Posts tagged ‘crypto’

2022/04/23

AkuDreams: Code Still Not Law

This is adapted from a twitter thread. Like the thread, I’ll start off talking based mostly on a simplification of what actually happened, and at least point to the somewhat more complicated but more accurate account lower down. I’m virtually sure that I have some of the technical bug details wrong here, so don’t take this as gospel, but the overall lesson is clear.

Hah, I love this SO MUCH. Because I am a terrible person only slightly bothered by the people who are actually suffering as a result.

This is an auction run by code on the Ethereum blockchain. You make a bid by sending the “contract” some money (in the form of ETH cryptocurrency; every Ethereum “contract” basically has a built-in escrow agent), and if you send more than the ultimate price (it’s a “modified Dutch auction”), it’s supposed to refund that money. But!

Due to a little bitty bug (and a relatively typical one; thousands of bugs like this one are written every day), the program (roughly) thinks that it’s already done that, and doesn’t do it “again”. And all the overrides in the code aren’t low-enough level to slip past that check.

Also (due to another bug, where it falsely assumes that every “minting” transaction “mints” exactly one token-thing, but in fact some minted multiple) the program can never reach a state in which it will allow the owners of the thing(s) being auctioned to withdraw the funds; those ETH will stay in escrow forever.

Yet another example of why “Code is Law” is silly and false.

I can think of three basic things that could be done about this:

First, they could tell the victims “too bad, code is law, that’s what you get for sending money to a contract that might have bugs”. That’s imho unlikely; the publicity would be terrible, which is to say, accurate.

Second, they could fork the Ethereum blockchain, and get 51% of the system to agree to swap in an altered chain reflecting what the program should have done. Forks are also terrible publicity; I think this is unlikely too.

The main reason I think a fork is unlikely is that, third, some number of unjustly wealthy crypto-whales can just step in and make up the lost funds out of their own pockets. This will superficially make it look like “the system works”, and the donors will get clout. I kind of suspect that this is what will happen (although if in fact only the owners, and not the bidders, have lost money, see below, the first option might be more likely, in that “it’s your fault for having deployed buggy code” doesn’t sound all that bad maybe.)

I was actually dreaming about all this this morning, between waking up briefly and checking Twitter for amusing things since I was awake anyway, and actually waking up an hour or two later. (And now I have a headache :P.)

It was a fun dream, reminiscent of the early anti-virus days before it all got boring, sitting around in a War Room with various Important People on the phone, trying to decide the best mitigation for a weird code thing.

Mostly I thought / dreamed about how to fix it with a fork-but-not-really. A brute-force fork (“install this new Blockchain!”) would be boring, but what if we hacked the Ethereum bytecode interpreter? The bytecodes may be all fancily embedded in the blockchain, but their meaning isn’t!

We (note I’m saying “we” here because now I’m talking about something cool) could just (“just”) add code to the interpreter saying “if between time0 and time1 you’re interpreting these bytecodes [buggy program], then pretend that they say [fixed copy of program]”. Sweet, eh? 😁

Then you get enough nodes to install the new EVM sometime before time0, and Bob is your Uncle.

Would enough nodes object, and refuse to run the hacked code, that there would be a fork-in-practice? Good question, and I have no idea. I’m just doing this for the mental exercise. :)

Here’s a history of the most famous (unplanned) Ethereum fork. That one was due to an active attack on a bug to steal stuff, not a bug simpliciter, and differed in other interesting ways. The amount of money at stake, though, was arguably comparable.

Here’s the more detailed analysis alluded to above, which says that the bidders’ money getting stuck was due to someone intentionally exploiting that bug (by, I think, having a “contract” send a bid, and then refusing the attempt to send it a refund, or something), and they turned the exploit off (by signaling the contract to accept the refund now), after which (some? all?) refunds went through, but then due to the other bug all by itself with no exploitation, the owners are unable to withdraw the rest of the funds forever.

