Monday, 13 March 2023

Web of lies: Web3 isn’t the security fix-all you think it is

by Berkeley Lovelace

Advocates of web3 will tell you that the decentralized web brings greater resilience and security compared to Web 2.0 thanks to its underlying blockchain-based technology.

Web 2.0, which first debuted in the early 2000s with a focus on user-generated content, rich user interfaces and cooperative services, also brought with it a new wave of security threats, including malware, phishing, social engineering, spoofing, cross-site scripting, SQL injection and data breaches, to name just a few.

Web3, a term encompassing several technologies such as cryptocurrencies, NFTs and DAOs, certainly gives the impression that it will make such threats a thing of the past: Not only does web3 give people more control over their data, but it relies on distributed technologies, such as blockchain, to smooth out the many flaws of its predecessor.

In reality, however, web3 is no more secure than Web 2.0, and it’s already creating a new playground for opportunistic cybercriminals. That’s because although it represents a shift in what the internet can do and will be used for, it doesn’t change how the internet fundamentally works.

New and unimproved

While it promises to be fully decentralized, web3’s user-facing components mainly operate on Web 2.0 technology, such as APIs and endpoints, despite being built on blockchain technology. This means that users of web3 services and decentralized apps, or “dApps,” continue to rely on legacy technologies for making transactions and ultimately means that web3 is vulnerable to all of the classic security issues that plagued its predecessor, from DNS hijacking to cross-site scripting. Web3 companies also have to communicate with their users, mostly through Web 2.0 technologies such as email or online messaging that are also prone to legacy security issues.

Web of lies: Web3 isn’t the security fix-all you think it is by Carly Page originally published on TechCrunch