Dapps can successfully compete with the censored web

tldr; Smart contract platforms which prioritize censorship-resistance can successfully compete with Tor hidden services and the censored web.

Introduction

Ethereum’s community has recently been going about a rebranding of Ethereum. This is a consequence of dapps falling short of expectations when Ethereum was once thought of as a world computer. There are dapps and they work, but they fail to find product market fit and attract users. The Ethereum community is now focusing on the few dapps which seem to have the most promise, often financial tools such as exchanges and collateral backed assets, branding Ethereum’s narrative as open finance.

Here I use first-principles to identify how we should try to leverage dapps to find better product-market fit, focusing on the censored web.

What is a killer application?

From the wikipedia page:

a killer application (commonly shortened to killer app) is any computer program that is so necessary or desirable that it proves the core value of some larger technology, such as… a software platform...[1] In other words, consumers would buy the (usually expensive) hardware just to run that application. A killer app can substantially increase sales of the platform on which it runs.[2][3]

So we just need to find something that requires the unique properties of blockchains and dapps, and it needs to solve the underlying problem that drives consumer adoption more effectively than on other platforms. Examples of this were Internet Explorer facilitating Windows purchases, and Email facilitating personal computer purchases.

About dapps

Properties

  1. They allow for trust-minimized computations.
  2. They are tightly coupled with a monetary system.
  3. They can be censorship-resistant (platform dependent).

Dapps are sometimes described as enabling permissionless innovation but this lends more to the lack of regulation around cryptocurrencies and dapps in general than to any of its existing properties.

The DAO was capitalizing on #1, trust-minimization, to allocate money fairly based on shareholder preference. The “open finance” narrative is capitalizing on #2, the coupling with a monetary system, to create financial tools. This article is going to focus on #3, censorship resistance.

Performance metrics

.

ETH dapps vs. AWS/BerkleyDB

The performance metrics of dapps on Ethereum are startlingly inefficient compared to centralized services. There are no performance metrics I know of where dapps out-compete centralized alternatives. This is to say that dapps are unlikely to compete with web services as a general computing and data storage platform. Worse still is that any technology improvements will apply to AWS/BerkleyDB in the same way that they apply to dapps.

Users will typically choose whatever solution solves their underlying problem. Unfortunately those problems are typically speed and cost, which decentralized systems do not excel at. This is to say that there is not much sense in dapps trying to compete with existing web services without a really, really good business reason. Instead, we can find a niche for dapps by leveraging their properties to solve specific problems better than centralized services. Fortunately, censorship-resistance is something that dapps can be great at, and web services are weak at.

What is our threat model for censorship?

Governments

Government censorship of a filesharing service for violating copyright law

This is the most obvious case. Anything service which may violate codified laws, anything against the interests of powerful political or business groups, anything against the interests of government, etc is at risk. This requires a very sophisticated kind of censorship-resistance that is tactfully decentralized and operates within the bounds of the law, or merely something beyond the reach of control by anyone. Think Napster, Wikileaks, BitTorrent, Backpage.

Platform owners

US congresses passes FOSTA which makes websites criminally liable for the content users post. This created an exemption to safe harbor laws. Now sites could be criminally liable if users were engaging in prostitution.
Shapeshift implements KYC do reduce legal risks

Typically platforms exert censorship pre-emptive of government pressure. It’s why Craigslist shut down their personals section; why Twitter is purging bots; why Shapeshift is requiring KYC; and why Facebook/YouTube is removing content that could be considered objectionable. Platforms will also remove content not conducive to their growth, which is why platforms will frequently remove nudity and allow users to report harassment. If the censorship were not happening because of government pressure, then an architectural change is not needed. The answer would just be to run the service on another platform with more friendly owners.

In this article I focus on censorship-resistance from governments because its the only case that requires a new kind of platform. There are also known business models which have been suppressed by government.

