How to make Web3 safer for users
Web3 is the next generation of the internet. Image: Sproutsocial/Brendan Gahan
- The Web3 universe of blockchain, non-fungible tokens and cryptocurrencies is intended to democratize various areas of life, but it's actually extremely difficult to use, says the Wharton School of the University of Pennsylvania.
- User experience designers and usability engineers – as well as regulations – are needed to make the space more hospitable.
- Educational resources will also help people make the major shift from Web 2.0.
Crypto and Web3 have a problem. No, not the recent fall in Bitcoin’s value, the collapse of “stable coin” Terra (LUNA), the fact that early projects offered little utility and were mostly driven by asset speculations by a small but vocal community, or even the widespread accounts of fraud. This problem is of equal or greater concern, one that will outlast market fluctuations and a lack of proper regulation. It is that, for a product meant to democratize everything from investment to activism to art, Web3 — the universe of blockchain, non-fungible tokens (NFTs), and cryptocurrencies — is devilishly difficult to use.
“Getting and spending we lay waste our hours,” wrote Wordsworth in his poetic critique of capitalism. With cryptocurrencies, it is not the getting that eats up time or requires technical savvy. Part of their appeal, in fact, is how easy they are to buy. Buying Bitcoin or Ethereum is as straightforward as setting up an account with one of the many registered exchanges and linking it with a credit card (or source of funds).
It’s the spending that has occupied embarrassing quantities of our time over the past couple years — and which we believe represents a real cap on how world-changing these innovations can be. Initially, the issue with Crypto was the inability to spend it on anything other than illicit purchases on websites like Silk Road. All that changed with the emergence of NFTs and decentralized autonomous organizations that allow users to buy digital art, or invest in musicians in return for a share of their royalties, or join clubs that provide them access to IRL (in real life) activities like concerts or networking events. But participating in these projects — or operating within Web3 in general — requires you to be able to understand and act on smart contracts written in code, often in seconds.
Both of us have worked in tech for decades, and one of us is proficient-to-fluent in the programming languages employed in the cryptoverse. Yet even we have found the simple process of interacting with smart contracts and investing into a Web3 project from funds held in a crypto wallet difficult and tedious.
It can sometimes take days to figure out how to invest early in an NFT that excites you, or claim a reward for a contribution you made to someone else’s project. The issue is that some NFT projects may not have a website, meaning you have to go searching on Twitter for details of what is being offered and how to purchase it. There might be different sets of instructions, complicated by contradictory advice from people on Discord, the main platform for conversations about Web3. Some of the advice is well-meaning but incorrect, and some malign.
To complete a transaction to buy an NFT, you usually have to connect your crypto wallet to a site which will interact with the smart contract and ask you to sign a transaction. Often the transaction text is composed in a way that is hard for users to understand and does not put plainly what the transaction is requesting. This leads users to sign transactions that might give malicious contracts the rights to drain their wallet of cryptocurrencies and assets.
One of us — Kartik — had tried to acquire an NFT from a project devoted to bringing more women into Web3. Unfortunately, the project was very popular and he failed to get one of the few available NFTs. Later, a direct message arrived about a newly released set of NFTs. Distracted by a phone call, Kartik followed the link, and failed to notice he had been led to a copycat site. Still on the call, he bought the NFT. Even though he realized his mistake within seconds, it was too late: he had been defrauded of about $350. But it could have been worse: deep in the code of the contract he had signed, there might have been permission to do more than transfer a few hundred dollars; it might have emptied his crypto wallet.
What is the World Economic Forum doing about improving online safety?
Admittedly, FOMO (fear of missing out) was partly to blame. If Kartik had waited for the call to finish, read the contract carefully, and double-checked with an expert that he had understood it correctly, he might have spotted the scam — but he would also have missed his chance to be part of a coveted project.
Similarly, Myriam wanted to acquire a free NFT from a project that had a lot of hype. With such projects, one must be quick to secure the NFT. When time is tight, you do not have the opportunity to do the due diligence that is often required before interacting with smart contracts. To mitigate this risk, Myriam has what she calls a throwaway crypto wallet, one set up with very little funds and that she uses to interact with websites and contracts that she does not trust. This technique is used to avoid what happened to Kartik above. Despite the NFT being free and the throwaway wallet, the project needed the users to interact directly with the contract. The many layers required to obtain the free NFT made it so that Myriam was unsuccessful. The same NFTs later sold on the secondary market for a sizable premium.
FOMO or the need to make split-second decisions is hardly the province of Web3 alone. But people scrambling for Gap’s Kanye West puffer jacket last winter didn’t stand to lose hundreds of thousands of dollars by accidentally walking into a lookalike store that is also called Gap and designed to look exactly like the original store. And real-world or Internet fraud — Chinatown knock-offs or email scammers — doesn’t generally require a computer science degree to spot.
What solutions could lead to a safer Web3 experience?
Most crypto enthusiasts want better safeguards against fraudsters, and other morally dubious actors. So yes, bring in regulatory clarity. But also bring in the user experience designers and usability engineers. Here are a few steps that could be taken at the hardware, application, and community level to make the space more hospitable.
- Design a more comprehensive user experience. The fact that transaction requests are unintelligible to most users creates an obvious barrier to adoption, and an easy way to be misled. Using simple texts to demystify transactions would be a great help. What funds are being moved? In which direction? What specific permissions is the user granting when signing a transaction?
- Flag dangerous transactions. Crypto wallets can offer timely information about the potentially malicious nature of contracts users are interacting with. They can allow users to rate a transaction or counterparty, track whether other users have flagged a contract or a counterparty as fraudulent, and display warnings to users before they sign the contract.
- Provide educational resources. The NFT space is decentralized, and self-custody is a constitutive element of Web3. This is a major shift from Web 2.0. Educational resources will help safely onboard more users into the space.
Web3 may well become the new paradigm, but we don’t see it happening unless the community first addresses the usability and security challenges that currently plague this space.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
The Metaverse
Forum Stories newsletter
Bringing you weekly curated insights and analysis on the global issues that matter.
More on Financial and Monetary SystemsSee all
Rishi Kapoor
December 20, 2024