Why NFTs are bad: the long version

NFT Artist & Cryptobro Blocker (for Twitter)

If you want to remove NFT artists and cryptobros from your timeline, I have created an app to do that. You can find it here:

PDF version of this article (LaTeX)

This article is available as a pretty PDF if you would prefer to read it that way. You can download it from Dropbox here.

Table of Contents

· Abstract
What are NFTs?
· A summary of why cryptocurrencies and NFTs are scams
· An explanation of blockchains
Blockchain consensus systems: how user voting power is decided
Proof of Work (Bitcoin, Ethereum, Dogecoin and others)
Proof of Stake (some smaller cryptocurrencies)
Delegated Proof of Stake
The underlying fatal flaws of all these consensus systems
51% attacks
False sense of security in PoS and DPoS
PoS: Why slashing is useless
DPoS: ‘Democratic’, in all the wrong ways
Proof of Work: Tragedy of the Commons
Recovering from blockchain takeovers
· Byzantine Fault Tolerance, and its weaknesses in decentralised blockchains
Why decentralised blockchains can’t scale
Why alternative consensus ‘algorithms’ are not feasible
Blockchain conclusions
· The basics of cybersecurity, and why only the ‘weakest link’ in a security system matters
Malware
Phishing
Distributed Denial-of-Service (DDoS)
Man-in-the-Middle Attacks (MotM)
Credential Stuffing & Password Spraying
Users are the weakest link 99.9% of the time
· Why don’t NFTs work?
NFTs are not ‘unmodifiable’
It isn’t physically possible to prove ownership of an item
· Environmental impact of NFTs
NFTs and crypto are forcing other businesses out of renewable energy
The misleading narrative of “other things that pollute as much as NFTs/crypto do”
· Why the hype for NFTs?
Greater fool theory and tax evasion
NFTs as bets on the price of cryptocurrency
Outright crime
· Why cryptocurrencies don’t work
Impossible to regulate transactions
Default rates
Chargebacks: adult content, and all other kinds of purchases
· Appendix A: Art stolen and minted as NFTs

Abstract

This article explains in detail what NFTs are and why they don’t work.

What are NFTs?

NFTs (non-fungible tokens) are intended to be unique digital identifiers; a kind of “uncompromisable digital record”. They are not in fact anything like this, but this is what they claim to be.

A summary of why cryptocurrencies and NFTs are scams

These points are explained in further detail in the rest of the article; this list is here for a brief at-a-glance view.

  • Blockchains (which NFTs rely on) are in the best case no more secure than ‘normal’ relational database storage systems, and in most cases are less secure
  • Cryptocurrencies have no innate value and are only useful as a pyramid scheme, something big crypto influencers are knowingly using to profit from those who don’t realise it
  • Both cryptocurrencies and NFTs cause high environmental damage, and there are no viable systems to deal with this problem due to security considerations

An explanation of blockchains

Before we get into why NFTs don’t work, first we must understand the underlying fatal flaws of blockchains in the context of cryptocurrencies and NFTs.

An example linked list, via GeeksForGeeks.
An example of blockchain structure.
  • Decentralised blockchains (no central authority — any user can write onto the blockchain or modify it, so in effect the users as a whole are the central authority).

Blockchain consensus systems: how user voting power is decided

In order to validate new blocks on a blockchain where the users are the authority, you have to be able to reach consensus on who should write that block and whether the block is valid. This means in a sense that the blockchain needs to solve the well-known Byzantine Generals problem, an ever-present issue when it comes to distributed systems, and one which we will examine a little bit further later on.

The Byzantine Generals problem.
  • Proof of stake: a user’s mining power is determined by how much currency they ‘stake’ (in practice, this is generally equivalent to how much currency they own)
  • Delegated proof of stake: Same as above, except a user’s mining power is not used to determine writing or validating blocks directly, but is used to vote for the ‘delegates’ who will write and validate blocks on behalf of all users.

Proof of Work (Bitcoin, Ethereum, Dogecoin and others)

Proof of work as a concept is simple: the person to write the next ‘block’ of transactions is chosen at random, proportionally according to the amount of ‘work’ they have done. The chosen miner is then rewarded with new coins or some existing coins for that work (all others get none; it’s more of a lottery than a guaranteed return).

Proof of Stake (some smaller cryptocurrencies)

Proof of stake works in a similar-ish way to PoW, with one major difference: instead of choosing the miner who will write the next block randomly proportional to how much ‘work’ they did, they are chosen randomly proportional to how many coins they hold.

Delegated Proof of Stake

Delegated Proof of Stake is very similar to PoS, but with one major change: instead of the next miner to write a block being chosen randomly according to how many coins they have, their coins are used to randomly decide (again, proportional according to how many coins they have) who the ‘delegates’ are. These ‘delegates’ then decide by majority vote on the next block.

