The Next Version of the Internet
Web 3.0, Identity Management and Open Source will radically change the future of the web.
In 1995, Marc Andreessen, inventor of the first web browser, tasked one of his employees at Netscape, Brendan Eich, with a near-impossible task - invent a programming language for the browser in just 10 days.
Eich, a fan of C, Smalltalk, and Scheme, delivered a programming language that has now become the lingua franca of the web -- JavaScript.
From that day forward, the web was forever transformed as JavaScript enabled web developers to do more than just provide a graphic user interface to the internet for non-technical people - it enabled new levels of interactivity for mostly static web pages.
Web 1.0
The first version of the internet was, however, static web pages that connected to one another via URLs or “links”. The ability for someone to share a URL of a webpage with anyone that had an internet connection created the first and most powerful, online network effect.
Within a matter of years, the internet exploded with millions of web pages published, services like search and email sprouted up, new business categories like “e-commerce” emerged as well as plenty of scams and failures.
Like nearly any new groundbreaking technology, there was sufficient doubt to the internet’s survival and impact. Nobel prize winning economist, Paul Krugman, famously stated that the internet’s impact will be “no greater than the fax machine’s.” Ironically this quote came from a printed version of the New York Times Magazine, a member of an industry that has become entirely upended by the internet.
As people became more familiar with the internet and browsing web pages, they became comfortable with “creating accounts” for various sites and services they used. Whether it was logging into one’s Hotmail account to check their email or buying a book on Amazon, the concept of a username and password as the path to gaining privileged access to a website was here to stay.
Yet, something was missing. The internet felt like it was stagnating a bit in terms of creativity, expression, and ultimately, interactivity.
Between 1995 and 2001, competition between Netscape’s Navigator and Microsoft’s Internet Explorer (IE) really began to heat up and was aptly dubbed the “First Browser War” with IE coming out as victor when Microsoft decided to bundle IE 4.0 with the Windows operating system which enabled them to capture the lion’s share of the market.
Web 2.0
By 2000, Microsoft’s IE web browser had nearly 95% of the global market share, yet instead of resting on their laurels, they continued to innovate. The Outlook Web Access team, formerly Hotmail, created a new interface called IXMLHTTPRequest that eventually was implemented by the IE team ultimately giving developers access, via ActiveX, to the MSXML framework (Windows native, XML-based apps).
Did I lose you already with the technical jargon?
In short, with IXMLHTTPRequest, the browser was now equipped with the ability to enable the types of rich internet applications that you use today.
Ironically, it was Brendan Eich, not the Outlook or IE team, that helped usher in a new version of the web.
Eich and a team at the Mozilla project developed and implemented an interface called nsIXMLHttpRequest into their web browser’s layout engine. Mozilla created a wrapper to use this interface through a JavaScript object which they called XMLHttpRequest, or more commonly known today as “XHR”.
By 2002, XHR was fully implemented in Mozilla’s browser and XHR quickly became the de facto standard for every other web browser, sans IE, by 2005. In 2006, IE 7.0 eventually adopted XHR, but the web had fundamentally changed by that point.
Cool story, Joe, but why should I care? This seemingly innocuous addition to the web browser completely changed the face of the internet.
In 2005, Jesse James Garrett coined the term “AJAX” which ushered in a new way for web developers to build truly immersive internet applications which didn’t require the entire web page to reload every time you did something on the page.
Do you know how you enter a comment on Facebook or Reddit and it automagically just shows up within a second or two without the entire web page reloading? That’s AJAX.
Or how you scroll to the bottom of your Twitter feed and more tweets just seem to keep showing up indefinitely? That’s AJAX.
XHR and ultimately, the AJAX programming model launched what is now known as Web 2.0. Truly immersive internet applications like Google Maps, MySpace, Facebook, Digg, YouTube, and many more paved the way for developers to re-think what a “website” was and what was possible on the web.
And what followed? E-commerce boomed. Social networks exploded. Internet engagement went through the roof and all the while, additional aspects of the web were evolving, namely, payments, privacy, security, and the most consequential: identity management.
Identity Management
In the early ages of the internet, you had one login per website. You had a username and password for your Yahoo account. One for Amazon. One for eBay. Before you knew it, you were reusing passwords and your data was bound to the site you were logging into. Password reuse is an internet faux pas today but it was quite common back then.