And here’s Web 3 is Going Great on the situation for completeness. :)

I’m fascinated by the details of the bugs that led to this, but in fact they don’t really matter; the moral is that code will have bugs, bugs will cause things to happen that no one wanted and/or that violated someone’s rights in some way, and that therefore code is not law, and must never be law.

(Speaking of which, I had a long and… somewhat memorable Twitter discussion (apologies about how hard it will be to read that anything like linearly) about this with one Vinay Gupta, who is apparently something of a Force in this space, having 37.5K Twitter followers. Among other things, he calls me all sorts of names, and declares that he himself is “a different kind/calibre of smart. Possibly a once in a generation transformational intelligence.” So that happened. :D

But if I start weblogifying all of my Twitter exploits, you’ll get bored. Heck, I’ll get bored! So I won’t.)

And that’s the end of Today’s Episode of Code Is Definitely Not Law So There. Not a podcast.

2022/03/28

Trying to be fair to web3

I have, obviously, said a number of skeptical (or sceptical, what’s up with that?) things about NFTs and blockchains and The Metaverse, and cryptocurrency and “web3” in general. Including pointing out with some evil glee the extent to which web3 is going just great.

Recently Daniel Ritchie, who is apparently a friend of Grady Booch, wrote a piece decrying how negative people have been about web3, and basically imploring such people to give it a chance: Web3 has an Identity Problem. It’s short; I urge you to read it and reflect upon what it says.

I replied to the Twitter post that announced it, and this led to a little tree of discussion with the author, in which I expressed a desire for examples of web3 things that are actually good / interesting / exciting, and the author urged me to look at the ones listed in their piece (and not be so negative about them).

I also wrote a brief answer to my own question (of whether anything in the web3 space is new or useful), viz:

Just wanted to get that down, so as not to seem like a total old grump. :)

I thought it might be interesting to go through the dozen or so things that are listed in the article; as the underlying claim is that critics of web3 are ignoring things like those on this list, consciously not ignoring them can only make our ideas about web3 more accurate. But as I started to do that, it became apparent that talking about all dozen of them would make a long and likely tedious post.

So I’ll urge you again to look at them all yourself, but for now I’ll talk about just one that specifically caught my eye: “proof of humanity”, which is a link to proofofhumanity.id. I looked it over and found the idea both unworkable, and terrifyingly dystopian. The idea is that there would be a distributed blockchain-based system that would maintain a list of (blockchain addresses associated with) actual living humans, with mechanisms for people to challenge each other’s humanity or livingness, ways to prove that you are (still) human/alive, and so on.

If this were to be actually used for something that matters, the Black Mirror episode is obvious: in some sort of straits, the protagonist attempts to obtain help, only to find that someone has challenged their humanity, and they have to find a video camera and a recent blockchain hash, so that they can satisfy the network that they are still human and alive. Meanwhile, bad guys have bribed a few registered humans to vouch for the humanity of a few bots, which have vouched for more bots, and the percentage of actual humans in the official list of humans is slowly sinking, and all the big state-level actors can basically put the humanity of any dissenter into perpetual limbo, while running a network of certified-human bots and minions for their own ends.

When I expressed these worries, Daniel Ritchie linked me to an episode of the Green Pill podcast, which is an interview with the person behind Proof of Humanity. (“greenpilling” is another term on his list, referring to this podcast, and it looks like this same podcast person coined at least one more term on the list, “regenerative cryptoeconomics”; small world!)

Despite my personal dislike of podcasts (can’t I get a transcript?), I listened to the episode, and it did not address my dystopian worries at all. It also added a bunch of new worries about the “$UBI token” which is automatically given (one per hour) to everyone currently officially recognized as a human.

It seems obvious to me that a small private group isn’t going to provide the world’s humans with a Universal Basic Income by just minting electronic coins with no backing (talk about “fiat currency”), and sending them out to everyone; indeed the current value of $UBI is about $US0.04, so that’s four cents an hour, which I would imagine is completely dominated by transaction costs in any realistic scenario.

Now of course this is just me being negative again! Giving every human on the planet a regular income is a great idea, and maybe they will figure out a way to in fact make it work! Why should I assume that they won’t? The intent is good, even if the impact is not-yet.

