Web 3.0 Is MCP, Not Crypto

rvz1y ago· 2 in thread

No it isn't. MCP is a security nightmare, just as bad as crypto "smart contracts".

The protocol already has been riddled with embarrassing vulnerabilities which is already a badly designed standard and would already be a disaster if it was applied all over the web.

Security consultants are having a feast on breaking these LLM apps just like they did with the crappy "smart contracts" in crypto. Adding MCP to the mix would just make it all worse.

Neither of them is "Web 3.0".

simba-kOP1y ago

MCP's "security nightmare" and toll poising was all is due to people downloading and `exec`ing random untrusted executables. I mention and link it in the article. Same would be true if you downloaded a random REST server, ran it on your computer, and started doing random cURLs to it. MCP over HTTP is just REST for LLMs.

I agree that the current ecosystem pushes for insecure use of MCP, but if we move to using trusted HTTPS-hosted services with OAuth (which is all in the spec), the security issues would be on par with any REST service.

bloppe1y ago

I think the argument "MCP is Web 3" should be interpreted more-or-less as "LLM interoperability is Web 3"

desdenova1y ago· 1 in thread

So now every trend that spawns a subtrend is the new real web 3.0

simba-kOP1y ago

I don't think so, I write about why I think this one warrants it though in the article. Do you disagree with any specific points?

mepian1y ago

Web 3.0 was already claimed by the Semantic Web in 2006 or even earlier, come up with your own buzzwords.

Finnucane1y ago

Well, that sounds dreadful.

Web 3.0 Is MCP, Not Crypto (opens in new tab)

Web 3.0 Is MCP, Not Crypto (opens in new tab)

7 comments

7 comments