𝑯𝒆𝒓𝒆 𝒕𝒐 𝒃𝒓𝒊𝒏𝒈 𝒘𝒆𝒃3 𝒏𝒆𝒘𝒔 𝒂𝒏𝒅 𝒏𝒐𝒊𝒔𝒆 𝒕𝒐 𝒕𝒉𝒆 𝒖𝒔𝒆𝒓𝒔 𝒐𝒇 𝒕𝒉𝒆 𝒊𝒏𝒕𝒆𝒓𝒏𝒆𝒕.
Share Dialog
Share Dialog
𝑯𝒆𝒓𝒆 𝒕𝒐 𝒃𝒓𝒊𝒏𝒈 𝒘𝒆𝒃3 𝒏𝒆𝒘𝒔 𝒂𝒏𝒅 𝒏𝒐𝒊𝒔𝒆 𝒕𝒐 𝒕𝒉𝒆 𝒖𝒔𝒆𝒓𝒔 𝒐𝒇 𝒕𝒉𝒆 𝒊𝒏𝒕𝒆𝒓𝒏𝒆𝒕.
Subscribe to The New Protocol
Subscribe to The New Protocol
<100 subscribers
<100 subscribers
Imagine you’re at the airport, waiting to fly to Paris. You’ve spent the last 24 hours prior to the airport neurotically checking over absolutely everything you have (socks, underwear, more books than you’ll actually read, etc.) and making sure it’s all “packed up.” These days, especially with international travel, that usually includes TSA-approved locks and security on your luggage.
Now imagine you spend 20 hours on a flight, arrive in Germany for a layover, only to find that your luggage never made it off the tarmac. In fact, you’re told your luggage was lost or delayed in transit and they’re trying to find it still in their system. How on Earth is that possible! If I, as the passenger, can safely and effectively fly my personal being around the world, why is it so hard to get my luggage there too?
This is not hyperbole, my sister actually went through this very hell herself. However, this story is also an allegory into this idea of what it means to have “social trust.” You may not know it, but you use this very type of trust every day that you interact with another person or entity on this planet. Moving into the world of web3 as an IT person, I often see tons of criticisms of the technology surrounding hacks and exploits that have happened over the last year in the ecosystem. In the fervor, people like Jack Dorsey criticize web3 as an ecosystem that needs more “social trust” in order to recover and be more successful. But doesn’t this tech also tout being “trustless”?
While my sister is stuck at the airport, let me tell you about social trust, how blockchain protocols operate, and why the two are necessary to make web3 what it’s hailed to be: the next internet.
According to Social Trust and Economic Development, social trust is defined as “the underlying foundation of relationships among individuals, groups, and other components of a society.” It’s a vague way of saying there’s a structure to the way we trust people. This structure can be separated into smaller subsections of what overall social trust is composed of, the two main categories being interpersonal trust and institutional trust. As you can see by my stolen and nerdy chart above, interpersonal trust can also be broken down further into two more subsections: limited trust, and generalized trust.
Cool, I’ve rattled off a lot of hot keywords in front of “trust” and haven’t explained anything, but if you give that chart another look, there are actually already some pretty interesting things to extract from this:
We separate trust on the highest level between the type of trust used by institutions (we’ll call that B2B) and the type of trust used between individuals or groups of people (we’ll call that P2P or peer-to-peer). Those are distinctly different from one another.
P2P trust gets separated further into distinctly different categories: limited trust and generalized trust.
If we really want to go further, we also can separate generalized trust between two more categories: trust we base on an individual’s character/values, and trust we base on society’s character/values.
It’s probably easy to see why B2B doesn’t have that deeper divide, B2B only operates in limited trust. Think about it: agreements between business transactions are often contractual, mediated, and controlled in ways that require both or all parties to come to the same exact conclusion formally about what the transaction looks like. People don’t have to operate within such strict boundaries when making P2P transactions, we get to be free to trust people for any reason we agree upon. It could be an IOU, bartering, collateral, political ideology, or just because you feel like taking “a leap of faith” that you could trust someone enough to complete some kind of transaction with them, and that’s dramatically different from B2B trust.
