False, you need something outside of the blockchain that confirms that this membership is genuine. Be it a hash, a date/block when it was minted, doesn't matter.
If we're talking about the Ethereum blockchain (which i suspect we are not) then of course you only need the actual blockchain as well as your private key to confirm ownership of anything on-chain.
... anyone can create a duplicate NFT, maybe even in the same block if they monitor the mempool closely, and who's gonna tell you which one of them is "genuine"?
You are referring to a very real problem here (front-running, using bots to find mempool transactions and replace them by paying higher fees to be included first). Ethereum is a dark forest. However, this issue has been solved. Flash-bots is an organization that helped immensely. The tech is complicated, but the problem you refer to can be solved by submitting your smart contract (i guess in this case, for an NFT) to their open-source endpoints (you can also run one yourself, of course, it's just an ethereum node with extra features) to have your transaction bundled with many others before it is included, thus invisible to arbitrage bots.
I hate to be in the position of defending Ethereum btw, but I gotta defend truth!
you only need the actual blockchain as well as your private key to confirm ownership of anything on-chain
You're missing the point. You can confirm the ownership of an address or some hash (though the concept of ownership becomes very vague in this case). You can't confirm the genuiness of that object, again, because "genuiness" is vague when you're talking about easily duplicated arbitrary data. You bring back complex methods of analyzing the previous data, looking for potential duplicates and not-exact copies.
When someone sells you an image they don't care if it's "genuine". It's the buyer's burden to verify it's not a copy, and it was always like that with anything, including money. The party accepting the money needs to verify it's not a counterfeit, not the payer. So the fact that you can prove that you own these bytes means basically nothing, if tx goes into a block it's already verified by the software. But you assume that the cost of this sat is much higher than 1 sat because it's somehow tied to a previous tx with an arbitrary payload, and this payload may be genuine (created by a certain real life person) or not (created by another person that's not famous). This is the missing link between the blockchain and real life, and just the blockchain can't tell you who exactly created this payload. You need a website that says "Barack Obama created this NFT in this transaction: <hash>", and you also need to verify the website itself is genuine, again, using Google or Twitter or asking your friends.
And over time these websites go offline, tweets get deleted, accounts get suspended, and then scammers create a similarly looking website with a different address that references an NFT that was copied, slightly modified (so that 1:1 match doesn't work) and posted a few days after the "original" (yes, they were patient enough to wait until they get an opportunity), and you can no longer tell if it's "real" or not. You have no truth anchors and the blockchain can't help you.
Your anti-flashbot scheme is laughable. If you need this 100% centralized scheme for it to work, you don't need Bitcoin. Moreover, these bots can themselves collude and post a slightly modified NFT for the future scam to profit off (the scheme is described above). If you need centralization to make your idea work in a decentralized setting, your idea isn't decentralized at all. Put to a database where it belongs and stop polluting the global decentralized ledger.
So in the end you're back to shitcoining: unreliable, extremely complex schemes of verification, inherently centralized, fragile and used only to extract value early. This is completely against the Bitcoin ethos which tells you to not trust but verify, and Bitcoin lets you verify cheaply, instantly and using blockchain only, without other websites, tweets and friends to call. Any other imaginary use case is spam at best and an attack at worst.
reply