(The “that’s a nice thing to want to do” feeling points to something that shows up a lot in the listed projects: web3 projects that want to do nice things, that have salutary intent, but that so far have not actually produced good results, or in many cases even suggested plausible mechanisms through which good results might eventually be obtained.)

My best answer to that, I think, is that the probability of this working seems really, really low, and the time and effort being put into it could be instead put into things with a higher success chance. Of course, what do I know?

The currency of the United States used to be based on gold, which is pretty and useful and limited in supply, and so in some sense has inherent value; even if people stopped caring about dollars, you could get gold from the government for them, and make gold things. Now it’s based on the US government promising that it has and will continue to have value, paying people in it and accepting only it for tax and other payments, and so on. That is a kind of value that is perhaps less inherent; US persons, at least, will not stop caring about dollars at least a bit, because they will need some to pay their taxes (and get government payments in it, and etc).

What would it take to get $UBI to work as a currency, without its value going to zero in the obvious way? Some institution or billionaire could promise to honor it at some minimum exchange rate with US$ or gold or something, but that’s not very scalable. (This is what “stablecoins” do for say Bitcoin, but that works only due to massive fraud.) What if everyone, for some large value of “everyone”, just liked it, as an idea, and the minter behaved and continued to mint and distribute only an amount per person-hour that roughly reflected the amount of actual value produced per person-hour? Could it continue to be accepted by everyone, just because it’s accepted by everyone?

This sounds like a risky thing to base a universal currency on :) but I should read more advanced theory of currency before I decide that it’s infeasible.

It does bother me that the website and podcast and so on don’t at all address the obvious potential problems of using a big complex distributed system to decide whether people are human, how the system could be abused, and so on. This does not in general give me big faith that they’ve thought through everything else thoroughly.

Arguably the world just needs a balance between “it’s a good idea and maybe it can be made to work somehow” optimists, and “it may be a good idea, but I see no way it can work” skeptics, and Daniel is the former and I am the latter, and that’s fine, all is working as designed. I worry, though, about the number of people who get hooked on the optimistic statements, and end up losing tons of money to bad actors, the amounts of energy that crypto is wasting, etc. If there were no downsides to web3-optimism, I might well not bother being a vocal skeptic. But as it is… well, there are definitely downsides!

2022/01/16

Smart Contracts are Neither

Not smart: the things called “Smart Contracts” fail to be smart in the same way that many similarly-named things fail to be smart. Marketing entities use “Smart” to mean, not “intelligent”, but just “has a computer in it, and does some things that might be good, and that it might not be able to do without a computer.”

So a Smart Phone is a phone that, as well as making and receiving calls and texts, also lets you get notifications of things that you don’t care about, and waste your time in pointless apps. As well as, of course, lots of good and useful things, none particularly involving intelligence. And a Smart Toaster, Smart Washer, Smart Watch, and so on are different from the usual versions primarily in that there are more ways for them to go wrong. They are “Smart”, but not smart.

The things called “Smart Contracts” are, similarly, not intelligent, but rather contain a computer (or in this case, since they are abstract entities, a computer program), and can go wrong in all sorts of new and complicated ways.

One could also say that they are “not smart” in the sense that they are not a good idea, the way that for instance joining an MLM is not smart. This would also, in general, be correct.

Not contracts: In law, a contract is a legally-binding agreement between two parties, or (more loosely) a record that demonstrates that such an agreement exists. There are various laws and treaties governing the nature of contracts, and lots and lots of case law (i.e. legal decisions, findings and what-have-you) spelling out how those laws should be interpreted in various situations.

The things called “Smart Contracts” are not contracts in this way. They are not even the kinds of things that can be contracts. They are little computer programs (much too little to be “intelligent” even in the sense that we call some computer programs “intelligent”), sometimes written in the Solidity language for instance, sometimes stored within or adjacent to an Ethereum blockchain, which get run by the corresponding platform under certain circumstances, and which can cause various operations related to the blockchain and its associated artifacts to occur.

