<p>The results of my research were... disheartening, to say the least.</p>
<p>In the table below for each prefix are the number of non-commercial non-pornographic sites that meet the above stated criteria, the number of known sites with said prefix known to Ahmia at the time of retrieving the service list (mid-April; I did not keep an exact date), and the percentage of non-commercial non-pornographic sites rounded to the nearest hundredth. If a prefix is missing, that means there was no available data for it.</p>
<p><table>
<table>
<thead>
<tr>
<th>Prefix</th>
@ -273,7 +273,7 @@ done
<td>7.03%</td>
</tr>
</tbody>
</table></p>
</table>
<p>The dark web is rather large, after all. Unfortunately, according to the data I collected above, only a diminutive fraction of it- <strong>between four and ten percent</strong>- is being utilized for something other than sharing pictures of children and women being sexually abused (can you <em>really</em> be sure that she consented? Monetary compensation does not equal consent for sex, as consent must be freely given and a desperate poverty-induced need for money introduces perverse incentives) and scamming people out of their money.</p>
<p>I would like to consider myself more of an optimist than I was that dreadful anhedonic summer fresh out of high school. I find myself against my better judgement giving my brothers yet more chances and letting minor insults slide and keeping my complaints to myself. But I scroll through every prefix list, and I see the same site titles pop out over and over: "REAL RAPE". "Hacked and Exposed Young Girls". "Porn Hacker". "Raped Bitch". "NEFARIOUS TABOO PORN". Hell, even Pornhub themselves are officially on Tor, and they've <ahref="https://archive.ph/https://arstechnica.com/tech-policy/2021/06/pornhub-hosted-rape-revenge-porn-and-child-sex-abuse-videos-lawsuit-alleges/">recently gotten slapped hard with lawsuits</a> over their lackadaisacal attitude towards keeping child sexual abuse material and revenge porn off their platform. The titles of the sites, nothing else, are all I need to know to know what goes on there. If it were just one site here and there, my heart wouldn't hurt so much. But this, plus the scam markets, is the <em>vast majority</em> of the content known to Ahmia. And this is just what's passed through their filters! Ahmia hosts <ahref="http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion/blacklist/">hashes of known CSAM sites</a> to help other search engines keep abusive and illegal materials out of their indexes, and the list is practically a novel in its own right, meaning that percentage of non-shit hidden services is actually <em>much, much</em> lower.</p>
<p>Is this what males (be honest, pornography is a male-induced problem) do when they feel there will be no consequences, no possibility of their actions coming back to haunt them? Exposure to pornography has <ahref="https://archive.ph/JomfF">time and time again</a><!-- https://op-gyn.tumblr.com/post/654714489973899264/what-can-six-hours-of-porn-exposure-do -->
<p>About twenty minutes or so (I wasn't counting because I was eating dinner) later, I had condensed the two-gigabyte packet capture into a twelve-megabyte list of only the IPs that the VM had talked to, minus any LAN traffic. I then had to create two new lists: one with each IP address ranked by the number of times Utopia had connected to it, and one with only unique IPs so that I could see how many people Utopia had connected to. As it turns out, <code>uniq</code>, the command-line tool that can do both of those jobs, has a bug where it only counts a line as a duplicate of another line if those two lines are adjacent to each other. Thus I had to run <code>sort</code> twice.</p>
<p>For the first list, I ran <code>cat ~/Documents/ip.txt | sort | uniq -c | sort -gr | head -n 15</code>, and it gave me the following data for the fifteen most connected-to IPs:</p>
<p><table>
<table>
<thead>
<th>Number of connections</th>
<th>IP address</th>
@ -202,12 +202,10 @@
</tr>
</tbody>
</table>
<pre><code>
</code></pre>
<p><ahref="https://web.archive.org/web/20230113001915/https://www.abuseipdb.com/user/26767">All (but one) of the top IPs seem to really hate AbuseIPDB user Tha_14</a>, as this user has reported each one at least once within the past year for port scanning. While this isn't definitive evidence of a botnet, the fact that each one was active in Utopia within a day or two of my test (otherwise my device would not have connected to them) <em>and</em> port-scanned the same person definitely implies some kind of coordinated attack.</p>
</p>
<p>For the second list, I ran <code>cat ~/Documents/ip.txt | sort | uniq | wc -l</code> and fed the results of that list to a custom script that queries the AbuseIPDB API for the purpose of each IP. (Well, it gives the full information about each IP, so I could see that Russia only showed up once or twice, but I had it filtered further with <code>jq</code>.) The list only returned about three hundred and eighty unique IP addresses, which was well within the daily limits for AbuseIPDB's free tier of membership.</p>
<p><table>
<table>
<thead>
<th>IP allocation</td>
<th>Number of occurrences</td>
@ -230,7 +228,7 @@
<td>4</td>
</tr>
</tbody>
</table></p>
</table>
<p>As shown in the table, the vast majority of IP addresses that Utopia connected to during the tests were owned by VPS hosting companies, not residential ISPs as I would have first guessed. I have three hypotheses as to why this is the case.</p>