Now, just because those things are defined separately, doesn’t mean we don’t mix them up a bit every now and then. Our economy often relies on P2B relationships (that is, an individual committing a trust transaction with a business). Whenever you sign an EULA with a video game, deposit money in a bank, or whenever you update your “Terms and Conditions” with Facebook, you’re committing to a transaction of trust between yourself and a business. The cards are often stacked against you this way, as you almost never create the contract you sign yourself and the business you’re agreeing to utilize services from often has a murder of lawyers making that agreement as complicated as possible for you. That’s often what makes these relationships so murky and trust so complicated.
However, it doesn’t have to be this way. Here’s where web3 comes in.
When bitcoin arrived it also brought a concept called “proof of work” into the networking world. Proof of work can be described as a method for validating data on a blockchain. When a Bitcoin block is mined successfully, the miner that successfully calculates the hash of the block sends it out to all other validators on the network to say “Eureka, this is the answer!” Once the other miners/validators on the network agree, they get a pat on the back with some crypto and the block is added to the chain (if you’re clever, you might say that blockchain trust imposes B2B trust on P2P relationships). Now, say someone went into a block on a blockchain and decided to change data, a transaction value, or redirect a transaction to a different user. In doing so, they’ve now altered the hash of the block and consequently each hash value for each block mined after it in the blockchain. A hash is like a transaction ID, once it’s calculated and the transaction is executed, it’s considered to be tethered immutably to the transaction that occurred. Since the now-altered hash of the exploited block is different, the proof of work system invalidates that block and every block subsequent to it. All of this is done because a group of computers cannot reach an adequate consensus to say that a block has been honestly written to the blockchain. They cannot reach a state of trust.
Most IT people I know will read that and go, “Woah, that’s amazing! Not only can I see when and where a hacked block is on the blockchain, it also promotes higher security of the overall blockchain!” This proof of work concept is the lynchpin for most products and services produced on blockchain technology (especially Bitcoin and old Ethereum transactions), and only recently has this system been “upgraded” to a more randomized version of this process called “proof of stake.” These systems tout their computational legitimacy as being “trustless” or requiring no agreement or party involvement to execute a transaction. However, crypto is still getting hacked, people are often still being exploited in web3; how is a system that is supposedly better for a fundamental and programmable lack of trust still needing so much of it?
My sister wasn’t the only one waiting at Charles de Gaulle for hours only to be told to come back another day; dozens of people were stranded that day in France without luggage, many of whom had connecting flights to other countries after Paris. While what happened to my sister is terrible, it’s also somewhat rare for people to lose their luggage on flights, much more so than you’d think: on average, airlines in the United States lost around two bags out of every thousand. Airlines have made remarkable strides in technology and security, and this happened because they focused on how bags are best identified, sorted and moved throughout airports and planes. It does happen though, and in most cases it’s a point of failure with mismanaging individual or small groups of luggage, not entire flights. How did airlines get so good at this? Well, they made a protocol for it.
A protocol is a process, or set of rules, used to describe how data is transported on a network. The one you’re using to read this article right now on your computer is HTTP, or “HyperText Transfer Protocol”. It’s a highway from point A to point B where only designated cars can drive, and we use it every day to move page after page, link after link, image after image through the internet. HTTP is what the modern web is built upon, and you use it every single time you type a “www.” in a browser’s URL bar or click a link on a website that takes you to a new page.
