The Laramee Filter: pseudorandom thoughts, subsequently put on the Internet.
Tom Laramee
Date Published:
January 1st, 2022
Word Count:
933 (7:30 read time)
Filed Under:

A Quick Introduction to NFTs: The Internets Latest Scam

(In Which The Long Story Short Is: Buyer Beware)
The Most Important Thing I Learned Is About NFT Ownership

I've been doing some research on NFTs (non-fungible tokens) and can now confirm the idea that: when you purchase an NFT, you do not have exclusive rights to the digital artifact that you purchased. The image, or digital artwork, is out there, either directly on the Internet, or on the Dark Web, and can be accessed by anyone with some relatively simple tools (and some extra time on their hands).

Said another way: if you purchase an NFT, anyone on the Internet can download the image, or digital artwork, or whatever digital artifact that you purchased - in it's original form - and you cannot stop this from happening. Nor can you stop discovery of the ownership data itself.

I validated this by following a set of relatively simple steps to locate and download a single NFT.

Think about that for a moment: when you buy an NFT, you're likely making a couple of assumptions (which turn out to be impressively false):

  1. That you own the content itself. Meaning, you're the only one who can access it. Said another way: it's somehow "protected", because it's stored on the blockchain. That or: "It's encrypted and only I have the keys".
    ("After all, I bought it, right?! So I should own it now?")
  2. That your ownership is private, so no one can know what you've purchased. As it turns out, the receipt of your purchase is published in the public domain.

To quote Geoffrey Huntley, who employs an eloquent metaphor to explain the whole situation:

What are people actually purchasing with NFTs? The one way I like to look at it is that you've got one side that's essentially selling a treasure map, or directions on how to get to treasure, and the other side thinks they're buying treasure, the actual treasure. On one side, we have people who think they're buying the artwork, the treasure, and that's what they think is valuable, and on the other side, we have people exploiting those people, and selling treasure maps, how to get to the treasure.

I wanted to find out more, so I followed some simple steps to locate and pull down a single NFT over ipfs.

The Technical Details

Here is a high-level overview of some of the technical details that explain both why NFTs are not stored on the blockchain and how to access any NFT in existence:

Caveat: I do not recommend using any of these tools unless you understand the risks. Ipfs links are essentially dark web links, and pulling down unknown content via ipfs is a good way to get yourself in trouble.
  1. As it turns out, the cost of storing 1 GB of data on the blockchain is incredibly high:
          "As of Dec 31st, 2021, it costs $284M USD to store 1GB worth of data
          on the Ethereum Mainnet"[1].

    This cost bounces around a lot, as the underlying price of Ethereum transactions is highly volatile... but suffice it to say, it's wicked expensive.
  2. Therefore, it's cost prohibitive to store an actual NFT on the blockchain. Even if they're small-ish (~kB or ~MB in size), it's simply cost-prohibitive.
  3. So to sell an NFT, people store a URL to the NFT instead of the digital artifact itself. This is specified in the contract and is normally an "ipfs" link (though not necessarily, it can be "https" or similar). This minimizes the amount of data that needs to be stored on the blockchain.
  4. Since Ethereum transactions are public, you can browse them and find NFT transactions. The whole point of the blockchain is that anyone can download it and validate the transactions that it's storing.
    As it turns out, this opens up a huge number of privacy issues, which I expect to play out over the next few years as "the solution known as blockchain" finds problems to solve.
  5. There are widely available tools to walk the blockchain. You can simply walk the chain and peruse the transactions.
  6. Once you find an NFT transaction, you can look at the contract and find the ipfs link to the actual digital artifact that someone purchased. It's in plain text and begins with either "ipfs://" or "/ipfs/".
  7. You can then use any number of applications to download the NFT digital artifact itself (to download the target of the ipfs link). If the link is https, you can use a web browser to pull down the content if you're familiar with the simple network tools that come with any decent browser.

This all means: when you buy an NFT, you're not securing exclusive access to a photo or digital artwork, you're securing ownership of a pointer for how to get to said artifact, and your ownership isn't private, it's actually public.

(Read: If what you bought was essentially a map to the digital content, and said map was then immediately made public, well, what exactly was it that you bought?)

(Read: NFTs are a scam of breathtaking proportions)

(Read: There's a sucker born every minute)

To prove all of this in the most extreme way: Someone made an archive of all NFTs currently in existence by programmatically walking the blockchain and indexing all NFT transactions, then spidering in the digital artifacts themselves, then bundling the whole thing up into a massive torrent.



[1] Minimizing Data Storage Cost on the Ethereum Network