<p>Firstly, as I wrote in the beginning of this post, Utopia's devs nowadays mainly focus on their cryptocurrency, Cryptons. When attempting to debug why no sites were loading in Idyll, I forgot to mention that there was a "Console" feature, which I thought would allow me to run tools like <code>ping</code>, but instead it was a glorified log viewer that showed that Utopia was making thousands of connections a minute to fetch "mining history updates" and "finance balance requests". The vast majority of these mackets were marked "skipped", but that doesn't negate that they were sent to my node in the first place. Given how gung-ho the Utopia devs are about crypto, and considering that the <ahref="https://archive.md/fwvAG#selection-2577.0-2577.46">official mining bot apparently requires four gigabytes of RAM <em>at minimum</em> and a public IP</a>, it's not that far of a stretch to assume that these VPSes were running the Crypton mining bot. Please note that the bot is also closed-source, so these people trying to scrape pennies together have effectively given the Utopia devs access to lots of VPSes trusting that they won't become part of a botnet.</p>
<p>Secondly, if these are potential command-and-control centers for a Utopia botnet, then it would make sense to have as many IPs as possible in case of some of them going down from seizure and to get them from virtual private server providers to reduce the cost of quickly rotating IPs. But that doesn't explain why so many of the IP addresses are owned by the same company. In the case of an active botnet, that company would have the power to kill a large part of the infected machines.</p>
<p>Please don't post links to my blog posts on social media or forums. I want to keep this website low-traffic and lowkey, and artificial publicity has historically attracted large swaths of men contacting me in bad faith. Ovarit is the only exception as long as <ahref="../../2022/october/ovarit.html">y'all can tone down the ableism for five minutes</a>. (Rest in peace, ThePinkPill.) Thank you for respecting my boundaries.</p>
</div>
<hr>
<divclass="box">
<h2>Introduction</h2>
<p>For those wondering how I'm doing: I have steady employment again, and by the time you read this I'll have held it down for a few months. My job is kinda terrifying, but I get to sit in a cubicle all day, <em>and</em> I'm helping doctors on the other side of the USA save lives.</p>
<p>But despite the steady paycheck, I still don't trust web3 projects not to send whatever money I give them straight into the void. There simply have been <ahref="https://web3isgoinggreat.com/?theme=bummer">too many instances of people fumbling their assets</a> for me to trust developers of <em>any</em> web3 project to know what they're doing. But the content mill demands more blood. So I scoured the Internet for <ahref="https://web.archive.org/web/20230501163123/https://web3.hashnode.com/55-web3-projects-worth-following-best-web-30-examples">more lists</a> of <ahref="https://web.archive.org/web/20230501163242/https://academy.moralis.io/blog/web3-social-media-platforms-the-full-2023-guide">web3 projects</a> that I could <ahref="https://web.archive.org/web/20230501163427/https://makeanapplike.com/web3-social-media-network-platorms/">potentially use</a> without having to <ahref="https://web.archive.org/web/20230501163522/https://www.alchemy.com/best/web3-social-media-dapps">pay</a> anything. Most of the projects just redirected to domain registrar parking or WordPress host error pages. But some were still alive...</p>
</div>
<hr>
<divclass="box">
<h2>BitClout / Diamond</h2>
<p><ahref="https://web.archive.org/web/20230427183642/https://bitclout.com/">BitClout</a> claims to be the "first crypto social network", built on top of <ahref="https://web.archive.org/web/20230427183739/https://www.deso.com/">DeSo</a>, a custom layer 1 blockchain (in other words, its own blockchain and not built on top of Ethereum) which bills itself as "the social layer of crypto" and claims to be "the only blockchain that can power storage-heavy applications". The DeSo website further claims (if you can get past the janky scrolling) that, in order to store a two-hundred character post (less than a tweet) it would take over seventy dollars to store directly on Ethereum but only $0.000017 on DeSo.</p>
<p>BitClout hangs forever on Firefox, so I had to switch to Chromium in order for the page to load. In fact, lack of Firefox support is such a common theme in web3 that I wrote most of this post using Chromium. But even then I got hit with an error screen:</p>
<blockquote>Your browser is either in Incognito mode or it is not supported. Please exit Incognito, allow third-party cookies, or use a different browser.</blockquote>
<p>After I went into my browser settings and enabled third-party cookies, I got hit with another error... telling me that BitClout was done and to go to <ahref="https://archive.md/JFkQY">diamondapp</a> instead. Why does a landing page need third-party cookies? Beats me.</p>
<p>After I finally got to Diamond, I could see that it was basically your average Twitter clone, but with a higher character limit. And also all the posts had prices and a "Buy" button attached to them. A few minutes of digging through DeSo documentation revealed that the price on the posts was for that poster's <ahref="https://archive.md/C26Mg">"Creator Coin"</a>. In short, everyone on a DeSo-powered social network gets <ahref="https://archive.md/RW50k">their own shitcoin named after them</a> that other users can buy and sell. Posters on the network can paywall commenting on their posts or access to private messages by requiring other users to hold a certain amount of that poster's shitcoin.</p>
<p>But I didn't care about any of that. I just wanted to see if I could post for free without having to buy any DESO tokens and then have my posts show up on a blockchain. So I went to the Diamond homepage and clicked on "Log In". It gave me options to sign up with either MetaMask, a Google account, or "DeSo seed". I opted for "DeSo seed" and received a passphrase. It then demanded that I either transfer some <code>$DESO</code> from an exchange or cough up my phone number to get airdropped some tokens for free. Yes, very decentralized to require a phone number registered to one of a few carriers in my home country. Totally sticking it to Twitter and Facebook and Instagram there.</p>
