Web3, NFTs, and cryptocurrency are dangerous to society and the planet, and computer scientists agree
From "all my apes are gone" to "all my habitable planet is gone."
This post is a continuation of my process of bringing my better Medium content over to Substack, as I will no longer post on Medium.
It’s important to note that I originally wrote this article in June 2022. Since then, various events have led to greater skepticism of NFTs and cryptocurrency in the general public… And thank goodness for that.
As a cybersecurity researcher, my job is to be aware of how technology can harm people. I will say this right now — no new tech is more dangerous to the world than cryptocurrency.
I consider the whole cryptocurrency ecosystem and cult to be Advanced Persistent Threat Number One. And I’m far from alone in this view. Many of the world’s top computer scientists and technologists agree with me. And they’ve signed a petition to various leaders in US government to, at the very least, better regulate this new industry (or as I would put more bluntly, a scam). You may have heard about the petition, because many mainstream media outlets, from the New York Times to Bloomberg, have reported about it recently.
Here are some of the familiar names that are featured signatories of the petition:
Grady Booch
Cory Doctorow
Bruce Schneier
Štefan Urbánek
Miguel de Icaza
Stephen Diehl
Tim Bray
Molly White (of Web3 Is Going Just Great)
Darren W. Tseng
Sal Bayat
Luke Plant
Nicholas Weaver
Matt Ranger
Jamie Zawinski
And I’m told that many other important people in tech have signed the petition since. If you’re a technologist, you have until June 10th to sign the petition. I signed it, cybersecurity researchers are technologists, eh? I couldn’t find a full list of current signatories as of this writing, but I’m sure we’ll see the full list of people after June 10th.
For the TL;DR crowd (trust me, I’m ADHD, I empathize), here are the big problems with “Web3” in a nutshell:
Currency only has true, enduring monetary value if it’s tied to the production and sale of goods, services, and property people value aside from money for money’s sake. For example, the US dollar is a highly valued currency internationally because it’s tied to the American economy of actual goods, services, and property and guaranteed by the state. Hence its status as a fiat currency. Cryptocurrency is just based on lots of complicated math (proof of work and proof of stake) and greedy people and entities speculating that investing in it will make them rich. Cryptocurrency isn’t a real currency, rather it’s a white elephant as an emperor without clothes. We just had a “crypto crash,” and there will inevitably be many more. Because people are becoming aware of how silly it is, and that awareness directly reduces its value.
Gone are the early Bitcoin days of 2009 to 2012ish when a Raspberry Pi could be an effective cryptominer. Now having the computing power equivalent to a massive datacenter is necessary to generate any significant amount of cryptocurrency. As the blockchains behind cryptocurrencies get larger and larger, the complex math through proof of work (or proof of stake) gets exponentially more complicated. Enormous botnets and datacenters are being devoted to processing maybe a few cryptocurrency transactions per hour. Whereas credit card, debit card, PayPal, Stripe, and other payment platforms can process thousands upon thousands of transactions per second with way, way less computing power.
All of the inefficiency of cryptocurrencies and the blockchains they’re built on is resulting in many blockchains individually consuming more electricity than entire countries. This has a massively destructive impact on the ever worsening danger of climate change.
Computer scientists and database developers say that “append only” databases like blockchains are a terrible design. And from a cybersecurity perspective, I concur. Integrity is one of the components of the CIA Triad of cybersecurity (confidentiality, integrity, availability) and the inability of an authorized entity to alter previously recorded records on a blockchain means that when a cyber attacker records malicious data, it cannot be corrected. Thus, that’s a vulnerability to cyber attacks to data integrity. The “append only” nature of blockchains is also a direct cause of cryptocurrency consuming ridiculous amounts of electricity and wasting massive amounts of computing infrastructure.
