Web3 (smart contracts) can (as in right now) reduce the level of trust required to persuade people to use certain services (or at least parts of them).
For example: crowdfunding platforms. I can write a smart contract that reasonably and securely associates unique IDs to Ethereum wallets, keeps track of wallets that donate to a specific ID and refunds donators or rewards the wallets associated with the IDs according to explicitly set rules (ie. minimum currency threshold). I can then create a website for it, deploy it as "givemeyourmoney.xyz" and still be considered (and verified) trustworthy and safe just because everyone can read the contract's behavior.
Without a smart contract, everyone would understandably think the site is a scam and wouldn't use it - even if it was totally legitimate. That's obviously an extreme example, but that basic attribute has a lot of other implications.
The problems with smart contracts begin once you have to codify a rule that isn't so easy to translate into code (ie. it turns out that a crowdfunded project was a scam). Now people are creating DAOs to deal with situations like that, with at best mixed results.
But what if you need to verify that a condition has been met that isn't based on the blockchain, like checking if someone actually did deliver the pizza that someone else ordered? Then you're completely screwed.
You could say that these problems are eventually solve-able if the right hardware/software infrastructure was created to address them, but if so then it's at least a decade away from being verifiable and therefore useful.
Anyways, regardless of what could be possible it looks like web3 people are more interested in scamming each other because non-technical users can't read smart contracts and few people do any proper auditing.
This is an overly theoretical description of a single potential benefit of web3.
How many people—even very technically skilled ones—read smart contracts in their entirety? Launching a crowdfunding platform backed by a smart contract should give it zero credibility by itself. Unfortunately, we popularized the idea that a smart contract equals zero trust equals you can actually trust it. None of which is true.
We moved even further away from that with upgradable contracts. Where is zero trust there? Yesterday’s Solend disgrace is a very clear proof of that.
It's exactly the same as Linux and open source software. I have never read the kernel source code, but I trust it way more than windows because I know others have read it and not reported any secret backdoors or exploits.
That’s not exactly the same. How can a user tell who and when (i.e. which version of an upgradeable contract) has reviewed this particular contract? Linux core has a long history and a ton of processes around introducing changes. When I visit a crowdfunding web3 website there is none of that.
People are working on auditing services for smart contracts and web3 apps, but it's slow going.
Considering the behavior of the current community I totally understand your skepticism toward the technology itself. It hasn't really proven itself useful or safe for anything but a few use cases, and the only thing it really has going for it is the theory and the core development. Fixes and new features are slowly being added to the tech to make trustless services possible.
The criticism that web3 - even if it did work properly - turns literally everything into a token-based speculative market is accurate. I think it's an emergent property of the technology that isn't good for anyone, and it's bad enough that it might be worth ditching completely.
The contracts are immutable once deployed. There are proxy contracts that allow for upgrading but the highest quality teams usually fix them after a while to guarantee they won't change. The sites are often all on IPFS to also have hashed content, or are open source so you can run the frontend yourself.
For example: crowdfunding platforms. I can write a smart contract that reasonably and securely associates unique IDs to Ethereum wallets, keeps track of wallets that donate to a specific ID and refunds donators or rewards the wallets associated with the IDs according to explicitly set rules (ie. minimum currency threshold). I can then create a website for it, deploy it as "givemeyourmoney.xyz" and still be considered (and verified) trustworthy and safe just because everyone can read the contract's behavior.
Without a smart contract, everyone would understandably think the site is a scam and wouldn't use it - even if it was totally legitimate. That's obviously an extreme example, but that basic attribute has a lot of other implications.
The problems with smart contracts begin once you have to codify a rule that isn't so easy to translate into code (ie. it turns out that a crowdfunded project was a scam). Now people are creating DAOs to deal with situations like that, with at best mixed results.
But what if you need to verify that a condition has been met that isn't based on the blockchain, like checking if someone actually did deliver the pizza that someone else ordered? Then you're completely screwed.
You could say that these problems are eventually solve-able if the right hardware/software infrastructure was created to address them, but if so then it's at least a decade away from being verifiable and therefore useful.
Anyways, regardless of what could be possible it looks like web3 people are more interested in scamming each other because non-technical users can't read smart contracts and few people do any proper auditing.