<p>I then went back and tried to sign up with MetaMask, but then I got an error:</p>
<blockquote><p>Can't connect to the Metamask API. Error: Error: missing provider (argument="provider", value=undefined, code=INVALID_ARGUMENT, version=providers/5.6.8). Please try again.</p>
</blockquote>
<p>I then realized that I didn't have the MetaMask browser extension installed. After I did, I tried again, but then got another error:</p>
<blockquote><p>Bummer! We send airdrops to cover the tiny account creation fees on DeSo, and you need at least 0.001 ETH in your MetaMask wallet to be eligible. We do this to prevent bots.</p>
</blockquote>
<p>My last option at that point was to log in with a Google account. But I don't have one, and that wouldn't be decentralized anyway. <strong>You can't use Diamond without buying anything or sacrificing your privacy.</strong></p>
</div>
<hr>
<divclass="box">
<h2>Mirror</h2>
<p><ahref="https://archive.md/ZTyaq">Mirror</a> is a blog platform similar to Substack and Medium. The way to use the site is simple: you "log in with Ethereum, store your writing on Arweave, and publish using Mirror’s credibly-neutral protocol." You write posts and publish them like you would on any blogging platform, and Mirror (for now, anyway) pays the fees to store a text-only copy of your post on the Arweave blockchain. (Media like images aren't stored on Arweave as far as I can tell; they're hosted on Mirror's CDN, so if Mirror goes down, any media you uploaded will go down as well.) Because this is web3 we're talking about, Mirror also allows you to enable your readers to mint your articles as NFTs. The NFTs don't unlock anything special at the moment; they're only there for bragging rights.</p>
<p>To sign up for Mirror, I clicked on the big blue "Get Started" button. Mirror gave me the option to connect either MetaMask, Coinbase Wallet, or WalletConnect. (If you select "I don't have a wallet", Mirror will direct you to download either the MetaMask or <ahref="https://web.archive.org/web/20230427193303/https://rainbow.me/">Rainbow</a> browser extensions.) Because I already had MetaMask installed, I chose that. Mirror then prompted me to add a name, profile picture, and banner image and then optionally connect and verify an ENS (Ethereum Name Service) name.</p>
<p>I managed to successfully make <ahref="https://archive.md/nqm2g">a profile</a>. Two buttons appeared before me: "Create Your First Entry" and "Read the Editor Guide". Reading the documentation before jumping into a system is always a good idea, so I went into the Editor Guide and clicked the first interesting link, "<ahref="https://archive.ph/b3jUt">How is publishing on Mirror decentralized?</a>"</p>
<p>Well, let's find out:</p>
<blockquote>
<p>There are a few components that make Mirror's publishing tool decentralized:</p>
<ul>
<li>Log in with Ethereum account. To publish on Mirror, you're required to have an Ethereum wallet and must connect it to start publishing. This wallet is controlled by a private key that you own.</li>
<li>Sign content with your key pair. Mirror generates signing keys for all users to connect their wallet. These signing keys are stored in the browser such that Mirror can't access them. When publishing an entry, you sign the content with this key pair in the background to authorize that the content came from your account.</li>
<li>Content Digest is stored on Arweave. Signing content with your key pair produces a digest which is a fixed length string which is a compressed representation of your content. This digest is stored on Arweave, a decentralized storage protocol, so you always have access to your content - even if Mirror is unavailable.</li>
<li>Updates stored on Arweave. Any time you update your entry, we go through the same process of signing the content and storing on Arweave so there's a permanent record of all updates.</li>
<li>Entries can be minted as a writing NFT on Optimism, a layer 2 network on Ethereum. If you want your audience to collect your writing as an NFT, you can do that as well. Check out the writing NFT section of the knowledge base for more info.</li>
</ul>
</blockquote>
<p>So, to reiterate, Mirror stores your content on Arweave, and it'll stay there until the end of time. (Or until the Arweave blockchain crashes and burns, which will happen way sooner.) But that doesn't tell me about how, if Mirror were to go down, I'd continue being able to publish under the same identity. Thankfully, at the end of that post, there's a <ahref="https://web.archive.org/web/20230427184822/https://dev.mirror.xyz/J1RD6UQQbdmpCoXvWnuGIfe7WmrbVRdff5EqegO1RjI">link to another blog post to learn more</a>. Let's learn more, shall we?</p>
<blockquote>We have plans to publish the protocol specification along with an open-source tool that can assist with this retrieval and verification process, so that it would be trivial to migrate off of Mirror if the time ever comes for that.</blockquote>
<p>I spent an hour digging through posts on the rest of their <ahref="https://archive.md/8v2gl">development blog</a>, and I couldn't find anything about releasing said tool. (If I missed it, they sure did an awful job advertising it.) Putting <code>github site:dev.mirror.xyz</code> into DuckDuckGo revealed a <ahref="https://archive.md/GET1Y">mostly-abandoned GitHub account</a> with only two repos that have gotten updates in 2023, but neither of them seem to be the aforementioned tool: one is for <ahref="https://archive.md/l6oSs">generating the image used in the writing NFTs</a>, and the other is... a <ahref="https://archive.md/6LcMp">"design system"</a>? I <em>think</em> it has something to do with the internal CSS used in Mirror's frontend. It doesn't really matter, because they <ahref="https://archive.md/zGLuz#selection-625.0-635.39">don't want pull requests</a>.</p>
