Tradeoffs between Web2 and Web3 accounts
Direct from the desk of Dane Williams.
A look at Web2’s ability to recover hacked accounts and why when it comes to censorship-resistance, you can’t have it both ways.
The balancing act between account recovery and censorship-resistance in Web3 is real.
We’ve likely all been in a scenario where we’ve fucked up and had one of our Web2 accounts compromised in some way shape or form.
Usually the solution is as simple as messaging the company, proving your identity and getting your Web2 account back.
Easy.
But while the ability to recover your account in this way is great, it also means that same company has all the power in the world to censor, ban or even commandeer your account whenever they please.
In today’s blog post I compare the advantages of Web2’s account recovery options with Web3’s censorship-resistance.
And ultimately make a case for why you can’t have your cake and eat it too.
Can YouTube recover hacked accounts?
Yes, YouTube can recover hacked accounts.
All YouTube accounts are housed on YouTube’s servers which they are in complete and total control of at all times.
This is peak Web2 and absolutely fantastic when you let your guard down and find yourself with a compromised account.
Recently, YouTuber DidYouKnowGaming, with 2.4 million subscribers, reported a hack on his channel.
An anonymous bad actor hacked into his channel to promote XRP by changing the YouTuber's profile and cover images to Ripple's logo.
I take it the idea was to push some sort of phishing page with the bait being one of the most well known names in crypto.
But running their Web2 model, YouTube was able to help DidYouKnowGaming regain access to his channel swiftly. Y
The company's quick intervention ensured damage control by preventing the hacker from interacting with the channel's subscribers.
You can’t deny that in this case, it’s a win for all.
It’s certainly reassuring to know that the companies running Web2 platforms can help recover accounts when they are compromised.
But as we'll see in the next section, there's a flip side to this convenience.
That convenience comes at the cost of censorship-resistance.
Does this mean YouTube can also take over any account?
While it would be an extreme reaction, the answer is still yes.
YouTube has complete control over all the accounts on their platform, meaning they can take over any account at any time if they wanted to.
On the surface, this might seem like a good thing.
Just like in the case of DidYouKnowGaming, it means that YouTube has the power to recover accounts that have been hacked or taken over by bad actors.
But when you dig deeper, this is also a tradeoff.
By giving YouTube complete control over accounts, it means that the platform has zero censorship-resistance.
You are completely at the mercy of the standards, morals and whims of YouTube, a for-profit company with its own set of vested interests.
If YouTube decides that your account violates their terms of service, they can delete it without warning.
If YouTube decides that your content is inappropriate, they can demonetise it or even remove it from the platform altogether.
This is the trade-off you face between account recovery and censorship-resistance in Web3.
While it might be convenient to have a company like YouTube take care of account recovery for us, it also means that we're giving up control and putting our trust in a centralised authority.
Now YouTube seems trustworthy.
But like all powerful companies, they’re trustworthy until they’re not.
Once again, you can see the convenience of Web2 comes at a cost.
Can a hacked Web3 account be recovered?
The short answer is no, a hacked Web3 account cannot be recovered.
Take the example of Hive crypto (HIVE) accounts, which are housed on the Hive blockchain.
Unlike YouTube, there is no central authority controlling Hive accounts.
Just a network of distributed nodes, elected via stake weighted voting of an extremely well distributed coin that featured no pre-mine.
On Hive based Web3 platforms, content is published directly to the blockchain and each user has their own account that only they can control via private keys.
This means that accounts on Hive are truly censorship-resistant.
Nobody can take away your ability to publish to the blockchain via your Hive account.
Nobody.
However, this comes with the tradeoff of personal responsibility.
If you lose your keys or have them compromised, there is no one to save you.
Ever heard of the saying not your keys, not your crypto?
Well the same applies for your Web3 account.
You as an individual are solely responsible for your own security.
But as long as you're in control of your keys, you have full censorship-resistance.
This is a key difference between Web2 and Web3.
Web2 platforms might offer convenience and account recovery.
But that comes at the cost of control and censorship-resistance.
Account recovery and censorship-resistance: You can’t have it both ways
Unfortunately, you can’t have your cake and eat it too.
Censorship-resistance comes with extreme personal responsibility.
Web2 platforms like YouTube offer convenience and account recovery.
But at the cost of giving up full control (your account is actually not your account at all) and censorship-resistance.
On the other hand, Web3 platforms like those running on Hive, offer true censorship-resistance.
