The ecosystem of Web3 and DeFi is struggling to cope with recent crackdowns, but hostile regulation is not the only issue that awaits us in the near future. There are many Internet monopolies that we don't talk about enough.

The Web

The Web is monopolized by Big Browser. We essentially have three companies developing infrastructure (web browsers) that the entire population of the Internet blindly uses for all aspects of their lives. Personal data is stored everywhere without concern for privacy or security. You might say that there's many web browsers to choose from, but let's see how this is false.

Market share of today's browsers (source: Wikipedia)

Google, alongside all the other monopolies it has on this planet, owns a massive share of the browser market. In fact, it's over 70% when we consider that in the top six, four of them are based on Apple's WebKit and in turn, Google's Chromium codebases! People say there are other alternatives, but I did a quick search for “alternative web browsers”, and pretty much just found more that are based on Chromium: such as Brave, Vivaldi, and some more quick forks that are just used for marketing.

So in these top six, we have only a negligible ~3.5% share for Mozilla's Firefox. Pretty sad if you ask me.

While Google¹ and Apple² actively spy on their users, Mozilla has a hostile passive-aggressive relationship with its users³. We can see this in how they have been diverting their attention into products to censor wrongthink. They seem more concerned with their SJW crusade than actual market acquisition.

This leaves the web in dire straits — and introduces a big attack vector for DeFi projects.

Consider that the absolute majority of DeFi protocols are hosted as Javascript apps on the web, implying the necessity of having a browser-based wallet as a browser plugin. With the sheer complexity of the browsers' source code (and some are closed-source), there is nothing stopping these companies to farm data on your funds, sell or share it with other companies or agencies, or even steal your funds if they feel like it. The software complexity and the lack of ethics in these companies has made this a very likely possibility.

DeFi Apps

Developers today have a lack of education in privacy and security, and also a lack of knowledge on how computers actually work. We live surrounded by complex software which receives new versions and updates day after day. RAM and CPU consumption never reduce, they increase. Software still provides the same features from years ago, but everything looks new. This is called “progress” in the new speak of proprietary software development. This has evolved into a complexity no young programmer can understand. They are forced into the industry due to “life events” and are degraded to robots that can only mechanically apply what they learned at programming school (e.g. life, university, ...). This circle is producing even greater complexity.

Also worth noting is the fact that since the corporate world entered the crypto ecosystem, there's an influx of proprietary (closed-source) wallets and DeFi apps. For some reason, users stopped caring and feel comfortable using these proprietary platforms which offer no way of auditing or verifying the code and behaviour yourself.

Proprietary culture opposes the core ethos of crypto. Yet it has become accepted within the ecosystem.

CDNs

With increased demand for hardware resources, developers will trade their projects' sovereignty for convenience. One example of this are CDNs.

source: thingsinmotion@Twitter

I have found very few DeFi apps on Ethereum and Solana that don't use some CDN like Cloudflare or Infura to host their Javascript web app. They are being used to ensure high availability for apps, so when lots of users access it, the underlying servers are able to handle the traffic without slowing down or crashing. In principle, this sounds very helpful and useful, even beneficial, but let's see what's wrong with this approach. I will talk about Cloudflare, but this basically applies to any centralized CDN out there.

To better understand this problem, here's a short preliminary on what TLS encryption is on the web. Web servers use TLS certificates to encrypt data being communicated between them and their clients. This is necessary because otherwise anyone in-between you and the endpoint server would be able to read all the data you are transferring, and would even be able to change it while it's being transferred. Therefore, we exchange keys with the server to encrypt our traffic on every connection, so that only the server sees it. Sounds good? OK.

When we host an application behind Cloudflare, it becomes the endpoint server for clients. This means in order to implement TLS encryption Cloudflare has to hold the secret keys. Can you already see what's wrong with this?

By holding encryption keys, Cloudflare is able to decrypt all incoming traffic and spy on you. All this because the developer has traded sovereignty for convenience. This could mean that the devs don't care about you, or they just don't know what's going on. In any case, try to educate them and find better ways.

