The word nobody explains properly

Trustless. It gets thrown around constantly in the blockchain space, usually by people who assume everyone already knows what it means, or by people who don’t fully understand it themselves and lean on the word as a kind of shorthand for “good” or “secure” or “different from the old way.” Neither approach does the concept justice.

We want to explain it plainly, because it is the single most important property of what we’ve built, and because we think most people — including people who are already quite knowledgeable about technology — have never had it explained to them in a way that fully lands.

So let’s start from the very beginning.

What trust actually costs you

Think about what it means to trust a company. Not in the philosophical sense — in the practical, day-to-day sense. When you trust a company to hold something of value on your behalf, you are accepting a bundle of risks that you rarely stop to enumerate.

You are trusting that the company continues to exist. You are trusting that it remains solvent. You are trusting that its leadership continues to behave ethically. You are trusting that it doesn’t get acquired by a different company with different values. You are trusting that no employee decides to act against your interests. You are trusting that it doesn’t get hacked in a way that compromises your account. You are trusting that it doesn’t one day change its terms of service in a way that disadvantages you. You are trusting that it doesn’t decide, for any number of reasons, to terminate your account.

Most of the time, for most things, that bundle of trust is fine. You trust your bank to hold your money. You trust your phone carrier to route your calls. You trust your landlord to honour the lease. These relationships work well enough, often enough, that we don’t spend much time thinking about them.

But the bundle of trust you accept when you get a traditional domain name or a traditional digital address is a specific kind of exposure, and it’s worth examining carefully.

When you register a traditional domain name, you never own it outright — you only have exclusive rights to it as long as you keep renewing the registration. That is the foundational condition of every domain name that has ever existed under the traditional internet infrastructure. You don’t own it. You rent it. You pay for a period of access, and when that period ends, your rights end with it unless you pay again.

When you register a domain name, you’re able to use it for the period of time you registered it for, which is typically between one to ten years. If you want to keep using the domain name and any of the services associated with it, you need to renew the domain name registration prior to its expiration.

And if you fail to renew — for any reason — the consequences arrive quickly and they can be permanent.

Websites stop resolving, email stops routing, and the registrar typically replaces the domain’s DNS records with its own — often pointing to a renewal reminder or parked page. After that, things get worse. In as early as 30 days after expiration, your domain may be purchased by a third party. Once this happens, you won’t be able to renew or redeem it anymore. And at the furthest end of the process, once expired domain names are marked Pending Delete, there’s no turning back — the domain will be released by the registry and may be lost forever.

That is the traditional model. You pay, you have access, you stop paying, you lose it.

But that’s just the expiry risk. The trust exposure goes deeper.

Sometimes, a domain might be placed on hold due to a legal dispute or a policy violation, which can prevent renewal until the issue is resolved. In other words, even if you’re willing to pay, someone else may decide you can’t. Without a system to track and manage renewals, companies can easily lose control over their domain name life cycles, exposing themselves to a variety of threats or internal system failures. This type of oversight is surprisingly more common than many companies realise.

The point is not that traditional domain registrars are dishonest or badly run. Most of them are neither. The point is that the system requires you to maintain an ongoing relationship with a third party, and everything you’ve built around that address is contingent on that relationship staying intact. That’s a structural vulnerability, and it exists regardless of anyone’s intentions.

Where trust actually lives in the traditional system

To understand what trustless means, it helps to map out exactly where trust is placed in the conventional internet addressing system.

At the top sits an international coordination body, the authority that governs which top-level domains are legitimate, what registrars are accredited, and what rules apply to registrations. Beneath that sit the registries, which are the organisations that operate specific top-level domains and maintain the authoritative databases of who holds which names. Beneath that sit the registrars — the companies you actually deal with when you buy a domain name. And beneath that sit any number of resellers and hosting providers who may have their own terms layered on top of everything else.