For instance, and speaking of NFTs, a “Smart Contract” might be a program that says (once translated more or less into human language):

If a party X sends 100 dogecoins to account 12345, and account 12345 still belongs to the party associated with NFT 27FA9/JQ, then change the association of NFT 27FA9/JQ to party X, and send 15 dogecoins from account 12345 to account 87655.

where 87655 is the account of someone who for whatever reason gets 15% of the sales of some set of NFTs.

Now this is clearly not a contract. The fact that 87655 gets 15% from the NFT-sale that this program implements might or might not be a consequence of some actual contract, some agreement between two people, but it is not that contract or agreement itself. Similarly, the fact that the ownership of the NFT changes to X when X sends 100 dogecoins to some address might or might not reflect or implement some real-world contract between two people, but it is not itself that contract or agreement.

As I pointed out last time, in deciding whether or not a legally-enforceable contract exists, a court will be far less interested in what some bits inside some computer did, than they will be in what agreement some humans actually formed, what information they had, what their intent was in taking certain actions, and what they knew or had reason to know in various circumstances. None of which the “Smart Contract” tells us anything about.

Code is not law: We have recently seen some (well) amusing “Smart Contracts”, which said things like:

Withdraw from this account five times as much as the account contains, and deposit it into account XYZ.

expressed in a complex-enough way that the platform on which it was running said “Sure, okay!” and gave XYZ five times as much as the owners of the platform would have preferred. The suggestion that this was fine and dandy, since it was just the code doing what the code does, and code is law, and a contract is a contract, was not, as far as I’m aware, generally entertained, or even proposed, in this case; it was regarded as naughty at best. (Variants of this have happened several times now; this was the first one I noticed.)

Another example:

Conduct a community poll called “Do sensible things in case a scam is discovered”; if this poll gets positive votes from at least half the community, transfer digital assets worth sixty-four million US dollars from the community, to the creator of this poll.

As far as I’m aware, someone looked hard enough at the code in the poll to realize it was probably a bad idea, and got word out in time to prevent it from getting enough votes to do its thing, but since the poll / “contract” exists on the blockchain, it will in some sense Always Be There.

There are lots of examples of these, from “Smart Contracts” that create fungible assets that can be bought only from the creator and never sold (thus creating, erhm, a significant upward pressure on price until people realize what’s going on), to “Smart Contracts” that take money from anyone trying to delete a random weird thing that shows up in their inbox and pressing Okay on your typical “Allow this to forfle the mongio?” popup, to pretty much anything else you can imagine.

Not to mention more traditional attacks involving stolen private keys, trojan horses in “apps”, NFTs pointing at digital goods to which the NFT creator has no rights, and investment schemes that suddenly vanish with all of the invested funds, of which there are too many to even bother linking to; web3 is going just great is a lovely source for all of this stuff.

And my point in mentioning all of these (as well as supporting the idea that “Smart Contracts” might be not-smart in the “not a good idea” sense above) is that if the writer of any of these programs was caught and taken to court, it’s imho very unlikely that the court would find that they get to keep the money, because a contract exists in which the victims agreed to pay it to the beneficiary.

And that’s, again, because these things called “Smart Contracts” are not contracts. They are just little computer programs. And Code is Not Law.

2022/01/03

When you “buy” an “NFT”, what do you have?

NFTs, “Non-Fungible Tokens“, are a Thing. Many people are very enthusiastic about this thing. Others, not so much (I recommend pretty much everything Diehl has written in and around this subject).

Everyone knows that you can “buy” and “sell” them, and that it’s been breathlessly announced that huge amounts of money has changed hands due to people doing that (even if some of it has been just people buying from themselves to pump up prices, hem hem).

But as far as I can tell, very few people know what they actually are aside from that, and the information can be both hard to find, and significantly variable between NFTs.

