A proposal for web2.5

Avatar

Share

Ā ā€¢Ā 

A year ago

Ā ā€¢Ā 

View on Twitter

āœØ The blockchain is one of the biggest innovations of this century. Like computers or the internet in their early stages, it's currently very limited. We can't build most kinds of apps on-chain today, but we can future-proof them for when it evolves. Welcome to web2.5 šŸš€

Smart contracts on the Ethereum blockchain are insanely powerful ideas but, in practice, they contain some pretty big limitations. Contract code must >24KB. Each assembly call is priced by a certain amount of gas (storing a word is ~20k), and the maximum gas for any tx is ~30M

This is powerful enough to build complex financial applications or even simple games. But it's still not ready for more complex use-cases. Definitely not a general replacement for the "backend" layer in web2 apps today.

This is a work in progress! With eth2, rollups, sharding, and other improvements coming to Ethereum in the next few years, I believe we'll eventually get there. So, if the goal is to move our apps & data on-chain eventually, how can we start preparing today? šŸ”„

I started thinking about this after we looked into some ways to progressively decentralize @tryShowtime's commenting system. For context, after authenticating users with their wallets, we store comments in a SQL database, the web2 way. šŸ› 

Eventually, someone will release a decentralized commenting protocol that we'll want to migrate to. However, for us to successfully port existing comments, the protocol would need to trust Showtime for their authenticity. šŸ›”

At Showtime, we use cookies and sessions to remember your address after you've logged in. šŸŖ This allows us to ensure no one but the user can call the "create comment" endpoint. It does not allow us to prove that we haven't manually added entries to the database. šŸ˜…

If you believe that the blockchain will eventually take over, and want to migrate existing data when it does, we need a "semi-paradigm shift" to how we do things. I call this web2.5

The idea is quite simple: get rid of cookies and sessions. Each request gets signed by the user's private key, and we store the signature alongside the effect. If we ever need to prove that the user really performed an action, we have the signature to back us up. šŸ”

Of course, this requires new tooling both on the user and on the server side. The backend side is easier since we just need some middleware for validating signatures and a few changes to the schema of your apps. I'm planning to build a @laravelphp example and release it soon šŸ‘€

The front end is harder, especially because prompting the user with a signature modal each time they perform an action is pretty horrible UX. Last week, I experimented with the concept of a "web2.5 wallet", with no concept of money or transactions, just signatures. šŸš€

This wallet features EIP-712 signature auto-approval permits, allowing applications to request access to auto-signing certain types of data. šŸ”’ "Do you want this website to automatically sign data that follows this app-specific format?"

Obviously, this whole thing is a big work in progress. I've chatted about this model with some frens (@StaniKulechov, @pedrouid, ...), but would really love some more thoughts from crypto and tech twitter! Let's build bridges to the new web, together āœØ