web3 promised to help artists. Instead it stole their copyrights
No protocol can offer "censorship resistance" and also protect rightsholders.
The blockchain community started with the promise of decentralizing finance. But nowadays, the headlines are dominated by the larger vision to decentralize art.
It is a vision worthy of building. But so far, web3’s efforts to monetize artwork don’t work well with copyright law’s efforts to do the same—for two reasons:
Culture. web3 founders don’t care about artists’ copyrights.
Technology. A truly decentralized platform can never implement copyright takedowns.
Subscribe to Click Track via email.
(Please note my ethical disclosures listed at the end of this piece.)
1. web3 founders don’t care about artists’ copyrights
The blockchain OG culture is that only on-chain ownership matters. Any off-chain chain claims of ownership are unenforceable. This culture makes a lot of sense in the world of decentralized finance… but it is incompatible with the legitimacy of rightsholders’ rights under copyright law.
Some blockchain folks enjoy flouting copyright law. The pseudonymous NFT investor VincentVanDough downloaded a bunch of copyrighted profile pictures belonging to Furries—composing the below image NFT and selling it for about $95,000 at the time1.
But ultimately, the Pepe NFT is small potatoes. Other people in the web3 community have started entire projects and companies that play fast and loose with copyrights on a much larger scale:
HitPiece. The controversial music startup shut down its website earlier this month after mass outrage from artists. The company raised more than $5 million, scraped Spotify’s API for song metadata, and then used them to sell NFTs representing songs—all without artists’ consent.
SpiceDAO. They paid $3 million to purchase a copy of a rare book—intending to publish NFTs and an animated series based on the book. But purchasing an individual book does not grant any copyrights. Otherwise, I’d own the copyrights to the Harry Potter franchise. The DAO did not realize this until after they spent the $3 million.
Automated NFT-minting bots. Tokenized Tweets was a Twitter reply bot allowing users to mint an NFT for anybody’s tweet—copyright be damned. Countless other bots are scraping the Internet for content to mint as NFTs. The OpenSea team estimates that over 80% of the NFTs minted with their free minting tool are “plagiarized works, fake collections, and spam.”
A long tail of infringing NFT projects. The art social network DeviantArt has sent over 80,000 notifications to their creators—warning that someone else might be making NFTs of their work. The NFT Thefts Twitter account keeps track of individual NFTs with IP stolen from artists.
The NFT marketplaces. Marketplaces like OpenSea and Foundation are not infringing on copyrights—their users are. But the marketplaces have to respond to takedown requests to maintain DMCA Safe Harbor immunity. But the marketplaces often refuse to abide by takedowns—citing their Terms of Service2. The marketplaces also keep the fees that they earned from NFTs that were later taken down. That’s a lot of money, given that OpenSea saw more than $2.4 billion in transaction volume in December 2021.
2. A truly decentralized platform can never implement copyright takedowns
For a typical image NFT, the metadata is on the blockchain but the image itself is stored on some centralized server. It is possible to issue a copyright takedown against that server—leaving the blockchain metadata pointing at a nonexistent image.
For example, Audius is a blockchain-based4 music streaming site that uses decentralized technologies to store the actual music. But since their launch in 2019, they have been criticized for a rampant rise in copyright infringement on their platform5.
But even if Audius wanted to remove stolen content, their file storage technology makes them unable to. Their music files are served6 by community-run Content Nodes—which sometimes replicate their files to IPFS7.
If a rightsholder wants to issue a takedown notice to Audius, they face several complications:
For durability, Audius replicates a song to three different Content Nodes. Currently, there are 39 Content Nodes in total—operated by ten different organizations.
Each Content Node operator must individually register with the US Copyright Office as a DMCA Safe Harbor.
If a rightsholder wants to remove infringing content, they must track down all Content Node operators hosting it.
But even if the Content Nodes delete a file, there could be additional copies that have replicated to the surrounding IPFS network8.
Since their launch in 2019, the Audius team has promised to create a “community arbitration system” for resolving copyright takedowns. However, as of February 2022, no such system has been launched—and there are no details about how it would work.
But Audius has a dilemma here:
No arbitration system can delete content from IPFS nodes that don’t obey the system.
Audius could abandon IPFS… at the expense of decentralization. Audius has promised its users that their copyright-infringing content can’t be taken down. Abandoning IPFS would undo those promises.
We cannot build a truly censorship-resistant technological platform and allow for arbitrary censorship. If we include a backdoor capable of deleting any content, our adversaries will inevitably exploit it.
On the other hand, web3’s cultural problem with copyright law should be solvable. We just need to start caring about artists’ rights.
My investments and past employers may influence my writing about blockchains, cryptography, and the music industry:
In 2019, I worked in a computer security lab at the University of Minnesota known for its analyses of decentralized protocols like Tor.
Members of the Furry community sent DMCA takedowns, and Foundation acted on those claims by removing the listing. On December 6, 2021, VincentVanDough announced that his NFT returned to Foundation after he retained legal counsel to submit a DMCA counterclaim. Foundation was able to connect him to counsel without requiring him to violate his pseudonymity. The original claimants chose not to litigate the counterclaim.
When some artists fail to get OpenSea to take down an infringing NFT, they issue a takedown against Google’s Content Delivery Network (CDN)—which serves the infringing images on OpenSea’s website. When Google’s CDN removes an infringing image, the text on the OpenSea listing page is still there—and so is the underlying NFT on the blockchain. But for many artists, removing the image on OpenSea’s website is a victory.
Rightsholders regularly issue DMCA takedowns to “IPFS gateways” like the one operated by Cloudflare. But this only teaches the gateways to ignore infringing data. They can’t delete data on other people’s IPFS nodes.
Audius’s Help Center originally contained a question titled “How does Audius handle piracy and unauthorized uploading of copyrighted material?” Their answer lists various cases of the Chinese Communist Party censoring artists as an explanation for why Audius cannot remove content. Later, they changed the title of this question to the more anodyne “Why is Audius built using blockchains? Why does this matter?”
The Audius Content Nodes are indexed by community-run Discovery Nodes, but the Content Nodes are more important for analyzing the protocol from an infringement perspective. The Audius API documentation demonstrates how to query a Discovery Node.
Audius’s marketing and Terms of Service imply that all content is replicated to IPFS. But over the last several months, their Content Node software has been rewritten to make its dependency on IPFS optional. Furthermore, I have noticed that many tracks available on Audius have IPFS CIDs but do not appear to be accessible via the IPFS network. The writer CRITIQ has also noticed something similar. This suggests that Audius’s music storage is not as decentralized as they claim—but it is also possible that Audius’s data is stored on IPFS but in a manner that a “vanilla” IPFS client cannot easily access.
The Audius Discovery Nodes and Content Nodes maintain blacklists of IPFS CIDs to not serve—preventing them from re-downloading infringing content from IPFS. Similarly, the IPFS network has gateways with similar blacklists for content. But these blacklists are a social contract. Someone else could choose to run a node that intentionally redistributes blacklisted content.