From Gatekeepers to Port Builders: The Shift in Web Front Ends

We use our laptops and smart phones every day to engage in a wide variety of functions: we access our finances, message people all over the world, buy and sell things, and socialize with our friends. This is the result of the Internet evolution: from read-only websites (Web1.0) to interactive websites (Web2.0), and now, to Web3.0. But what does Web3.0 mean? (An Internet enabled by blockchain technology.) Does it change how you interact with the Internet? (Yes.) And how do you access it?  (Through websites or apps—or “front ends”—just like in Web2.0.)

Most times, we don’t give any thought to how websites and phone apps work, but in the Web3.0 economy, questions on how these “front ends” work has given rise to questions about how they should be thought of in regulation. This article provides a brief primer on both questions.

An Introduction: The Evolution of the World Wide Web

In 1989, a British scientist by the name of Tim Berners-Lee invented the World Wide Web, which ignited the Internet revolution and began a new era of global digital connectivity. The Internet enables individuals to build—and then explore—the vast cyber terrain. This began three phases of the Web: Web1.0 was the early days of the Internet, where users were only able to read websites, but not interact with them. Web2.0 marked the development of interactive technologies released by centralized companies: this is the Internet as we know it today, where we can chat with friends, buy clothes, stream movies, and even invest in the stock market from our personal devices. Web3.0 is the latest evolution of the Internet, where we can continue to read and write on the Internet, but now we can also “own” our interactions through self-controlled data, assets, and creations, reducingthe leverage Web2.0 companies had over individuals’ personal data and operations. 

A Primer on Web2.0 Front Ends

All Internet websites and applications today have a “front end” and a “back end.” A front end is the visual display – referred to as a user interface – that shows information on your computer, phone, or other mobile device. A website’s back end is the software that makes the application or services “do” something (e.g., post a thread on X, send money to a friend). 

For example, Gmail’s website (www.gmail.com) is the front end, providing a user interface for you to draft, send, and read emails. Google’s servers provide (or “host”) the back end—and email protocols (like SMTP), which are standard rules that allow computers to communicate with each other, so that emails can be sent and received from one user to another. Gmail’s front end not only provides a display, but also translates your instructions (e.g., “send”) to information processed by the back end software.

Similarly, Robinhood’s front end displays market data and user portfolios, and allows users to place trade orders. When a user presses the “buy” button on the user interface, the front end communicates the information to Robinhood’s back end servers and software, which then route the order for execution. Once executed, Robinhood’s back end software records the trade and updates relevant data, which is then displayed in the “portfolio” section of the user interface.

In Web2.0 websites, the back end software is proprietary, privately owned and operated by large tech or financial companies. The provider of a Web2.0 front end serves as a gate keeper to a private road that they own (or that belongs to someone with whom they have contracted)—i.e., these companies privately maintain the code and do not share it publicly (i.e., it is closed-source). Data contributed by users through interactions with Web2.0 front ends is owned by the companies receiving it. 

From Web2.0 to Web3.0: The Innovation of Public Blockchains

Web3.0 front ends look the same as Web2.0 front ends, but have an entirely different type of back end.  Whereas Web2.0 front ends have proprietary software as the back end, what underlies a Web3.0 front end is open, permissionless software known as “blockchains.” These are ledgers of data maintained by numerous, unrelated independent participants who operate computers that authenticate and store information on the blockchain. Unlike Web2.0 proprietary software, public blockchains do not have a central server, and anyone can participate in the network by running open-source software on their own computer. This means no single company or individual has Web2.0-like unilateral control, and that users maintain control over their own assets and data at all times. To put a fine point on it, Web3.0 front ends do not take custody, and do not have any control over user assets, they merely provide easier access to what is already public.

The public nature of these blockchain networks means that anyone can use the network and that anyone can build applications independently on the network. This also means that anyone can build independent front ends relating to these blockchain networks or the applications built thereon. There is no centralized third-party who gatekeeps the ability to use, access, or build upon public blockchain networks.

Web3.0 front ends provide software that allows users to communicate information about their desired transactions or interactions directly to open-source or source-available and permissionless back ends. Because the users are in control of the communications and because the back end is permissionless, all information—and any related assets or transactions—are controlled by the users.  

In the Web3.0 world, users rely only on themselves to (1) hold and protect their data, (2) make decisions about how and when to share that data, (3) make decisions about when and how to engage in transactions on a blockchain network or blockchain-based application, and (4) use, transfer and protect their own digital assets. In Web2.0, these actions are typically controlled (i.e., permissioned) by third-party actors. In Web3.0, users make these decisions—and action them—via independent software termed “wallets.” Wallets, which can take the form of a front end or a piece of separate software, function analogous to email (with a “private key” akin to a password and a “public key” akin to an email address), but allow users to communicate with publicly available software applications on their own. 

Ultimately, while the operator of a Web2.0 front end acts like a gate keeper, the developer of a Web3.0 front end is akin to someone who builds an ocean port: anyone can create easier access to the ocean, but people can also set sail from anywhere they’d like along the coast. And just because someone builds a port, this does not mean they own the boats that use it.

