Blockchain Platform Plays

Software platforms are great businesses. The more dominant your platform becomes, the greater the virtuous cycle. If everyone is building on iOS and Android but not Windows Mobile, that is a massive leg up for Apple and Google and a very difficult hurdle for Microsoft.

If blockchain technology ends up being a cornerstone of the future internet, what are the platform sized opportunities waiting to be capitalized on? Here are the predictions I’ll explore in this post

  • Wallets as we know them today will become secure enclaves for private keys. Wallets as we’ll know them in the future will be feature rich interfaces for different blockchain operations. Just like we had web browser wars, we may have wallet wars
  • An explosion in standards and concerns about trust might drive people to dApp marketplaces
  • Decentralized protocols are new foundations for building products. This new foundation will open up the opportunity to make an AWS for the blockchain
  • Just like blogging and e-commerce ended up being services that millions of people need, the blockchain ecosystem will have its own generalized consumer platforms
  • Key management will be taken seriously at the consumer level with recoverability options that tolerate people making mistakes
  • Just like email and domain names provide human abstractions on top of today’s internet, a rich identity system will be layered on top of Ethereum addresses. You won’t ask people “What is your Ethereum address?”
  • We’ll have a sift science for the blockchain world. Companies will flag transactions that seem suspicious just like your credit card provider does now if you suddenly buy something in another country.

Lay of the Land

What platforms have shaped technology? Specifically, what technologies are so fundamental that we have entire economies built on top?

There are crucial platforms that lots of consumers interact with on a regular basis:

  • Operating systems
  • Web browsers
  • Mobile app stores
  • Gaming devices (Xbox, Playstation)

There is also critical infrastructure that consumers don’t see:

  • Databases (Oracle, PostgreSQL, MongoDB)
  • Photo and video editing tools (Photoshop, After Effects)
  • Cloud services (AWS, Google Cloud)
  • Managed application platforms (Heroku)

Platform Properties

What properties do these platforms share?

Platforms have a virtuous cycle that reenforces market dominance

People skip building for Windows phone because iOS and Android cover most of the market. This results in mobile developers learning more about iOS and Android while remaining ignorant about other platforms. Every app not developed for Windows makes it harder to justify buying a Windows phone.

Entire businesses are built on top of each platform and people build careers by being specialists

Heroku built a platform business on top of AWS which is a platform of its own. Plenty of people list AWS, Docker, and iOS development on their resumes. A big part of being a designer is knowing your way around Photoshop and Illustrator.

Platforms are general enough to not constrain which ideas can be built on top

Operating systems are so obviously general you can run another operating system in a VM. You can build almost anything in a web browser. iOS developers have access to almost all the phone’s capabilities barring user permissions and some privacy constraints.

Businesses building on platforms accept the hoops they have to jump through

Everyone building on iOS knows they have to get their app approved and jump through hoops like getting a DUNS number. Dropbox happily built on AWS even though storage is obviously their core competency; it wasn’t until close to IPO that they rolled out their own data centers. Web developers have been hacking around browser functionality differences for as long as web development has been a career.

In Bitcoin, value captures you

There are a lot of incentives to flock to blockchain technology. I think one reason is that people correctly identify that the blockchain is obviously going to be a platform if it is successful. Getting in early on a new platform can be valuable. Even if you don’t build the platform yourself, you are still part of the new frontier and if you build expertise you’ll see opportunities early.

It is hard to build different platforms on top of Bitcoin. Since it isn’t turing complete, it can really only do a few tricks. People can send money and they can do multisig transactions as a security measure. If you want to innovate on Bitcoin by trying to build something platform-esque like the ability to request payment from someone, it is very likely that Bitcoin itself will capture the value instead of your business. This is why we’ve only seen one really big platform play so far for Bitcoin: websites like Coinbase and Gemini for buying bitcoin using fiat.

Speculating on the Future

Lets imagine a future where blockchain technology is ubiquitous and used at scale. Further, lets say that whatever blockchain solution wins has smart contracts. What are the lucrative platform plays going to look like in this world? It is hard to predict specific futures, so I’m going to speculate along many themes and the list might not be totally consistent.

Wallet UIs will be the new web browser

People use all kinds of wallets right now. If you have a ton of funds, throw it in a hardware wallet. If you need to use it in a dApp, put it in Metamask. Right now, the tool that stores your private key is also responsible for displaying a UI to explain what is going on. Here is what it looks like to approve transactions today in some popular wallets.

Approving transactions today

This isn’t what the future looks like. Turing complete smart contracts could be doing anything and end users need a user interface to explain what is going on. The Ethereum community is working on new standards for signing data that also let wallets provide better UIs:

My mom isn’t going to know what these mean either, but at least I can guess roughly what I’m doing based on the two dialogue windows.

I think what we currently view as “wallets” will become “secure enclaves” for private keys which expose very minimal interfaces for signing, encrypting, and decrypting. Wallet UIs will integrate with different secure enclaves and focus on providing many APIs to different signature and transaction requests. Just like with early web browsers, I expect an explosion of standards for handling different types of transactions and signatures, similar in spirit to the very early changes we’re seeing in EIP 712 (pictured above).