<blockquote>Writing shall not be excessively expensive (for Mirror or writers)<br>Solved by using Arweave! 🎉 Very cheap (at the moment?) — it's costing us about 0.00005 AR per blog post, which amounts to about $0.00015, at the current exchange rate.</blockquote>
<p>So it <em>is</em> costing someone, somewhere, money to store your post on the Arweave blockchain. Mirror for now just happens to be footing the bill.</p>
<p>My brain at this point started to hurt, so I took a short break and then found my way to the post editor. It's just your standard CMS post editor: a big text box, a smaller text box above that for your post's title, and a "Publish" button in the top-right corner. That is, after I moved my blog post notes to a different workspace in i3: if you give the browser anything less than the entire screen, Mirror will just give you an error stating "The editor is accessible on Desktop". I copy-pasted the poem <ahref="../../../poetry/a/arrhythmia.txt">"Arrhythmia"</a> as a test, then hit Publish. I got an error:</p>
<blockquote>Publishing your entry requires connecting your wallet to the Optimism network.</blockquote>
<p>I allowed MetaMask to connect to Optimism. Then a button popped up labeled "Funding". Below was some help text:</p>
<blockquote>All entries are collectable. By default collecting is free. Funding turns your collectors into patrons.</blockquote>
<p>I clicked the button, and a new menu appeared allowing me to select a price and supply for the writing NFTs. I picked 0.0014 ETH, which hovered between $2 and $3 USD throughout writing this article, and a supply of 114. I clicked the checkbox beside "I confirm these settings are correct", then clicked "Sign and Publish".</p>
<p>Now for the confusing part: MetaMask popped up and gave me a scary warning about gas fees, which would have prevented me from publishing anything since my web3 wallet is empty... but <strong>publishing <ahref="https://archive.md/hSPX8">worked anyway</a></strong>. I waited about ten minutes, and then a button labeled "Arweave Transaction" appeared at the bottom of the post, linking to the, well, <ahref="https://archive.ph/XyUR8">Arweave transaction that indeed held a text-only copy of my post</a> despite me not having paid a single cent.</p>
<p>Now that I had a post on the platform, I decided it was time to go digging around Mirror for miscellanea:</p>
<ul>
<li>You don't get analytics for posts unless you cough up a Google Analytics UAID.</li>
<li>There isn't a button for it in the UI, so you need to go digging in the page source, but Mirror does <ahref="https://mirror.xyz/0xA9325410236f8D1D8B83Bd23ef2F6acfA7E2958F/feed/atom">generate RSS feeds</a> for blogs. (In all fairness, it is <ahref="https://archive.md/Ikq6C">mentioned in the documentation</a>.) But only the post description is provided, not the full post. More than I expected of a web3 company, though.</li>
<li>You can't delete posts. If you try, you get a popup reminding you that the Arweave transaction will exist forever and that "deleting" a post only hides it on the Mirror site.</li>
<li>Despite the massive amount of JavaScript loaded when you visit the page, the posts still render decently in a text-based browser:</li>
</ul>
<p><imgclass="big"src="../../../img/web3-3/MirrorCompare.png"alt="screenshot of Chromium and a text-based browser side-by-side looking at the same post"/></p>
<p>So while the lack of an actual tool for retrieving Mirror data in the case of Mirror shutting down isn't cool, <strong>Mirror does in fact let you, even marginally, participate in web3 without spending anything.</strong></p>
</div>
<hr>
<divclass="box">
<h2>gm.xyz</h2>
<p><ahref="https://archive.md/8EhER">gm.xyz</a> is yet another Reddit clone. From the front page, I can't see any of the actual posts being shared on the site, just marketing material about how gm.xyz is going to kill both Reddit and Discord and then paywall communities in both with NFTs.</p>
<p>When I went to make an account, I was presented with two options: "Log in with Phone" and "Log in with Wallet". The wallet options offers four choices: MetaMask, Coinbase Wallet, WalletConnect, and Gamestop Wallet. I selected MetaMask and authorized gm.xyz, but then I just got stopped at the gates with an error:</p>
<blockquote>You need an invite to create an account.</blockquote>
</div>
<hr>
<divclass="box">
<h1>Metafora</h1>
<p><ahref="https://web.archive.org/web/20230427185648/https://metafora.app/">Metafora</a> is yet another social media site that bills itself as "like Twitter for blockchain" but looks like a computer science student's first web frontend project. There are three tabs on the front page: "Home", "Popular", and "Following"- but only "Home" does anything, and it just shows a firehose of all posts on the platform. "Popular" says there are no posts, and even when I signed up (with, you guessed it, MetaMask) nothing appeared. "Following" would <em>maybe</em> show posts from people you were following, but I often just got errors instead.</p>
<p>Metafora claims to be "powered by Million". "Million" as in <ahref="https://archive.md/qCpbJ">Million Token</a>, a cryptocurrency limited to a supply of, you guessed it, one million tokens. You need to hold at least ten Million Tokens for Metafora to allow you to change your username, photo, and post more than ten times a day. (From the low traffic of the Home feed, nobody ever hits this limit.)</p>
<p>I couldn't find any documentation on Metafora itself about how it worked or even just a terms of service. There's only a <ahref="https://archive.md/ze4hT">very vague FAQ</a> that explains how to log in and that they pinky-promise not to release any tracking data:</p>
