It still seems to be a controversial viewpoint to some, but it’s nevertheless a fact that most “decentralized” applications (dApps) are heavily centralized.
Security researcher Chris Blec coins himself “DeFi’s best friend and toughest critic.” He runs a website called DeFiWatch, in which he’s audited several of the most prominent DeFi dApps to ascertain the degree of centralized control that dApp operators have over user funds. Scanning through the results, it’s evident that many DeFi investors of dApps such as Compound, dYdX, and Synthetix, are putting their funds directly into the same kind of wallet that any of us use to store cryptocurrencies. As the saying goes – “not your keys, not your crypto.”
However, many people don’t realize that under the hood, dApps are centralized in many other ways than just key management. For example, the front end of the application is accessible via a user interface hosted on the internet. The company operating the app owns the domain and can also copyright the user interface and any branding or logos.
Some solutions have started to emerge. For example, object storage can now be managed in a decentralized way via the Interplanetary File System (IPFS.) The project was conceived as a means of overcoming the challenge that internet communication protocols are now handling more traffic than they were ever designed for, mainly due to file storage.
With IPFS, objects, or files such as images are stored and distributed across different nodes using a protocol based on BitTorrent. The nodes provide a path to the object, meaning that it isn’t stored on a centralized server that can become overloaded. This results in better delivery of web-based content that is also resistant to censorship.
The Risks of Centralized Data Storage
Perhaps a bigger problem for developers – and users – of dApps is that of data storage. A typical dApp can have thousands of different data points, including personal data about users. Many users may be under the illusion that this data is stored in a way that’s decentralized, on the blockchain.
In the vast majority of cases, it’s not. Firstly, storing vast amounts of data on a blockchain such as Ethereum would quickly cripple the network. It would also make a dApp incredibly slow. With a throughput of 15 transactions per second, imagine having to wait for the time it takes to send an Ethereum transaction each time a dApp needed to read from the database. It would be unusable.
Furthermore, the cost of data storage on Ethereum is prohibitively expensive, around $150,000 for 100GB of data.
So most dApp developers use the same solutions as centralized applications and have their data stored by cloud providers such as AWS, on centralized servers. This means that users’ data is subject to all the same vulnerabilities as any centralized database. As we know from experience, centralized databases are like honeypots to hackers, who seek to profit from selling user stolen user data. Just look at some of the high-profile hacks of recent years – Equifax, with nearly 150 million users affected, Marriott Hotels, with 500 million, or Yahoo with a staggering 3 billion.
So the fact is that decentralized dApp users are no safer from having their data stolen than the customers of any of those firms.
For dApps to truly leverage the data security benefits of decentralization, we need a decentralized database equivalent to IPFS. Thankfully, developers now have access to Bluzelle, a decentralized database network for dApps.
A Decentralized Airbnb for Databases
Bluzelle leverages the power of blockchain to crowd-source hardware for data storage purposes. It enables developers to rent the storage space they need to store off-chain data at a lower cost than centralized equivalents, in a kind of Airbnb model. Developers pay for the storage space, and for the number of reads and writes to the database needed by their dApp.
The cost savings are largely enabled by the decentralized replication model used by Bluzelle. Centralized data providers charge customers each time they want to expand into a new geographical region because the database has to be replicated onto new servers. Bluzelle’s model means that data is already replicated across multiple nodes, which can be located anywhere, so there are no extra charges.
If a developer needs more or less space, they can simply scale up or down as much as they need, on-demand.
The network is run by validators, who participate in proof-of-stake consensus to earn a share of the revenues charged by the platform. Validators contribute their own hardware as storage space for rental, but also validate changes to the database.
Validators are grouped into “database zones” of 13 or more nodes, who each keep a copy of the data. Changes to the data have to be agreed by a majority of two-thirds, ensuring that data is tamper-proof and censorship-resistant.
The network operates two tokens. The BLZ token is the “public” token, an ERC20 that can be traded on exchanges. The BNT token is the native token of the platform. When a user or validator wants to access the Bluzelle network to rent storage or participate in staking, the Bluzelle wallet enables a conversion.
Paving the Way
Bluzelle and IPFS are currently two of the only methods for developers to achieve a better degree of decentralization for their dApps. However, as the challenges of centralization in dApps becomes more apparent over time, it’s a sure bet that more solutions will emerge. Once that happens, the path to true decentralization will be easier to follow.
Disclaimer: The information presented here does not constitute investment advice or an offer to invest. The statements, views, and opinions expressed in this article are solely those of the author/company and do not represent those of Bitcoinist. We strongly advise our readers to DYOR before investing in any cryptocurrency, blockchain project, or ICO, particularly those that guarantee profits. Furthermore, Bitcoinist does not guarantee or imply that the cryptocurrencies or projects published are legal in any specific reader’s location. It is the reader’s responsibility to know the laws regarding cryptocurrencies and ICOs in his or her country.