Your address, your identity on the internet, runs through all of those layers. Each layer can take action that affects your access. Each layer has its own governance, its own financial pressures, its own possibility of changing hands or changing policies.

Options and fees for renewing domain names, including expired ones, vary by registrar, so you need to read your registrar’s terms of service carefully to understand the options, fees, and terms of renewing your domain name registration. That sentence, from a governing body’s own guidance documentation, tells you everything you need to know about the nature of the relationship. You are a customer. You are subject to whatever terms the company sets. Those terms can change.

This is not a criticism of anyone who built the traditional internet addressing system. It was designed to work in a world before distributed ledgers existed. The people who built it were solving real problems with the tools they had. But the architecture of that system embeds trust in human institutions at every layer, and human institutions are fallible, mortal, and subject to incentives that may not always align with the people they serve.

What trustless actually means

Trustless means the rules are enforced by code, not by a counterparty’s honesty. That’s the cleanest definition we’ve come across, and it’s the one we find ourselves returning to whenever we try to explain what we’ve built.

When a system is trustless, the question “but what happens if the company decides to do something different?” doesn’t apply in the same way. There is no company making a decision. The code executes. The state changes. The ledger records it. No human being in the middle can redirect that outcome.

Trustless doesn’t mean that there is no trust; rather, it means that trust is built into the technology itself. This is an important distinction, and it’s where a lot of explanations of trustlessness go wrong. When people hear “trustless” for the first time, they sometimes imagine it means “nothing to trust” or “trust nobody.” That’s not what it means. It means the thing you trust is the code — the protocol, the consensus mechanism, the cryptographic mathematics that underpins the entire system — rather than any individual company or person.

Trustlessness simply means you do not need to place your sole trust in any one stranger, institution, or other third party in order for a network or payment system to function. The trust doesn’t disappear. It gets distributed so broadly, across so many independent participants in the network, that no single actor can corrupt it. What a blockchain does is minimise the amount of trust required from any single actor in the system. It does this by distributing trust among different actors via an economic game that incentivises actors to cooperate with the rules defined by the protocol.

Think about what that means in practice. When something is stored on a blockchain — truly stored, not just pointed to from a blockchain — its existence doesn’t depend on any one server staying online. It doesn’t depend on any one company staying solvent. It doesn’t depend on any one set of employees making good decisions. The record is held by thousands of independent nodes around the world, each one maintaining an identical copy of the ledger. For your record to be erased or altered, someone would have to take control of the majority of all that computing power simultaneously. That is, in any practical sense, impossible.

A trustless system has a mechanism in place where all participants can reach a consensus on a single truth without any one overarching authority and without needing to know or trust each other. That mechanism — consensus — is what makes the whole thing work without a human referee.

The specific problem we were trying to solve

When we started working on Queensland Foundation, we weren’t just thinking about a better way to register an internet domain. We were thinking about what it means to own a place on the internet in any real sense. What does ownership actually mean if it can be taken away? What does permanence mean if it has an expiry date? What does security mean if it depends on someone else’s continued goodwill and continued existence?

These aren’t rhetorical questions. They have concrete answers, and those answers are uncomfortable if you follow them honestly.

Ownership without the ability to exclude others isn’t ownership. It’s a licence. A licence contingent on continued payment is a rental. A rental from a company that can change its terms, get acquired, go bankrupt, or simply decide you’ve violated some policy you didn’t know existed — that’s not an asset. That’s a subscription.

We wanted to build something different. Not just different in the features it offered, but different in its fundamental structure. We wanted to build a system where someone could acquire a Queensland address and own it the way you own a physical object — not because we promised to maintain a record of their ownership, but because the record was written into an immutable distributed ledger that nobody, including us, could alter unilaterally.

That meant building on blockchain infrastructure. And it meant thinking carefully about what trustless really implies, not just for the technology, but for the relationship between us as the founding team and the people who hold these addresses.

