<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="3.10.0">Jekyll</generator><link href="https://kyledenhartog.com/feed.xml" rel="self" type="application/atom+xml" /><link href="https://kyledenhartog.com/" rel="alternate" type="text/html" /><updated>2026-03-29T03:13:00+00:00</updated><id>https://kyledenhartog.com/feed.xml</id><title type="html">Kyle Den Hartog</title><subtitle>Hacker. Golfer. Futurist. Skier. Developer.</subtitle><entry><title type="html">On Cypherpunk Agency</title><link href="https://kyledenhartog.com/on-cypherpunk-agency/" rel="alternate" type="text/html" title="On Cypherpunk Agency" /><published>2026-03-27T00:00:00+00:00</published><updated>2026-03-27T00:00:00+00:00</updated><id>https://kyledenhartog.com/on-cypherpunk-agency</id><content type="html" xml:base="https://kyledenhartog.com/on-cypherpunk-agency/"><![CDATA[<p>I suspect you are unaware of the historical context behind the creation of copyright laws. So please grant me a week’s worth of your attention rations MiLord to read through this essay and understand my argument for why copyleft is incompatible with the milady worldview, in my opinion. I’ll do this by walking you through the history of censorship, drawing on my own learnings to illustrate why copyright laws exist and how they’ve been a means to reduce the agency of individuals. Then I’ll attempt to structurally disassemble your worldview to show why the very virtues you promote are useful, but only as a means to an end to move the collective Overton Window that emerges in society to promote further agency. Finally, I’ll attempt to nudge the narrative of cypherpunks towards a clearer set of goals that we can live up to and share with others. Now I don’t promise a clean utopian world view, as I’m a pragmatist, but I do promise a good faith attempt to offer a better alternative for the story of the cypherpunks. Which I hope is a bit closer towards a compromise we collectively land on in this era so the historical record marks us down as one step forward, not backwards, towards greater agency during our period in human history. So here goes.</p>

<h3 id="act-1-the-history-of-copyright-laws">Act 1: The History of Copyright Laws</h3>

<p>In the 16th century, when the printing press was created as a technology, there didn’t exist copyright laws. The Inquisitions of the Catholic Church actually created the first copyright laws as a reward to printing press owners who maintained a monopoly on the distribution of printed information via their new technologies. By the 16th century, the Catholic Church had built up a stronghold on the distribution of information and morality through the lens of religion. At the time, the church operated as an institution with immense power that rivaled monarchies and allowed it to dictate the moral framework of society at the time. Not unlike the power that large technology platforms have today like social media platforms. And they utilized that power to maintain the status quo of the Overton Window but the change in technology meant the press owners could disrupt that status quo. So the creation of copyright laws was created to grant the press owners a seat at the table of elites, as long as they helped maintain the status quo by printing approved materials and censoring the rest of the marketplace of ideas.</p>

<p>The English company called The Stationers Company, which sat outside the jurisdiction of the church’s inquisition powers, saw these forms of laws as an opportunity to build a monopoly of their own. So they stirred a moral panic in England, claiming the Church was plotting to overthrow the government of the time. They manufactured this crisis as a means to an end, so that they could build a regulatory moat via censorial copyright laws for themselves in England. See, the business opportunity they created for themselves was that they would censor via inspecting any text they’d print for a fee. And it worked, not unlike what many of these age verification laws around the world are doing for tech firms today as a reply to the moral panic social media platforms created within modern society via ISIS and Cambridge Analytica’s actions on them. The big tech platforms just want a seat at the table of elites, and what they bring is a distribution of information and a willingness to censor for the elites to help autonomously scale the censorial power of the elite. Don’t believe me? Just look at the autonomous enforcement YouTube uses to create for the enforcement of copyright claims, such that creators today self-censor themselves in fear of automated de-platforming of their content, which strikes directly at their livelihoods within the attention economy of today. Therefore, it begs the question: Are you utilizing copyleft as a censorial power that you claim to despise or as a means to an end of a larger goal? Are those goals in pursuit of more agency for individuals or as a grift to acquire power through stroking the flames of the current moral crisis in hopes you too can get a seat at the table of elites via Remilia Corp, like The Stationer Company once did?</p>

<p>For a deeper insight into the historical contexts of censorship, I highly recommend Ada Palmer’s 2023 Nuveen Lecture, “Why we Censor: From the Inquisition to the Internet,” so we can collectively better understand the historical patterns and motivations of censorship. If it’s the thing we aim to critique, we must first understand the previous problems that our ancestors were attempting to solve through censorship and the control of information, and then utilize that information to understand how we want to respond.</p>

<h3 id="act-2-my-understanding-of-milady-world-view-and-its-impact-on-the-ef">Act 2: My Understanding of Milady World View and Its Impact On The EF</h3>

<p>I’ll admit this is probably where I’m most uninformed, but from what I’ve gathered, the two core premises of Milady are to promote a world with free speech, free markets, free association, free information, and free thought as declared in the Cypherpunk Purity Spiral. While it makes noble claims, the methods by which it means to achieve them I call into question. Including the EF Mandate, which is akin to a top-down censorial mechanism. That’s because it relies upon actual censorship, which leads to coercive self-censorship in the same way the inquisitors found Galileo to be a heretic on June 22nd, 1633, for defending his heliocentric views, which violated the church’s doctrine of geocentrism. Now, might I remind you that the Earth rotates around the Sun, so why did the Church feel the need to prosecute Galileo as a heretic? Because it served as a means to an end to protect their power and created the actual self censorial power that led to Des Cartes modifying his publications on his Mind Body thesis. How might Des Cartes’ theories  have instead impacted history had he not had to pander to the views of the church?</p>

<p>That is not unlike what EF employees are experiencing through the purity test of signing the mandate. Now I don’t subscribe to the idea that you had any direct impact on this decision, but the Milady world view advocated for by RemiliaCorp has inspired it by calling into question whether crypto is “cypherpunk” enough. So, Milady bears indirect responsibility through its use of soft power, and it begs the question is the actions of the EF mandate inspiring greater agency in the same way it begs the question: is your use of copyleft inspiring greater agency within society? Or are these actions attempts to capture power through censorship as an enforcement mechanism?</p>

<p>Side note, I am still a pragmatic capitalist, but only in so far as I recognize altruism doesn’t put food on my table. This is one example of the paradox I find myself in, and is why I don’t claim a position of utopian morality. Instead, I accept the messy tradeoffs as good enough, not perfect. See Loss Leader Software for more details on the economics we face here that lead to large tech firms becoming the powerful monopolies they are now. There are likely useful strategies for us to employ there.</p>

<p>So it may lead you to the question: Why do I see the actions of copyleft usage and the EF mandate as a misuse of censorial power that is un-noble? Simply put, because they’re precursors of enforcement that MAY be taken and set the grounds for establishing a coercive relationship, which reduces the agency of the counterparty.</p>

<p>See the statements of free speech, free markets, free association, free information, and free thought, as well as many of the statements made in the EF Mandate, are examples of moral subjectivism. What do I mean by moral subjectivism? It’s a moral claim that cannot be objectively ascertained, such that it can be collectively understood by all parties and universally accepted. I suppose that’s because collective morality rests on humans’ tool of language, which is a lossy encoding of information. Or in simpler terms, what “free speech” means to you is probably slightly different from what it means to me and from any person you ask about the topic while walking down the street. We as humans, because of language being our tool of communication, fundamentally make up our own interpretations of the morals we live by through our shared stories passed down with language (including copyrighting text being useful even when its historical context juxtaposes our worldview) and experiences, and then represent those values through our actions in our day-to-day lives. The question then becomes, how do we reach a shared understanding to establish an Overton Window for our shared governance systems if we’re faced with this problem?</p>

<p>The model of prediction markets is a good point of reference here. See, the concept of a prediction market is that we can ascertain information through the emergent properties of pricing. In the marketplace of ideas, we’re all putting in buy and sell orders of our ideas via negotiations in conversation. This establishes the collective Overton Window through the ideas that actually get accepted and passed around in the stories we tell ourselves and others. For example, I’m currently attempting to sell the idea that agency is the noble aim of the cypherpunk movement and hoping others will spend their time to read it, buy it, and resell it later. Only time can tell me if my idea is good enough through watching how the collective Overton Window shifts after I share it. That is why VPLv2 relies upon the consensual nature of the marketplace rather than censorial mechanisms like copyleft licenses of VPLv1. It is a better heuristic mechanism of agency because it relies upon mutual agreement rather than enforcement as a “just in case” measure, where an author can attempt to tip the marketplace in their favor through censorial measures. Just as the EF mandate creates a “just in case” feeling through self-censorship by requiring a signature or acceptance of severance.</p>

<h3 id="act-3-how-shall-we-cypherpunks-pull-the-world-instead">Act 3: How shall we Cypherpunks pull the world instead?</h3>

<p>Now, I’d like to address the reputation that I feel bothers some people, including Vitalik and many others with the Milady movement, and why I think it’s not something useful to our cause. The edgelord memes exported from the bowels of 4chan that are often used in an attention-seeking ritual but quipped as art in a menacing, yet playful disguise are counterproductive to our aims of growing the cypherpunk culture within wider society. That’s because within the broader society where we want to take back the digital landscapes we have to be strategic about how we play into the hands of the tech companies drawing the bridges up on us. We take back control of the digital landscapes not by convincing our counterparts in the debate of free speech that they’re wrong; instead, we’ve got to convince those who abstain that we’re the better option to support. This is not unlike a cypherpunk reflecting their values further by switching from Android to Graphene OS in search of agency. Or an abstainer who switches from Chrome to Brave out of the convenience of fewer ads when watching YouTube or browsing the Web. Or a citizen in the global south switching to a more stable dollar to protect their savings. Each one of these actions collectively represents further agency in different ways. This helps us push back where we need to in order to reclaim the digital landscapes. Furthermore, it provides us the representatives of these ideals to collectively assert our morals, such as free speech, free markets, free association, free information, and free thought better.</p>

<p>See, in technical governance bodies like IETF, the number of users you represent is your credentials for impacting society with your software, such that Cloudflare or Google has a lot more sway on the HTTP standard than the average cypherpunk maintaining their own server. So, how do we recruit more users to join our tribe and support our ideas to reclaim the digital landscapes from the managerial elite? We provide products the abstainers and the elites want and exploit the feedback loop of being able to shape our tools so we can shape ourselves. Then, when the managerial elite attempt to recapture control and nudge it closer towards authoritarianism to “maximize efficiency”, “enhance safety”, or whatever alternative reasons they offer, we push back as we did in the old days with SOPA and PIPA protests. But how we fight to achieve our goals matters more than just reaching them. That’s because it lays the foundations for us to build upon, while solving our next challenges we will inevitably face after this cycle of change.</p>