I think the community will eventually adopt conventions for signaling things like

  • “I’m delegating authority to another party”
  • “I’m spending Ethereum or tokens” (not necessarily via a direct transaction or token; think about things like multisig wallets)
  • “I’m intentionally burning something of value”

and so on. In other words, common operations could be identifiable in smart contracts in the future and wallet interfaces could support a wide array of signals to the user to let them know what is happening. Think of it as similar to OAuth dialogues we are all used to seeing today:

dApp marketplaces

As dApps explode, I bet we end up with some real trust and compatibility issues. As more people interact with applications using wallets that contain funds, attackers will get more clever at tricking users out of their funds. Here is an example attack I demonstrated in the past:

Separate from trust, if we see an explosion of conventions for conveying different operations in wallet UIs like I just mentioned, we’re going to see a lot of wallets with frustratingly varying behavior that will feel like CSS did back when we all had to support IE6.

Massive issues with trust and compatibility might create the perfect storm for people to flock to walled gardens similar to the iOS app store. Platforms where dApps can be reviewed and everyone integrates against the same APIs.

Toshi and Status are already trying to capture this opportunity.

AWS for blockchain

Young startups need to focus on their core competencies and defer other work for as long as possible. Heroku and Ruby on Rails were so successful together because it let people skip all the boilerplate app code and also skip a ton of deployment headaches. Ruby on Rails worked for so many people because a lot of applications have a similar formula:

  • Frontend views
  • CRUD internal API
  • Relational database
  • Redis for delayed jobs
  • Templates for sending emails

Heroku built on top of AWS to fit Rails’ mold and work out of the box. Creating a startup became really easy:

git init
rails generate
git add --all
git commit -m "YC here we come!"
heroku init
git push heroku master

If you want just the raw basics today for Ethereum and IPFS, you have infura. If you want more, you have to deploy your own node. Infura will fill out more core functionality with time, but AWS is much more than launching and killing servers too. Some of their other popular services include:

  • Amazon S3: where every file you’ve ever uploaded to the internet lives
  • Amazon Cloudfront: Content delivery for serving files
  • Amazon SNS: Easy push notifications for every device

So how does this extend to the decentralized web? Here are some ideas:

  • Using delegated transactions? A service can make sure those transactions are submitted and get mined. The service could keep fantastic logs of every transaction it handles. Monitoring tools can push notifications to your app if it fails to mine. The dashboard could let you specify how quickly you need transactions mined and figure out gas prices for you
  • Uploading a file to IPFS? Great! You know it isn’t guaranteed to be hosted forever by default, right? If you run your own IPFS node, you can look for files that need to be pinned and then pin them. Blockchain AWS could expose a service for handling this though. Just upload through them, or give them the file’s hash, and they’ll make sure it never disappears.
  • Want to let your users know when certain events happen on the blockchain for your dApp? Point blockchain AWS to your smart contracts, specify how to interpret different events, and tell the service how to send webhooks to your app (or user devices) using the event information

I’m mainly just spitballing here, but point is that there is a lot of functionality that can be simplified for end users.

What is the takeaway for our AWS for blockchain? AWS isn’t just about creating servers and infrastructure for Ethereum isn’t just about having a web3 compatible RPC. AWS wants to be the go to infrastructure for every technology modern software companies need. A blockchain equivalent would do the same for the decentralized web.

Wordpressification of common needs

Wordpress wants to be everyone’s blog. Shopify wants to be every business owner’s e-commerce engine. Both are well on their way to achieving these goals. Wordpress claims to power 30% of the internet and Shopify powers ~270k stores.

Wordpress and Shopify represent the complete elimination of programming for very specific but common use cases. They focus on

  • Quick and painless setup
  • Admin dashboards for data entry
  • Drag and drop customizability

Blog owners can add other authors with different permissions, each can write and publish blog posts, anyone in the world can comment, and authors can either reply to or ban commenters. Store owners can add products, specify prices, and create coupons. Anyone can place an order and the store owner can fulfill it or refund.

These platforms are about making these interactions easy for both the website users and their owners. File storage, database interaction, and moderation are all completely abstracted.

Blockchains are just databases and a smart contract represents a series of state transitions. Complex smart contracts will always require a team of specialists doing their best to write correct code and audit it for issues. I don’t necessarily think there will be a blockchain Wordpress and a blockchain Shopify. Instead, I think if blockchain technology is a cornerstone of the web in the future, we’ll probably have extremely common use cases that can be abstracted to the level of not requiring code. Whoever builds that will have a platform similar to Shopify and Wordpress.

Recoverable key management

If people are going to control real money with private keys, they can’t be digging around the dump trying to find their old hard drive. We can’t say “that’s a shame” if someone drops their phone in the pool and their private key dies with it. We probably will need a way forward if people get their iCloud account hacked and that leaks private key information. You can cancel your credit card and request a new one; if you can’t cancel your private key, that is strictly a worse experience for the end user.