Another way in which Cloudflare is attacking users (and weirdly boosting Google's profits) is by blacklisting traffic. If your IP address is in their blacklist database, you will get a big “One More Step” screen where you have to fill in a Google Captcha and teach Google's AI how to drive by doing it — for free! By allowing Cloudflare to hold a monopoly over high-traffic web apps, they are now able to censor users from various countries and users who are using anonymizing software like Tor from accessing these apps. This means, very often, that you have to deanonymize yourself when you're using DeFi. Cloudflare doesn't let you be anonymous or visit sites from your home country.

Now you might think that VPNs can help you with this, but VPNs are just glorified proxies. The VPN provider can also see all your traffic, and do whatever they want with it — including logging. Read more about VPN issues here.

The browser wallet endpoints are also controlled by these Big Tech CDNs, and therefore are able to link you with your wallet. Meaning they know where you live. Additionally, wallets have built-in telemetry which also link your crypto addresses with your IP address, and therefore you are tracked.

Consequences

The Bitcoin grassroots movement and culture of sovereignty and censorship-resistance has been lost to a big influx of Silicon Valley influenced “developers”. Very little thought is given to decentralization and user protection. In fact, the current movements are statist and believe there are few adversaries that would do you harm.

What we are witnessing is the destruction of trust in crypto. Over 35 large DeFi hacks happened in 2022 so far. The platforms that got hacked include centralized bridges, proprietary wallets, closed-source smart contracts, and man-in-the-middle attacks on infrastructure. All of these happen because of the implications we mention above. Vulnerabilities and supply-chain attacks are abundant within the complexity of the Javascript ecosystem and hackers have no trouble finding them. On the other hand, crypto is full of inexperienced developers who have nobody to learn from because nobody knows what's happening — and therefore write insecure code which gets exploited because of bad programming practices. This complexity is introduced into the minds of software programmers by their oppressors that transfer money into their bank accounts every month.

Corporate software designs are monolithic, built for surveillance and tracking.

Most developers spend their life in corporate coding and get indoctrinated into janitorial work. Later they become “senior” and the cycle continues. This results in old centralized paradigms of handling and (mis)managing data.

From this corporate mindset, some developers move into crypto and apply the same semantics:

Closed-source code

If there are bugs, only the vendor can fix them, while attackers can still exploit them. We will often hear silly arguments like:

• “muh intellectual property”

• “muh security”

• “muh competition”

All of these are blatantly false. For intellectual property, we have real licences like the GNU AGPL⁴. Your software doesn't have to be closed-source in order to protect IP. Some will say there are licences like MIT, but these type of licences appearing in the community is evidence of the same circle of complexity. Your MIT software is used in war machines to kill people and the companies will never give back. So enforce the GPL. It is necessary.

Security is another silly argument based on ignorance. It's mostly managers and janitorial developers who introduce this argument. They are not aware of the huge market of software exploits, and that hackers actually benefit from attacking closed-source software since the chances of it having bugs is much larger. If your code is open-source, your users (and anyone else who's interested) can look at the code and find bugs even before you deploy software in production. There are many examples of this which can be found with little effort.

Finally, there's “muh competition”. This one spawns from the fear of your competition stealing your code. As I mentioned above, the GPL would actually protect you from this, since it would also enforce your competition to use GPL. Alternatively if your competition only has closed-source products, then you're at an advantage by writing free software, because you have an edge in building a community around your product while your competition is stuck in cuck corporate mode.

Hating their job and their users

Without ideology and focus, the developer is purely building a product with no bigger picture in mind.

See also: “Pump and dump scheme”

Way too many projects are simple cash grabs with no actual goal. The market apes in, and you get used as exit liquidity by more experienced traders and/or VC's. After that, such projects slowly die because they failed to capture value and were just concerned with personal gain rather than creating something beneficial for the world.

Centralized services like Google Cloud and Clownflare

These are tools of complete distrust and lack of privacy that facilitate surveillance by Big Tech.

Projects and users freely and comfortably give their personal and project-internal data to corporations like Google and Notion. Communication is exchanged on corporate and/or unencrypted platforms like Discord and Telegram. The list goes on endlessly, but there's no space. Just know that all this data in the hands of corporations will eventually be used against you in one way or another.