With Web 2.0, we were now able to “Login with Facebook” or create an account to use a new web application by providing our Google credentials. This cut down on password reuse but the data became consolidated amongst a few major tech companies, namely those that were offering federated, social login/identity management solutions -- Google, Facebook, and Twitter.
When Facebook announced “Facebook Connect” at their developer conference in 2008 it was a huge relief to web developers as the amount of friction associated with users creating a new account for any website was dramatically reduced.
Think of how easy it is to try out a new website by simply logging in with your Facebook account. A few clicks and you’re done. Contrast that with having to create a username, password, email address, etc. Website designers and developers know that the more friction you put in front of your users, the fewer users you will have.
Unfortunately, there are major trade-offs to end users of these free services. Over the past decade, and certainly the past few years, we’ve seen the influence and reach of internet companies when they consolidate data and power and use it in ways that not everyone agrees.
But what is the alternative?
Web 3.0
What if I told you there was a way to access a website without ever having to create an account?
What if I told you that you only need one ID to float from site to site, app to app, across the internet?
What if I told you that you own your data or conversely, everyone owns everyone’s data and that the data can be verified by anyone and most importantly you?
Would you believe me? Or is this just another episode of Silicon Valley?
Enter Web 3.0, an internet free of identity management friction with a healthy dose of opt-in pseudonymity and data sovereignty.
Today, we keep our data with providers like Google and Facebook, but not just these large tech companies -- we also provide plenty of our data to Home Depot, Chipotle, Hyatt, The New York Times, and myriad other companies because they provide a service to us, free or paid.
However, we don’t have control or access to that data or how it is being used or harvested. Sure, there’s current and future regulation to enforce some form of data liberation from companies that harbor our information, but that requires conformance and accountability and could be many, many years away.
Instead, imagine your data is fully encrypted or tied back only to a cryptographic hash, not your full name or even email address. Public blockchains, like Bitcoin, Ethereum, and Solana to name a few, enable this experience today.
Decentralized Apps (dApps)
Web 3.0 applications run on decentralized computing platforms and public blockchains. Decentralized apps, or dApps, don’t require you to create an account -- they only require you to connect your blockchain identity, or more commonly known as a “wallet”, to the application.
Now at first, connecting one’s “wallet” to anything sounds sketchy. Engineers have historically struggled with branding and marketing new technology, that’s not new. But instead of thinking of giving your wallet that is in your purse or back pocket to a website, imagine it is instead a proxy to your wallet, some sort of pointer to your wallet that the website or app can only read from, with your permission of course.
Maybe an example will help.
Let’s say I want to buy a Non-Fungible Token, NFT, from OpenSea, an online marketplace where artists and collectors can buy and sell artwork. What’s an NFT? Here's a great primer on the subject.
The first thing you’ll need to do is sign in to your wallet, not the application itself.
This is how you “sign-in” to a web 3.0 application -- you connect your Ethereum wallet (Ethereum is the public blockchain that OpenSea uses to enable the marketplace) to OpenSea and voilà, you’re done. OpenSea knows nothing about you. They only know that a cryptographic hash is now connected to their application and maybe they can infer your general location via IP address, but this is the case with nearly any web application today.
But what is my wallet? How do I get one?
Today, Metamask, a User Interface (UI) widget/browser extension that makes it easy to transact with the Ethereum network, is the most popular wallet for users of Ethereum applications.
There are dozens of wallets out there, but Metamask is the most widely adopted wallet at the time of this writing.
After just a couple of clicks in your Metamask wallet, your OpenSea “account” is ready to go.
You’ll notice that there was no username required but most importantly, no password. You just connect your wallet to the OpenSea application and you’re done! Just like in 2008 when Facebook Connect removed a ton of friction for developers to help onboard more users to their web 2.0 applications, connecting to dApps via blockchain wallets is a step function improvement in the process.
But wait a second, how is there no password? How does OpenSea know it’s my “account” the next time I sign in?
That’s the beauty of Web 3.0 applications. The only “password” that exists is the seed phrase of your wallet’s private key. What’s a seed phrase? It’s simply a mnemonic representation of your wallet’s private key.