Some background

They’re called non-fungible to contrast with fungible things that also live on blockchains, the most obvious being units of bitcoin and other cryptocurrencies. These are fungible, in that any bitcoin is identical to any other bitcoin, and what they are is relatively simple: they are a number that gets associated with a public / private keypair, and if you know the private half of the keypair, you can move the numbers around, transfer some of them to someone else who agrees to give you US dollars or movie tickets or illegal drugs in exchange, and so on.

(This is not 100% accurate, because in some/many situations, someone else actually knows the private keys involved, and you delegate the usage of it to them, because you trust them and you don’t want to have to fiddle around with keypairs and crypto yourself, because you’d do it wrong. But it’s the general idea. The same caveat applies to the descriptions below concerning NFTs.)

NFTs are non-fungible, in that every NFT is different in some sense from every other one. If a particular NFT is currently associated with a certain public / private keypair, that NFT is associated with only that keypair, and only the holder of the private key can transfer the association to someone else (i.e. some other keypair), again with complications that we may or may not consider below.

So far, so good. I can pay someone some money (in the form of, say, US dollars, bitcoins, etc.) and in exchange they will transfer the association of a particular NFT from their keypair to mine. Which is to say, roughly, that they will give ownership of the NFT to me.

Aside from this association, what other properties does an NFT have? Why would I want to pay money to associate one with me (with a keypair whose private key I know)?

Inside an NFT

It turns out that this depends on the exact NFT, which NFT-supporting system it’s on, which fields the creator of the NFT filled in, and some other things. But in general, the only other property that an NFT has, is that it’s associated with some string of letters and numbers. That string of letters and numbers can be just about anything, from an address on a blockchain (for digital goods that are tiny enough that storing them entirely on the blockchain isn’t too expensive) to a URL or other URI (i.e. that a thing like a web-browser might be able to use to find some digital data) to a description of some real-world item like “the property situated to the north of McLellan Road, designated as Parcel Number 47A on the Flint County Assessor’s Map of June 15th, 1987”.

So an NFT is an association between a public/private keypair, and an alphanumeric string. In common speech, if that alphanumeric string is the URI of a funny picture of a kitten, and I know the private key of the keypair (with caveats as above) I am said to “own” the picture (or “the NFT of the picture”, although the distinction is seldom observed).

Ownership is, in general, a legal concept, and transfer of ownership is generally done via a contract, either implicit or explicit. Does me knowing the private key of a keypair associated via NFT to a URI pointing at a funny picture of a kitten, actually give me any legal rights vis-à-vis that picture?

I wondered about that, and poked into it a little, originally in this Twitter thread. It turns out that the answer is complicated, and that it depends on which NFT we’re looking at.

(There are lots of other interesting issues, like what keeps the entity that controls the URI that an NFT points to from changing the data there, or just vanishing softly into the night, what powers a marketplace has over the NFTs that are sold there (“lmao nice decentralization“), how smart “smart contracts” really are, and so on, but this entry is already going to be too long, so here we’ll only wonder about what legal rights “owning” an NFT gives someone.)

NFTs that don’t grant much at all

In at least some cases that I found randomly web searching, the only right that I have to the “Art” associated with the NFT, is something like:

a worldwide, non-exclusive, non-transferable (except as specifically provided below in section 3 (b), royalty-free license to display the Art for your Licensed NFTs, solely for your own personal, non-commercial use

which is really a Whole Lot o’ Nothing. It’s roughly the same rights that you get to a video game or a music track, when you “buy” a copy online. And it’s a non-exclusive license, which means that they can sell the same thing to a whole bunch of different people.

(Although, given how NFTs work, I think they will have to create a whole bunch of NFTs pointing at the same digital data to do that; unless there’s an NFT protocol that allows a list of owners rather than a single one; EIP-721 doesn’t appear to, but who knows?)

In any case, this seems like a far cry from “ownership” in any significant and exclusive sense.