How governments exert censorship

The service is legal

Intimidation by government with the threat of federal charges that could land the owners in prison for decades. If they do not comply, like Backpage or Wikileaks, then they are often cut off from banks and credit processing companies using the same method of intimidation. Personal and company assets can be frozen under civil and criminal asset forfeiture without the owners needing to be convicted of a crime.

Their homes or offices may be raided. Government can pulls strings to have the mainstream media write about you in ways that is less-than-flattering, with the intent of biasing the public from which a jury will be chosen for your trial. The probability of being charged with an unrelated crime at a time is unexpectedly high (e.g. Julian Assange, Cody Wilson). It goes on. See the history of the pirate bay to get a feel for this.

The service is illegal

Immediate criminal asset forfeiture of personal and company assets and arrest of the owners. If you live abroad, like Kim Dotcom, you will be extradited.

Politics and legal games

When all other routes fail, a loosely related topic is heavily politicized and used to pass a new law. Out of self-preservation, platforms will shut down any services that could put them at risk. This is arguably the case with FOSTA-SESTA where platforms for sex work were targeted under the guise of sex trafficking.

Government intimidation is extremely effective, so much that platforms will censor preemptively on advice from their lawyers. The incentives of platform censorship are to censor liberally. Censoring too little could put the site operators at risk of prosecution, censoring too much is just dealing with user complaints. It’s an easy decision.

Censorship-resistance in the real world

How censorship-resistant are clearnet web services?

When you visit a website in your browser, you first talk to a DNS server to get the IP address.

When you visit a website in your browser, your computer asks a DNS resolver finds the IP address associated with that domain name. With this IP address you contact the website directly. IP addresses are assigned by an Internet Service Provider who keeps records of their customers. In the case a government wants to censor a website, they go to the respective ISP and ask for the customer information related to the IP address. Law enforcement can use this information to track down the owners of the servers, and take physical control of the servers.

Megaupload.com is shut down and the owners are indicted on 28 counts of copyright infringement and money laundering.
Backpage gets shut down. The owners are charged with a 93-count federal indictment.

The lack of censorship-resistance with clearnet web services is so severe that your perception of the prevalence of censorship is tainted by survivorship bias. Clearnet sites are so vulnerable to censorship that few people even attempt to host censor-prone content, because government have made examples of others in a very public way.

The vast majority of sites which have been censored died a quick death, never saw the light again, and left few traces of their brief existence. The ones that survived are hosted by dedicated activists living in more friendly jurisdictions, or merely platforms that hosted other untargeted content.

How censorship-resistant are Tor hidden services?

To talk to a hidden service, your request is routed through 6 computers with an encrypted link. To talk to a clearnet web service without Tor, you connect to them directly with an unencrypted link. Neither the user nor hidden service know each other’s real IP address.

The most advanced kind of censorship-resistance that exists with web services is with a Tor hidden service. Services are accessed by their onion addresses, such as facebookcorewwwi.onion. Tor is a proxy overlay network, or a communication protocol on top of the internet. When you request a resource from a Tor hidden service, that request is routed through several computers who never know the full details of who you are, the content of your message, and who you are talking to simultaneously. In that way, nobody end-user has direct knowledge of the IP address of the website they are talking to.

You can use Tor to talk to a clearnet service, in which case you have an encrypted link proxied through three computers. This protects the user’s anonymity.

Tor hidden services survive by obfuscating the true location of the server. The Tor network does not provide perfect privacy and this anonymity can be broken. Once the IP address of the hidden service is found, the servers can be monitored to identify the administrators. Historically, identifying the location of a Tor hidden service has often required a level of sophistication usually only accessible to governments. This is to say good censorship-resistance exists only for low-value targets.

A chart of darknet market lifetimes from https://www.gwern.net/DNM-survival
Darknet markets Hansa and Alphabay were taken down in Operation Bayonett, a 10-month multinational law enforcement effort.