<blockquote>Your data and privacy are yours, only used for the functioning of the service and never released.</blockquote>
<p>Because of the lack of documentation on how Metafora works, the fact that the only part of the website that seemingly uses crypto is the login mechanism, and Metafora's domain <ahref="https://archive.md/9PfWw">resolving to a Cloudflare IP</a>, I think I can safely conclude that <strong>Metafora isn't actually web3 in any meaningful sense.</strong></p>
</div>
<hr>
<divclass="box">
<h2>Peepeth</h2>
<p><ahref="https://web.archive.org/web/20230427185855/https://peepeth.com/welcome">Peepeth</a> is a blatant Twitter clone. They don't deny it, seeing as you can link your Twitter account to automatically mirror your, eh, "peeps" to Twitter. You sign in with your Ethereum address (after switching to the Ethereum Mainnet) and your posts are saved to... IPFS, which is probably a lot cheaper in the long run. While Peepeth writes to the Ethereum blockchain, and foots the bills for you as long as you abide by their terms of service, <ahref="https://archive.md/NtcIX">you're just making a signature</a> confirming you made <ahref="https://archive.md/FkwWo">a post with a particular IPFS hash</a>.</p>
<blockquote>Why not just store data on the blockchain itself? It's expensive. All blockchain transactions cost gas, a measure of computational / storage requirements. Storing data is particularly expensive. It's much cheaper to just store a link to the data.</blockquote>
<p>Peepeth can pay for your posts because, in addition to only signing an IPFS hash instead of the full post, it bunches lots of those hashes all together and only has you sign them about once an hour. Well, according to the documentation, anyway. In my testing, it was more like every fifteen minutes.</p>
<p>Going to their <ahref="https://archive.md/esnv6">about page</a> in search of a terms of service shows that, despite posts being on the blockchain, Peepeth itself is moderated:</p>
<blockquote>Looking for an unmoderated platform? Peepeth may not be what you're looking for. Like almost all other platforms, Peepeth is moderated (see the terms of service). Data happens to be stored on the blockchain, but Peepeth is not an anything-goes platform. For an unmoderated experience, see Gab.ai or Minds.com.<br>Peepeth.com's public datastore is immutable, but it is not an "anything goes" platform. Posts that violate the terms of service will not be shown.</blockquote>
<p>However, "anyone can make an interface for Peepeth's public data." So if you're a free-speech absolutist who thinks women should be subjected to random moids on the Internet telling them that women don't deserve bodily autonomy, you can <ahref="https://archive.ph/g0O8Z">go build your own goddamn interface</a>. Have fun paying the Ethereum fees.</p>
<p>Every action you do on Peepeth is immutable: it can't be taken back, edited, or deleted once it happens, and Peepeth makes sure you know this by constantly throwing popups in your face to confirm that you in fact want to do the thing you just tried to do. In addition, you can only like one post a day, but don't call them likes: they go by the pretentious name "Enso" on Peepeth. Posts with the hashtag <code>#politics</code> are hidden by default. And you can pin a post to your profile, but it has to be someone else's; you can't pin your own post.</p>
<p>Before I signed up, I took a look at the <ahref="https://archive.md/eJk7m">terms of service</a>. I expected a wall of legalese, but instead it was literally <em>less than a hundred and fifty words</em> long:</p>
<blockquote>
<ul>
<li>Aware of the suffering caused by unmindful speech and the inability to listen to others, I am committed to cultivating loving speech and deep listening in order to bring joy and happiness to others and relieve others of their suffering.</li>
<li>Knowing that words can create happiness or suffering, I am determined to speak truthfully, with words that inspire self-confidence, joy, and hope.</li>
<li>I will not spread news that I do not know to be certain and will not criticize or condemn things of which I am not sure.</li>
<li>I will refrain from uttering hostile and divisive words, and will strive for harmony and mutual understanding.</li>
<li>I am determined to make all efforts to reconcile and resolve conflicts in my interactions, however small.</li>
<li>...and no spam!</li>
</ul>
</blockquote>
<p>Plain English. No mention of analytics or privacy. How is this site still alive? I want to see what happens when this site gets slapped with a GDPR complaint.</p>
<p>Anyways, I went to sign in with MetaMask. And then Peepeth asked for an email address, and claimed that I had to confirm it, but I quickly found that if you wait a few minutes on the email verification screen, something in the system glitches and you can skip straight to picking a username. (Digging in the settings later revealed that the email address is for being emailed a link to login if you're on a device without a dapp browser.) Peepeth then signs and uploads your profile information to IPFS:</p>
<blockquote>All information on Peepeth is indexed on the Ethereum blockchain. That means your account data will be public, maybe forever. You can update your info after you sign up, but everything you post could be around for a long time, including info you've since updated.</blockquote>
<p>When I went to make my first post, I saw the image button and then attempted to attach an image... and I got stuck on a loading screen:</p>
<p><imgclass="big"src="../../../img/web3-3/peep.png"alt="Peepeth post preview"/></p>
<p>I had to refresh the page to discard the post and make Peepeth's UI usable again.</p>
<p>Scrolling through the public feed of posts shows that Peepeth is mainly populated by three types of people:</p>
<ol>
<li>Users who just post "hello world" and then never post again</li>
