NFTs, or Non-Fungible Tokens, have become the hottest thing in crypto this year. You may have heard in the news about a digital art piece from the artist Beeple selling as an NFT for $69 million, or how the NBA has partnered with a company called Top Shot to sell digital card packs to people. The short definition is that an NFT is a special crypto token that proves ownership of a digital asset. It usually lives on the Ethereum blockchain, although other blockchains also support NFTs, and unlike a traditional real world item, ownership can be proven with complete certainty since the entire transaction is public and stored on the blockchain ledger.
So whoever paid those crazy prices for these early releases can be safe to know that their investment will live for as long as the blockchain does, even though it's debatable whether they would ever find a buyer to pay more than they did. But one question that many people aren't taking into account is where these files actually live. An NFT is just a smart contract, it's a piece of code with some values. The blockchain just isn't big enough to contain anything more than a small amount of text. So when you buy an NFT that is supposed to represent an image, a video or an arbitrary piece of data, where is that data actually stored?
The smart contract protocol provides for a value called TokenURI. This can contain either an URL where the actual file lies, or an IPFS hash pointing to a gateway where you will find metadata eventually leading to the location of the file. So how safe is this? In the first use case, it's pretty obvious. If the URL ever goes dark, your NFT becomes worthless, because the contract is set in stone and cannot be modified. Having web sites shut down is not a rare event, in fact it's an extremely common thing. Even if the company that created the NFT doesn't go out of business, they may change domain name, stop paying their storage bill, or URL formats, and your media may become unavailable. In fact most NFTs today point to AWS S3 locations, and while AWS is a highly reliable service, these files will go away the moment the storage bill doesn't get paid. IPFS aims to solve this, and it's unlikely that the media would get deleted since the system is decentralized with the actual files living on many different individual nodes. However, if the gateway that's hard-coded in the NFT becomes unavailable, then the same thing happens.
For example, in that $69 million Beeple artwork, the NFT links to this metadata hosted by the IPFS project itself, which is likely more reliable than linking to an individual company's website. If you go to that link, you can see the link to the actual 300 MB image file that the NFT represents. Again, because NFTs are stored on the public blockchain, all of this is available publicly. Anyone can find and download the art that you "bought". Also, this image file is actually stored on a gateway server owned by MakersPlace, an NFT startup. If they go bankrupt, that site stops working, and the NFT suddenly becomes worthless.
This is an important thing to keep in mind about the current NFT boom. If you look at the web from the early 2000s, you would be surprised at how few of the websites that existed then are still around and working today. Every year, countless websites go bust. Any NFT is only as valuable as the website it was minted on, and there's no easy solution. While IPFS is a start in the right direction, it doesn't change the fact that your NFT token still has to link to a unique address, whether it's metadata or the actual image file. In fact, there are already reports that many existing NFTs now serve broken links, and authors backing out of sold NFTs by removing their linked content. If you don't trust the company that minted the token, then you may want to reconsider buying one.