From a cybersecurity perspective, cryptocurrency facilitates ransomware and other crime. It’s common wisdom in my industry that ransomware is a rapidly growing and expensive problem to industries and institutions. Ransomware existed before the first cryptocurrency (Bitcoin) emerged in 2009. But ransomware attacks were way, way less common because cybercriminals needed to demand their ransoms through systems which are easily traceable by law enforcement — credit cards, wire transfers, payment platforms like PayPal and Stripe. Cryptocurrency is a huge cybersecurity problem in how it has made cybercrime a lot more profitable. And a lot of additional harm is done by the billions of dollars people lose in cryptocurrency fraud. If a criminal charges my credit card, my bank can investigate and refund me. If your cryptocurrency wallet is breached, there’s no such help for you.
Cryptocurrency is not a way for poor and marginalized people to thrive outside of mainstream finance. Buying and generating cryptocurrency is very expensive. The people making money through cryptocurrency were already very wealthy. Having a massive datacenter to use for cryptomining costs millions of dollars. There is no technological “hack” around capitalism. Regardless of technological advances, the rich will always get richer and the poor will always get poorer as long as capitalism exists. And all capitalism is “crony capitalism.” Societal problems absolutely cannot be solved with any technology.
In relation, NFTs don’t help artists. NFTs bros will either utilize AI and graphical assets to computer generate thousands of “unique” images (à la Bored Ape Yacht Club), or they’ll go through the web to steal and use original art without the artist’s consent and without paying those artists any money. DeviantArt had to create their DeviantArt Protect feature to alert artists to when their art is being exploited for NFT greed.
NFTs aren’t images or any other digital media. NFTs are simply fake receipts without any legally recognized intellectual property rights. I occasionally use ATMs, and often there will be ATM receipts on the ground from people’s transactions. I live in a kind of upscale neighborhood and I can be a bit of a snoop. There have been times that I’ve seen ATM receipts from my obviously richer neighbours with balances like $250,000 in their chequing accounts. I’ve never had more than five figures in my account at any particular time, so it’d be really tempting if I could take one of those receipts and say, “See this? I have $250,000 in my chequing account!” The bank teller would say that there’s no proof that the receipt is mine and I just found someone else’s receipt on the ground.
That’s basically what an NFT is. It’s just a URL of a web hosted image or some other sort of web hosted file. And then it’s recorded onto a blockchain such as Etherium’s. You can use Google Image Search or the source code of webpages (including this one) to get the URL of any web hosted file you want. An NFT is just that and a note that says, “property of Kim Crawley.” It’s meaningless. You can right click and save any of the images on this webpage, and a copy will be written to your HDD. That’s more useful “ownership” than any NFT. And then the web admin deletes the file from their webserver, the NFT-recorded URL will point to nothing. But there’s nothing the web admin can do to remove the copy of the image from your HDD. That’s why NFT bros hate those of us in the Right Click/Save Crew.
Aren’t you appalled at all of this technological and environmental waste for a Ponzi Scheme built on nothing of actual value? I sure am, and so are the smarter people in tech.
It’s been literal years since I’ve written a blog that a tech company hasn’t paid me to write. I’m writing this piece as a public service announcement. I originally pitched this piece within the scope of my day job, but my pitch was declined. Fair enough. I’m used to some of my pitches being accepted and some of my pitches being rejected, it’s all a part of writing and researching for a living.
Usually, I will just let a rejected pitch go and move onto the next one. My time is precious, and I typically only put the effort into researching and writing when I know for certain that I’ll be paid generously for my work.
But the massive threat that cryptocurrency, NFTs, and blockchain implementation poses to the environment and the livelihoods of ordinary people is something I feel too passionately about to ignore. Wild West Hackin’ Fest let me rant about the dangers of NFTs and “crypto” on May 6th, and CyberjutsuCon 3.0 will let me give an even longer “cryptoskeptic” presentation on June 18th. I’d like to thank the organizers of both cybersecurity events for giving me a soapbox to discuss this terrifying problem. And there’s still time to register to attend CyberjutsuCon 3.0 online as of when I publish this post! There will be a lot of there great speakers, and I highly recommend it.
For this piece, I’ve interviewed two prominent people in the “crypto skeptic” space. Here’s my interview with Senior Policy Analyst at Americans for Financial Reform and Demand Progress, Mark Hayes.