<p>In my opinion, we need to take this approach of utilzing the tyranny of majority heuristics that democratic institutions govern themselves by to our advantage. Since the biggest hurdle is convincing people to care more than it is convincing your counterpart to change their view, our ability to capture the abstainers is how we expand our values. Especially in the current attention economy meta, where there’s an infinite echo chamber of information, and we need to filter through it. In my view, though, we won’t achieve structurally sound foundations in a post-cypherpunk era through the use of edgelording behind pseudonymity via post-identity and post-authorship. In fact, you’re probably going to detract the abstainers from buying into our ideas and convince them towards the safety that big tech is promising in cahoots with the elite via age verification, social media bans, KYC laws, and the raft of other compliance mandates that emerge to protect the large private institutions we aim to disrupt.</p>

<p>I will say, though, I do agree that the utilization of pseudonyms via post-identity and post-authorship ideas can be an effective means to shaping the collective Overton Window. Just look at Silence Dogood as one example of how pseudonyms have been an effective tool to pull the Overton Window towards radical policies that created greater agency like the first amendment in the United States, which stuck around in the same way Galileo and Copernicus were right about heliocentrism and it’s now the dominant prevailing theory with a mountain of evidence. The Milady are the Silence Dogood to the Etherealize and Coin Center reps who have to put on a suit and go throw down in the halls of power on our behalf towards more digital agency. We just have to understand the landscape they play within better to help them with the soft power the Miladies have created to shift the actual laws that govern us.</p>

<p>For example, I often tweet about how I believe OFAC sanctions are structurally dangerous to our right to transact because they have fallen susceptible to the bad emperor problem. These days, OFAC sanctions are used as a means for the US to weaponize the hegemonic dollar and debank other nations through authoritarian pursuits. In my view, this is a dangerous policy that we need to reform through changing laws like the Bank Secrecy Act and MiCA.</p>

<p>In the same way we want them to change, we also have tools the US wants to export the US credit system to the global south and keep the petrodollar in tact for long enough to reduce the national debt and make it out of the economic war with China. Similarly, China is trying to out grow the US economy in an attempt to form a new economic order, and that creates an opportunity for us where they both utilize the digital asset rails we built to opt out of their system. Right now, stablecoins on Ethereum are the technological disruptor, and the financial system is offering the cypherpunks and crypto a chance to shift the conversation at the elite’s table. The pragmatist in me says take it because it’s an opportunity to form a triumvirate global economic order and shift the game theoretics as a whole from a 2 agent problem dominated by a Nash equilibrium to a multi-variate agent problem (China, US, EU, or DAOs) governed by an alternative means of equilibrium which compete to provide greater human agency to individuals who move around. This also seems less capable of falling into the bad emperor problem. That is, if we time it right and convince others it’s a better option. So please recognize there’s a potentially bigger strategy at play here and move beyond the edgelording and help write different rules, not recycle the old ones from the 16th century like copyright laws.</p>

<p>Now, if you want to edgelord in private as a means of releasing your anxiety and discomfort for the world you exist in, so be it. That’s the exact right I’m defending, so it would be hypocritical for me to try to stop you from doing so. Personally, I don’t plan to join in because I’d rather uplift others through a “rising tide floats all boats” strategy rather than a “misery loves company” approach. I also accept that if censorship emerges collectively through individual actions, that’s slightly better than the centralized censorship we escaped after the inquisitions and are attempting to recreate with bad laws. Hence why I made no attempt to modify the code, just the license, and also why I advocate for pragmatic views of user-controlled moderation instead of age verification. And in the attempt to express free association better, I’d expect our counterparts to try and pull things in their direction. But that at least creates an acceptable level of checks and balances, unlike what centralized censorial powers are doing, because some abstainers will take a bit longer to understand why a marketplace of ideas with user controlled moderation is better.</p>

<p>The reason I make this request in change of strategy and intentions is that you make it far harder for those of us who have to put on the damn suit and go negotiate with the elites who are looking for reasons to reject our ideals and say no. However, we can leverage what they want from us to Trojan Horse the infinite garden of CROPS tech we built into their systems via stablecoins, as a means to an end. From there, we can leverage that hard power we’ve created for ourselves from maintaining the network in a game of jurisdictional arbitrage via decentralization so that we can nudge the world closer to our morally subjective interpretations of our principles in the global marketplace of ideas and shift the Overton Window.</p>

<p><img src="/assets/img/on-agency-post/trojanhorse.png" alt="stablecoins meme" /></p>

<p>So the final rhetorical question I lay down is: Do we believe that we can leave the world in a better place than we found it, or are we just going to recycle the same centralized hierarchies that seem to be mathematically inevitable under current Nash equilibria, or do you want to pander to the nihilists for pennies on the dollar while feeding the attention economy? I at least know that LARPing as an nilihistic edgelord via pseudonymity while utilizing the same tools that have oppressed others before me isn’t my preferred way of nudging the Overton Window towards more agency. Nor do I think it comes from creating cults to sell more merchandise in the attention economy. Nor do I think it comes from enforcement measures like the EF mandate or copyleft enforcement mechanisms. Instead, I think it comes from producing things that help others exercise their agency just a bit more, so they achieve their own pursuit of subjective morals via that agency. And if the institutions that bring this about do it wrong than I expect ourselves to circumvent the accountability sinks like I toyishly did with TVL and be replaced just as we’re trying to replace those who came before us. The difference is I’m trying to play chess, not checkers here, and that’s why I don’t claim a utopian world view filled only by ideals and pseudobable and instead offer a specific goal for us. To deliver cypherpunk values to the world through things people want and need, but do so in a way that holds us accountable to the next set of cypherpunks if we screw it up. Only time and the collective Overton Window can tell me if this idea will be useful, though, and whether the idea I’m selling has any buyers.</p>

<p>Now it’s time for me to go touch grass.</p>

<p><img src="https://tenor.com/en-GB/view/now-watch-this-drive-gif-25121927.gif" alt="alt text" /></p>]]></content><author><name></name></author><category term="cypherpunk" /><category term="agency" /><category term="web3" /><category term="Web" /><category term="Speech" /><summary type="html"><![CDATA[Level up Milady. We're playing chess not checkers these days.]]></summary></entry><entry><title type="html">Loss Leader Software</title><link href="https://kyledenhartog.com/loss-leader-software/" rel="alternate" type="text/html" title="Loss Leader Software" /><published>2026-03-20T00:00:00+00:00</published><updated>2026-03-20T00:00:00+00:00</updated><id>https://kyledenhartog.com/loss-leader-software</id><content type="html" xml:base="https://kyledenhartog.com/loss-leader-software/"><![CDATA[<p>I’m genuinely surprised more people don’t apply the economic concept of loss leader products to software. It’s a common economic principle that is used, but not named, within the software community already. Naming it can help us create a better paradigm for software development if it were more widely understood what tradeoffs we’re making with it. So, what is a Loss Leader in the traditional economic sense? By Wikipedia’s definition, “A loss leader is a pricing strategy where a product is sold at a price below its market cost to stimulate other sales of more profitable goods or services”.</p>

<p>However, in Software, I change this definition to “A Loss Leader Software is a software that is free (or pays a user) to attract a user to utilize your software so that you can nudge the user towards another product or service you can generate revenue on to continue to fund the development of both”. It’s what has led to the development of browsers, operating systems, and open-source software, and I’ll make the case that it has the potential to change how FOSS is funded, too. I’ll make this case by:</p>

<ul>
  <li>First, introduce the concept in the context of Web2</li>
  <li>Next, explain how the strategy is taking hold in Web3 Wallets</li>
  <li>Then, describe how it’s used in open core software business models</li>
  <li>Finally, apply the concept to altruistically maintained open-source software</li>
</ul>

<h3 id="how-google-funds-2-browsers-an-operating-system-and-a-search-engine-that-they-make-no-money-on">How Google funds 2 browsers, an operating system, and a search engine that they make no money on</h3>

<p>Google’s entire business model was built on the concept of loss leader software, and it’s a strategy that took Sundar Pichai from being the leading advocate for Chrome to helping lead Android. From there, he went on to become the CEO of one of the largest companies built on loss leader software. He saw the strategy and executed it, even if he may never have called it this (I’ve not seen him call it this at least). Fundamentally, Google started as a search engine to index the Web, but it wasn’t generating any revenue for Google. Google Search started as a research project incubated at a university, and was converted to a business after finding that its research was very effective.</p>

<p>So to fund the development of their search engine, they added ads to the search engine results page with a product called AdWords, which generated 70 million in revenue in the first year. This ended up turning Google Search into one of the most used loss leader software because the product itself, Google Search, wasn’t self-funded in any way. People used Google Search because it was free. Had they charged for the right to use Google Search, fundamentally fewer people would have used it due to the laws of supply and demand. Of course, the quality of it mattered as well, but that quality came from being able to employ many engineers to improve their search quality. So, to fund the development of Google Search, the loss leader software at the time, AdWords was the actual product that they produced and sold to fund the development of the software, and that worked tremendously well for them. So well, in fact, that their ad product suite generates 2/3rds of Google’s revenue to fund all the other software Google builds, Mozilla builds, and much of the content found on the Web as well (via displaying Google ads on their site).</p>

<p>Eventually though the ability for them to grow became limited by how many users they could get to discover their site, so they made a deal with Mozilla Foundation to have Google become the default search engine of Mozilla which at the time had struggled to fund itself after finding that the original model of selling a browsing software (Netscape’s original strategy) wasn’t working leading to AOL basically paying Mozilla 3 million dollars to spin itself out and go manage the product within the foundation. So at the time, Mozilla’s crisis in July of 2003 was also an opportunity for Google in 2004. Google was also looking to grow its business by getting more eyeballs on its site. They both solved their problems through a revenue-sharing agreement. While this deal hasn’t been publicly disclosed, it can be somewhat inferred from the Google anti-trust case plus Mozilla Foundation tax filings. To give context of how much this deal is worth, $400 million was paid to Mozilla for their 2021 traffic referrals, which accounted for 80% of Mozilla’s revenue.</p>

<p>This is also why today, Mozilla has been making so many recent changes with AI and exploring its own ad products. Fundamentally, Firefox is a loss leader Software, but 80% of that revenue that funds it isn’t even a product they own and maintain. Which meant they were potentially up a creek without a paddle when Google’s antitrust case came to court. This was because they might not have been able to make these search deals anymore. This is also why Mozilla is on the hunt for its own revenue streams. They need to diversify their revenue to continue to fund the development of Firefox, their loss leader. Which, personally, I think is a good thing for the Web, and I hope they find it and can get themselves growing again. All good ecosystems need competition, but I digress.</p>

