To custody or not to custody?
Most of the existing services in the Ethereum ecosystem (and cryptocurrency in general) fall in two opposite camps:
On one side, there are the fully decentralized applications. For these, the user installs a “Dapp Browser” which can interact with smart contracts on the blockchain and do the operations that the user requests. In these cases, the user needs to have a substantial amount of knowledge regarding how blockchain works, how to keep their security keys protected and has no recourse in case something goes wrong. Any transaction that is executed on the blockchain can not be reversed.
On the other end, we have a number of services provided by companies that act as a proxy between the end user and the blockchain. A typical example of such services would be the currency exchanges where people can buy, sell and keep a balance in cryptocurrencies. The user does not ever have any direct control over the funds and trusts that the service is able to honor all of the obligations to all users that use the service. These services are usually called “custodial wallet providers”, i.e, they are the ones holding the keys to the funds. It is also said that these services are centralized in nature, given that if some security issue affects the service provider, all of its users will be affected.
All in all, the case for choosing decentralized vs. centralized services and applications depend on a trade-off between multiple factors:
Usability vs User Control
It is clear that decentralized apps give the users direct control and power over their funds and resources. A lot of the times this can lead to users' confusion and uncertainty about how to properly perform certain tasks, which lead to users dropping application usage altogether. Centralized applications usually provide an abstraction to the users that eliminates the less desired options for the most common tasks, streamlining operation and facilitating adoption by less technical people.
First-party vs Third-party Risks
A common maxim among proponents of decentralized applications is “Not your keys, not your money”. This means that you should only count your funds as yours if you are able to exert direct control over it, without any third-party involved. Despite the relatively short history of Blockchain-based technologies, there has been a surprisingly large number of cases of service providers commit fraud with funds that are supposed to belong to users, inappropriate seizure of funds and outright theft.
Even though the more established companies are increasingly complying to more regulations and developing a more robust legal framework for insuring their assets and liabilities, every user of a custodial service needs to be aware that funds sent to any third-party has no real guarantee that it belongs to them.
On the flip side of this equation, users that control their own keys also need to be very aware of the potential risks of doing so. They can be victims of phishing scams, computer viruses, hardware failure leading to loss of keys and consequent loss of funds, etc.
Economies of Scale vs Robustness of Decentralization
Due to its focus on a much smaller range of functionality that is offered to its users and that the marginal cost of every extra user (i.e, serving one or one thousand users require almost the same hardware and facilities), centralized services benefit greatly from economies of scale. Business optimize their operations and manage to a point where they can offer a service to a user at a price point that is lower than the cost the user would have if they had to do it by themselves.
However, this optimization and specialization of centralized services also mean they are more susceptible to bigger catastrophic risks. If a custodial wallet provider suffers a security breach, the funds of all its users are at risk. Compare that with the case where one individual makes a mistake or has their computer breached and it is easy to see that decentralized systems are more robust as a whole. Also, hackers have a bigger reward to try to attack one big company than try to break into the computers of many different individuals. So by having your own wallet and taking the proper security measures, you are less likely to be a victim of any systematic attack.
A Balanced Approach
Hub20 is only a software package that anyone can download, run and modify. It is up for the operators to decide how they are going to manage its instances and who can have access and create accounts on their server.
We believe that this system can strike the right balance between fully-decentralized services and traditional managed/custodial wallets.
- By being self-hosted and open source, any one can install and operate an instance if they want to have full control over the system. Those that do not want to deal with the hassle can instead simply join an instance operated by someone they know.
- Hub operators are assumed to be people with technical knowledge to make the choices and change the system to what they seem fit for their particular use-case and also for the use-case of their own group.
- Non-technical users who would be unlikely to adopt any decentralized solution do not need to trust some faceless, distant company. The idea of having many hubs for many distinct small groups lends itself to be used by a group of people that trust each other and know each other personally. Eventual conflicts are reduced to a more local level.
- The cost to operate a hub can be shared by all of its members, bringing it closer to the cost of outsourcing the service to a third-party.
- A hub will pool resources from multiple people, but its size would still be very small compared to a company that wants to manage funds from thousands of users.
In summary, the idea of Hub20 is to create a constellation of independent hubs, without having one single big entity dominating the space. It is an effort to make the decentralized systems easy to use for non-technical people without having to trust unknown third-parties.