Crawley: “Tell me about yourself and how you got involved in the cryptocurrency skepticism movement.”
Hays: “I am a senior policy analyst at Americans for Financial Reform and Demand Progress.
My role looks specifically at Fintech, but generally these days that means I’m mostly focused on digital assets.
AFR, in case you don’t know us, is a coalition of public interest organizations that came together during the 2008 financial crisis to call for accountability for the financial sector and their role in the crisis, relief for consumers and retail investors (and the general public), and reform of financial regulation to mitigate the impacts and prevent futures crises.
Demand Progress has done years of advocacy focused on digital rights and privacy, as well as critiques of monopolistic behavior within the tech sector (and their role in surveillance). As for me, I’ve been involved in public interest advocacy for about two decades. Most of the work I’ve been involved in sits at the intersection of corporate accountability, the environment, and human rights.”
Crawley: “Is your background more in computer science or economic theory?”
Hays: “Frankly, neither. Business, economics, public policy, human rights, environmental policy.
I came to ‘crypto’ via work on illicit finance. I was part of a multi year effort to pass legislation requiring shell companies to disclose their real owners, in the UK, US, and EU. As a result, was involved in aspects of financial regulatory policy from that angle.”
Crawley: “One thing that terrifies me about cryptocurrency is the environmental destruction it causes.”
Hays: “Yes, it is one key aspect of a larger array of concerns. But, arguably it is throwing lighter fluid on an existing bonfire. And, what’s also concerning is the degree to which ‘crypto’ advocates and some small parts of the environmental community (or at least those involved in carbon markets) want to integrate digital assets and tokenization into carbon offset programs.
Carbon offsetting is a scam to begin with. Yes, offsets, while having some theoretical value, have always been hard to make clean and keep them from ‘leaking’ anyway.”
Crawley: “What do you say to the cryptobros who cite ‘Proof of Stake’ (as opposed to ‘Proof of Work’) or supposed clean energy sources as arguments that cryotomining doesn’t have to further climate change?”
Hays: “First, its important to note that huge parts of the existing market cap of the ‘crypto’ space are built on PoW (Proof of Work). Bitcoin maximalists are unlikely to adopt PoS (Proof of Stake) approaches, for a variety of reasons (ideological, economic incentive.)
Meanwhile, Ethereum has said for years now it will switch, but keeps moving the goal posts.
So, it’s possible that if Ethereum shifts to PoS, you could see a significant reduction in the overall carbon footprint. But, I’m not sure if that will really happen with clean energy.
Unless or until mining pools, or platforms adopt some standards that would require them or coin issuers to meet certain carbon reduction goals (which seems unlikely), miners will always have the incentive to move to where power is cheapest, while renewables are competitive in many places, fossil fuels have lots of market advantage.
Plus, defunct oil well operators, others, would always be wiling to cut a sweet deal to keep things running in exchange for sourcing power directly to miners. Seems like a massive waste of computing infrastructure and electricity for ‘money’ based on no goods or services real world value.
So, I’m skeptical there will be enough will within mining pools or collective commitments to make that a real thing.
Yes, I agree. ‘Crypto’ advocates will claim the existing financial system uses significant energy, which is true but they do so much more efficiently and they provide actual goods and services that have tangible lasting value, beyond speculation. We’ve not touched e-waste either.
I can’t speak to his level on that, but what I’ve heard him say is that, prior to the onset of digital assets, ransomware happened, but not at this scale or frequency, because receiving the ransom was the weakest part of the operation.”
Crawley: “Why do people think money can be based on just complex math (proof of work, etc.)?”
Hays: “’Crypto’ has given these operators a wider array of tools to receive payment, with less risk.”
Crawley: “Feel free to add whatever else you have to say about the cryptocurrency scam.”
Hays: “Right now digital assets are risky, unregulated financial products that boosters claim are creating opportunities for financial inclusion, but instead are repeating some of the worst mistakes or behaviors of the traditional financial system, but without the at least partially helpful safety measures that exist for traditional finance to mitigate the impacts.