<p>What’s interesting about Google’s Ad products, though, is that it didn’t just fund Mozilla, but it also funded Google Chrome. From Google’s perspective, they didn’t like the idea that their website‘s experience was potentially controlled by Microsoft via Internet Explorer (which was being a bit abusive with their market power) and Mozilla, and that was a business risk they didn’t want to take. Especially now that they had the funds to subsidize the development of their own browser, which was their second loss leader software, but it helped them to grow search, their first, and ultimately their bottom line of revenue generated by their ads. So Google Chrome set out to build a better browser and did a wildly successful job at it. They made the Web faster and more secure.</p>

<p>This success led to a new problem, though, which was again that in order to further gain distribution of Google Search, Google Chrome needed to be downloaded. Whereas some of their competition, Internet Explorer and Safari namely, were built into the operating system as a default software. Unfortunately for Google, there wasn’t any assurances that they had that the other browsers would care to prioritize features that made sure the experience of Google Search remained fast and optimal to keep growing revenue from their ads product. So, this is where the Android Operating System comes in. Around the time that they were looking to grow the Web, the Web was also shifting to a mobile first experience because of the release of smartphones. The first version of Android was released just 21 days after the beta announcement of Google Chrome. Google Chrome was Google’s countermove to Microsoft’s dominance on the Web via Internet Explorer. This dominance came about by being the default browser of Windows, and it was Google’s 3rd loss leader software, but it proved to be one of the most valuable choices Google made.</p>

<p>See, the value of loss leader software is that they have network effects through distribution, and that distribution means that the Android operating system could eventually grow to 3.9 billion users. This enabled Google Chrome to grow to roughly 3.6 billion users (numbers aren’t exact), which meant that Google could drive that much traffic to their search engine, and ultimately fund the development of the Android operating system, Google Chrome, Google Search, Mozilla Firefox, and even much of the content on the Web today. That is because YouTube and nearly every other site rely on Google AdSense to monetize their content via that same Ads product. This is because they were able to leverage the distribution of loss leader software to nudge user behavior towards their revenue-generating products.</p>

<h3 id="how-wallets-are-becoming-the-loss-leader-software-of-web3">How Wallets are Becoming the Loss Leader Software of Web3</h3>

<p>What I find interesting about this concept of loss leader software, though, is that it’s leaking into new parts of software development too. The most prevalent example where I’ve seen this occurring is with cryptocurrency wallets. No user inherently pays for wallet software, but it’s a very high-value piece of software that crucially helps every user of Web3 collectively secure trillions of dollars of value. So it goes without saying that every user expects this software to be secure, but in the same way that you don’t pay for a banking app, users are unlikely to pay for a wallet. So what are the revenue lines that wallets use to subsidize the development of the wallet software?</p>

<p>Metamask is probably the best example to look at because they’ve done a great job, in my opinion, of utilizing the distribution of their wallet to grow revenue lines. Without knowing the specifics of their business dealings, I’d venture to guess from on-chain flows that their primary source of revenue has historically been defi swaps, which, as of 2025, are estimated to have generated $325 million in revenue, which is generated by charging .875% of the total transaction volume. With estimates of 30 million MAU, which I assume includes their Metamask Institutional product, where the majority of that roughly $37.1 Billion (estimated based on fee revenue / percentage of fee) of swap volume would have come from.</p>

<p>However, unlike Google’s ad product, MetaMask Swap volume is highly correlated to the prices of cryptocurrencies, which means that during bear markets, it brings with it reduced market volume and revenue declines. So, in the Web3 space, this is what has led to the need for more revenue lines to grow their business, including feature integrations of other protocols that lead to financial transactions and revenue-sharing agreements. These revenue lines include product features like crypto <a href="https://metamask.io/en-GB/buy-crypto">on-ramping</a>, <a href="https://metamask.io/en-GB/earn">staking</a>, <a href="https://metamask.io/en-GB/rwa">trading Real World Assets</a>, <a href="https://metamask.io/en-GB/prediction-markets">betting on Prediction Markets</a>, and <a href="https://metamask.io/en-GB/perps">options trading called “Perps”</a>, <a href="https://metamask.io/en-GB/card">crypto card</a>, or their own <a href="https://metamask.io/en-GB/price/metamask-usd">stablecoin</a>. Put another way, if there’s a protocol or feature that will generate revenue from fees, then a wallet in the Web3 space will probably integrate it and collect a portion of that revenue. These are the revenue generation schemes that loss leader software like cryptocurrency wallets live on in the Web3 space. This also means that there’s the potential for more middlemen in Web3 than what currently exists, depending on how these protocols get plugged in together to produce end-user journeys in the wallets.</p>

<p>So if the goal of Web3 is to make finance cheaper, faster, more private, and more secure than it is, it should consider the costs of the software it produces and delivers. In my opinion this should come in the form of business models that operates over a larger volume of transactions, but at a cheaper cost per transaction. I personally believe the market-based transaction fees networks use for gas rather than variable percent transactions is Web3’s core innovation to date. This will end up leaving more in the users’ pockets and get more users switching to Web3 if protocols can also adopt similar fee models. We’ll then have an opportunity to capture large amounts of transaction volume by undercutting the variable fee paradigm currently used whenever possible. And growing the volume means growing the revenue we generate faster for the businesses that build this software.</p>

<h3 id="is-open-core-software-also-a-loss-leader-software">Is “Open Core” software also a loss leader software?</h3>

<p>What’s interesting beyond traditional products is the concept of open source software, which also operates as loss leader software. What open core means is that some portion of a software product exists as open source software to entice users or developers to integrate and build upon it, but then key features or hosting services are operated and maintained at an additional cost. In this way, technically, the primary cost of the software production and maintenance is not revenue-generating. Technically minded folks can essentially take a copy of the software and do what they want with it, including extending it, which is valuable for the open core software business.</p>

<p>On the other hand, they can fork it and compete with it, which is good because it also extends the software or its features to expand the market. However, it’s bad because it potentially creates a new competitor who can steal their market share. So, how do open core business models fund the cost of this free development? They typically subsidize it by building proprietary features on top of it or charging to maintain and host that software instead. Today, Google Chrome is technically an open-source product of Chromium. The primary difference between Chromium and Google Chrome is that Google Chrome serves the interests of Google solely through the collection of more user data beyond just Google sites, so they can personalize their ads better. On the other hand, Chromium is an open source project and serves the interest of the Web primarily (it’s complicated to justify this, so I’ll leave the exercise to the reader).</p>

<p>Some other good examples of open core business models are MongoDB which is an open source project that was originally licensed under AGPL v3 before 2018 and then it was changed to Server Side Public License which was a response to Amazon Web Services contributing little back to the majority to the maintainance of the open source project while doing a good job monetizing it with Amazon DocumentDB and hosting MongoDB Atlas. This introduced a tragedy of the commons problem, and so the license was changed to make sure that enough revenue flowed back to MongoDB, the company, to fund the development of MongoDB, the product.</p>

<p>Another interesting example of this is TailwindCSS, which actually developed both the loss leader software and used their docs to nudge people towards their premium products to monetize the framework with products like Tailwind UI, Tailwind Play, and Enterprise Templates. The struggle with this approach is that when AI came about, it changed how developers gather information about the CSS framework, and meant there was less opportunity to monetize it. This ultimately led to a negative impact on their business because while the TailwindCSS framework was growing substantially, it was becoming harder for them to fund the development, and ultimately led to them being able to put less income into the hands of the developers maintaining that software.</p>

<h3 id="how-does-this-apply-to-altruistic-oss">How does this apply to Altruistic OSS?</h3>

<p>First off, what do I mean by Altruistic OSS? I use this term to distinguish software that is maintained as a hobby or via sponsorships like GitHub sponsors, and does not have a sustained revenue model. Many people will likely know this under the “Free Open Source Software” movement, but I don’t like the term “free” because the developers who produce and maintain that software are still paying with their time and expertise. I don’t even like the term “free” for the consumer because often this absence of payment is paid for either with time by the end user with bugs or less prioritized software, which is more than understandable. The maintainer still has to feed themselves, pay for their entertainment, and afford their lives.</p>

<p>There are many different pieces of software like this, including projects like the Linux Kernel. While there are massive businesses that have been built on this project, they don’t have direct influence over the ability to nudge users towards their revenue lines. Yet, there’s an entire economy built on the production, maintenance, and deployment of the Linux kernel. Whether it’s from Canonical with Ubuntu or Linux Foundation events that train people how to use the software or build on it, but charge for ticket sales. But is there another way?</p>

<p>In my mind, I think there is for software like OSS software distributed through package managers like NPM, Rust crates, or PyPI. While much of the software distributed through these package managers falls under the FOSS principle, it still bears a burden to those who rely upon it. As a perfect example, I help bump the dependencies of open source software we rely on in Brave Browser. It is substantially cheaper for us to rely on a package that properly uses semantic versioning, handles security bumps promptly, and is responsive to feature requests or pull requests that I submit to make it easier for us to rely upon these dependencies. So that’s what these maintainers can be charging for, and it could be the package manager’s role to serve as the store, the payment provider, dispute arbitrator, and distributor of the software, charging a fee for it.</p>

<h3 id="should-we-accept-the-costs-that-come-from-this-business-model">Should we accept the costs that come from this business model?</h3>

<p>I’m sure there are other opportunities to generate profit centers that align with the principles that FOSS was built on as well. The question is, will the “free” side of OSS accept that they still face the burden of costs to produce, maintain, deploy, and support the software? In conclusion, the concept of loss leader software is a widely pervasive model for producing software that is widely accessible and still profitable. It’s been used for decades now and will likely continue much further beyond. I suspect we’ll see similar economic models continue to emerge from AI and whatever comes beyond it because the power of software is that the cost per unit of producing new software is the same for 1 user or 1 billion users. The cost of producing, maintaining, deploying, and supporting the software scales slightly differently, but these costs are often baked into the profit centers as long as one exists. So the question in my mind is, should we accept the tradeoffs that come with loss leader software such as “enshitification” or “bloatware” to offset the costs of “free to use” software? Is there a better way to handle these legitimate costs that exists so that as many people can continue to have access to software and information equitably while still being able to fund the software development lifecycle?</p>