What trustless means for your Queensland address specifically

Let’s make this concrete. Here’s what trustless means for a .queensland, .qld, .brisbane, .surfersparadise, .gold-coast, or .brisbane2032 address.

It means we cannot take it from you.

We want to say that plainly. Queensland Foundation cannot revoke your address. We don’t have a button that says “revoke.” The architecture doesn’t give us that capability. When the address is minted to your wallet, it belongs to your wallet. The onchain record shows your ownership. For that record to change, a transaction would have to be signed by your private key — the cryptographic proof that you authorised the transfer. Without your key, the record doesn’t change. We can’t override that. Nobody can.

That’s not a policy. Policies can be changed. That’s a property of the system itself.

It means we cannot charge you again.

You pay once. That’s it. There’s no renewal cycle, no annual fee, no subscription to manage. The address doesn’t expire. It can’t expire. There is no mechanism in the protocol for it to expire. The ownership record persists for as long as the blockchain persists — and the blockchain is maintained by a global network of independent operators with strong economic incentives to keep it running.

This is categorically different from the traditional domain model. When you register a traditional domain name, you’re able to use it for the period of time you registered it for, which is typically between one to ten years. After that, you have to pay again. And if you miss the renewal — because you changed email addresses, because a payment card expired, because you were travelling, because life got complicated — your control over the domain begins to lapse. The domain doesn’t immediately become available to others the second it expires, but from the moment of expiration, you are at risk of losing the domain if no action is taken.

That risk doesn’t exist with an onchain address. There is no moment of expiration. There is no lapse. There is no grace period followed by a redemption period followed by an auction followed by permanent loss. There is just your address, in your wallet, for as long as you want it.

It means Queensland Foundation’s future is irrelevant to your ownership.

This one is worth sitting with for a moment, because it might seem like an odd thing for the founders of a project to say.

Queensland Foundation could be acquired. It could pivot. It could fold. The people who built this could move on to other things. The company structure could change in any number of ways over time. None of that would affect your address.

Why? Because we don’t hold your address for you. We didn’t build a custodial system where your ownership record lives on our servers and we update a database when you log in. We built a system where ownership is recorded on a public blockchain, cryptographically secured, and entirely outside our control.

Trustless describes a system where participants can engage in transactions without needing to trust a central authority or each other. Trust is not placed in individuals or institutions but in the technology governing the network.

We are not the technology governing the network. We built the TLDs and deployed them onchain. That work is done. It’s written into the ledger. Our continued existence is not required for that record to persist.

If we disappear tomorrow, your address doesn’t go with us. That’s not a reassurance — it’s an architectural fact.

The difference between trusting us and trusting the chain

We want to draw a sharp line here, because it matters.

If you were buying a Queensland address from a centralised company — one that maintained a proprietary database of who owned what — you would be trusting us. You’d be trusting that we kept the database accurate. That we secured it against attack. That we honoured our commitment not to revoke addresses without reason. That we stayed solvent. That we didn’t sell the business to someone with different values. That our internal policies remained consistent with what we promised when you bought.

Those are all reasonable things to hope for. We’d like to think we’d deliver on all of them. But hope and architecture are different things. A promise from a company is only as good as the company’s ability and willingness to keep it, both of which can change.

Saying that a system is trustless means that trust in humans or institutions isn’t required to make the system work — it happens without humans needing to interfere.

When your Queensland address is recorded on the blockchain, you’re not trusting us. You’re trusting the protocol. You’re trusting the same layer of cryptographic mathematics that secures hundreds of billions of dollars of assets for millions of people around the world. You’re trusting a system that has been battle-tested, audited, and stress-tested at a scale that no single company’s security infrastructure could match.

Trustless systems work and achieve consensus mainly through the code, asymmetric cryptography, and the protocols of the blockchain network itself. The system doesn’t care who we are, what we said, what we promised, or whether we’re still around. It follows the rules written into the protocol, applied consistently, to every participant equally.

That is a fundamentally different relationship from any that has ever existed between a person and their internet address.