It may be that at the end of the day there is some way in which digital assets will offer viable use cases, but at the moment, many of those use cases have yet to be proven at real scale, and in real world terms
And, it’s unclear whether those benefits outweigh the costs. Policymakers need to adopt measures to regulate digital assets, that are built on existing understanding of what works to protect consumers, investors, and our financial system as a whole. They shouldn’t be creating new regulations out of whole cloth just to fit the industry, in the name of innovation.”
Geoff Huntley is an Engineer for Gitpod and the creator of The NFT Bay, a Pirate Bay inspired web application which demonstrates the absurdity of NFTs. It’s well worth checking out!
Geoff shared his quotes from a recent piece about him in the Sydney Morning Herald by Dominic Powell:
“I’ve been on the Internet now for over 30 years. I’ve seen the cycles of things, and I saw the birth of crypto. Like many engineers, I picked it up, looked at it, assessed it, and figured I didn’t have a use for it. Compare that to an iPhone, where the use case is immediate, it wasn’t like that with ‘crypto,’ it’s been searching for a use case outside of ransomware, which has caused billions of dollars of damages to corporates and individuals.
In peak crypto-mania, I started to hear this notion of ‘Web3’. People came along and said “our new thing is the next iteration of the internet”. And that pissed off a lot of engineers. The next generation of the internet was already clearly defined- the inventor of the worldwide web had a definition for it, companies had been founded to that vision. But people with cryptocurrency are trying to bring more people in, with claims of a better internet- which are false- so they can exit and get liquidity. And they’re calling this the Web3 boom.
So at that point, a lot of the engineers started really paying attention and some of us decided we needed to step up. So, I started looking into NFTs last November, and I created a little performance art website called TheNFTBay, based on the Swedish Pirate Bay. I wanted to educate people about what an NFT is, and there was already some popular culture about if an NFT is an image, what is the value of the image if I can just get it for free? Just right-click, save. So, that went very viral.”
Then I had a great discussion with him, myself.
Huntley: “Big brains got offered so many cash to come work in ‘crypto’ and they were promised they could work in their programming language of choice, Haskell (which is compelling in itself because Haskell is used for research.) Next thing you know the entire space almost eight years ago is like what we see today in the NFT space. Then people started getting concerned. An example of how this manifested — the creation of cardano and computer science research consulting companies offering services.”
Crawley: “I can see how it may take good Haskell skills to build something in Haskell that isn’t f***ed up. So the majority of Haskell devs are employed in ‘crypto’ now?”
Huntley: “As of years ago, yeah. Talent that could be put to better use.”
Crawley: “Like all of those wasted datacenters for cryotomining.”
Huntley: “Wasted brain cycles. Yeah.”
Crawley: “Yikes. As long as billionaires (such as Elon Musk) want to use ‘crypto’ to exploit all of us, the scam will continue.”
Huntley: “Organizing nerds to come together and author a letter is very, very, very, hard. As witnessed by Matt Green’s own critiques on social media. The letter went through many cycles of similar critique. We saw comments ranging all the way from ‘isn’t Git (source control) a form of blockchain by extension, since it’s a Merkle tree.’ Stephen Diehl goes into this (on his blog).”
A sample from the Stephen Diehl blog post Geoff Huntley mentioned:
“No issue seems to draw contention amongst technologists more than the issue of so-called ‘permissioned blockchains.’ It is a highly ambiguous term that is obfuscated by marketing jargon and where the boundaries between it and traditional relational databases are incredibly unclear. Many so-called ‘permissioned blockchains’ are simply relational databases with perhaps some additional software or marketing layered on top.
This is a topic that so many people I spoke with feel very strongly about, yet puzzlingly as far as I can tell, no one actually uses this type of software for anything. Let’s assume every dialogue about this quirky unused database is being done in good faith. However, I can’t help but feel like many arguments about this type of software are guided by perhaps an appeal to moderation to find some redeeming quality in the ‘blockchain’ phenomenon however contrived. Even if no one actually uses this software in reality.