<p><small><em>Thank you to <a href="https://x.com/Cyph3rVae">@Cyph3rVae</a>, <a href="https://x.com/FryCookVC">@FryCookVC</a> and <a href="https://x.com/gnukeith">@gnukeith</a> for the review and feedback here.</em></small></p>]]></content><author><name></name></author><category term="software development" /><category term="OSS" /><category term="open source" /><category term="web3" /><summary type="html"><![CDATA[A Loss Leader Software is software that is free to attract a user so that you can nudge the user towards another product or service you generate revenue on to continue to fund the development of both]]></summary></entry><entry><title type="html">Framework for Applying Gardner’s Theory of Multiple Intelligences</title><link href="https://kyledenhartog.com/framework-of-intelligence/" rel="alternate" type="text/html" title="Framework for Applying Gardner’s Theory of Multiple Intelligences" /><published>2026-01-10T00:00:00+00:00</published><updated>2026-01-10T00:00:00+00:00</updated><id>https://kyledenhartog.com/framework-of-intelligence</id><content type="html" xml:base="https://kyledenhartog.com/framework-of-intelligence/"><![CDATA[<p>I was recently reading a Reddit post of someone who seemed to be younger, wondering how they can improve their intelligence. As I was writing a response, I realized this would be a good blog post. So here’s my framework for how I think about intelligence in case it helps anyone.</p>

<p>Using an IQ test to measure intelligence is like using a basketball hoop to see who can dunk, a doorway to see who can walk through it, and a limbo bar to measure height. In other words, we’re creating some semi-random tests that are correlated with height to measure it in the same way the questions on an IQ test correlate with testing some forms of intelligence.</p>

<p>Instead, I’d suggest thinking about intelligence differently. First, I’d look at <a href="https://www.simplypsychology.org/multiple-intelligences.html">Gardner’s Theory of Multiple Intelligence’s</a> to understand that intelligence comes in many different forms and each is an independent skill that can be built up. For example, with enough time, most people can learn the piano and boost their musical intelligence.</p>

<p>Second, think of intelligence as knowledge that compounds over time. In order to learn, we usually need to attach the new idea to some old idea we know. So, as we know more things, we can learn new things, and that makes the growth rate of knowledge compound over time. Kind of like compounding interest when you invest.</p>

<p>To add to this, I typically think of intelligence as the combination of 3 different aspects. The first is about knowledge, which is kind of like the number of facts you know. The second thing I think about is being “smart,” which is how long does it take me to learn a new fact, pattern, or skill? The third is about knowing the right time to apply it, which I call “wisdom”. This is important because as useful as it is to know or be able to do a bunch of things, it’s only beneficial if you can apply it in everyday life. Wisdom helps me regulate what stuff I need to remember versus what’s okay to forget.</p>

<p>For example, I normally don’t need to hold onto the details about how to replace a specific part in my car would go (knowledge). I can easily re-look it up using my phone at any time (smart). So it’s not worth remembering myself unless I’m going to need to use it daily. However, it is useful to remember how to use a screwdriver (knowledge) so I can remove it and also having a basic understanding of how engines work is useful in case I need to diagnose which car part to fix (wisdom).</p>

<p>With my framework for applying Gardner’s theory of multiple intelligences, I’ll leave you with the one question that’s most important to me: What skill or new piece of knowledge do I want to invest my time in next to learn something new? The answer to that is almost always driven by whatever motivates me at any given moment. Every new problem I work on is a chance to build my intelligence just a little bit more.</p>]]></content><author><name></name></author><category term="cognitive science" /><category term="Intelligence" /><category term="Musings" /><summary type="html"><![CDATA[Think of intelligence as knowledge that compounds over time.]]></summary></entry><entry><title type="html">Future-Proofing DeFi: How Prediction Markets Can Insure User Funds</title><link href="https://kyledenhartog.com/prediction-market-security-hedge/" rel="alternate" type="text/html" title="Future-Proofing DeFi: How Prediction Markets Can Insure User Funds" /><published>2025-11-16T00:00:00+00:00</published><updated>2025-11-16T00:00:00+00:00</updated><id>https://kyledenhartog.com/prediction-market-security-hedge</id><content type="html" xml:base="https://kyledenhartog.com/prediction-market-security-hedge/"><![CDATA[<p>Prediction markets aren’t a new concept, but they are a tool being used more
widely these days. For the most part, these are being used for pseudo-gambling
on events, but there’s something more interesting in them for me.
What if a prediction market could be used as a tool to model risk in the same way
What does an actuary do for an insurance company? If we presume that a prediction
The market can leverage information asymmetry; could we then use the price
The mechanism of a prediction market to determine risk and act accordingly when
managing a fund?</p>

<p>For example, there are quite a few protocols that are launching to
provide yield to users who store their funds in the protocol for spending
purposes. Let’s call these stablecoin reward protocols. At a simple level, they
work like so:</p>

<ol>
  <li>A user provides to the protocol $100 of USDC, and in exchange, the user receives spendable notes which can be used for everyday purchases like groceries or e-commerce transactions by anyone who accepts the protocol.</li>
  <li>The USDC is then staked to generate rewards, and an internal ledger is kept for who possesses what percentage of the backed funds.</li>
  <li>Eventually, someone may withdraw some or all of their funds, such as a merchant who needs to pay their bills or a settlement intermediary like a card issuer paying a merchant bank, at which point some portion of funds is withdrawn from Aave, and then paid out to the recipient address.</li>
  <li>At regular intervals, the yield generated from staking is used to buy back BAT and returned to people who’ve locked their funds into the protocol and are spending with it, and in this way, they get cashback just like if they had a bank account and a debit card.</li>
</ol>

<p>Something to note, though, is that the crux of this design relies on the returns of the
protocol generating competitive yields. For example, banks can generate
profits on bank deposits because they can use customer funds and leverage from
fractionalized lending, so that they can provide loans like mortgages. The loans
cover the costs of the interest returned to the bank account holder and allow
the bank to return a profit from the difference between the interest earned on
the loans and the interest paid to get the funds to provide the loans.</p>

<p>In other words, the maximum rate the bank can return is determined by the
interest they can charge on the loan. In Defi terms, that applies in the same
way that the maximal yield that can be returned is relative to the market rate
of lending USDC or another underlying asset to Aave or some other lending
protocol.</p>

<p>So how could someone generate a higher yield? By not just simply holding the
funds but instead swapping the stable assets into more volatile assets and
trading them effectively, operating like a hedge fund. This is effectively what
FTX was doing business with funds deposited into their exchange and allowing Alameda
Research to use them and take the profits for themselves. In theory, this
could be built into a protocol too, but the financial risk remains.</p>

<p>To define the risk, let’s take the above example again of a user putting $100 of
USDC into the hedge fund protocol, and then the hedge fund automatically swaps
the $100 from USDC into a memecoin. If that memecoin drops to $0, then when the
user goes to withdraw their $100 later, the protocol cannot return $100 because it
doesn’t have it. Instead, it’s got effectively worthless memecoins, which can’t
be swapped, and then the user who submitted the $100 is now without their funds.</p>

<p>Now, let’s say the memecoin jumps to $1000 and the hedge fund exits the trade
back to $1000 USDC, then the protocol has now generated $900 of profit, which
could then return a 900% yield to the user minus any fees. In this sense, the risk
That was taken, which generated a massive reward for the user simply by placing funds
in the right protocol, and this exemplifies the risk-to-reward ratio when it
comes to the management of funds.</p>

<p>So, how can we generate higher yields than simple collateralized lending with
Aave, but do so in a way that hedges the risk a bit? We can use prediction
markets as both a risk canary signal and as an arbitrage opportunity to generate
risk-adjusted returns. Let’s say, for example, $80 was spent on the memecoin, but
the other $20 was spent on a prediction market bet that the price of the token
would not be at least $80 by the end of the day when the user withdraws their
funds. In this case, the prediction market on the price would behave similarly to how an options contract works, hedging the risk.</p>

<p>However, what if we wanted to hedge some other type of risk, such as the loss of
funds due to a protocol hack occurring on Aave, which made it, so the stablecoin
reward protocol couldn’t return funds to the user? We could achieve this by
betting “no” on a prediction market that won’t be hacked before a set time. If the
protocol doesn’t get hacked, then the fees won from the prediction market are
stored away and can be returned to the user or used to cover losses later in the
event of a future hack. However, if a hack does occur, then the user could take a
“yes” bet on this as insurance to cover their funds. Given the probability
should be relatively small, then the cost to insure their losses on the
prediction market should be relatively small. In other words, they may need to
spend 2 cents to get 98 cents back.</p>

<p>Here are some ways that I could see this prediction market framed.</p>

<p>Will account ABC123 lose access to their full deposits minus any internal
transfers between now and the withdrawal event? In this way, the cost to the user
is something small, like 1 cent or 2 cents, and the cost to the protocol to
ensure is very high. The protocol either generates funds from the successful
withdrawal because the protocol stayed secure, or their bet is paid out because
the protocol was hacked.</p>

<p>Additionally, since the prediction market would require evidence of a hack, the
shifting of the yes bet upwards can act as a canary signal to the user to
automatically withdraw the funds. In this way, a hacker could conduct the hack
and receive both the funds from the uninsured (since it’s an opt-in bet) and a
portion of the bet.</p>

<p>I’m not totally convinced the incentive structures are properly structured yet,
But I think there’s merit to the use of prediction markets as an insurance
mechanism. Can anyone come up with a better structure that generates revenue
for an arbitrary protocol, protects the user’s funds in a catastrophic event like
this, and allows the hacker to claim some portion of the funds as a bounty
structure (presumably they’d return the uninsured funds to prevent criminal
conviction and claim the bounty via insurance)</p>]]></content><author><name></name></author><category term="Security" /><category term="Web3" /><category term="Risk Management" /><summary type="html"><![CDATA[a novel approach to DeFi risk management, leveraging prediction markets to dynamically hedge against hacks, smart contract failures, and other threats, enhancing protocol security and user trust.]]></summary></entry><entry><title type="html">Breaking the Left-Right Binary: How Multivariate Political Mapping Can Help Us Redesign Online Debate</title><link href="https://kyledenhartog.com/radar-chart-political-spectrum/" rel="alternate" type="text/html" title="Breaking the Left-Right Binary: How Multivariate Political Mapping Can Help Us Redesign Online Debate" /><published>2025-09-14T00:00:00+00:00</published><updated>2025-09-14T00:00:00+00:00</updated><id>https://kyledenhartog.com/radar-chart-political-spectrum</id><content type="html" xml:base="https://kyledenhartog.com/radar-chart-political-spectrum/"><![CDATA[<p>For the past few years, I’ve been spending more time trying to understand the paradox between free speech and regulating speech in safe spaces. I’m starting to conclude that the part of our struggle here lies in our language and that limits how we can think about the problem.</p>