Apes with bafflingly contradictory terms

One of the more famous NFTs, the utterly-cringe “ape” pictures from the Bored Ape Yacht Club, has a different (and extremely confusing) set of terms. Those terms first say:

i. You Own the NFT. Each Bored Ape is an NFT on the Ethereum blockchain. When you purchase an NFT, you own the underlying Bored Ape, the Art, completely. Ownership of the NFT is mediated entirely by the Smart Contract and the Ethereum Network: at no point may we seize, freeze, or otherwise modify the ownership of any Bored Ape.

The bit about the Smart Contract and the Ethereum Network is essentially just talking about how the possessor of a relevant private key can transfer the association of the NFT to someone else; the important part at the moment is “you own… the Art, completely”.

The very next section then pretty much contradicts this entirely, saying (and apologies for the length):

ii. Personal Use. Subject to your continued compliance with these Terms, Yuga Labs LLC grants you a worldwide, royalty-free license to use, copy, and display the purchased Art, along with any extensions that you choose to create or use, solely for the following purposes: (i) for your own personal, non-commercial use; (ii) as part of a marketplace that permits the purchase and sale of your Bored Ape / NFT, provided that the marketplace cryptographically verifies each Bored Ape owner’s rights to display the Art for their Bored Ape to ensure that only the actual owner can display the Art; or (iii) as part of a third party website or application that permits the inclusion, involvement, or participation of your Bored Ape, provided that the website/application cryptographically verifies each Bored Ape owner’s rights to display the Art for their Bored Ape to ensure that only the actual owner can display the Art, and provided that the Art is no longer visible once the owner ofthe Bored Ape leaves the website/application.

This seems to my simple mind to be completely at odds with the part where they said “you own the Art, completely”. If I own the Art, how are they in any position to grant me a license? It’s my Art, how are they granting anyone a license to anything? If I own it “completely”, what does it mean that they are granting me a conditional license, to use it “as part of a marketplace” only provided that the marketplace does certain specified things?

If I violate the terms of this license, what happens? Do I cease to “own” it “completely”? Do I continue to own it, but they reserve the right to sue me under some theory that they have some residual rights to it, despite my complete ownership? It’s not at all clear.

The third section, and the only other section in these terms, purports to grant me a similar conditional license to do certain commercial things with the Art (which I “own” “completely”), and is similarly baffling.

I have asked the “Bored Ape Yacht Club” on Twitter what this all means; we’ll see if I get a reply.

(It may also be noteworthy that this doesn’t say whether it’s granting an exclusive or non-exclusive license to use the Art in these ways. Is there some default? Are they in fact reserving the right to sell multiple NFTs associated with the same Art? Or is there some other reason they didn’t say “exclusive”?)

The CryptoKitties and WWW Dot NFT License Dot Org

Another famous, and earlier I believe, NFT sort of thing is “Cryptokitties”, another big set of tiny images, of (wait for it) kitties rather than apes, and described as a “game”, but otherwise the same sort of thing. (Well, you can make new ones by “breeding” them, in a process I haven’t looked into, and no doubt some other stuff, but still.)

The main Cryptokitties page says, familiarly, “Each cat is one-of-a-kind and 100% owned by you; it cannot be replicated, taken away, or destroyed.” And then there is a set of terms and conditions, which pretty much completely contradicts this statement, in a similar way to the Ape one.

It doesn’t fall as blatantly into contradiction as the Ape one, as it first says, in a section called “Ownership”:

i. You Own the NFT. Each CryptoKitty is a non-fungible token (an “NFT”) on the Ethereum blockchain. When you purchase a CryptoKitty, you own the underlying NFT completely. This means that you have the right to trade your NFT, sell it, or give it away. Ownership of the NFT is mediated entirely by the Smart Contract and the Ethereum Network: at no point will we seize, freeze, or otherwise modify the ownership of any CryptoKitty.

This is very similar to the Ape one above, with the perhaps-important difference that it doesn’t say anything about “the underlying Art”. It talks only about “the underlying NFT”. (This wording seems odd to me, in that it first says that a CryptoKitty just “is” an NFT, and then it talks as though a NFT is something that “underlies” a CryptoKitty. Puzzling.) It’s not clear what it means to “own an NFT” (underlying or otherwise); that’s what this whole weblog entry here is about, after all. So we continue reading the license.