Permissioned blockchains go under various names ranging from private blockchains, permissioned blockchains, enterprise blockchains, distributed ledger technology, and ledger databases. The three most prominent examples of this appear to be:
Amazon QLDB
Microsoft Azure SQL Database ledger
Hyperledger Fabric
Now there are probably a non-zero number of users of these solutions. But it’s not a number much above zero. These solutions are relatively niche and maybe have some use cases in regulatory reporting or back-office systems, effectively the legal and data plumbing of corporations that nobody ever sees. And after digging into both of these architectures, it’s evident from their documentation that both are actually built on top of traditional relational databases. And both can circumvent append-only designs when needed to redact, update and delete data. This design is not surprising given that corporations have compliance obligations under frameworks like ISO27001, SOC2, and GDPR, which require corporations to update and delete customer data.
However, this begs a fundamental question; if we add the ability to redact data from an append-only database/blockchain design, then well, to first approximation, we just have a database with an audit log. Why do we need a new buzzword for a database architecture that people were doing on DB2 on IBM mainframes in the 1970s? Sure we can rename this architecture a ‘permissioned blockchain’ or a ‘replicated database ledger,’ but what does the term clarify? We’ve already had terms for this architecture for decades. Why play word games?
I and a few of the other signatures of this letter have actually worked on these architectures in the past, and at least in my experience, the solutions that end up built are much like the now-infamous tweet thread Gergely Orosz describes of the Walmart Canada blockchain project. They’re Rube Goldberg machines constructed from middle managers and architecture astronauts reading too many Gartner whitepapers and thinking this is a sensible way to architect software. This architecture that Walmart chose to build is stupid on a profound level. One could replace this entire setup with a single Postgres node running on a minimum AWS instance and achieve vastly better performance than these 600 servers running in parallel, seemingly for no reason. However, there’s no law against stupidity in software architecture, and if a powerful multinational corporation wants to run up a vast cloud computing bill, well, that’s on them. It’s not on cloud providers to determine customer best interests on compute resources. We can laugh at this, but to be honest, more hilariously contrived topologies are being built on top of Kubernetes every day.
Permissioned blockchains are either pointless, redundant, undefined, or banal, and most importantly, nothing about them falls under the remit of any financial regulation or from first principles presents any harm to the public. We can talk about the veracity of this architecture from a purely academic software perspective, but perhaps we should leave it out of policy discussions because it’s so far removed from crypto assets as to be almost completely irrelevant and confuses policymakers. No one’s grandmother is losing their life savings gambling on Azure SQL ledger databases.”
Crawley: “I’ve been getting into his blog. Thank you. (Check out Stephen Diehl’s blog here!) Do you have anything else to add before we go?
Huntley: “Like many engineers, I picked it up, looked at it, assessed it, and figured I didn’t have a use for it, then didn’t say anything. This was (and is wrong)- if you have the knowledge to explain what something is and is not then it’s on you to call out the bullshit because others won’t have the knowledge that you possess.”
In addition to Diehl’s blog, here are some other resources I (Kim Crawley) recommend to learn more about why “Web3,” cryptocurrency, NFTs, and blockchain is a bunch of scammy, planet-killing bullshit:
Molly White’s “Web3 Is Going Just Great” blog, constantly updated with the latest news about this awful collective nightmare.
Nicholas Weaver has shared some of his excellent lectures on YouTube for a thorough technological analysis of why all of this crap is terrible with no possible benefit to anyone but scammers — Computer Security 161 Cryptocurrency Lecture, Blockchains and Cryptocurrencies: Burn It With Fire, and Why This Computer Scientist Says All Cryptocurrency Should “Die in a Fire” via Current Affairs.
Of course, the King of the “crypto skeptic” YouTube videos is Dan Olson’s new classic Line Goes Up.
Kim Crawley, buttondown.email/Crowgirl, @crowgirl.bsky.social, @crowgirl@hachyderm.io, linktr.ee/kimcrawley