Like the centralized Web before it, the distributed Web will not save anyone. Systems of power, influence, and reputation will reform as surely as Twitter transitioned from the free speech wing of the free speech party to flagging Tweets from the U.S. President as misinformation. For now, idealists and social misfits can craft their sandcastles on Web3 in peace, but that will change.

My crystal ball rarely works as desired, but when Web3 threatens existing power structures, I expect the response to begin with social attacks. The sex traffickers, terrorists, and fascists that undoubtedly operate on Web3 make it simple to establish guilt by association. Respectable Westerners mostly tolerate the Christian Bible, but child pornography which stays online indefinitely will be much harder to sell. Elsewhere, Web3’s clear affinity for liberal democracy probably reeks of neocolonialism.

Technical attacks should follow on the heels of social attacks. Packet filtering and inspection are obvious vectors. IPFS nodes could record accesses to censored or censured material; the centralized components of hybrid solutions (e.g. pinning services) will be soft targets as well. Misinformation floods may be difficult to combat; even oracle services might be compromised if misinformers can set the highest bond for an answer.

The open design of Web3 enables these attacks, yet may also be its best defense. Decentralization imposes technical constraints that make Matrix and Mastodon nerdy and niche; soccer moms can proclaim their lack of dexterity and thereby retain in-group membership. These technical barriers keep the user base small and mostly harmless as Web3’s network effect remains limited.

Economic incentives will likely change this calculus, because users frequently prefer convenience over freedom; the Amazon/Apple/Facebook/Google/Twitter hegemony offers clear supporting evidence. Web3 seems to be on a similar trajectory, with services like Coinbase providing convenient cryptocurrency trading while imposing a tax on users that exit the service by restricting access to accounts' private keys. Protecting private keys is a legitimate security concern, but the trade-off is clear. Less freedom, more safety.

I expect many more such trade-offs in the future, moat crossings driven by the economics of convenience. From what I’ve seen of Web history, “built on the blockchain” companies should be testifying before the U.S. Congress in no more than 10 years' time. In the meantime, keep building those sandcastles.