Web3 is Self-Certifying

Jay Graber
5 min readDec 23, 2021


There’s been a lot of discussion lately about what Web3 is and isn’t. Here’s my definition: Web3 is user-generated authority, enabled by self-certifying web protocols. These are a superset of technologies that include blockchains, but are not limited to them. Is this what other people think “Web3” is? Maybe not, but hear me out.

Authority on the web establishes who ultimately has control over content. In the earliest stage of the web, there wasn’t usually a separation between “users” and web hosts — whoever hosted a website also put the content on there. In the shift known as “Web 2.0”, sites became popular that gave users accounts to create content, but the site hosts still had the final say and could unilaterally change anything they wanted to. This is mostly how the web works now. In the evolution of the web I’m calling Web3, users can cryptographically assert their identity and publish verifiable content, and sites that host content don’t have the authority to change it, because the root of trust is in the data itself, not in where it is found. To recap:

  • Web 1.0 — Host-generated content, host-generated authority. A person wanting to publish to the web had to run their own server to host a website. Websites were mainly read-only, and offered few interfaces for user content creation or interaction.
  • Web 2.0 — User-generated content, host-generated authority. Websites emerged that let people create user accounts so they didn’t have to host their own servers to publish to the web. This led to a lot more user-generated, interactive content, but these sites have grown to become powerful platforms, and the fact that users don’t ultimately have control over their accounts and content is becoming problematic.
  • Web 3.0 — User-generated content, user-generated authority. A model is emerging where people don’t have to host a server or create a user account in someone else’s database to create content. Servers can choose whether or not to host someone’s account or content, but they don’t have ultimate authority over it. The technologies that enable this are “self-certifying protocols”, based on cryptographic signatures and hashes.

In short, these three stages are “the hosted web, the posted web, and the signed web.”

What is a “self-certifying protocol?” This is a general term I’m using to describe protocols that have cryptographic user identifiers and content-addressed data. “Cryptographic user identifiers” associate users with public keys. The ability to sign with the corresponding private key is the root of trust proving someone controls an account, rather than an entry in a database keeping track of user logins. “Content-addressed data” means content is referenced by its cryptographic hash — the unique digital “fingerprint” of a piece of data. Putting these two pieces together, a content hash signed by a user key can prove a user authorized its creation, without requiring an intermediary. ​​Self-certifying data enables trust to reside in the data itself, not in where you found it, allowing apps to move away from client-server architectures. This creates “user-generated authority”.

What’s the role of blockchains in Web3, if we’re defining it as self-certifying protocols? Blockchains are self-certifying protocols that create consensus on global state, emulating a centralized database without any one party being in control. “User accounts” on blockchains are cryptographic keypairs, used to sign transactions. The “content” is hashes of transactions bundled into blocks, that are themselves hashed and chained together. Transactions are signed with a user’s keypair. What Bitcoin (the first blockchain) introduced was a novel consensus mechanism for mutually distrusting parties to agree on what transactions occurred — very important for digital money without an intermediary.

What other protocols have self-certifying properties that are not blockchains? Git, PGP, BitTorrent and Tahoe-LAFs preceded Bitcoin. Among the current generation of non-blockchain self-certifying protocols, IPFS, Hypercore, SSB, Peergos, and Spritely all have user keys and content addressing. In these non-blockchain self-certifying protocols, you can prove a user “owns” content in the sense that it can be verified that they published it. Blockchains introduce a stricter notion of ownership by having a timestamped global ledger everyone agrees on. This lets you assert properties like global ordering and uniqueness, so you can prove only one person “owns” a bitcoin or an NFT at one time. Architecturally, blockchains can be thought of as just one type of datastore in Web3, useful for some applications and cumbersome in others. But financially and socially, they’ve poured attention and resources into the space. Important pieces of Web3 infrastructure that have been built as a result of blockchains include wallets and apps that put keypairs into the hands of millions of users, and tooling for new cryptographic primitives such as zero-knowledge proofs that unlock countless possibilities. It’s understandable why they currently overshadow discussion of anything else, but if the full Web3 vision is to be realized, other kinds of self-certifying protocols will have to be developed.

If a self-certifying protocol is one that allows authorship of content to be proven directly through user keys and content addressing, a self-certifying web protocol is one that also has content linking and discovery. Algorithms that enable discovery of content are a fundamental part of how we use the web these days, and “Web3” needs to develop more sophistication here if it’s going to provide a good user experience. Things I think are missing or immature: social graphs, user profiles, identity and reputation attestations, content aggregation, indexing and discovery, curation and moderation methods. A confusing part of the term Web3 as applied to blockchain tech is that it’s a lot of disconnected pieces right now, that are missing a lot of features we’ve come to expect from the web.

I would like a broader definition of Web3 to be recognized that includes all self-certifying protocols, of which all blockchains are a subset. But rather than focusing on the terms, let’s try to focus our energy on what properties and characteristics are important as the internet evolves. I want a more user-centric web, where people can generate their own authority to create content without locking themselves into a centralized service. If you agree with this but don’t want to use the term “Web3” for whatever reason, I propose using “Self-Certifying Web Protocol”, or SCWP for short, as a more concrete and technically descriptive term for these technologies.

Thanks to everyone who provided thoughts and feedback on this post: Paul Frazee, Daniel Holmgren, Aaron D Goldman, Christine Lemmer-Webber, Andre Staltz, Whyrusleeping, Jenny Kaehms, and more.