In the decades since the birth of the web, many different hacks and exploits have been drained out of HTTP because data moving through it is weakly protected. When you click a link or type a URL into a browser you’re essentially entering what is called a “get” command, which tells your browser and computer to send a request to “get” the target you clicked on or searched for. Your browser then sends that command to an origin server, or a caching server, and then waits for said server to send a response back, often in the form of another page referenced in the link you clicked on. The honey of the hive is in these caching servers; most are accessible by proficient hackers and in most cases they leave not just websites vulnerable but anyone that accesses them as well. The way this problem was later fixed was by introducing what is now known as HTTPS, which operates on different underlying protocols. Rather than managing security of data in these caching servers, HTTPS encrypts every packet of get and response data in SSL (the Secure Socket Layer) before it moves. Now, most social media websites or sites that handle legitimate card transactions use HTTPS.
That’s a web2 world, managed by P2B agreements with the likes of Facebook and Google. Web3 needed to have its own bag of protocols to operate on since HTTP network is so divergent in philosophy from blockchain tech. For instance, every blockchain protocol needs a digital asset to keep the network running instead of centralized servers like what web2 is built upon. These are also used as incentives for the peers who participate in the network. To do this, companies and creators instantiate the presence of digital assets such as coins and tokens to generate transactions that run the network. The two terms are often used interchangeably in the dictionary of blockchain words, but there is a subtle difference between them: coins are defined at the lowest level by the protocol itself. Coins are the native digital asset of a blockchain network (e.g. bitcoin protocol’s native currency is Bitcoin). Tokens on the other hand are the digital assets that are defined at a higher level not by the protocol but by smart contracts. For instance, the Ethereum protocol’s native coin is Ether (ETH). Ethereum allows developers to build, among other things, decentralized apps (dApps) on its protocol. Tokens are the native digital asset of dApps, not of the blockchain itself. The combination of coins and tokens, all managed by blocks on the blockchain, instantiates a transaction-specific security structure like HTTPS. Hooray! We’re secure without needing to trust anyone except for computer code! Now if only people weren’t involved…
I know, this is a lot, but the important thing to extract from this is that blockchain technology touts a “trustless” architecture, but at the same time requires users to transact assets just to operate. That’s wildly paradoxical on the surface, and that controversy alone has caused a slew of exploits lately: from Discord hacks on DAO-centric servers to phishing and minting scams on NFT websites. The world of technology very much still operates on a “move fast and break things” mentality, and hackers will always be around to look for exploitable opportunities in technology to either make means or a point. It’s been reported that in Q2 of 2022, web3 businesses and users saw losses upwards of over $718 million to hacking exploits (most of which happened in the decentralized finance, or DeFi space of web3). The most common exploits include:
Insufficient smart contract writing and deployment
Flash loan scams through DeFi services
Discord phishing
Wallet management exploits
See the pattern? Each of these problems happened on a very human level. People write smart contracts (for now) and they are limited in their scope because they’re written with the guise of executing a specific subsect of transactions on the chain. Solid projects in the web3 space have managed to regularly and proactively publish new contracts to modify existing exploits, but the necessity for a programmer or a team of people to articulate these scripts in a way that insulates them from exploits is dire. DeFi specifically struggles with this in its loaning capabilities, often with hackers executing smart contracts over existing loan contracts to circumvent the code and steal money. DeFi and coin-centric exchange technologies aren’t alone, NFTs are also prime real estate for hackers. Discord has seen hundreds of thousands of dollars stolen through phishing scams on servers and in direct messages with users, often with people asking for wallet addresses to connect with in an effort to exploit them. And even as of yesterday, Solana was hit with a massive hack on over 8000 wallets, impacting thousands of wallet holders (the entire wallet userbases of Phantom and Slope were impacted by this).
Why are these coders and tech enthusiasts getting gouged so heavily? Well, Andrew Wang for The Verge wrote:
“It seems almost paradoxical that a space whose users are generally fluent in traditional cybersecurity can become victims so easily. But in the NFT space, where a culture of community, vibes, and clicking fast on good deals rule, it is the socially-minded scams that are the most compelling. Scammers, whose ploys all depend on gaining a victim’s trust, exploit the same instincts that make the NFT space more a tight-knit community of friends than an assemblage of individual traders.”
