All about Web 3.0 - A Series Diving Into the Security of Blockchain
Monday, May 9th, 2022
What is Web 3.0?
Well, that is a fun question to answer! Web 3.0 is the new-ish way for computers to operate, based on trust and blockchain technology. It sits behind the idea that trust is delegated to all devices, thus making the flow of information from device to device just as equally open.
Now, I know that all of this jargon can get to be a little over the top (No need to lie, it’s overwhelming sometimes… Just admit it), but rest assured that I’ll do my best to help you get just a little bit better of a grip on things.
So, this world of technology is changing rapidly… It’s changing faster and faster as time proceeds. We now have computers that think for themselves (pshhh, we didn’t have that not too long ago). In actuality, here’s what Web 3.0 is all about…
According to Investopedia, Web 3.0 has two main reasons why it’s the next iteration of the internet - which they aren’t wrong about at all:
Decentralization: “No permission is needed from a central authority to post anything on the web, there is no central controlling node, and so no single point of failure...and no ‘kill switch’! This also implies freedom from indiscriminate censorship and surveillance.”
Bottom-up design: “Instead of code being written and controlled by a small group of experts, it was developed in full view of everyone, encouraging maximum participation and experimentation.”
Though these two sound incredible on their own, here’s a full list of the defining attributes:
Connectivity and ubiquity
Now, let’s break down each category as they are listed above - this can tend to get a bit hairy, so hang on tight with all of the analogies that are about to be used.
Decentralization of the internet has become a “holy grail” in the past few years. Ensuring that you are able to distribute the cloud environment, guarantee data protection & user privacy, and creating applications that are quality and scalable to what the current internet technology offers.
From a visual perspective, I will show you what current internet architecture looks like (centralized networks), then I’ll show you what a decentralized network looks like.
Taking a closer look at this picture, this is called a centralized network due in part because the “center” of the network (the server) is the brain of the network. It’s all knowing and oversees everyone’s network activity. In lots of organizations, this network diagram is much more complex, but the general gist of how it works is shown above. You have one (1) centerpiece and a bunch of clients (other computers) connecting to that one centerpiece.
This is unsafe due in part to many reasons, but most importantly at the moment, that centerpiece holds all of the data on the network - usernames, passwords, confidential company information, Personally Identifiable Information (PII), Personal Health Information (PHI), and/or many others. Aside from the information that the one computer holds - Since it’s the center of the network and other computers connect to it, if an adversary was to connect and compromise the machine, they would have control over that network… Which seeing as to how you’re a smart person and already knew this… It’s not a good thing!
Advantages of a Centralized Network
Disadvantages of Centralized Network
Now, let’s looks at a Decentralized Network:
Now, what’s the biggest difference you see with this diagram verses the first?? That’s right! There’s no “server” in the middle of the network.
If you’re finding yourself asking these questions - How does it work if there’s no centerpiece of the network? I don’t understand how it would actually function without that server telling the other computers what to do?
Never fear, there’s an answer here for these exact things:
Firstly, in a decentralized network, all of the “clients” are known as “nodes”. Each node is responsible for network communications, much like the server in the centralized network. So, instead of having all of the network information stored on one single server, it is stored amongst all of the nodes. Likewise, all network traffic passes through multiple different nodes instead of getting passed to a single centerpiece of a network.
Advantages of a Decentralized Network
Disadvantages of a Decentralized Network
Trust(less) and Permission(less)
Man… A “trustless” and “permissionless” network sounds really insecure, doesn’t it? It’s actually the exact opposite.
“The currency in Web 3.0 is not crypto, it’s trust”14
For starters, let’s work with the term transparency. Big tech firms/companies aren’t really known for being clear on how their ad technologies work, where user data goes, and how the data is handled. This alone does not build trust with the community that the data is being kept safe and being used in an ethical manner.
“Google has been hit with a total of €100 million ($120 million) for dropping cookies on Google.fr and Amazon €35 million (~$42 million) for doing so on the Amazon.fr domain under the penalty notices issued today.
The regulator carried out investigations of the websites over the past year and found tracking cookies were automatically dropped when a user visited the domains in breach of the country’s Data Protection Act.”
Over the past decade (or two) we have seen such big advances in the technology industry, which is cause for us to remediate where it’s headed currently.
In the world of traditional computing on Web 2.0 (we currently have this), networks are based around the idea of “trust” and “permissions”. In layman’s terms, we need to ensure that everyone on the network is who they say they are (ensure that you are using your user account and not someone else’s). Then, grant permissions and privileges to each person as they are needed (e.g. System Administrators need access to a plethora of items on a network).
Now, as far as this goes, the primary differences between Web 2 and Web 3 lay within the fact that Web 3 delegates trust to everyone on the network. Just like the picture above showed us that there is no central computer to monitor everything, there’s no central machine or person who has to deem others as “trustworthy”. To solve this issue, let’s just trust everyone!
If you delegate trust to everyone, then it removes the fears of having to worry about individual user permissions and can re-focus the security posture attention to a “Zero Trust” methodology. This alone could stop the vast majority of cyber attacks we are seeing today!
IAM (Identity and Access Management) is key to a secure network… Not just from a user side, but also from a machine standpoint too. In this case, we would be talking about how to secure nodes on the blockchain.
I can’t lie - Could talk about Zero Trust all day long, but that’s not the purpose of this article. I’ll write another article that covers it and why it’s becoming even more pertinent in today’s technological space.