Lower down, in a section called “License to Art”, we find words very (very!) similar to those in the Ape license, divided into “General Use” and “Commercial Use”, granting “worldwide, non-exclusive, non-transferable, royalty-free license” to do certain rather limited things with the Art. Note that they explicitly say that it’s non-exclusive! The Commercial Use license contains the rather amusing (to one who hasn’t spent any money on them) limitation:

provided that such Commercial Use does not result in you earning more than One Hundred Thousand Dollars ($100,000) in gross revenue each year

I mean, what? How is the license holder supposed to avoid earning more than $100K in gross revenue? What happens if they earn $100,001? Is the license revoked? Will they send Cease and Desist letters?

Also unlike the Ape one, this license contains a section called “Restrictions”, which forbids doing all sorts of fuzzily-defined things with the Art. This includes for instance “modifying the Art in any way”, which makes no sense to me. Am I not allowed to load it up into The GIMP to see how it would look in greyscale? Or is it just a prohibition on creating Derivative Works, and if so why didn’t they say that; that concept is at least slightly well-defined. The Restrictions also forbid using “the Art for your Purchased Kitty in connection with images, videos, or other forms of media that depict hatred, intolerance, violence, cruelty, or anything else that could reasonably be found to constitute hate speech or otherwise infringe upon the rights of others”, and a host of other things.

This is all really controlling, and is more like the license granted to users of a video game for what they can do in-game with their characters, then an actual license to use an image in the world as a whole. Given that CryptoKitties is (I guess?) mostly a game that is played inside an app, perhaps that’s really what is going on here: if you violate the license, they will terminate your account on the app, so you can’t play any more. I kind of doubt they really intend to go out and sue you for uses that you make of the Art (i.e. low-resolution cat cartoons) in the outside world. Maybe?

Oh, ah, wait! Here in the section called “Other terms of license”, they answer my question about what the user is supposed to do if they accidentally make more than $100,000. “If you exceed the $100,000 limitation on annual gross revenue set forth in Section 3.C(ii) above, you will be in breach of these Terms, and must send an email to Dapper at legal@dapperlabs.com within forty-five (45) days, with the phrase ‘CryptoKitty License – Commercial Use’ in the subject line, requesting a discussion with Dapper regarding entering into a broader license agreement or obtaining an exemption (which may be granted or withheld in Dapper’s sole and absolute discretion).”

To which my reaction is (A) lol omg, and (B) this is definitely an attempt to steer some middle path between “look, we just own all of this” as say Blizzard would no doubt do if you tried to use your WoW character commercially, and “you can take the adorable kitten picture that you buy, and do whatever you like, which is why it’s so valuable!” which they apparently decided very much against.

The CryptoKitties license is provided to other NFT-makers for re-use on www.nftlicense.org (note that the actual license is on the third tab of the main page there, and if you read the default “Intro” tab as containing the license you may end up saying silly things on Twitter due to your confusion; at least if you’re me you may).

It’s entirely possible that the Ape people at BAYC started with that license, and removed the “Restrictions” section and the bit about not making over $100K because they wanted to sell just the pictures, not the use of them within a game or app, and thought that the restrictions would make people not really want to spend money on them. And then they added the little bit about owning the Art “completely” similarly to make them more valuable, but without doing anything about the fact that the remaining two sections about license grants pretty much directly contradicted that.

Heh!

Are there any NFTs that give actual ownership?

This is a question that interests me, but to which I don’t know the answer. It would seem sensible that there is some NFT out there somewhere where if you “own” the NFT, you actually own all rights in the underlying entity (digital data object, plot of land in Flint County, etc), rather than just being granted some very limited rights to do a few things with some Art that someone else still owns in every other sense.

If you know of any, let me know! I will attempt to notice your comment and respond to it and everything!

Other reading: Here’s someone else that looked into this kind of stuff for some other NFTs last year; they know more about it than I do, and basically came to the conclusion that it’s rather a mess, and no one really knows. :)