In the future, I bet we have a sophisticated systems for maintaining many different keys in different places. For example, say I have the following:

  • A private key that lives only on my phone
  • A private key that lives only on my laptop
  • A private key that lives only on iCloud
  • A hardware wallet key
  • A private key that can be reassembled by three of my close friends that none of them individually can recover
  • A private key owned by a company that has verified my Facebook account, Google account, and phone number

You could write a series of contracts that lets users register each of these keys. Each key could have a certain set of privileges. For example:

  • My iCloud key could invalidate my phone key in case I lose my phone. Maybe this freezes my account for a day or two and requires me to confirm over email that I wanted to do this
  • The phone key plus the laptop key could refute a deactivation coming from my iCloud key, in case my iCloud is actually the thing that got hacked.
  • I could ask the company controlled key to freeze my account and deactivate my phone, laptop, and iCloud keys in the case where someone hacked me really hard. The company’s key can only freeze and then deactivate, it can never actually act on my behalf
  • The phone key can make small transactions below $200
  • The hardware wallet key is required for transactions above $200

We’ll need a system that lets people recover from different failure conditions. If this key management system was at the center of some identity concept that other dApps integrated with, you could even define rules like not actually allowing funds greater than $500 to be spent within 24 hours.

Consumer Identity instead of addresses

John: Hey Devon, what is your Ethereum address? I want to invite you to this cool dApp I just signed up for.
Devon: My Metamask address, my Coinbase wallet address, or my hardware wallet address?
John: Metamask

This is not what the future looks like. At the very least, we’ll have something like an email address and I’ll ask for that. It shouldn’t point to a specific wallet address though, it needs to be pointed at some contract that represents a holistic identity. This fits perfectly with the key management and permissions platform I just mentioned. A recoverable and portable identity that maps to a person and can be used with different dApps is what things should look like down the line.

John: Is your BloomID still devon.id ?
Devon: Yup
John: Nice alright I just invited you to this cool new dApp.

That sounds more like it.

Sift Science for Transactions

As annoying as it may be to have your credit card declined as soon as you try to buy something in Las Vegas, it happens for a good reason. Small charges that don’t fit normal user behavior are a reliable signal that something fishy is going on, especially if it is in another state or country.

If I start sending funds from my personal account at unusual times and to brand new addresses, maybe that should trigger a fraud signal! A business could definitely create a series of contracts that it controls that receive Ethereum or tokens and hold on to them for a few minutes before forwarding the funds to the intended recipient. With a generalized intermediary contract like this, external software observing transactions could watch account activity over a lot of users and proactively freeze transactions that look fishy. Combined with a holistic identity solution and permissioned key management, this could be a great added security measure to help make sure that users don’t lose out big time.

Sift Science is an interesting business because they provide generalized solutions for fraud prevention. Account takeover, payment fraud, and promo abuse (people gaming marketing campaigns) are a few things they specialize in. I don’t even have to be creative here in coming up with blockchain specific things, lets just port this to the blockchain world:

  • Adding new keys to your identity contract? Calling transferOwnership on a contract you own? Account takeover detection could help
  • Sending unusually large or small amounts of funds? Sending at a weird time? Using a private key to send funds that you haven’t before? Bam. Payment fraud detection
  • Spike in airdrops? Lots of accounts being created with no further activity? Promo abuse detection!

Conclusion

I think there are a few clear themes we should think about for blockchain in the long run.

Infrastructure, APIs, and SDKs will simplify the common stuff

You don’t get much “out of the box” right now when you build a dApp but there is obviously going to be a lot of repeated work as people build companies in this space. AWS for blockchain will make building dApps at scale easier. Extracting common building blocks to APIs, external services, and SDKs will make it easier to build products as the common stuff will extracted and polished by specialists.

If blockchain is big, there might be a Wordpress sized abstraction

Some use cases are so common that it is worth building a generalized platform that anyone can use. Personal website builders, blogging platforms, and e-commerce engines are a few examples that stand out today. What will these opportunities look like in the blockchain world? Stores with guaranteed accurate reviews and simple order management (purchase, escrow, refund) seem like a viable opportunity.

Wallets are browsers

I think we’ll see more conventions in the long run that will help wallets clarify what is happening to end users. Imagine OAuth permission dialogues but for approving transactions. There will be an explosion of standards and APIs like we saw for web browsers and providing a full service wallet will be one of the most complex tasks a blockchain oriented dev team can take on. Private key providers will expose a minimal interface and we’ll come to think of wallets as the interface on top.

If we see an explosion of standards similarly chaotic to the early web, it might be frustrating to use dApps for a while as supported APIs vary and their implementations differ. A dApp store like Toshi could emerge to address this chaos and give people a reliable place to build and consume.

There will be more than Ethereum addresses

Ethereum addresses will be abstracted out of the picture by a full featured managed identity that can be resolved by something like john.id. This identity concept should include powerful private key management with recovery paths for different situations. Permissions should make it easy for users to do small transactions with an easily accessible key while falling back to more secured solutions for high value operations.

Along with managed identity, I think we’ll have contracts that temporarily sit in the middle of transactions in order allow for something like Sift Science for the blockchain. It doesn’t always need to be game over if you lose a private key.

Thanks to Alain and Devon for reading early drafts of this post.

Like what you read? Give John Backus a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.