He hits the nail on the head: it doesn't matter if you know everything about NFTs or web3 apps, or if you’re new to the game. These scams are exclusive to social trust exploitation and are fueled by the natural demand/hype a coin-based network system begets.
When my sister returned from Paris, it was my time to fly to France to visit. I had zero difficulty getting my luggage, and traveled all over northern France. I saw castles and chateaus, took sand from the D-Day beaches of Normandy and visited the US Sentry memorial. I swam in the fort of St. Malo, and rode bikes around the beaches of Mt. Saint-Michelle. All of these things I did were what my sister was supposed to do with her visit to France, and none of it was possible because of a simple misprint on her luggage label.
An important aspect often lost by those writing smart contracts or developing the next big web3 service is that people are the center of this, and they are who feel the consequences of a lack of systematic incorporation of trust. Ethereum requires nodes to operate, and users to operate or maintain those nodes. Hacking doesn’t just affect the overall value of the web3 ecosystem, it affects users, often in dramatically drastic ways and that is scary to those new to this space. If we as web3 enthusiasts and technologists want to truly promote this space as a haven from centralized web development, it should always be done with care for the audience we present it to. Educate your users on what you have developed and are developing. Be transparent, don’t just hype them up with what your service should be doing. Show them what it can do without the smoke and mirrors, or hype. That is how you establish trust.
Most importantly, we should be addressing the elephant in the room: as long as people are involved in the development of this human technology, trust is a component of transaction we must account for. Services like Jack Dorsey’s TBD web5 project claim to have made an “extra decentralized web platform” by incorporating trust mechanisms like “verifiable credentials” and “self-sovereign identification” to handle trust value in transactions. Legitimate DeFi platforms like PancakeSwap and AAVE offer risk rewards for people to find exploits and bugs in their code before they do. Services like these should be incorporated into any P2B-based transaction being replicated or executed on web3 because they account for the protection of the most important endpoint of every transaction: a person. As long as people can google how to easily hack Discord, and as long as people can Google how to hack luggage locks, there will always be people stuck at the airport waiting to experience the trip they were promised.
I will leave you with some of the best advice I’ve heard regarding development in web3: “Just as a pie is only as good as its crust, a relationship is only as good as its trust.”
Don’t just offer filling and say the pie tastes great. Make the whole pie delicious.
Need help with your web3 go-to-market strategy? Eager to dive into web3 and NFTs, but not sure how to approach it? Reach out to immutablelabs.io and schedule a chat with one of our experts!
Imagine you’re at the airport, waiting to fly to Paris. You’ve spent the last 24 hours prior to the airport neurotically checking over absolutely everything you have (socks, underwear, more books than you’ll actually read, etc.) and making sure it’s all “packed up.” These days, especially with international travel, that usually includes TSA-approved locks and security on your luggage.
Now imagine you spend 20 hours on a flight, arrive in Germany for a layover, only to find that your luggage never made it off the tarmac. In fact, you’re told your luggage was lost or delayed in transit and they’re trying to find it still in their system. How on Earth is that possible! If I, as the passenger, can safely and effectively fly my personal being around the world, why is it so hard to get my luggage there too?
This is not hyperbole, my sister actually went through this very hell herself. However, this story is also an allegory into this idea of what it means to have “social trust.” You may not know it, but you use this very type of trust every day that you interact with another person or entity on this planet. Moving into the world of web3 as an IT person, I often see tons of criticisms of the technology surrounding hacks and exploits that have happened over the last year in the ecosystem. In the fervor, people like Jack Dorsey criticize web3 as an ecosystem that needs more “social trust” in order to recover and be more successful. But doesn’t this tech also tout being “trustless”?
While my sister is stuck at the airport, let me tell you about social trust, how blockchain protocols operate, and why the two are necessary to make web3 what it’s hailed to be: the next internet.