<li>Spam bots promoting web3 projects, usually in non-English languages</li>
<li>Weird religious people who all parrot "Love you God" and "In god we trust"</li>
</ol>
<p>I was able to find the IPFS signature for any arbitrary post by copying the last part of the URL and throwing it into any IPFS gateway. In other words, for this specific URL:</p>
<p>the IPFS hash would be <code>QmYtnWrkof3eJCztR7JY37Eramj76xWpo9dqkocUN54ihk</code>, which <ahref="https://archive.md/GD9yl">looks like this</a>:</p>
<pre>
{
"type": "peep",
"content": "Not really a good sign when I sign up to some random web3 project and most of what I see first thing is spam",
<p>You can see that the post was made by the Ethereum address I used for testing, <code>0xa9325410236f8d1d8b83bd23ef2f6acfa7e2958f</code>, at the Unix epoch time <code>1680302366</code> which resolves to <code>Fri 31 Mar 2023 05:39:26 PM CDT</code>. Of course, to verify that I didn't just forge this entire chunk of data, you'd have to find the corresponding data on the Ethereum blockchain... and good luck with that.</p>
<p><strong>Peepeth functions</strong>, and has at least considered <ahref="https://archive.md/R5jE1">the long-term viability of letting people post for free</a>, but the amount of moving parts involved leaves me uneasy as to what will happen to the underlying social network if the Peepeth frontend ever goes down.</p>
</div>
<hr>
<divclass="box">
<h2>Share</h2>
<p><ahref="https://archive.md/ZEVoY">Share</a> is yet another Medium clone like Mirror. You post an article, readers can mint them as NFTs, and they're stored on the Arweave "Blockain".</p>
<p>I clicked on "Connect with Lens" to log in. <em>Twenty-six</em> wallet options popped up. MetaMask was the first, so I just went with that. Share made me switch my wallet to the Polygon network on Ethereum... and then I just got an error message:</p>
<blockquote>Sorry, You're too early<br>You must have a Lens profile to access Share, claim it by clicking on the button below.</blockquote>
<p>I clicked on "Claim Lens profile", which brought me to the <ahref="https://web.archive.org/web/20230401152506/https://www.lens.xyz/">Lens Protocol</a> site. from there, I clicked on "Claim Handle", where I got another MetaMask prompt and then an error saying my Ethereum address wasn't eligible.</p>
</div>
<hr>
<divclass="box">
<h2>dArticle</h2>
<p>I bet you're getting tired of clones of other sites, aren't you? <ahref="https://web.archive.org/web/20230427190501/https://www.darticle.io/">dArticle</a> is yet another faux-Medium. The front page, like most other web3 blogging platforms, is full of the usual web3 article chum and NFT project spam... and also <ahref="https://archive.md/fW5bB">one dude spamming articles about Ecuador</a>.</p>
<p>I clicked on "+ Connect" and signed in with MetaMask, which prompted me to switch to the Polygon network. There are two buttons on the top of the page: "Write", and "<ahref="https://web.archive.org/web/20230401153143/https://www.darticle.io/how_it_works">How it works</a>". I clicked on the latter to learn how to use dArticle in case there was something nasty going on in the background... but there was very little information about how dArticle actually worked, just a statement that dArticle uses MetaMask to log in and then... this:</p>
<blockquote>Yes every article is an NFT. We allow users to mint their first couple of NFTs for free. We take care of the costs.</blockquote>
<p>Going to their <ahref="https://web.archive.org/web/20230401153300/https://www.darticle.io/profile/darticle">official blog</a> didn't help. There was only <ahref="https://web.archive.org/web/20230401154012/https://www.darticle.io/article/how-darticle-io-works">one post from 2022</a>, which also gave no information about which blockchain one's article's would be stored on:</p>
<blockquote>By creating an article NFT on dArticle.io, your article will remain in the blockchain till the end of time. The blockchain is the true embodiment of free speech.</blockquote>
<p>But whatever. I decided to try dArticle anyway. I went back to the main page, and this time clicked on "Write", which took me straight to a post editor. When I copy-pasted my <ahref="../../../poetry/a/arrhythmia.txt">test poem</a> in, it appeared in a chunk of plaintext. Whenever I typed something outside of that chunk, it appeared normally and a toolbar with formatting options like bold and hyperlink popped up, but nothing happened when I selected some of the plaintext. There is no "raw" mode to see the original HTML to fix it in case formatting gets wonky, only the rich text editor. When you hover over a chunk of text, there <em>is</em> what looks like a Braille symbol with six dots to the left of it. But when I clicked it, it only offered to move that chunk up or down in the article or delete it altogether.</p>
<p><strong>With a post editor that broken, there was no point in me staying on dArticle any longer.</strong></p>
</div>
<hr>
<divclass="box">
<h2>BEBverse</h2>
<p>A brief reprieve from the Medium clones.</p>
<p><ahref="https://archive.md/k6GQZ">BEBverse</a> is "a decentralized social protocol similar to reddit". In other words, it's some kind of hybrid between Reddit and Twitter. There are Twitter-style posts in "universes" that function like subreddits, and the posts have upvotes and downvotes. The protocol the site claims to run on, BEB, is <ahref="https://web.archive.org/web/20230401160150/https://github.com/bebverse/protocol">open-source</a>. It appears to be a fork of SMTP (as in the ancient email protocol) that uses a blockchain:</p>
<blockquote>We're combining the simplicity of SMTP with the effectiveness of decentralized registry, in the form of smart contracts.</blockquote>
<p>You can't browse the global feed without logging in, but you can find some posts by typing random terms like "poetry" and "cringe" in the search box. But the search didn't seem to function real well when I tried it, because <ahref="https://web.archive.org/web/20230401155221/https://beb.xyz/poetry">random unrelated posts kept popping up</a>.</p>