Why permanence is not the same as trustlessness

These two properties often appear together, and in the case of Queensland addresses, they do coexist. But they’re not the same thing, and it’s worth understanding the distinction.

Permanence means the thing doesn’t expire. An address could theoretically be permanent — meaning you never had to renew it — while still being held by a centralised authority that could revoke it for other reasons. Permanence without trustlessness is just a different kind of rental. You don’t have to keep paying, but someone still holds the master record and can, if they choose, alter it.

Trustlessness means the record cannot be altered by any single actor. It could, in theory, exist alongside expiry — you could build a trustless system where onchain records expire after a certain period. The expiry logic would just be encoded in the smart contract and would execute automatically. Nobody could stop it, but it would still happen.

What we built combines both properties. Queensland addresses don’t expire — and the code that enforces that is itself trustless. So you get permanence enforced by an immutable protocol, rather than permanence promised by a company that could change its mind.

That combination is what makes the ownership real in a way it hasn’t been before.

The honest conversation about what trustless doesn’t mean

We’d be doing you a disservice if we presented trustlessness as a panacea without any nuance. It has limits, and you deserve to understand them.

The correct framing is that trustlessness shifts the attack surface from human behaviour to code. This is a meaningful security improvement when the code is audited, battle-tested, and immutable. But it does require that the code itself is correct. A trustless system executes exactly what its code says. If the code had errors, it would execute those errors exactly too. This is why the audit and testing processes for any smart contract that handles real value are critical.

There is also a personal responsibility that comes with holding something in a trustless system. Users must have a certain level of technical understanding to manage their assets safely. The irreversible nature of blockchain transactions means that mistakes, such as sending funds to the wrong address, cannot be undone.

When there’s no central authority, there’s also no central authority to call when something goes wrong. If you lose access to your wallet — if you lose your private key with no backup — nobody can recover your address for you. The security is absolute in both directions. The same property that makes it impossible for us to take your address also makes it impossible for us to return it to you if you lose your key.

We mention this not to scare anyone off, but because it’s part of the honest picture. Trustlessness means responsibility lands with the owner. In the traditional domain world, there’s an infrastructure of support behind you — a registrar to call, a recovery process to follow, a human being who can intervene. In a trustless system, that cushion doesn’t exist in the same way. What exists instead is absolute sovereignty. You control the asset. Completely. That’s the trade-off, and it’s one worth understanding clearly.

Why this matters for Queensland specifically

There’s something particularly meaningful about this in the context of where we live and what we’re trying to build.

These addresses are for Queenslanders. They carry the names of places that matter to people — communities, coastlines, cities. A .brisbane address isn’t just a string of characters. It’s an identity. It’s a statement of belonging. It’s a connection to place.

That kind of identity shouldn’t be contingent on a registrar’s pricing decisions, or a payment card that lapsed, or a company that got acquired and changed its policies, or a governing body that decided to change the rules for a particular top-level domain. Identity that depends on maintained third-party relationships is not truly yours. It’s borrowed.

The permanence and trustlessness of an onchain Queensland address means that what you claim as yours stays yours. Not because we promised it. Not because we’re committed to maintaining it. Because the architecture makes any other outcome impossible.

A person born in Brisbane in a particular year might one day want their grandchildren to recognise who they were and what they built. The address they held should still exist. The record of their ownership should be intact. Nobody should be able to come along and say “well, the company that issued this is no longer around, so the address is available again.” That scenario simply cannot happen with a trustless onchain record. The chain holds it. That is all.

The layered nature of where trust is minimised

It’s worth being technically precise about what layer of the system is trustless, because the world doesn’t always make clean distinctions.

The ownership record itself — the NFT or onchain token that represents your Queensland address — is trustless. It lives on the blockchain. We cannot alter it. You control it with your private key.