<p>Inherently, these are political topics, so there’s inherent controversy that underlies the discussion, and that’s what I’ve been trying to resolve in my mind. However, because we refer to this with the term “political spectrum,” it often conjures up a one-dimensional line in my mind. I think it does in others as well, because we have the “left and the right.” In other words, it’s as if the “left” represents negative numbers and the “positive” represents positive numbers (or vice versa). That’s what creates this paradox: our current models don’t effectively address this problem, which keeps us perpetually stuck, leading us to think we can’t make progress. Before I dive into a mental model that works better for me, and then explore how I believe it helps us design better communities online, let’s break down what I mean by free speech and regulating speech in safe spaces.</p>

<p>When I say free speech, what I mean is that people should inherently be able and willing to say precisely what they mean. That doesn’t absolve them from the impact that their speech has on others. So, it’s necessary to cultivate environments where the interplay between a person speaking freely and the audience listening healthily is appropriately regulated. However, that regulation cannot come from a place of control; otherwise, it will inherently suppress most people’s willingness to speak freely, hence the paradox, because in any social setting, there’s an implicit social contract we agree to, which is to recognize and empathize with the impact we have on others. That is what makes us human, and to lose or break that social contract causes incivility. To resolve these conflicts, I believe the answer may lie in how we model and select individuals to put in a proverbial “room” or cyber-community to address a problem.</p>

<p>Let’s talk about a new (I didn’t invent it, I’m just re-applying it) model for mapping the political spectrum, then we’ll explore how to use this new model and what it might bring us. I believe the best model for mapping and visualizing the political spectrum is a multivariate spectrum using a radar chart, not a single-axis “spectrum” line or a two-axis “spectrum” (2x2 consultants square), and here’s why.</p>

<h3 id="single-axis-political-spectrum-number-line">Single-axis political spectrum (number line)</h3>

<p><img src="https://www.politicalcompass.org/images/leftright.png" alt="single axis Political Spectrum" /></p>
<h6 id="source-httpspoliticalcompasscom">source: https://politicalcompass.com</h6>

<h3 id="two-axis-political-spectrum-quadrant-graph">Two-axis political spectrum (quadrant graph)</h3>

<p><img src="https://www.politicalcompass.org/images/bothaxes.gif" alt="two-axis political spectrum" /></p>
<h6 id="source-httpspoliticalcompasscom-1">Source: https://politicalcompass.com</h6>

<h3 id="multivariate-political-spectrum-radar-chart">Multivariate political spectrum (Radar Chart)</h3>

<p><img src="/assets/img/radar-chart-post/radar_chart_simple.png" alt="Radar chart simple" /></p>

<p>The problem with politics is that it is a multivariate by design. Put another way, the number of issues that any group of people can care about at one time is infinite and relative. As an example, today some of the challenging conflicts we’re working to resolve are political polarization (why I’m writing this in the first place), Immigration and national identities in a globally connected world, Poverty and economic disparity in a more interconnected world, and social identities that allow us to find our tribe. These are modern problems that don’t match the same difficulties they worked to resolve in 500BCE or 1250 (at least I wouldn’t think so, but I’m not well read on these eras). I’ve cherry-picked five broad categories, but there are many more! Think about what issue you care about most - does it fit within these 5? Probably not, and that’s the point.</p>

<p>So, if we recognize the problem is multivariate, how does modeling it differently help us? It helps us because it makes it easier to overlay one or more people’s individual radar charts on top of each other to identify where we have common ground, as well as where we’re probably too far apart to spend time focusing on a particular problem just yet. By doing this, we can carefully recognize which topics are best suited for any one community or set of people, like so.</p>

<h3 id="example-multivariate-political-spectrum---2-people">Example Multivariate Political Spectrum - 2 People</h3>

<p><img src="/assets/img/radar-chart-post/radar_graph_political_spectrum.png" alt="multivariate-political-spectrum" /></p>

<p>In this example, you’ll see that for problem one the people sit at the very opposite ends of the spectrum which suggests due to the polarization on the topic, it will be a touchy subject and might now be the best conversation for the two people unless there’s an established connection and high trust where they recognize that the difference of opinion will still be met with respect by the opposite party. The same thing is probably true for Problem 3, but Problems 2 and 4 are good points of discussion because there’s a gap, and the views are relatively similar, making it easier to have a discussion and shift views on these problems. Similarly, Problem 1 is a great starting point for establishing rapport and building trust between the two people.</p>

<h3 id="example-multivariate-political-spectrum---10-people">Example Multivariate Political Spectrum - 10 People</h3>

<p>Now, one can imagine the problem expanding to any number of people. To help visualize this, here’s one of 10 people with randomly generated values on where they fall within the spectrum for five different problems.</p>

<p><img src="/assets/img/radar-chart-post/radar_graph_10_people.png" alt="multivariate-spectrum-10-people" /></p>

<p>As you can see, it becomes increasingly complex to find common ground as more people are involved in establishing it. This complexity may contribute to why social media feels like a cesspool to debate political topics on, unless you find a sub-community that aligns with your views, or in other words, a “safe space”. With 10 people something like problem one would likely see battle lines drawn where Person 2, 3, 4, and 9 take one side and Person 5, 6, 7, 8 and 10 take the other side and depending on how the conversation goes Person 1 either goes silent and listens and gets pulled in one direction or another or acts as a moderator between the two sides.</p>

<h3 id="impact-on-governance">Impact on Governance</h3>

<p>It’s also indicative of the reason representative democracies appear to be struggling in the current era and new forms of governance like <a href="https://en.wikipedia.org/wiki/Government_by_algorithm">Algocracy</a> and <a href="https://en.wikipedia.org/wiki/Futarchy">Futurarchy</a> are being explored. Even with in a group of two, selecting a representative of that group is difficult because it’s unlikely to represent the views of both via a single person. When you add the complexity of a representing a populace of 10,000 the representation devolves to a tyranny of the majority. This complexity also means within a democracy we can’t focus on choosing the best candidate, but rather have to focus on removing those who no longer represent our views well enough. However, if there’s no trustworthy alternative replacement, we collectively accept what we’ve got over taking the risk of things getting worse due to the <a href="https://pubmed.ncbi.nlm.nih.gov/40343790/">Doubling Back Aversion</a> bias. It begs the question then of whether single-representation backed by party politics will be replaced with alternative forms of governance now that our methods of disseminating information have changed, but I digress.</p>

<h3 id="exploring-the-solution-space">Exploring the Solution Space</h3>

<p>This new model evolves for me into how we can use the model to reimagine the tools we use to communicate online now. Now that we can model the behaviors of random participants, we can start to look at how we should shape technologies and tools like social media to regulate speech online without creating excessive control points.</p>

<p>For example, what if a social media platform recognized that Person 1 sits closest to the middle within the conversation and grants them moderation tools to moderate the thread? The idea of selecting a centrist to moderate on a topic I only came across as I was explaining the paragraph above, but it seems interesting. Maybe the tradeoff here is that the person with moderation powers isn’t interested in moderating or isn’t aware they are, so the conversation devolves too quickly?</p>

<p>Or what if we limited people’s access to specific communities based on your multivariate score? I’m less inclined to believe this is a good option because it seems like it would create Overton Silos when the goal of this is to bring people closer together and find common ground, rather than to bifurcate groups so that Person 2,3,4, and 9 only talk amongst themselves in one safe space, while 5,6,7, 8, and 10 talk amongst themselves in another.</p>

<p>Additionally, what happens if we made it easier for people to locally configure their own views into the platforms and technologies we use so that we can self-filter and self-select when we view the content versus when we don’t? For example, Brave Search has a feature called Goggles that does this sort of thing, where a person can configure their results to be returned based on boosting or discarding particular domains. This idea is fascinating to me, worth exploring because it operates under the foundation that “everyone is free to speak, but that doesn’t guarantee them an audience”. The difference between what we have today and how this would work is in who decides the audience. Today, the platforms decide for us algorithmically, but in the future, we could configure them ourselves and choose to self-regulate in a decentralized fashion.</p>

<p>These are some of the ideas I’ve been playing with, but the next steps are to explore how the tools and rules might work through using this new model. The nice thing is that within software engineering, machine learning is a scalable tool for addressing multivariate problems and building new platforms, too. Each profile on the platform is modeled as an array, and each index in the array represents a topic or category of discussion. You can then build optimized models to design different rules, such as the three mentioned. So the question I leave for my readers is, does this new visual model give you the exact “aha” moment that I had when I thought of it? Similarly, what ideas do you have for designing better tools for communicating on the Web?</p>]]></content><author><name></name></author><category term="Speech" /><category term="Web" /><category term="Social Media" /><summary type="html"><![CDATA[The problem with politics is that it is a multivariate by design. Put another way, the number of problems that any group of people can care about at one time is infinite and relative. So we need a new way to model it.]]></summary></entry><entry><title type="html">How SSI Becomes a Centralized Tool For Gatekeeping</title><link href="https://kyledenhartog.com/centralized-ssi/" rel="alternate" type="text/html" title="How SSI Becomes a Centralized Tool For Gatekeeping" /><published>2025-07-18T00:00:00+00:00</published><updated>2025-07-18T00:00:00+00:00</updated><id>https://kyledenhartog.com/centralized-ssi</id><content type="html" xml:base="https://kyledenhartog.com/centralized-ssi/"><![CDATA[<p>Following up on my last blog post, <a href="https://kyledenhartog.com/a-pattern-of-moral-crisis/">From Printing Press to Digital Identity: A Pattern of Moral Crisis</a>, I allude to the idea that Self Sovereign Identity is centralized, but don’t go into great detail how. In this post, I’m going to follow up on this idea to show how we’ve subtly introduced the centralization through the chosen trust architecture. Then I’ll point out some of the ways in which this centralization could be weaponized against the people that we intended to provide more agency too.</p>

<p>To start, we first have to acknowledge that in a claims based model like with verifiable credentials or any other digital credential data model the technology itself is ambivalent to how it’s used. Put simply, all of the various data models are designed to encode “who says what about whom” into a digital form. So, the subtly in this is that the credentials themselves can’t really enforce centralization or decentralization, but rather how we choose to encode information into them are what provides this enforcement.</p>

<p>Let’s take for example the 3 most commonly suggested or deployed use cases of these digital credentials as of yet:</p>

<ol>
  <li>COVID Passes</li>
  <li>Age Verification</li>
  <li>“Know Your Customer”</li>
</ol>

<p>In all 3 of these use cases we’ve defined a trust architecture where the structure of the data is: An institution with a well known identifier makes claims about a subject with an untrusted identifier such that an arbitrary verifier can rely upon said claims for any purpose they choose. This is most commonly referred to as a “High Assurance” credential. The alternative approach that’s been described is a self attested model, which is the most common approach on the Web to date.</p>