According to Social Trust and Economic Development, social trust is defined as “the underlying foundation of relationships among individuals, groups, and other components of a society.” It’s a vague way of saying there’s a structure to the way we trust people. This structure can be separated into smaller subsections of what overall social trust is composed of, the two main categories being interpersonal trust and institutional trust. As you can see by my stolen and nerdy chart above, interpersonal trust can also be broken down further into two more subsections: limited trust, and generalized trust.
Cool, I’ve rattled off a lot of hot keywords in front of “trust” and haven’t explained anything, but if you give that chart another look, there are actually already some pretty interesting things to extract from this:
We separate trust on the highest level between the type of trust used by institutions (we’ll call that B2B) and the type of trust used between individuals or groups of people (we’ll call that P2P or peer-to-peer). Those are distinctly different from one another.
P2P trust gets separated further into distinctly different categories: limited trust and generalized trust.
If we really want to go further, we also can separate generalized trust between two more categories: trust we base on an individual’s character/values, and trust we base on society’s character/values.
It’s probably easy to see why B2B doesn’t have that deeper divide, B2B only operates in limited trust. Think about it: agreements between business transactions are often contractual, mediated, and controlled in ways that require both or all parties to come to the same exact conclusion formally about what the transaction looks like. People don’t have to operate within such strict boundaries when making P2P transactions, we get to be free to trust people for any reason we agree upon. It could be an IOU, bartering, collateral, political ideology, or just because you feel like taking “a leap of faith” that you could trust someone enough to complete some kind of transaction with them, and that’s dramatically different from B2B trust.
Now, just because those things are defined separately, doesn’t mean we don’t mix them up a bit every now and then. Our economy often relies on P2B relationships (that is, an individual committing a trust transaction with a business). Whenever you sign an EULA with a video game, deposit money in a bank, or whenever you update your “Terms and Conditions” with Facebook, you’re committing to a transaction of trust between yourself and a business. The cards are often stacked against you this way, as you almost never create the contract you sign yourself and the business you’re agreeing to utilize services from often has a murder of lawyers making that agreement as complicated as possible for you. That’s often what makes these relationships so murky and trust so complicated.
However, it doesn’t have to be this way. Here’s where web3 comes in.
When bitcoin arrived it also brought a concept called “proof of work” into the networking world. Proof of work can be described as a method for validating data on a blockchain. When a Bitcoin block is mined successfully, the miner that successfully calculates the hash of the block sends it out to all other validators on the network to say “Eureka, this is the answer!” Once the other miners/validators on the network agree, they get a pat on the back with some crypto and the block is added to the chain (if you’re clever, you might say that blockchain trust imposes B2B trust on P2P relationships). Now, say someone went into a block on a blockchain and decided to change data, a transaction value, or redirect a transaction to a different user. In doing so, they’ve now altered the hash of the block and consequently each hash value for each block mined after it in the blockchain. A hash is like a transaction ID, once it’s calculated and the transaction is executed, it’s considered to be tethered immutably to the transaction that occurred. Since the now-altered hash of the exploited block is different, the proof of work system invalidates that block and every block subsequent to it. All of this is done because a group of computers cannot reach an adequate consensus to say that a block has been honestly written to the blockchain. They cannot reach a state of trust.
Most IT people I know will read that and go, “Woah, that’s amazing! Not only can I see when and where a hacked block is on the blockchain, it also promotes higher security of the overall blockchain!” This proof of work concept is the lynchpin for most products and services produced on blockchain technology (especially Bitcoin and old Ethereum transactions), and only recently has this system been “upgraded” to a more randomized version of this process called “proof of stake.” These systems tout their computational legitimacy as being “trustless” or requiring no agreement or party involvement to execute a transaction. However, crypto is still getting hacked, people are often still being exploited in web3; how is a system that is supposedly better for a fundamental and programmable lack of trust still needing so much of it?