The underlying fatal flaws of all these consensus systems

The (alleged) purpose of Bitcoin and other cryptocurrencies is to make the financial system “fairer”, by ensuring that banks and governments do not control the currency or exert undue influence/corruption, etc. In order to explain why cryptocurrency — and consensus systems of any kind — do not solve this problem, we will look at some of their weaknesses.

51% attacks

A 51% attack (much like a hostile takeover in business) involves controlling more than half of the blockchain’s mining power. For each consensus system this would mean:

  • Proof of stake: controlling ≥51% of the currency
  • Delegated proof of stake: controlling ≥51% of the currency, allowing you to fill the group of delegates with your subordinates

False sense of security in PoS and DPoS

To quote Investopedia:

PoS: Why slashing is useless

Slashing refers to a process used in some PoS cryptocurrencies, that penalises those who perform malicious actions or give incorrect validations on the blockchain when acting as validators. The idea behind this is to disincentivise attempts at takeovers or other malicious activity; however, it is useless in practice, because it requires assuming that the malicious validators are foolish and disorganised.

DPoS: ‘Democratic’, in all the wrong ways

DPoS is frequently cited as being more “democratic” than PoS, as owners of the currency vote for delegates to represent them. However, this is true for all the wrong reasons.

Proof of Work: Tragedy of the Commons

One of the primary problems with existing PoW cryptocurrencies is their reward structure for miners. There are two ways in which miners are rewarded for validating transactions on the blockchain:

  1. Transaction fees

Recovering from blockchain takeovers

There are only two ways a blockchain can recover from being hit by a 51% attack in practice. The first is only applicable to Proof of Work: because total mining power is based on hardware (a continually changing resource) and not coins, new hardware can be added outside of the current mining pool, reducing the 51% miner’s total share.

Byzantine Fault Tolerance, and its weaknesses in decentralised blockchains

In distributed systems, Byzantine fault tolerance is related to the Byzantine Generals Problem, and is a measurement of a system’s ability to resist arbitrary ‘byzantine’ failure by one or more components. Byzantine failure means failure that is not necessarily predictable, and where you don’t necessarily have enough information to know that failure has occurred: a component might stop working, it might continue to give correct results sometimes and wrong results other times, it might give random results all over the place, or it might just keep giving bad results all the time.

  • Hardware failure
  • Human interference (e.g. a soldier tampering with sensors on an enemy warplane)

Why decentralised blockchains can’t scale

Proponents of cryptocurrencies, while acknowledging they are currently extremely inefficient and slow (both in energy per transaction and the number of transactions they can handle in a given timeframe), continually talk about how new improvements will fix all that. Spoiler: they won’t. How do I know this?

An example of ‘sharding’, or horizontally partitioning a relational database.

Why alternative consensus ‘algorithms’ are not feasible

A few blockchains, such as the previously mentioned Avalanche, use different algorithms to decide consensus. Before I explain why Avalanche isn’t secure, a simple fact: it’s not possible to make a ‘more secure’ decentralised consensus algorithm than majority vote. I will explain why Avalanche doesn’t work as one example of this.

The basic concept of the Snowball algorithm.
Political gerrymandering, explained visually. Via the Washington Post.
An excerpt from the Avalanche article.

Blockchain conclusions

The overall conclusions of all of the above flaws is clear: they all point to similar scenarios, in which rich entities or those with control of large amounts of hardware would effectively control the currency to their advantage sooner or later. While it is of course not possible to say that real-world currencies don’t have this problem, cryptocurrencies don’t in any way improve upon them in this regard, as it’s not a problem a currency can solve in itself. Unlike cryptocurrencies, however, it’s possible to solve this problem with real-world currencies by enacting suitable laws (the reasons for why this hasn’t happened already are complex, but largely boil down to those with vested interests resisting such laws.)

The basics of cybersecurity, and why only the ‘weakest link’ in a security system matters

One of the main problems with blockchains, other than everything explained above, is the fallacy of believing that they are ‘secure’ in and of themselves. In all computer security, the only relevant factor is how easy it is to compromise the least secure part of a system. If you can do that, you now have access to the rest of the system, rendering the rest of the security useless.

Security flow, from most secure (encryption) to least secure (user).

Malware

Quoted from the above article:

Phishing

Again, quoting from the above article:

Distributed Denial-of-Service (DDoS)

This isn’t relevant for this article, as DDoS focuses on bringing a website down (making it unable to serve legitimate requests from users by flooding it with illegitimate traffic), as opposed to actually compromising its security.

Man-in-the-Middle Attacks (MotM)

Quoting again from the above article:

Credential Stuffing & Password Spraying

These are very similar types of attack. Credential stuffing is where, having compromised one website’s user credentials, you try them again on another website (hoping that the user was using the same credentials across multiple websites). Since many users do, that’s often a successful strategy.

Users are the weakest link 99.9% of the time

This is important to state, because when it comes to “amazing new security innovations”, they basically don’t exist because of the fact that users remain the weakest link on the chain.

Why don’t NFTs work?