The TLDs themselves — .queensland, .qld, .brisbane, .surfersparadise, .gold-coast, and .brisbane2032 — are secured onchain. They’re not registered through the traditional ICANN-governed infrastructure where a governing body could decide to revoke them, not sold, not subject to renewal negotiations with a registry operator. They’re permanent onchain constructs, and their existence is as durable as the blockchain they live on.

Blockchain systems do not exist in a binary state of “trustless” or “not trustless.” They fall along a spectrum depending on how many independent parties must behave honestly for the system to work correctly. We’ve tried to push as far along that spectrum as the current state of the technology allows. The underlying chain is as decentralised and battle-tested as any infrastructure that exists. The contracts that govern how addresses are issued and recorded are designed to be immutable once deployed.

None of this is magic. It’s engineering. It’s the application of cryptographic principles and distributed consensus to the problem of proving ownership without requiring a trusted intermediary. The mathematics has been sound for decades. The blockchain infrastructure that implements it has been running at scale, under adversarial conditions, for long enough to have substantial confidence in its reliability.

What this changes about the relationship between us

We want to say something about what this means for how we think about our relationship with the people who hold Queensland addresses, because we think it changes the nature of that relationship in a meaningful way.

With a traditional domain registrar, the relationship is inherently unequal. The registrar holds the master record. The registrar sets the terms. The registrar can renew or refuse to renew, can suspend or reinstate, can change pricing, can transfer their business to someone else. You are a customer in the most dependent sense of that word. Your access to your address exists at the registrar’s pleasure, within whatever constraints the governing authorities impose.

We have built a system in which we don’t have that power over you. We couldn’t exercise it even if we wanted to. The architecture removes it from us.

That’s an unusual thing to do deliberately. Most businesses try to build in switching costs. They try to make customers dependent. They build systems where the customer relationship is sticky and where the company holds leverage. We went in the opposite direction.

Why? Because we believe the only kind of ownership worth offering is real ownership. An address you genuinely own. An address whose permanence doesn’t depend on our continued good behaviour. An address that exists because the chain says it exists, not because we say it exists.

The chain doesn’t change its mind. The chain doesn’t get acquired. The chain doesn’t update its terms of service. The chain executes the protocol, consistently, without fear or favour, to everyone equally.

That’s what we want for every person who holds a Queensland address.

The long view

We’re at an early point in the history of onchain identity. Most people don’t yet think about their internet addresses the way they think about other things they own. The comparison to renting versus owning is apt, but it’s underappreciated, because the rental model has been the only model that existed for so long that most people have never been offered an alternative.

That’s changing. The infrastructure for permanent, trustless onchain identity is now mature enough to be deployed for real-world use cases — not just as an experiment, not just for technically sophisticated users, but for ordinary people who simply want to own their corner of the internet without worrying about what happens if they miss a renewal, or if a company changes its mind, or if a registrar goes out of business.

Queensland Foundation’s job was to take that infrastructure and apply it to something specific and meaningful — the places and identity of Queensland. We’ve done that. The TLDs are secured. The onchain architecture is in place. The addresses are available.

But our deeper purpose, beyond the specific TLDs, is to make the case for a different model of internet identity. One where people own their addresses the way they own things in the physical world — permanently, with no ongoing permission required from any third party, with the record secured by mathematics rather than by goodwill.

That’s what trustless means. And that’s why we think it’s the only model that deserves the word “ownership.”

The short version, if you need it

We’ve spent a lot of words on this, because we think the depth matters. But if you want the shortest possible version of everything we’ve said:

In the traditional model, your internet address is held by a company. That company can lose it, sell it, change its terms around it, go out of business, or be compelled by external authorities to take action that affects your access. You trust the company, and everything flows from that trust.

In the onchain model, your internet address is held in your wallet, recorded on a distributed ledger secured by cryptography and maintained by thousands of independent participants around the world. No company holds it on your behalf. No company can revoke it. No renewal cycle can cause it to lapse. The record is yours, permanently, unconditionally.

The chain holds it. That is all.