My sister wasn’t the only one waiting at Charles de Gaulle for hours only to be told to come back another day; dozens of people were stranded that day in France without luggage, many of whom had connecting flights to other countries after Paris. While what happened to my sister is terrible, it’s also somewhat rare for people to lose their luggage on flights, much more so than you’d think: on average, airlines in the United States lost around two bags out of every thousand. Airlines have made remarkable strides in technology and security, and this happened because they focused on how bags are best identified, sorted and moved throughout airports and planes. It does happen though, and in most cases it’s a point of failure with mismanaging individual or small groups of luggage, not entire flights. How did airlines get so good at this? Well, they made a protocol for it.
A protocol is a process, or set of rules, used to describe how data is transported on a network. The one you’re using to read this article right now on your computer is HTTP, or “HyperText Transfer Protocol”. It’s a highway from point A to point B where only designated cars can drive, and we use it every day to move page after page, link after link, image after image through the internet. HTTP is what the modern web is built upon, and you use it every single time you type a “www.” in a browser’s URL bar or click a link on a website that takes you to a new page.
In the decades since the birth of the web, many different hacks and exploits have been drained out of HTTP because data moving through it is weakly protected. When you click a link or type a URL into a browser you’re essentially entering what is called a “get” command, which tells your browser and computer to send a request to “get” the target you clicked on or searched for. Your browser then sends that command to an origin server, or a caching server, and then waits for said server to send a response back, often in the form of another page referenced in the link you clicked on. The honey of the hive is in these caching servers; most are accessible by proficient hackers and in most cases they leave not just websites vulnerable but anyone that accesses them as well. The way this problem was later fixed was by introducing what is now known as HTTPS, which operates on different underlying protocols. Rather than managing security of data in these caching servers, HTTPS encrypts every packet of get and response data in SSL (the Secure Socket Layer) before it moves. Now, most social media websites or sites that handle legitimate card transactions use HTTPS.
That’s a web2 world, managed by P2B agreements with the likes of Facebook and Google. Web3 needed to have its own bag of protocols to operate on since HTTP network is so divergent in philosophy from blockchain tech. For instance, every blockchain protocol needs a digital asset to keep the network running instead of centralized servers like what web2 is built upon. These are also used as incentives for the peers who participate in the network. To do this, companies and creators instantiate the presence of digital assets such as coins and tokens to generate transactions that run the network. The two terms are often used interchangeably in the dictionary of blockchain words, but there is a subtle difference between them: coins are defined at the lowest level by the protocol itself. Coins are the native digital asset of a blockchain network (e.g. bitcoin protocol’s native currency is Bitcoin). Tokens on the other hand are the digital assets that are defined at a higher level not by the protocol but by smart contracts. For instance, the Ethereum protocol’s native coin is Ether (ETH). Ethereum allows developers to build, among other things, decentralized apps (dApps) on its protocol. Tokens are the native digital asset of dApps, not of the blockchain itself. The combination of coins and tokens, all managed by blocks on the blockchain, instantiates a transaction-specific security structure like HTTPS. Hooray! We’re secure without needing to trust anyone except for computer code! Now if only people weren’t involved…
I know, this is a lot, but the important thing to extract from this is that blockchain technology touts a “trustless” architecture, but at the same time requires users to transact assets just to operate. That’s wildly paradoxical on the surface, and that controversy alone has caused a slew of exploits lately: from Discord hacks on DAO-centric servers to phishing and minting scams on NFT websites. The world of technology very much still operates on a “move fast and break things” mentality, and hackers will always be around to look for exploitable opportunities in technology to either make means or a point. It’s been reported that in Q2 of 2022, web3 businesses and users saw losses upwards of over $718 million to hacking exploits (most of which happened in the decentralized finance, or DeFi space of web3). The most common exploits include:
Insufficient smart contract writing and deployment
Flash loan scams through DeFi services
Discord phishing
Wallet management exploits
See the pattern? Each of these problems happened on a very human level. People write smart contracts (for now) and they are limited in their scope because they’re written with the guise of executing a specific subsect of transactions on the chain. Solid projects in the web3 space have managed to regularly and proactively publish new contracts to modify existing exploits, but the necessity for a programmer or a team of people to articulate these scripts in a way that insulates them from exploits is dire. DeFi specifically struggles with this in its loaning capabilities, often with hackers executing smart contracts over existing loan contracts to circumvent the code and steal money. DeFi and coin-centric exchange technologies aren’t alone, NFTs are also prime real estate for hackers. Discord has seen hundreds of thousands of dollars stolen through phishing scams on servers and in direct messages with users, often with people asking for wallet addresses to connect with in an effort to exploit them. And even as of yesterday, Solana was hit with a massive hack on over 8000 wallets, impacting thousands of wallet holders (the entire wallet userbases of Phantom and Slope were impacted by this).