<p>In a self attested claims model (or could also be referred to as a “low assurance” credential) it works roughly like this. A subject uses an untrusted identifier as an issuer to make claims about themselves as the subject with the same untrusted identifier such that an arbitrary verifier can rely upon said claims. While the technology under the hood isn’t quite the same, the closest example we have to this today is the social login systems like Sign in With Facebook or Google. In each of these systems, at the very beginning when I register my account I self declare my information to Facebook or Google and that information could be correct or not. It doesn’t much matter what my name is or what my date of birth is because Facebook and Google aren’t making any assurances about the claims themselves. They’re simply collect it and relaying it onto third parties using Open ID Connect. In this trust architecture, the ability to self attest this information at the start allows me to falsify claims on registration. I may choose to do that to enhance my privacy while still being able to easily authenticate on the Web or it could be to impersonate another person.</p>

<p>So, what makes something high assurance or low assurance? It essentially boils down to what enforcement mechanisms exist for the verifier to have assurance that the claims are valid and how we’re opting to do this in “high assurance” credentials is to remove agency from the subject and bestow that into well known identifiers that represent institutions that are “trusted”. We assume this trust is valid because we assume the likelihood of falsified records is lower (not zero, it’s actually not <a href="https://www.bitsaboutmoney.com/archive/optimal-amount-of-fraud/">economically feasible</a> to achieve this) than that of the self-attested model. But at what cost? The cost comes in the form of the subject’s agency.</p>

<p>Under the new “high assurance” trust models we bestow the subject the ability to share claims made about them which is new, but in exchange for that capability we remove the ability to make claims about themselves. That power is now only granted to well known trusted entities. Does that remind you of any other PKI systems on the Web because it does to me?</p>

<p>If we think about the x509 system for TLS certificates they essentially work in the same way. Our browsers don’t trust a self-signed certificate by default but it does trust an intermediary certificate that’s been signed by a well known trusted root certificate. Now tell me, how many of you regularly allow self-signed certificates when visiting a website today? It probably happens once in a while, but its certainly not the prevalent trust model on the Web anymore. The issue here is that, as soon as we introduced the alternative mechanism for a hierarchical trust infrastructure rooted in a select number of institutions (the root certificate authorities) providing some assurance about the intermediary certificates we stopped using self signed certificates because they were deemed less safe even though they were more decentralized. Furthermore, that same x509 infrastructure which operates on a decentralized trust model has been shown that it can be scaled with PGP. Sure, it’s by no means an enjoyable tool to use, but that’s more a factor of the tooling being built-in 1991 where we hadn’t done much research on human-computer interaction patterns. It therefore, shouldn’t be used as an invalidation of the safety of the trust model itself.</p>

<p>So in my original blog post, I suggest that’s exactly what will happen with digital credentials too and the evidence with the most prevalent use cases suggests that’s already what is happening. In each of these systems, the issuer maps to the root certificate authority, the subject maps to the intermediary certificate, and the verifier is the one setting the rules for the game which effectively means that we’ve recreated a hierarchical trust model. This isn’t a damnation of the technology itself, just as Web certificates isn’t a damnation of x509 as shown by PGP.</p>

<p>So now that we understand how the issuance side has centralized let’s take a look at what this will mean in practice on the Web and in real life. Rather than re-iterate the points we made about the digital credentials API at Brave, I’ll just point back to our <a href="https://lists.w3.org/Archives/Public/public-review-comments/2024Sep/0017.html">formal objection</a> of it because they’re exactly the same as what I’d say here.</p>

<p>To exemplify on this a bit further though let’s take a look at the age verification use case. In this use case, what we’re seeing is that users on the Web are having their agency removed as a byproduct of these problems being solved with a centralized, hierarchical trust model. In advertantly we achieve greater “compliance” from the “higher” assurance (most everyone can think of a few ways that this will be bypassed) and in exchange we lose some agency and privacy because we want better content moderation capabilities for children, a protected class of people. The issue within this specific use case is that that chosen trust architecture then becomes a weapon against speech inadvertantly. Either due to people choosing to self-censor because they don’t want to provide age assurance credentials to websites or because they don’t have a credential such as children not having one or because the issuer revoked it from them. That revocation may occur simply because of the speech they make or it may occur because of a more benign reason such as the person forgot to pay for insurance and had their driver’s license revoked, so the site errors on the side of caution and doesn’t accept it due to strict liability falling on the site.</p>

<p>It’s easy to argue that I’m contriving these sorts of examples in a game of what-ifs, but let’s look at what’s most recently happened in the case of “financial compliance” with KYC and debanking. Within the past decade or so, there’s been a growing trend of debanking people based on how the funds are generated. In the further out example, we saw this happen with <a href="https://en.wikipedia.org/wiki/Operation_Choke_Point">operation chokepoint</a> where the US government leveraged a capability they already had (financial compliance afforded through KYC) and repurposed it to limit the capaibilities of people they deemed to be participating in “high risk” activities.</p>

<p>In this previous financial compliance system, the new age assurance mechanisms, and in any other use case that relies upon deferred instituitional trust through high assurance credentials we should expect to see that the technology will also be repurposed for alternative means than what they were designed for. In some cases, people will see this as a feature rather than a bug to protect others, but it remains an unintended consequence by design of the system. This happens because the verifier bestows a new set of hard power in the issuer (trust) by removing hard power from the subject (agency and in some cases privacy) which will eventually be repurposed when the next moral crisis occurs as <a href="https://www.exurbe.com/tools-for-thinking-about-censorship/">history suggests</a>. None of this is because of the technical design of the technologies though, it’s simply because this is how we’ve chosen to use them and that’s what makes this such a subtle inversion of power that goes against the original goals many of us have been working towards.</p>]]></content><author><name></name></author><category term="SSI" /><category term="Web" /><summary type="html"><![CDATA[Self Sovereign Identity subtly introduces centralization through its chosen trust architecture. We've re-created a structure where institutional claims about subjects are more trusted which recreates the same gatekeeping mechanisms SSI was meant to eliminate.]]></summary></entry><entry><title type="html">Decentralizing Age Verification with SSI: Separating Content Moderation from Guardianship</title><link href="https://kyledenhartog.com/decentralized-age-verification/" rel="alternate" type="text/html" title="Decentralizing Age Verification with SSI: Separating Content Moderation from Guardianship" /><published>2025-07-18T00:00:00+00:00</published><updated>2025-07-18T00:00:00+00:00</updated><id>https://kyledenhartog.com/decentralized-age-verification</id><content type="html" xml:base="https://kyledenhartog.com/decentralized-age-verification/"><![CDATA[<p>Today, we see that age verification laws are being passed, which enshrine the principle that we can perform age checks and protect people under a certain age through content moderation. However, we ultimately adopted this centralized content moderation solution due to the inherent architecture of the centralized trust model established by the digital credentials we rely on. That centralization led us down a path to coupling a generic content moderation problem and a guardianship problem as a means to an end of protecting children. The byproduct is that we are reducing the agency of everyone on the Web because servers need to, by default, assume users are not old enough unless they can prove they are with a third-party attested claim. There is a more private and decentralized way to solve these problems if we separate the content moderation problem and guardianship problem with separate answers to each.</p>

<p>To solve the content moderation problem, we rely on the assumption that content can be classified into buckets of safe and unsafe content on a granular level. This assumption has to hold whether it is done in a centralized way with age verification credentials (so the server can filter out the content before sending it) or an alternative way, such as with client-side filtering relying on lists like what we have with SafeBrowsing and Adblock lists, which are more private and decentralized alternatives to preform content moderation.</p>

<p>Today, these lists work by classifying content based on the origin and filtering the request in the browser. This heuristic has been good enough for the most part. However, with SafeBrowsing V5, Google Chrome is introducing the use of on-device real-time classification to detect sites that impact users’ security in real-time. The same model could theoretically be repeated with any content or served in an HTML page by adding classification tags to the HTML. Alternatively, the server could tag it directly in HTML, and then lists or configurations inform the browser how it should filter the page locally before rendering the content. So that is what makes content moderation more private because it happens only on the device. Furthermore, it becomes a more generally applicable approach to content moderation, which may be useful for blocking any form of content on the Web. For example, I configure my Twitter account to block all tweets that mention Elon Musk, but theoretically, with this system, I could apply it across the Web. I could also subscribe to a list maintained by a third party I trust who blocks all content related to topics I wish to self-moderate from. However, this system has to be opted out of at least in order to provide the agency principle.</p>

<p>Now, I’m sure many of you are already thinking that the children will just opt out, but that is where the guardianship problem comes into play. Today, the most effective forms of enforcement of these content filtering systems occur within schools via IT administrators applying device management policies or network-level blocking. So, if we extended these capabilities to configure the generic content filtering at the operating system level, then the browser or other applications on the device rely upon those features to make sure the content filtering happens on the children’s devices and doesn’t get bypassed. Additionally, if the browser is not able to determine that the content is safe, it could be configured by default to block the site and allow bypass approvals from an authorized guardian, such as the school IT administrator, a teacher, or a parent. Alternatively, it could be configured to allow access to the content but log it so the school lists could be updated.</p>

<p>Furthermore, since parents could utilize these same theoretical operating system guardianship features (or provide consent for the IT admins at their school to configure it through BYOD policies) such that these devices can’t bypass the system it becomes a more technologically appropriate solution that allows parents, teachers, and IT admins to fluidly enforce as it aligns with their morals when raising their child. For example, guardians may choose to allow access to sensitive books or block sites relevant to topics they deem unsuitable for their children, but other guardians may be all right with it. In this way, we don’t end up with centralized institutions for content platforms, the governments issuing the credentials, and the regulators determining which content needs to be filtered.</p>

<p>In this way, we decentralize the enforcement out to millions of school districts or well-informed parents acting as guardians who should understand these problems and are well-versed in the cat-and-mouse game of content filtering bypasses. Furthermore, digital credentials still come into use here, too, but we subtly shift the trust triangle to make it work.</p>

<p>For example, let’s say that a teacher has a managed device and wants to reference a specific blocked page, or a child wants access to a specific chat feature in a game at home for a limited period of time. Then the operating system would be configured to recognize and trust the teacher’s or parent’s DID, which could issue a digital credential authorizing permission to access the content. In this way, the browser (or other applications) and operating system work in tandem to act as the verifier, not the centralized site server. Furthermore, because there’s only a limited number of guardians who could issue these credentials, the system doesn’t need to fall back to a small number of centralized, known issuers or content classifications that enforce their moral discretion onto large populations of people. Instead, people would be able to selectively either self-moderate or defer moderation rights to a guardian, which, as Ada Palmer points out in the blog post I linked previously, is the most effective method of moderation today.</p>