But with the tradeoff of requiring immense personal responsibility.
As we've seen this week with the example of DidYouKnowGaming, YouTube's ability to recover hacked accounts is impressive.
However, this is only possible because of the centralised control that YouTube has over its platform.
If you're looking for true censorship-resistance, then you'll need to turn to Web3 platforms like Filecoin (FIL) and the SPK Network, which use Hive accounts.
These platforms offer a more decentralised approach to content publishing and storage, where each user is solely responsible for your own account security.
This might be less convenient than the Web2 approach, but it also means that you remain in full control over your account and the content you can publish.
The bottom line is that with Web3, you are in control of your own security and have full censorship-resistance.
This is especially important for creators who derive revenue by having the ability to put your message in front of your audience.
For me, the message is clear.
While Web3 may require more personal responsibility, the benefits provided are unmatched by Web2.
Make the shift and start onboarding your Web2 audience onto a Web3 account today.
Best of probabilities to you.
Posted Using LeoFinance Beta
It's unfortunate but that is why people need to consider where they put their recovery keys. It makes me wonder but I wonder just how many people will want to take that responsibility. When I forget my password on some sites, I always just use the forgot password option but that doesn't exist in crypto.
Posted Using LeoFinance Beta
Personal responsibility is a huge aspect of crypto and quite frankly, the majority of regular people just don't want that burden.
But for businesses or anyone with a business that requires them to put their message in front of an audience before they get paid (Monetised Web2 content creators included), it's reckless for them to not be onboarding their following to a Web3 account.
Posted Using LeoFinance Beta
Ah, should've read the comments before replying as you already mentioned recovery. :D
I sometimes see it like growing up from a child to an adult and becoming responsible for yourself. More possibility to become a sovereign individual on web3.
Haha that's an interesting way of looking at the shift from Web2 to Web3.
I like the metaphor 🙂.
Posted Using LeoFinance Beta
Indeed! Glad you liked it. There's a fundamental change between web2 and web3 in terms of the user's perspective.
This isn't 100% true on hive, if you have your keys compromised you can reset them by having your account recovery on someone active and around, they can then initiate a reset as long as you prove you're the original owner by still having your old keys and contacting your account recovery person. This means that your keys will reset with the real owner re-gaining access to the account and locking away the person who stole them and changed them. Usually they do take any liquids you have around but being staked is another security measure here that works in your favor compared to other web3 accounts like eth/btc/etc.
Ah yep, spot on.
In your experience would you say that you're better off setting your recovery account to one of your own alts.
Or to a 'trusted' friend or community member here that has no link to you/your computer?
Posted Using LeoFinance Beta
Good question, as long as they're separate from each other and offline I guess it's the safest method. I haven't had my owner/master keys near my PC in forever so haven't even bothered switching recovery from steem yet on this account, but there's too many people out there that keep them in emails or clouds or on their harddrive so probably best the recovery is the account creator or someone they trust in that case. Worst case is if the account creator isn't that active/around anymore like some on hive already.
Alt can be good if you know what you're doing, but if you already know what you're doing you're most likely not going to get hacked in the first place I guess.
I find I do get lazy stop thinking about it for stretches of time.
Just gotta reset from time to time and ensure I don't caught out doing something dumb!
This message was that reset :)
Hive account recovery
Hive's account recovery mechanism is another reason why I think we're streets ahead of other networks.
The mechanism ensures you do have a fallback available (if you've set it up properly!).
But that you also don't sacrifice censorship-resistance in the meantime.
On a Web3 Hive account, maybe you can have your cake and eat it too!
Posted Using LeoFinance Beta
Has a Hive account ever been hacked? It seems to me, if an account can be hacked, then the hacker has the ability to censor your account. Is that possible. Has it been done?
Well, if you no longer have your keys, then it's not your account anymore.
So that doesn't count as censorship ;)
But as acidyo said in the comment above, Hive actually has a unique account recovery method where even if your keys are compromised, there is a way to get your account back.
A way that doesn't actually jeopardise the censorship-resistant nature of the network by giving ultimate control to a centralised entity.
Hive is awesome.
Posted Using LeoFinance Beta
Yeah, I thought the same thing as acidyo when I read this, but I thought I'd challenge you on the censorship angle. Technically, what you say is correct. Not your account, you aren't really being censored. But I was also wondering if accounts ever get hacked on Hive. Has that actually happened?