and, for better or for worse, an Internet of Things that might eventually lead to machine-to-machine transactions where humans become less relevant or significant, intelligent voice assistants evolving into personal AIs that broker and arrange our calendars and meetings, events and entertainment plans.

That same person also invoked the word “decentralized” to describe web 3.0 which struck me as odd and incorrect. The Internet has always been, due to the nature of it being a packet-switched network, decentralized. It was designed and built to survive the nuclear annihilation of Washington DC: a historical location for the US government’s hierarchical command center.

In web 1.0 the Internet brought a wave of democratization where (just about) anyone could have a presence, create a website and participate in access to a growing wealth of content, data and information. In web 2.0 the content became more dynamic (the only "upstream data" in web 1.0 was what you typed into a search box on early search engines) with the birth of things like Napster, YouTube, Reddit and other communities with forums and "discussion as content." This was a wave of democratization of voice... of authorship. The power to publish just like Gutenberg's printing press gave voice to new publishers of texts that were not the king or god/church/state.

But this web 2.0 expansion and growth gave rise to some mega entities like Facebook, Twitter, Apple, Google and AWS. I suspect that web 3.0 is the "extreme position" of the “Internet as pendulum.” Where the pendulum swings one direction but then stops, pauses and begins to swing back in the opposite direction. Web 3.0 feels like it might be an inflection point of intentions. Where the denizens of the Internet "take back" control of their data and identity from the sprawling control of the mega entities. It might well also be an intentional rejection of the "tyranny of the majority" (or the tyranny of homogenization thru machine learning algos for recommendation engines "people like you also bought ... ") and a desire to strike at the heart of centralized authority and attention span control that these meta entities have attained.

So web 3.0 as a broad concept generally includes references to crypto, blockchain and decentralized finance (DeFi). It has already managed to "win" the battle of language and names for things. We already speak of "stable coin" when talking about legacy currency (or fiat currency). Smart contracts and NFTs are but fledgling first forays into how we might be able to better honor the creators of content, rather than merely enrichen the aggregators and arbiters of taste and attention.

With smart contracts and blockchain or “hyper ledger” technology, residual income from a Bruce Springsteen concert ticket that is resold a few times and increases in price leading up to the night of the performance might make its way back to him. Why should StubHub or some other ticketmaster get to keep the profits on that increase in final sale price? Can we construct a system that makes the distribution of artistic creation (largely) unmediated? Take out the middlemen (and middlewomen) who extract value from the ecosystem of music writer, creator and performer. Record labels are really not needed anymore to anoint rising stars. DTC (Direct to Consumer) is not just a power play for Disney to stream it's content without giving a tithe to third parties like Hulu and Netflix. It's also about artists and authors of content democratizing the production and consumption chain and requisite channels of distribution. How can Daniel Ek, founder of Spotify, be worth $4 billion if he did not extract value from the music ecosystem? What did Spotify actually contribute to the world of music? Some would argue it accelerated a downward spiral of mechanical recording rights from dollars per song to millicents per play/listen.

As for musing about cybersecurity in the era of web 3.0 waves of economic disruption and resulting tidal currents and information flows, we will soon need to deal with the spectre of quantum computing. I was invited to join the World Economic Forum's working group on quantum security. The current thinking is that we are around 10 years away from the creation of a CRCQ (Cryptographically Relevant Quantum Computer). We're currently operating in a cooperative phase at the moment as IBM, Google and Microsoft (and others) are collaborating with one another and building 40 qubit and 100 qubit quantum computers. These are not CRCQs though until they reach 1,000 or 1mm qubits and can then challenge classical computing for their ability to do work and solve complex math problems (and break our current tools for cryptography and thus secrets and ability to enact digital privacy). Quantum computers can, it should be noted, also model complex systems down to the level of molecules and can also generate truly random numbers. But the crypto threat is on a lot of people’s minds because it will be a great disruptor. And whoever manages to build one first will have a tremendous tactical and strategic advantage over the rest of the digital universe.

The mission of information security is threefold: availability, integrity and confidentiality (of data and information). Post-quantum or quantum-resilient cryptography is being birthed in the next 2-3 years (NIST is working on vetting “Round 3” candidates for new algos, which will beget new protocols and allow for new standards to emerge for e-commerce, secure communications, and for global finance to survive the arrival of quantum computing). Even the integrity of data classified as "public" will be in jeopardy let alone confidential or restricted data. Think of the wikipedia edit wars on the Donald Trump page, or of the Covid19 pandemic response. But with regard to confidentiality, some kinds of secrets (or data) need to remain secret for a long time. Other secrets can change and expire quickly. If you rotate your password every 90 days it does not matter if someone can tap that datastream of you checking your back account balance and decrypt and expose your password by observing the traffic and using a CRQC to "crack" it since it will have rotated by the time they get it. Even if the basis for our current https secrecy of using RSA 2048-bit encryption can be attacked by a CRCQ within 4 hours we can likely just use password managers that auto-rotate our passwords for us every 3 hours and keep ahead of the game. For a while at least. Other data though is going to need or want to be protected for years like the details of your DNA genome.?

Lastly I invoke the pendulum metaphor again and posit that many people won't actually care about whether their data (the quantified-self, the infinite time series data of our heart beats recorded by an Apple watch or fitbit) is shared and made public. Millennials are oversharing their digital life already. And let's not forget that privacy did not always exist in the form that we know it today. In medieval times everyone in the village knew everything that was happening with all of their neighbors. There was no such thing as what we call privacy in today’s terms. Everyone was in each other's business. It was not until the advent of cities and industrial-grade domestication and production of crops and animal husbandry that we gathered in such large tribes that we lost the ability to know everyone by name in our immediate vicinity, town or village. Privacy emerged due to population growth and modernization of our societies and economies. Perhaps privacy will fade away again as the surveillance state takes hold and the "sheeple" do not protest or particularly mind. Perhaps web 3.0 will mean a transformation of the concept and practice of privacy itself.