Blockchains use public-key cryptography, which has been utilized for decades by software developers, as a means of generating one’s wallet. When you create a new Bitcoin, Ethereum, or Solana wallet, the wallet generates a private key and a seed phrase. This key and seed phrase belongs to you. You can write it down on paper, save it offline, memorize the seed phrase, etc. The key works independently of the wallet; the wallet is just a user interface to the key. The seed phrase that represents the private is similar to the master password to a password manager app (like 1password or Dashlane) -- as long as you have the master password you can always access your wallet, but also like your password manager, if you lose your master password it’s gone forever.
To recap, with Web 3.0 applications, dApps, there are no accounts, only wallets and no passwords, only seed phrases. This is a leap that will require some serious user experience research to make this process seamless for the majority of the internet’s users but is a solvable problem.
Okay great, so we can access dApps quickly and easily without giving up personal info but what about your data when using the app itself?
To understand how data works in a decentralized network, it is important to understand how dApps fundamentally change the programming paradigm for software developers.
Inputs and Outputs of Web 3.0 Apps
For decades software developers wrote applications where inputs and outputs to their applications were arbitrary.
If I wanted to get the squared value of a number I could write a function like the following:
If I wanted to echo back a user’s name to them with “Hello” prepended to the message I could write:
However, programming applications on public blockchains are fundamentally different -- the inputs are tokens and the outputs are transaction IDs.
This is a massive paradigm shift that probably requires its own long, drawn-out blog post, but there’s a simple way of thinking about it: cost.
For decades, web applications have and continue to run on web servers that are hosted somewhere. The authors and owners of the applications pay for those web servers whether they run on a cloud provider’s infrastructure like AWS or Azure or they run in their own data centers; the cost of running those applications is paid a priori by the owners of the applications themselves. The end-user never pays for the compute, storage, and networking required to run the web applications they interface with every day -- the cost is handled by the website! But there’s a problem there -- when the application is free, you are often the product.
This is where web 3.0 turns the cost model on its head. To interact with a web 3.0 application, beyond the “signing in” part, the end-user needs to pay the network itself. That’s right, you pay.
Let’s go back to our OpenSea example to better understand what this means.
Assume you are a semi-famous digital artist and you want to sell your latest work as an NFT. Because OpenSea is a decentralized marketplace built on top of Ethereum’s public chain, there is no centralized application running to handle the buying and selling or “escrow” of your work.
In the traditional art world, an artist would give their work to a gallery and the gallery owner would escrow the transaction, taking a cut of the sale for finding a buyer of the piece. On OpenSea, it’s no different except the escrow is a smart contract that is executed on the Ethereum blockchain and OpenSea takes a cut of the transaction.
The following code sample is an escrow smart contract written in Solidity, the Turing-complete programming language used to write Ethereum applications. Note, the following code should absolutely by no means be used in a production application and is only meant for demonstration (full tutorial here).
A couple of dozen lines of code and you have a fully functioning escrow smart contract. You as the seller of the NFT get paid from the buyer without relying on a third party. The smart contract handles the entire transaction, it is confirmed on-chain and is cryptographically verifiable. The result of executing this function is a transaction ID that anyone can inspect on Ethereum’s blockchain using a block explorer.
However, if the software is not running in a data center somewhere then who is providing the compute, storage, and networking resources and how are they getting paid? This is where miners or validators come into the picture.
Miners (Bitcoin, Ethereum) and validators (Solana) on a decentralized network are economically incentivized machines (nodes) that validate transactions on the network itself. They receive payment in the chain’s native currency (e.g., SOL on Solana). When the buyer of the NFT goes to execute the purchase, they must pay for the execution of the smart contract. On Ethereum this is known as a “gas fee” where gas refers to the unit that measures the amount of computational effort required to execute specific operations.
What should stand out here is that the programming model for running applications is entirely different in Web 3.0 than in Web 2.0 -- the end-user is responsible for payment.
So what’s the benefit? The user not only retains full control over their identity and data (with some obvious caveats like IP address) but application developers can now create applications that are “permission-less” meaning, there is no central authority dictating what type of applications can or cannot be run on the network.
Permissionless Networks
Today, a web application can be “turned off”. Users can be canceled from an application. Companies can be de-platformed from other companies that host the servers running their applications.
Writers, journalists, and artists can have their work removed at the will of autocrats or government agencies.
I’m not attempting to voice my political position on whether or not I agree or disagree with the actions that have been taken by these companies or governments, I’m simply stating them as facts, observations of a Web 2.0 world where networks are permissioned.