Diving Deeper into Legal and Policy: Catching Up to Web3.0 Innovation 

Today’s laws were built to ensure that customers’ assets, data, and intellectual property (among other things) are handled safely and securely by third-party gatekeepers. These laws are not appropriate, however, for the “port builders” who provide user-friendly access to public blockchains and blockchain-based applications.

 Notwithstanding the technical reality of Web3.0 software, policy discussions have explored (improperly) treating Web3.0 front end developers as gatekeepers, subject to traditional financial rules and regulations. In response to arguments that Web3.0 front end developers never take custody or control of assets and thus, should not be regulated as gatekeepers, critics note that certain traditional financial brokers also do not take custody of customer assets – such as introducing brokers (“IBs”) under the Commodities Exchange Act (CEA) and the securities laws corollaries under the Securities Exchange Act of 1934 and the corresponding FINRA rules. For ease, this article refers to both types of brokers collectively as IBs.

IBs connect investors with clearing firms but do not manage or custody customer funds or securities. This task falls to the clearing firms, or the carrying and clearing brokers who handle the actual trade execution, settlement, and asset custody. The comparison between non-custodial IBs and non-custodial Web3.0 front end developers does not withstand scrutiny for at least three reasons:

First, IBs transmit user instructions to a custodial broker’s proprietary back end server and software services. Here, even without taking custody, the IB’s front end connects customers to a carrying and clearing broker that custodies their assets and uses the carrying and clearing broker to execute orders on behalf of the customer. Taken together, these operators can and do exert significant influence on how customer orders are routed and executed, which requires oversight and disclosures. And because the back end and order routing are not publicly available, operators hold information that customers are not privy to, requiring disclosures to narrow the information asymmetry between customers and the owner of the back end system. For example, the Robinhood website (front end) is managed by Robinhood Financial as the IB, while Robinhood Securities is the clearing and carrying firm (described as “clearing agent” in Robinhood’s disclosures) that holds and controls customer securities, and does so in a proprietary manner. Conversely, a public blockchain is transparent and decentralized software, meaning its software is openly viewable and auditable by the public, and authority over it is so distributed that no one can exert significant influence over it. Because there is no information asymmetries presented by this model, there is no need for oversight and disclosures that are standard with intermediaries. Furthermore, users alone authorize their transactions with their private key, and they alone custody and control their own assets, and do not need a third party to ensure that their property is handled responsibly.

Second, Web2.0 front ends have customers—individuals or entities who have a contractual relationship in privity with the owner of the front end (who are almost always the owner and operator of the proprietary Web2.0 back end). Specifically in financial technology, Web2.0 front end providers collect customer information before allowing people to access their services, they provide various levels of customer service, and they are trusted with performing actions on behalf of their customers.  By contrast, developers of Web3.0 are not in a relationship with the end users of the permissionless networks or applications at all.  They merely make it easier for users to communicate instructions to the back end software.  

Third, because a Web2.0 company has a contractual relationship with users and controls the front end and back end, that company is responsible for assisting customers with discrepancies or errors. And because of that, these companies employ customer service teams to handle complaints and disputes, and customers have to trust that a resolution will be reached—which may not always be what the customer was hoping for. 

 In Web3.0, the user does not depend on a third party for management of their data or transactions and no third party has control over user assets or data. And because the underlying blockchain is constructed using the most advanced mathematics (i.e., cryptography) and verified by a wide consensus of independent parties, it is resistant to discrepancies or errors. Users do not need to worry that a back end’s operator will incorrectly manage or store their data. And users are not limited to particular ways to access the public blockchain, as front ends are optional access points provided by software developers, not gates guarded by companies. Instead, users enjoy complete autonomy and assurance based on neutrality and choice. 

The Path Forward

 With this ever-evolving version of the Web, we must tailor the way we approach regulation to the current technical realities of the Web while also being flexible that the technology is still changing. Risks inherent to Web2.0 are similar to those in the wider traditional financial system: when a centralized party custodies and controls customer assets and data, customers have to trust that party to do its job faithfully and honestly. Regulatory laws and disclosure regimes calculated to those risks were created to protect customers of a vast array of web services, including and especially those that handle financial transactions and control customer data and assets. 

But in Web3.0, when the only party in control of assets and data is the user themselves, the risk calculus is different. Given that, policymakers should be mindful of moving too quickly to impose regulatory requirements that neither mitigate risks nor allow innovation to prosper. Instead, they should meet the next iteration of the World Wide Web with curiosity, and focus on how we can study the evolving risks and benefits of the technology, the roles in which participants play, and how we can best allow this new frontier to develop to most benefit society.

See here for a “cheat sheet” laying out the primary differences between Web2.0 and Web3.0 Front Ends.

This article was written by Rebecca Rettig, Chief Legal Officer at Jito Labs, Amanda Tuminelli, Executive Director of the DeFi Education Fund, and Lizandro Pieper, Research Director at the DeFi Education Fund.