<p>So I went to log in. BEBverse gave me two options: "Use Playground.beb" or "Create a Free Dimension". (Dimensions are the BEB equivalent of subreddits.) Hey, we like free here, right? So I clicked on the latter, which took me to <code>beb.domains</code>. I went through the domain registration process, selecting the maximum length of twenty-five years because the total price listed stayed at free, then connected to MetaMask. <code>beb.domains</code> made me switch back to the Ethereum mainnet... and then hit me with a paywall: the actual price was to be more like ten dollars.</p>
<p>Because I have no money I'm willing to spend on web3, I had to go back to BEBverse and select the first option to use the playground instead. I connected to MetaMask again and created an account and was then able to set a username, profile picture, and add a bio.</p>
<p>I went back to the global feed to make a post. By hitting the <code>/</code> key, one can see that posts in BEBverse support very limited formatting: you can add three levels of headings and bulleted/numbered lists. You can also upload images to posts. I was able to successfully make <ahref="https://archive.md/MS52M">a post</a>. When I came back a few weeks later, I saw that I had received a few comments and upvotes, meaning that others were successfully able to see the post I'd made.</p>
<p>At this point, I noticed that there is <ahref="https://web.archive.org/web/20230427191207/https://b7b.xyz/">an alternative web client</a> for BEB, B7B, which <ahref="https://web.archive.org/web/20230401161350/https://github.com/bebverse/b7b">appears to be self-hostable</a>. When I post using either B7B or BEBverse, it immediately shows up on the other after a page refresh.</p>
<p>Most people I saw on BEB just posted tech news and the occasional meme. <strong>BEB functions well, and you don't have to pay anything to post on most (existing) dimensions.</strong></p>
</div>
<hr>
<divclass="box">
<h2>Paragraph</h2>
<p>Back to the Medium clones, it seems... though <ahref="https://web.archive.org/web/20230427191314/https://paragraph.xyz/">Paragraph</a> bills itself as "Web3-powered newsletters", so I suppose it's closer to Substack than Medium. Just like Mirror, you write posts, readers can mint those posts as NFTs, and every post is saved on Arweave. Paragraph goes further by allowing you to paywall articles by requiring viewers to own a certain NFT or ERC20 token and also giving the prospective writer the option to sign up with an email and password instead of messing with a crypto wallet.</p>
<p>However, because I had gone to all the trouble of setting up MetaMask, that's what I chose when I signed up. The user interface is clean, and I had no problem finding my way to the post editor. But Paragraph has the same problem dArticle had: copy-pasting from a plaintext file puts my text in a code block and doesn't let me clear formatting or manually edit the post's HTML. When I gave up and published the post anyway, I saw on the bottom of the post that there was already an associated Arweave transaction... that didn't exist. And still didn't exist <ahref="https://archive.md/nkPr9">a month later</a>. I know that Paragraph's claimed integration with Arweave isn't a lie, because I <em>was</em> able to find <ahref="https://archive.md/nL2j8"><em>some</em> posts whose transactions had cleared</a>... just not any of mine.</p>
<p>Because Paragraph is geared more heavily towards newsletters than the other web3 projects reviewed here, its settings are more focused on controlling how and when others can subscribe to your newsletter. You can choose to allow subscribers to connect via email, wallet, or both. If you allow email subscriptions, you can import them from a CSV you got from elsewhere, such as Substack. You can also disable comments, allow other Ethereum wallets to publish to your newsletter, and set a custom "thanks for subscribing" email that will no doubt immediately land in every spam folder it sees. You can choose a very limited color scheme for your newsletter's web presence, but no fancy CSS.</p>
<p>Don't appreciate your newsletter's presence being relegated to a subfolder on <code>paragraph.xyz</code>? You can connect a custom domain... if you <ahref="https://web.archive.org/web/20230401163158/https://docs.paragraph.xyz/docs/customizing-your-publication#custom-domain">cough up <em>fifty</em> dollars</a> first.</p>
<p>While <strong>you don't have to pay anything upfront to use Paragraph</strong>, the whole focus on monetizing and paywalling everything feels too slimy to recommend it, plus Arweave transactions randomly failing defeats the whole purpose of using a web3 platform as opposed to a traditional website host.</p>
</div>
<hr>
<divclass="box">
<h2>Twetch</h2>
<p><ahref="https://web.archive.org/web/20230427191502/https://twetch.com/">Twetch</a> is a very arrogant Twitter clone that claims to have invented web3 (watch the page title whenever something's loading) and the concept of paying users for their posts:</p>
<blockquote><ahref="https://archive.md/AFpen">Twetch is the only social network where users earn money for their content and everything lives on the blockchain.</a></blockquote>
<p>I dunno, man, Diamond (at the beginning of this post) had the same premise.</p>
<p>Whatever. I clicked on "Get Started", and after a few redirects, I landed on an onbarding page where I created a profile with a bio and received a recovery phrase for my account.</p>
<p>And then Twetch started begging for money! And demanded I connected a Twitter account!</p>