Artificial Intelligence and Machine Learning
While Web 3.0 is all nice and shiny, there are a few things that we all need to work on learning to understand:
The speed at which transactions occur on the blockchain is wicked fast (I mean seriously… Just go check out etherscan.io and check for how many transactions appear every time you refresh the page.)
Any forms of attacks, trading and selling, etc… Are very quick too (just like the above) and it’s not the smartest of ideas to have only humans “manning” the battlefield anymore.
Artificial Intelligence and Machine Learning have come great leaps and strides over the past few years and we need to take advantage of it… Starting with Natural Language Processing!
What even is Natural Language Processing?
In the simplest of terms - just imagine that your computer is learning the English language - through reading, seeing, and hearing - to further advance it’s knowledge/processing capabilities.
This is the actual definition:
Natural Language Processing, or NLP for short, is broadly defined as the automatic manipulation of natural language, like speech and text, by software.
Just think of how many things you see each day (such as signs, menus, text messages, and websites) PLUS the amount of speech you hear each day… Now imagine computers learning all of that to become even smarter. Yep, that’s what we’re talking about here and yep it’s kind of wild to think about.
By nature, NLP has been studied for half of a century… Inevitably making it incredibly difficult. With Web 3.0 technologies, deep learning is our biggest focus, which shows lots of promise. With deep learning, we then begin to branch into Neural Network Models (NNM) for Natural Language Processing (NLP), but like I did earlier, that’s a conversation for a different article. If you’d like to learn more about NNM and NLP, check out these two incredible sources - Natural Language Processing || Neural Network Modeling
Connectivity and Ubiquity
Now… This is likely the biggest feature Web 3.0 has to offer.
Much like how I described the section of “Decentralization” above, Web 3’s biggest strength is that everything is interconnected. Without there being a huge hierarchy of computers delegating trust or data, this allows for the free flow of information (it’s encrypted of course) to all nodes (computers) that exist inside the blockchain (network).
Does this really mean anything to me? I don’t feel like it does…..
Since the basics of Web 3 are interconnecting all devices that exist in a blockchain, then that means there’s a whole new market for emerging technology. Things such as Peer-to-Peer (P2P) clouds (or blockchains) will normalize - lots of companies are already making the switch for their backend systems. New forms of databases will appear (BigchainDB), P2P Identity Based Metadata files (SSI, DIDs, IPDB) will be present, P2P filesharing will become even more prevalent (IPFS, SIA, Storj), and P2P Computing will then be ramped up to full scale (enterprise systems).
All of those things said… As far as security goes, blockchain fixes lots of issues that we are currently facing today, such as centralized networks and the exploitability of them. However, it leaves quite a few gaps in other security based areas, such as mis/disinformation campaigns, Ethereum Name Service (ENS) domains being sold and trademarked - which could be used for fraudulent purposes later on, malicious smart contracts, social engineering, fake customer support agents, and MUCH more…
Honestly, Web 3.0 technologies have a nice path of development ahead of them. It’s a new infrastructure that takes a much needed and refreshed approach toward how the flow of data is delegated within networks.
Though, this article is “all about Web 3.0”… This is just the precursor to the several articles I’ll be writing, that talk about Web 3.0 security - exploits that are commonly being used, intelligence about what’s going on in the cyberspace with blockchains, and (my favorite) quantum computing and its potential affect on current technologies.
Thanks for taking the time to read! If this helped you to gain any better of an understanding, share it with peers or on social media so we can all learn together.
Don’t miss the next article and podcast that come out!
Until next time,
Any centralized network or infrastructure requires less support and cost. As centralized organizations or networks are pre-planned, the costs associated with it do not cross budgets until and unless it is absolutely required to expand the network.
There is no doubt that centralization organizations or networks enable quick decision implementation. As centralized networks have fewer nodes or people, it requires less communication among the different levels of authorization.
Also, if a centralized network decides to implement a change, it can be done in a matter of minutes. For instance, a centralized network can put more stress on the KYC procedure and add more requirements.
Even though centralized organizations are secure and trustable, they are not 100% secure or trustable. The trust is an agreement that is set by the service provider and the user.
However, that’s an agreement, and it can break easily. Big corporations suffer from trust issues from their users, from time to time.
It happens when there is a lapse of security in the system, people tend to ignore the service for some time before the service provider mends the trust by offering solutions and remuneration to those affected.
Centralization also means that the whole network is dependent on a single point of failure. Organizations know about the disadvantage and hence have deployed measures to contain it. However, the fact that there is a chance for failure is a big disadvantage for mission-critical services. So, it creates a massive security problem for the centralized network.
Users are in full control of their transactions. This means that they can start a transaction when they want without the need to authorize it from a centralized authority, in simple terms that the verification process is not dependent on third-parties and a decentralized network utilizes consensus methods to verify the information.
Blockchain technology’s data structure is append-only.
Decentralized networks are secure because of how they handle data and transactions. They use cryptography to ensure that the data ledgers are secure. Also, the data in the current block require data from the adjacent block so that it can use cryptography to validate the data.
Decentralization also means less censorship. In a centralized system, there are more chances that information can be censored. However, the decentralized network is less prone to censorship, as there is no central authority that controls the data.
Another one of the benefits of blockchain-based networks is that these mostly support open development. This is because of its nature and how it operates. The network gets amazing services, tools, and products built on top of it by having an open development environment.
Decentralization can lead to conflict if it is not well maintained in an organizational structure
In an organizational setting, decentralization can cost more than centralization as it requires setting up of systems that can make communication more automatic.
When it comes to decentralized blockchain, then the crime can be one big disadvantage. As everything is done on the network is anonymous and can lead to misuse.