<p>To understand how this might appear, from a user experience perspective, the child would attempt to access a piece of content like normal, and it would be blocked. The child’s browser (the verifier) would then request that the operating system (the holder) provide a valid credential. If it has one, it presents it; otherwise, the operating system reaches out to the parent’s or teacher’s device to get issued a new credential. A notification would pop up on the guardian’s device, where a clear prompt would identify what the credential is for, how long it’s used for, and maybe even whether it should be logged by the operating system so it can be sent back to the guardian for later review. Side note, this might be a circumstance where phone home is a feature rather than a bug to help parents monitor the content their children are accessing.</p>

<p>In this way, by subtly shifting who plays what role, we’ve reused the technology for the same purposes, but in a more decentralized way because the issuance is not bound to only a small select number of institutions, but it is still scalable. Furthermore, the solution is more private for everyone on the Web because sites are not required to collect personal data. However, they do still have a responsibility to tag content using the content tags that are required by regulators. Additionally, the user can configure their content moderation themselves or defer it to third parties of their choosing, like we do with Adblock lists, depending on how granular the classification problem becomes. In this way, we achieve a more private and secure solution that remains scalable, allows individuals or guardians to self-moderate as is best aligned with their moral discretion, and this is achieved because we opt for a decentralized architecture both in terms of credential issuance and in the sense of content moderation lists, where users opt in.</p>

<p>In summary, this is just one example of how the choices we make for the trust architecture have a profound impact on the solutions we end up with. It acts as a blueprint too for how we can think about different approaches for other use cases that balance tradeoffs by using decentralized trust as a means to an end, not a liability to be avoided. I hope this helps exemplify more meaningfully, too, for how we can leverage these technologies in an alternative way that leads to more equitable outcomes for all and remain aligned with our principles.</p>]]></content><author><name></name></author><category term="SSI" /><category term="Web" /><summary type="html"><![CDATA[Age verification laws are coupling content moderation with guardianship problems, reducing user agency because of our centralized trust architectures. By separating these concerns and leveraging client-side filtering technologies, we can create more private and decentralized solutions for protecting children online without compromising everyone's Web experience.]]></summary></entry><entry><title type="html">From Printing Press to Digital Identity: A Pattern of Moral Crisis</title><link href="https://kyledenhartog.com/a-pattern-of-moral-crisis/" rel="alternate" type="text/html" title="From Printing Press to Digital Identity: A Pattern of Moral Crisis" /><published>2025-07-17T00:00:00+00:00</published><updated>2025-07-17T00:00:00+00:00</updated><id>https://kyledenhartog.com/a-pattern-of-moral-crisis</id><content type="html" xml:base="https://kyledenhartog.com/a-pattern-of-moral-crisis/"><![CDATA[<p>I was recently reading the mailing list of the W3C Credentials Community Group and decided to write up a response as a blog post to <a href="https://lists.w3.org/Archives/Public/public-credentials/2025Jul/0086.html">Manu’s latest email</a>. The conversation is still evolving, but the piece I wanted to add to this discussion is that this isn’t a new problem. I largely agree with Christopher Allen’s framing in <a href="https://www.blockchaincommons.com/musings/gdc25/">Musings of a Trust Architect: When Technical Standards Meet Geopolitical Reality</a>. However, from my perspective we need to look back to history to understand our uneasiness. Even if we remain hopeful that the right thing™ will eventually come.</p>

<p>I don’t know that I necessarily agree with Manu that this is a temporary solution and a long term solution will emerge that’s better. This isn’t a new problem, it’s been ongoing for centuries dating back even to the creation of the printing press.</p>

<p>To tie this back to recent history we can look at <a href="https://openid.net/specs/openid-connect-core-1_0.html#SelfIssued">SIOP</a> (and the attempt to revive it with <a href="https://openid.net/specs/openid-connect-self-issued-v2-1_0.html">SIOPv2</a>) and the lack of adoption that came with it. If I remember the historical lore correctly too, that’s what kicked off OIDC in the first place. So it seems history is rhyming once again, but somehow we keep inverting things.</p>

<p>I guess our one bastion of hope remains in users rejecting these systems outright and migrating with their feet away. There’s already signals via a <a href="https://petition.parliament.uk/petitions/722903">petition from citizens</a> in the UK who are the first to encounter these technologies. There’s evidence of similar resistance when COVID passes were created too which was the first large scale use of this technology.</p>

<p>Even if that petition is successful, (which I doubt it does with less than 1% of the population signing the petition) we’ll be back to debating the same root moral dilemmas of the next moral crisis with a new technology eventually. I’d like to hope that I’m missing something, but this appears to be just the latest moral crisis where we in the tech industry need to ask ourselves: <a href="https://www.youtube.com/watch?v=h242eDB84zY">are we the baddies?</a>. It seems we’re effectively representing the private partners of the state to develop the next generation of censorship tools like we’ve been doing for <a href="https://www.exurbe.com/tools-for-thinking-about-censorship/">centuries</a> again.</p>

<p>In saying all that, I know everyone that’s worked on these technologies over the years mean well and genuinely wants to improve things. That improvement is inherently subjective though and reasonable minds will interpret this differently. So as much as that last statement could be construed as a personal offense to those who’ve helped build these technologies (including myself) I don’t think of this technology as a violation of the principles. Rather, it’s how we choose to use them that reflects our principles.</p>

<p>In fact, I know nearly all of us still do believe in the principles of agency, privacy, and the various other 10 SSI principles. Rather, I think it’s just a case of human interpretation and the struggle of getting a large group of humans to agree when we’re all working on related but different problems. I am left with strong hope though. The world didn’t fall over and end on any of the previous iterations of tools to censor. It however has led to a little less expression of the humanity along the way. I suppose it depends on the problem each of us are trying to solve (such as content moderation, convenience in the digital world, enhancing digital trust, reducing surveillance capitalism, building a business and finding product-market fit, etc) and how we choose to interpret the principles.</p>

<p>I know none of us want these systems to be abused for the purposes of identifying and harming human rights globally. That was the whole point of making them decentralized in the first place was to prevent the efficiency of abuse when the failure cases inevitably occur. So, I just hope that we’re able to have the collective foresight to prevent this technology from further derailing now that it is centralized when the next political factions gain control of the identity systems and use them in ways we didn’t intend.</p>

<p>So to summarize I like to think we’ll notice it and balance these tradeoffs appropriately with this new system, but I’m not convinced with our track record over the past 9 or so years. Furthermore, I’d like to think we’ll balance these tradeoffs better the next time, but history suggests that’s the exception not the norm so we’ll just have to keep iterating. I’m even of the belief the only reason we keep on reaching these same outcomes is because we keep framing the moral crisis wrong each time too, but in each of those problems I have no real solution to offer. I’m just left pondering on why it keeps happening and I think that’s what keeps causing our collective unease.</p>]]></content><author><name></name></author><category term="SSI" /><category term="Web" /><summary type="html"><![CDATA[This isn't a new problem in decentralized identity - it's been ongoing for centuries, dating back to the printing press. We keep inverting solutions and repeating historical patterns.]]></summary></entry><entry><title type="html">Why crypto: An explanation for Improving Transactions On the Web</title><link href="https://kyledenhartog.com/why-crypto-on-web/" rel="alternate" type="text/html" title="Why crypto: An explanation for Improving Transactions On the Web" /><published>2025-05-22T00:00:00+00:00</published><updated>2025-05-22T00:00:00+00:00</updated><id>https://kyledenhartog.com/why-crypto-on-web</id><content type="html" xml:base="https://kyledenhartog.com/why-crypto-on-web/"><![CDATA[<p>I was recently talking with <a href="https://x.com/gnukeith">@gnukeith</a> over DM on Twitter, and he asked if he was missing something about why people perceive crypto and blockchains as bloated features in a browser. This made me realize it’s common feedback I see when working on Brave, so it’s worth detailing why I see value in Web3 extending the Web as it stands today.</p>

<p>Many users complain about the inclusion of Web3 features because they think it’s going to somehow degrade their overall browser experience. They often perceive it as an obstruction, despite being optional. To me, this is short-sighted, as features like the wallet, rewards, or .brave domains are opt-in. The one exception here is sponsored images in the background of new tabs, which primarily crypto-native companies have relied upon to gain exposure to Brave users and can be <a href="https://support.brave.com/hc/en-us/articles/360040912932-How-do-I-customize-my-New-Tab-Page">disabled</a>. However, it’s not only crypto companies who’ve used sponsored images. Ford is just one company, who has also seen the value in this top of funnel marketing ad unit. Thus, complaints about “crypto bloat” confuse me. This is akin to complaining about “accessibility bloat” due to a browser having screen reader and accessibility tools. Or labeling translation features as bloat because one only views websites in their native language. Or dismissing other features as not useful simply because one doesn’t use them, while others do. After all, this is the trade-off browser developers must assess when building software used daily by billions.</p>

<p>However, when I break down their feedback and engage with these users, I often find they are unwilling to learn why we’re using crypto in the browser to enhance the Web experience. Usually, this is because they’ve been burned by a shitcoin or know someone who has, leading them to discard the entire concept. This is a dangerous approach in my view, akin to avoiding all tech companies after a poor investment in one, like Airbnb stock. Or, worse, condemning all credit cards because their details were stolen from one site. It’s effectively throwing the baby out with the bath water.</p>

<p>Fundamentally, transacting on the web today is limited by credit card payment systems. Two examples are the Web Payments API and content creator monetization on platforms like Facebook and YouTube.</p>

<p>In the case of web payments, making a payment for a product or service on the web is often a bolted-on experience, not natively built on the <a href="https://www.w3.org/TR/payment-request/">Web Payments Request API</a>. This is because most fintech and tech companies have worked hard to route around the standard and capture payment flows to collect percentage-based fees, keeping payments as a sticky feature within their walled gardens. The ‘Apple tax’ is a prime example, where Apple mandates in-app purchases, and other e-commerce transaction methods, then charges app developers. In cases like in-app purchases, a 30% tax was charged per use. They’ve also chosen to focus Safari’s integration on Apple Pay which puts them squarely in the middle of transactions and allows them to capture purchase behaviors of their users. I’m not certain Apple is specifically using this data, but I’d guess Google does rely on this data to sell more Ads with Google Pay. Similarly, each checkout requires supplying credit card details, trusting every site not to share them and properly protect them to prevent fraud. Meanwhile, payment processors like Stripe, credit card networks like Visa and Mastercard, along with banks, collect percentage-based fees through credit card processing agreements, taxing users a small amount for every transaction. This results in a more cumbersome and expensive experience. Furthermore, credit card payment privacy is abysmal, with purchasing behavior profiles built behind the scenes to track users via their credit card number which acts as a globally unique identifier. This is a key reason tech companies like Google, Apple, and Samsung aimed to capture the client-side payment flow with services like Google Pay, Apple Pay, and Samsung Pay. Credit card purchase data is increasingly valuable to Adtech companies, data brokers, and large e-commerce sites like Amazon for promoting new products and encouraging further purchases. Knowing purchasing habits is incredibly valuable data. Therefore, the value of an alternative method to transact with crypto is to be cheaper, more convenient, more private, and more secure. Admittedly, it isn’t this today, but Rome wasn’t built in a day and there’s many of us still improving things.</p>