Darknet markets are the most famous examples of hidden services which are also high-value government targets. The markets themselves do not survive for very long and very few make it to the three-year mark.

The main issue with running a hidden service prone to censorship is the danger it poses to the administrator if they are deanonymized. Ross Ulbricht, the first darknet market administrator, was sentenced to two life sentences plus forty years without the possibility of parole. During this investigation and trial, there were multiple serious violations of the 4th and 8th amendments. Multiple federal agents in the case were convicted of crimes related to their work on the case (source, source, source). Seemingly, none of it mattered as Ulbricht’s conviction was never overturned. This is to say that governments will readily violate their own constitutions and laws to censor high-value targets and rarely face penalties.

How censorship-resistant are Ethereum dapps?

Ethereum nodes from https://www.ethernodes.org/

It is impossible to remove objectionable content without removing the ability for users to perform trust-minimized validation of the blockchain’s integrity. There are currently about 15,000 copies of the Ethereum blockchain. It’s fair to say that Ethereum provides better censorship-resistance than Tor because the data is much more widely distributed. Hidden services are typically only distributed to the extent that it diminishes the effect of distributed denial of service attacks.

Dapps also provide better privacy for accessing content since users running a full node download the entire state, not revealing which information they are accessing. The privacy implications are when sending transactions because the first node to propagate a transaction is likely where it originated from. If Ethereum implements a privacy measure like Bitcoin’s Dandelion BIP, sending transactions to censorship-prone dapps will be much safer for end-users.

Ethereum hashrate distribution

Ethereum has about 20 mining groups with greater than 0.5% total hashrate. This is the weak point in blockchain censorship because if miners won’t accept transactions to certain smart contracts, nobody can update the dapp service. So far the odds are in the dapps’ favor because only one group needs to include your transaction in a block for it to become part of the global state. For context, Tor has about 826 exit routers which can exert censorship on that network if controlled. It’s important that over time that block production becomes more distributed, because groups that small are not difficult for governments to censor.

The DAO logo

On the other end, Ethereum’s community has censored a dapp with the DAO. The DAO was a buggy smart contract that was also a custodian to 14% of the total Ether supply at the time. Unfortunately, the contract was quickly hacked after raising the ICO. The community decided to change the global state by altering the blockchain, causing a hard fork. It appears that the biggest risk to dapp censorship on a censorship-resistant platform right now is the actual community. In this sense, Ethereum is the right technology but may have the wrong community. Ethereum Classic, the minority fork of Ethereum which does respect dapp immutability, may be a better choice for censorship-prone dapps.

Lastly, Ethereum does not have on-chain privacy. Like Bitcoin, all the transaction details are public and pseudonymous. This is problematic because it puts anyone interacting with these censorship-prone dapps at risk. Blockchain analysis can link addresses to identities. Obfuscation through optional mixing does not provide strong privacy guarantees and moving large amounts of tokens over a public network is almost impossible. There have been many arrests through blockchain analysis, but none known through the use of cryptocurrencies with strong, mandatory on-chain privacy like Monero.

To date, no blockchain has been censored. There is no legal basis for this and even if there was, it would be extremely difficult to do so because thousands of nodes exist in every jurisdiction, and sometimes even in space. This is despite some blockchains hosting data that would otherwise be subject to takedown notices. We have enough information to say that this is a better platform than Tor for censorship-prone services, and the issues beyond this relate to on-chain privacy, network privacy, decentralizing mining, and preserving the concept of immutability.

What kind of censored services make sense as dapps?

The case for dapp markets

The closest analogy to dapp markets are darknet markets, run as Tor hidden services. The worldwide revenue of darknet markets was estimated to be $100M–$200M from 2013–2015. There is clearly a market for this.

A listing on Silk Road. Listings are mostly text with an optional image.

