Web2 Social Pitfalls
Facebook, Instagram, WhatsApp, Google+, Twitter, SnapChat, LinkedIn, Clubhouse.
Billions of users. Logins. Messages. Statuses. Stories. Profiles. Phone numbers. Screenshots. GPS data. Audio recordings. AI derived political affiliation, sexual orientation, vulnerability to advertisements. For sale.
The grand experiment of Web2 is coming to an end. We have all the data we need—and the Web2 companies have all the personal data they can get their hands on. What have we learned?
That centralized companies do not have users' best interests at heart.
That users are products.
That your privacy is forfeit.
That your speech is censored.
That your data is not secure.
That authoritarian governments control your data and voice.
That "loving open source" is not being open source.
That centralization interferes with democracy.
That we can do better. It's time to sunset Web2.
Centralized web2 companies are driven by incentives that conflict with their users', which leads to massive incursions on privacy, vulnerability to governments, fragile data security practices, and undemocratic operation of the services
Your incentives are not the same
Centralized companies are motivated to profit—which is not inherently bad—but their profit can develop entirely separate from user experience.
Users (somewhat obviously) want good UX. Centralized companies want money. Sometimes, this can work out perfectly fine: a company increases its user base by providing a good UX. But sometimes, this doesn't work out at all: Facebook can extract more money from its users at the expense of UX by transforming your personal data into profit.
Put more generally, a centralized company has to maximize profit for shareholders, not user experience, and if these are ever in conflict, profit will win out.
Centralized companies want your data, because in their hands, and with your subconscious help, it turns into money. More specifically, it helps them take more of your money, because they can more easily convince you to buy things—or even vote a certain way, as demonstrated by Cambridge Analytica.
Part of DeFi's success is found in the incentive structures of the decentralized organizations and protocols: they are made to be public goods, services that fund themselves in straightforward and obvious ways, and that do not siphon user data to be sold.
These services are so successful because the incentives of the creators and the users are the same, because the creators and the users are the same.
Web3 social will surpass Web2 because it is not limited to the maximally profitable user experience. The best user experience will win out, and that's one that isn't exsanguinating personal data.
"It's security vs. privacy" - The Government
A common refrain of openly—or not so openly—authoritarian governments: your privacy must be sacrificed for your own safety. Encrypted messaging? Terrorists use that! After all, if you've got nothing to hide, you've got nothing to fear.
Government action can shatter even the best intentions. In November 2020, The privacy-focused email service Tutanota was ordered by a German court to monitor an account and hand over any sent & received emails in plaintext.
Reddit has been ordered to actively monitor and report the metadata of one account's communications for several years (2016-2017, 2019-2020). Reddit, Google, and Facebook have guides on how to most efficiently submit warrants and subpoenas. Ancestry.com and 23andme.com can make inferences and conclusions about your DNA even if you've never used them.
Using a centralized Web2 service is putting your personal data in escrow, to hand over to your government as soon as either they, or the Web2 company in question, decide you have done something wrong. This privacy cannot be recovered—even if they were mistaken, your data is no longer in your control. If you're lucky, the government will get rid of it, but the fact that people were sifting through your information—your movements, your spending habits, your browsing activity—cannot be undone.
India is trying to coerce Facebook, WhatsApp, and Twitter to censor whatever content the Indian government wants, as well as record metadata that could be used to identify users posting such content. Reddit has a long history of censoring on behalf of itself, as well as several governments. As long as there is centralization, there is a vector for coerced censorship.
It's not security
More than 163 million people lost their privacy when Equifax, through inadequate security, let hackers into their system. Names, birthdays, addresses, Social Security numbers, and credit card numbers were taken. More than half the adults in the United States at the time had their data stolen.
Facebook has had at least 5 data breaches since 2013. These included compromised passwords (from storing them in plaintext... in 2019), phone numbers, names, and birthdays. Regarding one of these breaches in 2019, affecting 540 million accounts, Facebook said that it was "old data" and that it would not be advising users about the breach.
Yahoo lays claim to the largest data breach in history: 3 billion users' names, birthdays, emails, phone numbers, security question answers, and password hashes.
A centralized financial company, First American Corporation, lost 885 million records of transactions, social security numbers, account records, and more.
Mariott Hotels, in a data breach spanning multiple years, lost names, emails, phone numbers, passport numbers, and travel details of more than 300 million guests.
Centralization over democracy
In 2018, more than 3,100 Google employees asked the company to stop working on an AI computer vision project for the US Department of Defense, saying Google should not "build warfare technology". Google relented, and did not renew the contract for that project.
Unfortunately for the pacifist Google employees, within 2 years Google made a deal to work on another DoD project. This is a much higher profile, and much more widespread story than most involving a company making decisions in conflict with the will of their employees. If you've ever thought your boss or management was doing something wrong and refusing to take advice about it, you understand the frustrations of centralization.
What lies yonder
We are all the architects. We get to decide how Web3 will look, and right now, it looks pretty good. That said, we should be cautious not to drop into these pitfalls. Smart contracts and blockchain provide a good foundation, but are not sufficient without a strong community to build end-to-end encrypted communication, to battle centralization in crypto with non-custodial wallets and tools, and to combat authoritarianism with censorship-resistant protocols. In short, to support the growing infrastructure of Web3.
Decentralized platforms are equipped to offer a better service, without treating you as a product, to offer better and more auditable security, with less vulnerability to authoritarian governments, more resistance to systemic failures, and to preserve your agency, your privacy, and your freedom of speech.
Web3 social lowers the burden of trust to participate. The keys to your personal data kingdom do not need to be sacrificed to use social networks. Don't trust centralized authority, because you don't have to.
DeSo (or W3So?), IPFS, DAOs, DeX's, DeFi: many Web3 tools of the future are available now. Protect your data. Defend privacy. Fight for freedom.