<p>Moreover, content creators have received unfair “deals” as platforms increasingly capture user attention. Spotify is a perfect example: musicians publish there for fan discovery. However, Spotify collects most of the ad or subscription revenue, passing little value to the musicians who sustain the platform. Platforms live off of these connections between users and creators and without them they’d be the next Myspace. The situation is similar on nearly every other content creator platform reliant on ads or subscriptions, such as YouTube, Twitter, TikTok, and even newer platforms like Substack and Patreon. The platform provides creators an audience through algorithmic marketing and users get algorithmic content discovery. They’re effectively a matching service to connect creators and viewers. In exchange, platforms capture the largest revenue share from the attention creators generate through engaging with their viewers. Additionally, creators are limited in monetizing their users. For example, a content creator currently cannot charge a one-time payment of $0.01 for content they generate. This is because credit card fees would exceed the product’s worth, causing the creator to lose money per transaction or lose users due to the cumbersome credit card checkout. This is why microtransactions haven’t materialized on the Web. Additionally, their user experience (UX) remains uncertain.</p>

<p>In summary, I see crypto’s value in transforming transactions to make interactions between buyers and sellers of content, products, or services more delightful. Even if crypto succeeds, I don’t expect it to solve all problems, nor do I expect credit card rails to disappear on the Web. However, I welcome its addition as it will force competition and innovation, rather than allowing existing networks and walled garden platforms to rest on their laurels, extracting data and fees. This is why I believe in the value of crypto on the Web. Essentially, I see crypto as the open payments network enabling this change that we didn’t get from Web Payments. Until it’s objectively a better system, however, I expect most users won’t opt-in yet, and that’s fine. Many of us see where we’re trying to take the Web to make it better. Therefore, I’m happy to continue working on crypto in the background to build a better Web, even when the grifters who scam people are making all the headlines. And I hope this helps people who don’t see the value in crypto yet to understand why it may be useful in the future to them.</p>]]></content><author><name></name></author><category term="Web3" /><category term="Browsers" /><category term="Web" /><summary type="html"><![CDATA[Fundamentally transacting on the web is limited by credit card payment systems today]]></summary></entry><entry><title type="html">Web3 is Reintroducing Cross-Origin Tracking Accidentally</title><link href="https://kyledenhartog.com/recreating-web3-cross-origin-tracking/" rel="alternate" type="text/html" title="Web3 is Reintroducing Cross-Origin Tracking Accidentally" /><published>2025-03-27T00:00:00+00:00</published><updated>2025-03-27T00:00:00+00:00</updated><id>https://kyledenhartog.com/recreating-web3-cross-origin-tracking</id><content type="html" xml:base="https://kyledenhartog.com/recreating-web3-cross-origin-tracking/"><![CDATA[<p>In the context of Web3 we’re currently walking down a dangerous path accidentally, and it’s not something being discussed enough. When a user connects to a site with Web3 capabilities enabled the site first requests the user to share a wallet address with them. This paradigm was set primarily by some choices that were made early on by Metamask as a means of protection for the user. At the time these were beneficial, but over time we’ve recognized some tradeoffs between UX and privacy because of it. Let’s explore those further.</p>

<h3 id="the-ux-paradigm-of-sharing-an-account-address-is-discrete">The UX paradigm of sharing an account address is discrete</h3>

<p>The permissions design of this started out as a low level paradigm where the DApp only needed the wallet address and could fetch state itself from the chain. This led to a thin client design where the site and the UX for different interactions are largely determined by the site. However, because the majority of the application logic is handled by the site itself it also means that the site has to operate in a more trusted context. Both in terms of security and privacy.</p>

<p>Additionally, as we’ve added more functionality to the wallet to try and improve the UX, such as EIP-4361 (Sign in With Ethereum) it’s led to an antipattern in the UX. In order to create a “login” flow, the user first has to share the wallet address, then they have to approve a specifically structured transaction using EIP-191. Because of the order of operations of design and the focus on not conducting breaking changes to the Web3 platform APIs (e.g. what the wallet makes accessible to the site) we’ve now added a tiny bit of debt to the UX paradigm rather than combining these operations into a single design interface.</p>

<h3 id="the-account-address-paradigm-trust-model-doesnt-align-with-the-browsers">The account address paradigm trust model doesn’t align with the browsers</h3>

<p>In the context of a modern browser, most sites are isolated into their own sandbox. This occurs both at the OS process level in order to prevent sites open in one tab from tampering with other sites in another tab either at a deeper memory level or at a more functional script injection level. It also happens at a storage layer through the partitioning of localStorage, cookies, IndexedDBs, etc. Essentially, sites are separated into what’s called an “origin” in the browser and that origin identifier (such as https://example.com) becomes the boundary.</p>

<p>This is why “cross-origin” communication is considered an explicit exception. Examples of this would be using CORS for a site to approve the loading of a cross-origin script it trusts. This is ultimately rooted back in the security model (and more recently privacy model) of the browser. Over and over we’ve learned that trusting sites is a mistake because users aren’t always able to identify when sites are doing things that aren’t in their best interest, such as tracking them for dynamic pricing or crowding a page with personalized ads. So what sort of problems should we expect to come in Web3 because our Web3 platform API is too trusting of the site?</p>

<h3 id="my-prediction-for-problems-to-occur-in-web3">My prediction for problems to occur in Web3</h3>

<p>We should expect that when the user shares their address that will act as implied consent for cross-origin tracking in the same way cookie notices act as a prompt for tracking. The problem here is that as wallets share wallet addresses across different sites, it will become a global identifier used for the purposes of tracking a user and building a copy of their browsing history server side even if the user doesn’t perform an onchain transaction. This could be as simple as an RPC service provider who’s already got a large customer base of wallets and DApps taking this information and building a dataset to sell with it, or it could be a DApp or Wallet doing it directly themselves. Chainalysis has already been doing this for the purposes of correlating wallet addresses to users to sell to governments. What’s to stop someone like them from entering into the web advertising business too because so much of the web3 space is leveraging them for compliance purposes?</p>

<p>Furthermore, once they’ve built this profile all future onchain transactions will be correlated to the shadow copy of the users browsing history (built in the same way they’re built with 3P cookies) and economic activity (such as what they buy with stablecoins) to build deeper behavioral profiles to sell them more goods or serve them more personalized ads. In other words, we really shouldn’t re-introduce this given all major web browser vendors have been moving towards phasing out 3P cookies. But if we can’t share a wallet address how can we solve this problem?</p>

<h3 id="a-paradigm-beyond-sharing-a-cross-origin-globally-unique-identifier-wallet-address">A paradigm beyond sharing a cross-origin globally unique identifier (wallet address)</h3>

<p>The answer in my opinion here lies in going down the thick client approach rather than thick app approach. What I mean by “thick” is where the majority of application logic is handled. Today, much of the UX, unsigned transaction generation, and many other aspects are handled by the site. This is probably because the site has no way to request the wallet handles this for them and because the site has desires to build a brand recognition around their protocol using the UX from the site as an value differentiator.</p>

<p>However, we can imagine a world where the site casts an intent to the wallet, such that the wallet can display and generate the necessary information to display to the user. A toy example, I like to use here is through a very specific API designed for checking out and paying with Web3.</p>

<p>A wallet could enable the following API to perform a checkout operation without needing to share an address:</p>

<div class="language-javascript highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kd">const</span> <span class="nx">checkoutTxn</span> <span class="o">=</span> <span class="k">await</span> <span class="nb">window</span><span class="p">.</span><span class="nx">ethereum</span><span class="p">.</span><span class="nx">request</span><span class="p">({</span>
    <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">wallet_checkout</span><span class="dl">"</span><span class="p">,</span>
    <span class="na">params</span><span class="p">:</span> <span class="p">{</span>
        <span class="na">recipient</span><span class="p">:</span> <span class="dl">"</span><span class="s2">eip155:1:0x1234abc</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// a pseudonoymous address to send funds to</span>
        <span class="na">amount</span><span class="p">:</span> <span class="dl">"</span><span class="s2">100.01</span><span class="dl">"</span><span class="p">,</span>
        <span class="na">currency</span><span class="p">:</span> <span class="p">[</span>
            <span class="dl">"</span><span class="s2">eip155:1:0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48</span><span class="dl">"</span><span class="p">,</span>
            <span class="dl">"</span><span class="s2">eip155:1:0xdAC17F958D2ee523a2206206994597C13D831ec7</span><span class="dl">"</span>
        <span class="p">]</span>
    <span class="p">}</span>
<span class="p">});</span>
</code></pre></div></div>

<p>In this you’ll notice a different paradigm. First, the wallet doesn’t need to send the wallet address to the site so it can generate the transaction, instead it will leave it up to the wallet to decide this. Second, the site communicates what it desires to the wallet and lets it decide how to handle it. So for example, it wants the user to send $100.01 worth of either USDC on Base L2 or USDT on mainnet which is communicated based on the currency contract address. If the user doesn’t have USDC or USDT on the proper network the wallet can perform the underlying swaps and bridging to assist with completing the intended transaction so that the caller receives the money into the address they expect.</p>

<p>In summary, we shouldn’t be looking to perpetuate the legacy antipatterns of web2 in Web3 like third party cookies. Instead, we should be looking to extend the web platform in ways that browsers aren’t. In this way the value added capabilities we receive from Web3 for asset ownership become an extension of the web by enhancing it so that we can meet the land of web2 where they’re at, rather than building a separate Web3 island and expecting everyone to come join us.</p>]]></content><author><name></name></author><category term="Web3" /><category term="Wallet Addresses" /><summary type="html"><![CDATA[We should expect that when the user shares their address that will act as implied consent for cross-origin tracking in the same way cookie notices act as a prompt for tracking.]]></summary></entry></feed>