Darknet markets face the most adversarial environment known: Multiple government agencies from multiple jurisdictions will coordinate to take down these services and willingly violate their own laws in the process (e.g. Operation Onymous and Operation Bayonet). That they take down darknet markets successfully validates that a more decentralized platform is necessary. This also suggests that smart contract platforms that prioritize censorship-resistance may have an economic moat.

The major downside is that without strong on-chain privacy and mandatory privacy, the native cryptocurrency is unsafe to use. But it doesn’t stop the market from being implemented and using a separate currency, or on/off-chain mixers from being developed to mitigate this.

The case for dapp gambling

Worldwide volume of online gambling in from 2009–2015, with projections for 2016–2020.

There’s definitely money to be made from online gambling. Especially on a platform that is censorship-resistant, provides trust-minimized computing, and provides a source of randomness (new block hashes). Online gambling is has been one of the most popular uses of blockchain technology. In Ethereum it’s a recognized major category.

Gambling dapps have consistently been one of the most popular categories of dapps on Ethereum. From www.stateofthedapps.com

It’s not clear what the minimum level of decentralization needs to be for dapp gambling to be viable. Governments have typically not paid much attention to this so far despite it being illegal or regulated in most jurisdictions. Currently every cryptocurrency supports dapp gambling to the extent of their programming without censorship. If governments do clamp down on blockchain gambling, only platforms sufficiently censorship-resistant will have an economic moat.

The case for dapp classifieds

Craigslist erotic services. Listings have sparse descriptions with 1–5 pictures.

The closest analogy would be sex work classifieds. Craigslist was estimated to make about 30% of their revenue from adult ads in 2010. Their total revenues were $122M in 2015. Backpage once made 99% of their revenues from adult classifieds from 2013–2015, and their total revenue was $135M in 2014.

FOSTA-SESTA makes it a crime for websites to facilitate sex trafficking by hosting related user-generated content. There is now extreme legal risk for any platform to host user-generated content related to consensual sex work that isn’t trafficking. This was arguably the intent of FOSTA-SESTA and so sex work classifieds can no longer exist on centralized platforms.

This jpg image is 64KB and would cost about $29.44 to put on Ethereum

The uncertainty about a dapp platform is that it hasn’t been tried as a hidden service yet. My impression is that nobody tech savvy enough has tried to solve this problem in a serious manner which is why there are no Tor classifieds. Regardless, it’s likely that if someone did implement this successfully as a hidden service and it captured the market, it would become a high-value target like darknet markets. Sex trafficking is a sensitive political issue much like drug trafficking, so we can infer that creating hidden service classifieds would be just as risky as creating a darknet market.

What censored services don’t make sense for dapps yet?

Anything which requires dealing with large media files or content that must be updated very frequently by the same entity. Transaction fees add up, and those fees need to be distributed among users of the actual service to be economical. Torrents, image galleries, video, etc. are likely not cost effective given that the cost of uploading 1 GB of data to Ethreum is about $460,000. However, small compressed images are possible if they add business value, and as technology improves this may become more cost effective for media that is just a few megabytes.

Why use dapps at all when we can use dedicated products for these services?

There are products such as OpenBazaar, Syscoin, Particl that all seek to provide decentralized marketplaces. So why use a dapp platform when we can use those?

General dapp platform provides greater privacy

If darknet markets were to gain a footing on these specialized platforms, it would likely be their only major use-case. If you hosted a Particl node and its major use case was for darknet markets, it could be inferred that you are a user, vendor, or administrator with non-negligible probability. The same inference cannot be made with a general smart contract platform because they can be used for much broader applications. The same argument applies to other censored services.

Daily active users of Tor from July — September 2018

For example, 97% of Tor traffic is used for the clearnet. In fact, the most popular service on Tor is Facebook. Tor also has more than 2 million daily active users. Tor is used by journalists, criminals, political dissidents, privacy activists, and apparently a lot of regular people too. The many uses of Tor make it difficult to discern information about someone if you know they are using the software.