Why are these coders and tech enthusiasts getting gouged so heavily? Well, Andrew Wang for The Verge wrote:
“It seems almost paradoxical that a space whose users are generally fluent in traditional cybersecurity can become victims so easily. But in the NFT space, where a culture of community, vibes, and clicking fast on good deals rule, it is the socially-minded scams that are the most compelling. Scammers, whose ploys all depend on gaining a victim’s trust, exploit the same instincts that make the NFT space more a tight-knit community of friends than an assemblage of individual traders.”
He hits the nail on the head: it doesn't matter if you know everything about NFTs or web3 apps, or if you’re new to the game. These scams are exclusive to social trust exploitation and are fueled by the natural demand/hype a coin-based network system begets.
When my sister returned from Paris, it was my time to fly to France to visit. I had zero difficulty getting my luggage, and traveled all over northern France. I saw castles and chateaus, took sand from the D-Day beaches of Normandy and visited the US Sentry memorial. I swam in the fort of St. Malo, and rode bikes around the beaches of Mt. Saint-Michelle. All of these things I did were what my sister was supposed to do with her visit to France, and none of it was possible because of a simple misprint on her luggage label.
An important aspect often lost by those writing smart contracts or developing the next big web3 service is that people are the center of this, and they are who feel the consequences of a lack of systematic incorporation of trust. Ethereum requires nodes to operate, and users to operate or maintain those nodes. Hacking doesn’t just affect the overall value of the web3 ecosystem, it affects users, often in dramatically drastic ways and that is scary to those new to this space. If we as web3 enthusiasts and technologists want to truly promote this space as a haven from centralized web development, it should always be done with care for the audience we present it to. Educate your users on what you have developed and are developing. Be transparent, don’t just hype them up with what your service should be doing. Show them what it can do without the smoke and mirrors, or hype. That is how you establish trust.
Most importantly, we should be addressing the elephant in the room: as long as people are involved in the development of this human technology, trust is a component of transaction we must account for. Services like Jack Dorsey’s TBD web5 project claim to have made an “extra decentralized web platform” by incorporating trust mechanisms like “verifiable credentials” and “self-sovereign identification” to handle trust value in transactions. Legitimate DeFi platforms like PancakeSwap and AAVE offer risk rewards for people to find exploits and bugs in their code before they do. Services like these should be incorporated into any P2B-based transaction being replicated or executed on web3 because they account for the protection of the most important endpoint of every transaction: a person. As long as people can google how to easily hack Discord, and as long as people can Google how to hack luggage locks, there will always be people stuck at the airport waiting to experience the trip they were promised.
I will leave you with some of the best advice I’ve heard regarding development in web3: “Just as a pie is only as good as its crust, a relationship is only as good as its trust.”
Don’t just offer filling and say the pie tastes great. Make the whole pie delicious.
Need help with your web3 go-to-market strategy? Eager to dive into web3 and NFTs, but not sure how to approach it? Reach out to immutablelabs.io and schedule a chat with one of our experts!
No activity yet