The dangerous path of OpenSea's blacklisting tool
So, OpenSea announced they are releasing a tool "that allows creators to enforce fees on chain"1. Here's why this tool is much more, and why it's scary.
How it works
OpenSea offers a solidity library that creators can include in their NFT contracts. This library allows a creator to blacklist an address (the address of a marketplace) from being able to list and trade their NFTs. So, I can only sell the NFT at a marketplace only if it is not a blacklisted one.
@0xCygaar has a great in-depth analysis of the details on twitter. 2
Subscription lists
Now, 99.99% of the creators do not know how to identify the addresses (and contract hashes, an other check provided), but OpenSea offers a solution for them: they can subscribe to a blacklist maintained by someone else who knows how to do these things and is willing to spend the time to maintain the list up to date as marketplaces deploy new contracts, they change their policies on royalties, new ones are launched and so on.
The scary part
This all sounds great. As a creator, I can block marketplaces and services that allow users to trade my NFTs without paying royalties, how cool is this. And I don't have to do much, my smart contract is subscribed to the OpenSea's blaclist and they make sure they update it. Of course I could subscribe to a blacklist mainteined by someone else, but why bother, I know OpenSea, they are the experts.
Wait.
This is great until a government asks all marketplaces to implement something. KYC for example. And then demands from OpenSea to add the ones that did not comply to their blacklist.
Or until OpenSea has a dispute with an other marketplace over something. Over copyrights, over patents, over policies. Businesses get into these debates every day. And OpenSea decides to add this marketplace to their blacklist.
I can think of many scenarios where something like this happens. And I can see the competing marketplace trying to reach out to creators and explain to them with detailed hoots and videos how to use etherscan to go to the contract code and sign a transactions to unsubscribe from OpenSea's blacklist. Which most won't do, because it will seem scary, complicated, and in any case, "why go through all this if 90% of their sales are on OpenSea, anyway"?
I can also see how this could lead to a place where no one even tries to launch an other marketplace, because OpenSea has all the power: They have the biggest share of the market, they are deeply integrated with the ecosystem, and if everything else fails they can find a reason to blacklist competitors.
OpenSea will probably swear: "We would never do something like this!"
But remember? We created crypto and web3 because we did not want to rely on promisses, we wanted the rules to be written in code.
It's the email story, all over again.
A couple of days ago, Jameson Lopp published a great article3 explaining how email started as a completely decentralised protocol and ended up being one where 90% of email users are captured by 5 companies.
It is said that those who do not learn from history are doomed to repeat it. I believe it is of utmost importance that proponents of decentralized protocols learn from the failures of those that have come before. The following is a review of 40 years of history for the protocol that is the foundation of email.
It's amazing how we are about to do the same mistakes all over again.
What OpenSea released is not a royalties protection system. It's a blacklisting infrastructure. Yes, it can be used by creators to protect their royalties. This is how these types of centralised control have always been introduced: to protect us from "something bad".
But what they are actually asking is to give up control, and give them more power.