<blockquote>On Twetch, you pay a few pennies to interact. In return, you own your data and your posts are archived on the blockchain. We will never sell your data.<br>Every follow, like, reply and repost (branch) earns you money. When someone likes your post on Twetch they send a small micropayment to your wallet.</blockquote>
<p>So to post on Twetch, I have to either sell my soul to Elon Musk or buy a shitcoin. Fuck this. I'm leaving. I'm done!</p>
</div>
<hr>
<divclass="box">
<h2>Bastyon</h2>
<p>Just kidding. Someone on Lainchan mentioned Bastyon, so like the masochist I am, I had to go for one more web3 site. I really shouldn't have. <ahref="https://archive.md/G7ip5">Bastyon</a> is what happens when you give some alt-right loonies a broken wrench and a roll of duck tape and tell them to go make their own Reddit clone, except that it's also kinda-sorta like Twitter, except also instead of up/downvotes or likes you have a five-star rating system where new users aren't allowed to give bad ratings to other people's posts.</p>
<p>As expected of any right-wing shithole, the literal third post on the site is <ahref="https://archive.md/XpZ03">a meme mocking Anne Frank tagged "<code>#holohoax</code>"</a>. And the popular tags are what you'd expect:</p>
<p><imgclass="big"src="../../../img/web3-3/BastyonTags.png"alt="Popular tags on Bastyon"/></p>
<p>And the first option in "Filters" is "The best first"... which means Bastyon (or its algorithm, at least) considers Holocaust denialism some of its best content.</p>
<p>According to <ahref="https://archive.md/jTzVe">the FAQ</a>, Bastyon is at least marginally peer-to-peer:</p>
<blockquote>What would happen if some country (ies) blocks access to Bastyon.com?<br>Nothing.<br>You would still be able to use Bastyon as if nothing happened if you use a desktop app, because the Bastyon desktop app speaks directly to the nodes and does not use websites.</blockquote>
<p>Bastyon claims to be uncensorable, but the FAQ has something else to say:</p>
<blockquote>Can people be banned?<br>Yes, Bastyon is a community moderated platform, however, there are only certain topics that community will flag like porn/nudity, narcotics and direct threats of violence. You will never be banned for an opinion or free speech, and even for specific banned topics there has to be a consensus of experienced users without other users defending the content. Currently, users with rep below -30 are losing their account privileges, but this is a temporary system.</blockquote>
<p>So despite all the grandstanding about being a free-speech platform, I <em>can</em> be censored on Bastyon if I have an unpopular opinion like "the Holocaust happened" or "women deserve full human rights" or "marital rape is wrong no matter what culture it happens in".</p>
<p>Bastyon is built on top of <ahref="https://web.archive.org/web/20230427191941/https://github.com/pocketnetteam/pocketnet.core/blob/0.19.archive/README.md">Pocketnet</a>, which claims to be "a decentralized social network based on the blockchain." The blockchain in question appears to be Pocketcoin (PKOIN), which the Bastyon FAQ provides directions on how to purchase.</p>
<p>But can I post without having to pay anything?</p>
<p>I went to go create a new account. Instead of connecting my MetaMask wallet like expected, I was immediately thrown into a profile creation screen, where I could optionally provide an email address. The username field is confusingly named "nickname", as I discovered when I thought it was a screen name and tried to set it to "no". After a captcha, Bastyon gave me a private key passphrase to keep somewhere safe.</p>
<p>If you vote on a post and then thumbs down a comment too fast, you get the following error:</p>
<blockquote>You have to wait for your previous transaction to clear in the blockchain. Please wait</blockquote>
<p>I had to wait about a minute for the transaction to clear. And as stated above, new users aren't allowed to express silent dissent on other people's posts:</p>
<blockquote>Your Bastyon reputation score does not allow you to put negative ratings on publications</blockquote>
<p>I went to report a person spamming in the comment section, but spam isn't an option to report. The only options are "porn", "child exploitation", "direct threat of violence", and "illegal narcotics".</p>
<p>As you can see, Bastyon is full of lots of lovely, kind, intelligent, and compassionate people:</p>
<p>I decided to make a post of my own before booking it for the hills... which <ahref="https://archive.md/5VbPt">went through successfully!</a> (You gotta love the Bastyon admins' coding abilities: are you on team "desktopPopupDisagree" or "desktopPopupAgree"?) But I couldn't find my post on the Pocketnet blockchain. After scrolling through the <ahref="https://archive.md/xaRU8">block explorer</a>, I eventually found my user and <ahref="https://archive.ph/cr7uT">the transaction my post was in</a>, but it wouldn't let me see the raw data inside. Further digging revealed that I <em>was</em> being charged money to post after all; Bastyon had just given me a small amount of PKOIN when I had joined.</p>
<p>In conclusion, Bastyon left me with a bitter taste in my mouth, and <strong>I wouldn't trust it</strong> even if it was the last way to publish on the Internet.</p>
</div>
<hr>
<divclass="box">
<h2>Conclusion</h2>
<p>Here's a quick overview of every project covered in this post:</p>
<p>As you can see, if the main things we care about are reliably getting data onto a blockchain, not having to pay anything, and finding said data if the original platform goes down, <strong>Mirror is the clear winner here</strong> for its simplicity and reliability, followed closely by BEBverse. Peepeth is an honorable mention due to the extreme length of time needed to make hashes of posts resolve to anything. Every other project was either locked behind a paywall, required an invite, didn't function properly, or didn't actually use web3 for anything besides user authentication.</p>