Dapp platforms allow for multiple implementations and low switching costs

If you don’t like one dapp implementation, use another without downloading a new chain. It may be that fully autonomous markets and administered markets are both successful. Or it may be that one market is inefficient and expensive but another market is designed very carefully to keep the costs low (e.g. uploading uncompressed vs compressed data). Maybe one market keeps html, javascript, and css on a smart contract for a really great front-end.

Individual dapps are easier to audit than entire services

Privacy and safety are perhaps the top priorities for censored services. Open source is a minimum, but the amount of code which could materially impact privacy is extremely large for specialized products. Dapps have much less code to audit than entire software products. It would be easier for services which need a decentralized platform to share one. That way audits can be limited to the business logic of dapps.

Are there better alternatives for hosting censorship-prone services than smart contract platforms?

Smart contract platforms are competitive with Tor hidden services as a scalable, decentralized service.

Dapp platforms are scalable

Freenet and Bitmessage are both decentralized data stores for static data. This is very similar to a smart contract platforms, but without contracts, virtual machines and such that every smart contract has arbitrary write access by the owner and read-only access by everyone else authorized to see the data. If Ethereum has smart contracts, then Freenet + Bitcoin or Bitmessage + Bitcoin have dumb contracts.

For that reason I say that Freenet + Bitcoin or Bitmessage + Bitcoin have limited scalability. Business logic needs to be implemented manually by each person and the communication overhead is surely very high unless buyers and vendors are talking over instant messenger. It’s definitely possible to implement censored services on these platforms, but the user experience is a pain and these platforms feel awkward when used like this compared to the more familiar Tor hidden services.

Dapp platforms are efficient

It turns out that smart contract platforms are the logical conclusion of building an online service around a censorship-resistant data store. That is, if we start with a censorship-resistant data store and require it to execute business logic in a decentralized manner, we get a smart contract platform (i.e. contracts + virtual machines + blockchains). This suggests that smart contract platforms as we know them are already efficient in their high-level design. Blockchains are required to serialize the execution order of transactions. If we find a better solution, it will likely be an even better smart contract platform as opposed to a different kind of platform altogether.

How would dapps work as a web-like service?

Backend

Client-server model. Dapps are just a server.

The dapp itself would assume the role of a server in the client-server model. Read-only requests to this backend would come in the form of remote procedure calls. This is analogous to http GET requests. Write requests would come in the form of transactions to the network. This is analogous to http POST requests. Authentication would be done through control of addresses which is what dapps already do.

Although smart contracts code is immutable, software design techniques can leverage the mutable data of a contract to proxy the function calls to other smart contracts so that the service may be updated in a cost-effective manner. There could be a kill switch to prevent further changes when the protocol is mature enough.

Frontend

A dapp market accessed through a browser should feel similar to using Ebay.

The user interface would be strictly separate from the dapp server. The interface itself would start off as a command line interface but would ultimately be implemented through a web browser. Metamask had the right idea by leveraging the browser interface for dapps, but for censorship-prone dapps end-users should be running their own full nodes to preserve their privacy.

The goal is that users don’t even realize they’re interacting with a blockchain. Dapps could present their user interface through a separate contract that contains html, javascript, and css. In the future there may be separate contracts which independently implement the user interface and users can pick and choose. The only requirements to use a dapp securely would be an online, synced node; a browser; and a private key.

Conclusion

Dapps are too inefficient to compete with web services as a general platform but can work when people decide to leverage their major advantages, such as censorship-resistance. Web services that are heavily prone to censorship are quickly taken down or migrate to Tor hidden services. Tor hidden services fail to protect high-value targets because they are not censorship-resistant but rather hidden, and hiding is not enough to prevent censorship. A platform which provides censorship-resistance is needed for censorship-prone services. Smart contract platforms which prioritize censorship-resistance have an economic moat for hosting censorship-prone services and this need is satisfied better than with specialized platforms.