Is "permissionless crypto" really permissionless?

published Dec 13, 2022

Time to question the assumptions most make around cryptocurrencies.

Is "permissionless crypto" really permissionless?

A fundamental assumption that many cryptocurrency investors make is that they are investing in “permissionless” cryptocurrencies, because they are “decentralized”. Although these cryptocurrency services market themselves as "being permissionless", this slogan almost always turns out to be false.

Let's take the poster child of cryptocurrency innovation (allegedly): Ethereum.

While technically permissionless, Ethereum block producers only produce blocks 100% censored according to OFAC diktats (meaning the U.S. government can disenfranchise any Ethereum address at any point in time).  This, of course, is a direct consequence of Ethereum’s technical architecture making it highly centralized, since it is impossible for casual users not under fear of the U.S. government to run validating Ethereum nodes.  Note that this goes beyond just banning U.S. persons from using an Ethereum-powered service — I am talking about the network actively rejecting transactions to addresses prohibited by OFAC.  In practice: to operate in the Ethereum network, you need the permission of at least OFAC.

Also, in practice, most Ethereum smart contract access (including things like Metamask) uses APIs powered by Infura — a fully centralized service — and the owner of Infura, ConsenSys, engages in censorship as a matter of course.  They have to — as much as they love to talk about "Web3" and "permissionless", they are just another traditional corporate entity, subject to the whims and the aggressions of governments.  In practice, to operate in the Ethereum network you need not just the permission of, but active servicing from, ConsenSys.

Finally, all of the other smaller players running their own networks which support Ethereum-style computation are — at least currently — too small to resist being pressured by organized aggression coming from entities like the U.S. government.

It is reasonable to conclude that, in the end, all the services which would not be possible to do backed by traditional finance — because they are illegal / permissioned in one way or another — are or will become simply impossible to do as well, when backed by or operated through this fake “permissionless” finance.  See LBRY vs. SEC if you remain skeptical.  In particular, one of these very things whose legality is being very closely scrutinized, is the activity of raising money through ICOs — which powerful authorities such as the SEC almost certainly will rule to be “issuance of unregistered securities” and therefore crimes according to black letter law.  There is a very short path from ICOs becoming illegal by court ruling  to Ethereum operators proactively banning ICOs issued through its network, and Ethereum operators already showed us what they will do in such cases.

What is the utility of a "permissionless" service, if all the innovative things it can technically do are forbidden, and the service owners collaborate with those prohibitions?  Zero — because it's not "permissionless" to begin with; the network discriminates between "white" and "black" users.  This isn't a question of whether your desired activity is illegal or not — it's a question of whether the network implements prohibitions that sabotage these activities.  If the service implements government policy, by definition it is permissioned because it already has a security hole.

Permissionless is a necessary feature of cryptographic networks — whether computational like Ethereum, or communications like Signal, or even currency like Bitcoin —  because the power to “crime online” (to put it in a cheeky way) in order for people to do things that are manifestly good yet highly illegal — such as preserving your own financial privacy, donating to causes your government wants to kill, or even preserving the purchasing power of your wealth — is key to the establishment and maintenance of a free society.  After all, trusted third parties are security holes.

Regrettably, while we have communications networks that support permissionless communications (such as Signal), and even money networks that support permissionless store-and-transfer of value (Bitcoin), no cryptocurrency network today supports permissionless computation, nor does it look like a network will soon arise which has the technical properties needed to do so (to wit: sufficient decentralization, and no single points of failure for governments to choke).

Do not make the mistake of believing in fake permissionless.  It can be a costly mistake to recover from.