Government crackdowns

With the recent Tornado Cash crackdowns⁵, the US government has publicly tagged all of its users. Circle was forced into blacklisting the USDC token smart contract for Tornado Cash users and the Tornado Cash contract. This is where censorship-resistance failed, since trust was placed in a corporate stablecoin. Additionally, Clownflare owned the main web app entrypoints, which they have censored when the sanctions happened. This kind of behaviour blocked less experienced users because they did not know how to find another way to access the app.

However, this is a hydra, because stronger technology is being developed and many more projects like Tornado Cash will come into existence. On many fronts this is already happening and communities are beginning to wake up.

Enter, DarkFi

By understanding the narratives laid out above, there is an obvious need for anonymity, privacy, and security in the crypto space. It is not possible to build on top of existing systems, since on the base level they were never imagined to provide any of this. With DarkFi, a new ecosystem is being built. This is an ecosystem for lunarpunks and anyone else who needs a sanctuary.

Anonymous → Zero-knowledge proofs & MPC

Using recent advances in zero-knowledge proofs, we are able to anonymously prove statements. The cryptography allows us to have money which we can exchange through unlinkable and anonymous transactions. These transactions do not reveal parties that are making the exchange, nor do they reveal anything about the volume or token type.

DarkFi allows us to build anonymous DAOs (an abbreviation that I recently started calling “Decentralized Anonymous Organizations”), which are organizations resistant to attacks and surveillance. We are able to have anonymous voting that is unbiased, trustless, and coercion-resistant.

These mechanisms also allow us to build DeFi markets, which are private for users and therefore pose no risk to tracking, surveillance, and ultimately — theft.

Uncensored → P2P networks

DarkFi is not just crypto, it is an entire ecosystem. It brings ways to store files and data in a decentralized fashion, reducing the power of CDNs that control the gates of entry on DeFi apps. DarkFi gives lunarpunks a way to anonymously communicate and not be censored using a decentralized P2P chat that also has plausible deniability.

We have also built a decentralized task management platform for projects and DAOs. These tools allow us to break from the stranglehold of proprietary web platforms and take back control over our data.

Ultimately, everyone who runs a node for any of these tools contributes to fighting corporations and censorship. The more nodes are running, the harder it is to censor.

Sovereign → Independence from central authorities on the Web

DarkFi is a Layer-1 blockchain with privacy by default. We believe this is the only proper solution to privacy in crypto, and do not foresee any long-term success with privacy protocols slapped on top of blockchains like Ethereum or Solana. Now, you may ask: “aren't Monero and Zcash already private?”. Yes, they are, but the distinction between DarkFi and XMR/ZEC is that the latter two are money, while DarkFi is financial apps.

In our software, we claim sovereignty by minimizing required dependencies and applying UNIX philosophies to our development. In contrast to monolithic web apps, we feel that this approach is successful in the long term because we do not allow complexity to evolve, nor do we employ massive technical debt. A modular and non-corporate approach to development makes these things much easier to achieve.

With the concerns presented above in the article, DarkFi is creating a post-web paradigm. The browser cabal, the CDN cabal, the surveillance — these are not going to succeed. It is time to reclaim the desktop and harness its power.

Market acquisition drives the corporate technology paradigm. Products are built to become obsolete and maximize value extraction from their user base. Social media companies use the latest psychological research to create addictive platforms to trap users, harvest their data and sell it to research companies and intelligence agencies. Hundreds of software apps are built for low IQ normies to onboard them with “minimal friction”, which results in unusable cumbersome web UIs that disempower users while flashing them with adverts.

The Linux paradigm by contrast doesn't build for the mass market. Instead, it has an alternative route to power. It provides infrastructure that empowers communities. Users are considered strong and capable. Software is deliberately simple and infinitely composable. In the proprietary paradigm, users are treated like sheep and are herded and fleeced, while the Linux paradigm brings users together to construct mutual systems toward the democratization of society.

The Dark

Crypto is continuing to split into two. RegFi is bolted down and unusable for anyone who cares about their privacy. The other side is the underground DarkFi. The Dark is private, resistant to adversaries and censorship. The Dark is empowering.

Let there be Dark.

Written by @parazyd, 2022. Thanks to @narodism and @lunar_mining for reviewing.