By agreeing to run your web application in a data center or on your home’s internet service provider, you are inherently restricted.
Web 3.0 applications remove this barrier given that the networks themselves are decentralized.
There’s a pedantic argument to be made about how decentralized a network actually is and how decentralization is measured but if one simply compares web 2.0 compute platforms to web 3.0 platforms, the delta is obvious -- permissionless networks are by definition more decentralized.
All of these networks and the applications that run on them are open source, in fact, they have to be for the networks to run them. In some cases, the smart contracts/programs will be packaged into binary format, but they can be reverse-engineered with some tinkering. But Web 3.0 is doing something even bigger to open source than just forcing all of their applications’ source code to be open -- web 3.0 is solving the funding problem of open source software.
Web 3.0 and the Future of Open Source
As someone who bootstrapped and funded a commercial open source business, I have a unique perspective on how difficult it is to grow and fund open source projects. It is extremely difficult to explain to venture capitalists why they should fund something free to use.
For decades developers have committed their time and energy to writing code, filing bugs, patching security issues, and growing a community without getting paid a dime to do it for countless open source projects. Yet today, open source software is what powers nearly all of the internet! Imagine that. Software that people mostly didn’t get paid to work on is supporting the most impactful technological invention in centuries.
But therein lies the problem. Funding open source is inherently difficult and unsustainable given the current Web 2.0 model. Sure we can tip or offer grants to individual developers or pay service providers to maintain a critical piece of a company’s infrastructure but this model is wrought with issues ranging from how payment happens and to whom it is paid and why.
Moreover, most open source projects suffer from a bootstrapping issue -- how does one incentivize people to participate in a new open source project? Over the past 15 years, we’ve seen several projects incubate in places like Facebook, Google, and Microsoft where these large organizations are paying developers to work on a critical product (e.g., Chromium) or piece of infrastructure (e.g., Cassandra). The open source community has benefited tremendously from this type of corporate sponsorship, but it requires budget, permission, and approval.
However, there is now a viable alternative. Bitcoin is open source. So is Ethereum. As is Solana, Polkadot, Cosmos, and countless other decentralized protocols that issue their own tokens. The ability for a project to bootstrap itself by issuing a token that the market determines as valuable or not has more or less solved the bootstrapping problem for open source projects.
In fact, even if an open source project isn’t a new protocol or network that needs a token per se, they can create a “Decentralized Autonomous Organization” (DAO) and issue a “governance token” that users can buy, sell and hold and use to vote on proposals for how the open source project evolves and changes over time, even voting on whether or not to pay developers to add new features, squash bugs, or collect bounties for security holes.
For example, Mango, an open source market built on Solana, recently had its token owners vote on a proposal to have the proceeds of its token sale be moved into the DAO’s treasury.
DAOs are a fascinating outcome of early developments of Web 3.0 and have been evolving for nearly five years. More and more open source projects are creating DAOs and issuing their own tokens allowing the market to dictate their value, not capital allocators or prospective acquirers.
What’s Next
The internet is a constantly evolving organism and has proved not only Paul Krugman wrong (the internet has been slightly more impactful than the fax machine) but many other people as well. For the past few years now, like Krugman, many pundits have doubted the rise of public blockchains, decentralized networks, and dApps; treating web 3.0 as nothing more than a ruse or vaporware.
What we do know about Web 3.0 is that there is significant developer interest and capital to support a new ecosystem of applications.
In 2021, the aggregate blockchain market capitalization eclipsed $2 trillion, dwarfing several other technology industries.
Tens of billions of dollars have been raised and money has been and is continuing to be deployed to projects, protocols, and companies to support the next iteration of the internet. Moreover, developers are flocking to web 3.0 dApp building so much so that “crypto” developer is now the highest-paying remote work job behind Swift (mobile) and AWS (cloud). Solana’s most recent hackathon in June of 2021 observed a 1250% increase in the number of applicants from its first hackathon just six months prior.
What’s next on the web is anyone’s guess, but there is no doubt that when developers begin to start hacking on a green field of technological opportunity there is a tremendous amount of value to be created and captured.
In summary, always follow the developers.
Best read of 2022, thank you for all of the insights and helping me visualize the next internet ecosystem / data economy.
Great read even 1.5 years on.