The primary reason they don’t work is that they are trying to solve an unsolvable problem: proof of ownership. Before explaining anything else, we must first establish what it means for an NFT to “work”. This means the following:

NFTs are not ‘unmodifiable’

In order to understand why this isn’t true, we must examine the blockchain again, and learn about cryptography.

  • Decentralised blockchains (no central authority — any user can write onto the blockchain or modify it, so in effect the users as a whole are the central authority).

It isn’t physically possible to prove ownership of an item

Proving ownership of an item — with any technology, is provably impossible. Even if blockchain had absolutely no weaknesses and could not be compromised in any way, NFTs cannot prove ownership — not now, and not in the future either. Let us take an example to demonstrate this.

A comedic example of the problems of decentralised disputes: without a central authority to decide which party is correct, one party can disagree forever irrespective of facts or evidence.

Environmental impact of NFTs

There isn’t any serious debate to be had about the environmental impact of NFTs. While it’s perfectly reasonable to state that current estimations of carbon emissions are just that — estimations with a lot of unknowns —even the low estimates are absolutely gargantuan compared to the quantity and ‘uses’ of NFTs.

NFTs and crypto are forcing other businesses out of renewable energy

Due to the limited amount of renewable energy available both now and for the foreseeable future, the environmental damage caused by mining for PoW cryptocurrencies doesn’t depend on whether they use renewables or not; when they use renewables, it simply forces other businesses to use fossil fuels by driving the price of renewables up and making them unviable. This is on top of the massive amount of hardware waste mining produces; huge amounts of computing equipment are used for it with no objective benefit whatsoever.

The misleading narrative of “other things that pollute as much as NFTs/crypto do”

It’s perfectly true to say that for example, Bitcoin currently uses almost as much as — say — gaming/YouTube, which could be seen as small overall. However, this is completely misleading when put into context:

  • Cryptocurrencies account for a small % of global emissions right now, but are one of the only solely artificial things to do so — and will continue to become bigger and bigger in their emissions, as they already have done, because of the nature of the proof-of-work systems on which most cryptocurrencies rely. This can be seen in the University of Cambridge graphs as well.
  • As of September 2021, a single Bitcoin transaction uses more electricity (1810 kWh) than one million Visa transactions. According to the US government, a single kWh of electricity costs 13.90 cents, meaning each Bitcoin transaction would cost $251.59 to process. There is no viable way to make this more efficient (techniques like sharding, and alternate consensus mechanisms like proof of stake just make the blockchain much less secure to bring about faster transaction throughput, so that isn’t helpful either).

Why the hype for NFTs?

There are three reasons: greater fool theory, tax evasion/money laundering, and outright crime. (The first is the main use at the moment).

Greater fool theory and tax evasion

To understand this, let’s look at the high-price traditional art world.

NFTs as bets on the price of cryptocurrency

The other reason for hype is to bet on cryptocurrency prices: cryptocurrency in itself is a greater fool investment with no intrinsic value; they are worth money only in the hope of selling it to someone else. As a result, NFTs can be seen as a way to speculate on the prices of crypto whilst also trying to profit from ‘artificially scarce’ art trends.

Outright crime

NFT and crypto enthusiasts are a fantastically easy target for scammers and criminals, due to a combination of factors.

Source
As stated previously in the article, proof of transaction doesn’t equal proof of validity, resulting in this obvious and foreseeable problem. If they *could* prove validity, ‘stolen’ NFTs wouldn’t be possible.

Why cryptocurrencies don’t work

There are quite a lot of reasons why cryptocurrencies don’t work, so I will split them into sections below.

Impossible to regulate transactions

In a truly decentralised cryptocurrency, you can’t regulate any transactions in practice as there is no central authority to arbitrate on it or force a transaction to be reverted. Right now, cryptocurrencies are in fact centralised: they run on decentralised blockchains, but users buy and trade them through centralised websites such as Coinbase or Binance. This means they’re just inefficient versions of real-world currencies, since those companies are still under US regulations and must conform to US financial laws.

Default rates

According to S&P, the current default rate (that is, the percentage of people not paying their loans and defaulting on them) for consumers across mortgages and bank cards is 0.39%. This means loans that haven’t been paid for months on end and have been written off entirely — not just ones where a payment was missed.

Chargebacks: adult content, and all other kinds of purchases

As stated previously, the point of chargebacks is that it allows customers to recoup money when fraud has happened. Of course, as sex workers will know, this isn’t always used in good faith: plenty of customers can and do use chargebacks to recoup money from legitimate purchases (and credit card companies will frequently side with the customer if it’s a first chargeback and/or they don’t have a habit of it).

Brazzers membership form (as of 30 Oct, 2021). Note the RealityKings offer at the top, pre-selected, with small print at the bottom.
TeamSkeet membership page — see the pre-ticked box on the right. This is considered invalid for consent purposes under GDPR rules, to take but one example of how this practice is viewed.

Appendix A: Art stolen and minted as NFTs

This appendix contains tweets I have seen of artists complaining of their work being stolen and minted as NFTs.

--

--

Computer scientist. https://twitter.com/antsstyle

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store