A Community Update About The MetaCert Crypto Token
A Token Curated Registry for better Internet security.
I don’t have firm dates right now, but I can tell you that we’re working very hard with a blockchain company to see if they can help us deliver our Token sooner rather than later. This is a company I’ve been advising for some time — and I trust them when it comes to trust integrity as well as their ability to build secure software. I don’t want to get anyone’s hopes up, but I’m feeling bullish on their ability to build what we need.
Why MetaCert needs a Token
In short, to build a world in which everyone is safe whenever they use email or browse the web.
The problem
Of all the cyberattacks you hear about — online fraud, identity theft, malware, ransomware, data breaches and state-sponsored attacks, 90% involves phishing. Phishing is a type of social engineering that almost always involves tricking people into opening a dangerous URL. Sometimes those dangerous URLs link to counterfeit websites, and sometimes they link to legitimate websites, where criminals proxy both username & password, and 2FA credentials. This is called a “reverse-proxy” phishing technique, and it’s exceedingly difficult for traditional security solutions to detect.
How the security industry is failing customers
The entire security industry is absolutely obsessed with trying to protect people from dangerous URLs. This legacy approach is no longer effective or reliable. It hasn’t been effective for years. Here’s why:
- Thousands of new phishing domains are registered every day.
- 7 minutes — the time it takes for harm to be done with URLs in targeted phishing scams.
- 13 hours — the time it takes for most harm to be done with URLs in bulk phishing campaigns.
- 2 to 3 days — the time it takes for security companies to validate and block new phishing URLs.
All mainstream browsers use the Google Safe Browser API for anti-phishing protection. But even that doesn’t really help much. That’s why Brave decided to integrate another third-party to boost their anti-phishing protection for crypto scams. But guess what? That still won’t protect most people from most new phishing scams — I refer you back to my bullet points. Kudos to Brave for caring enough about end-user security. If you don’t use Brave, go get it now! But make sure you add MetaCert for added protection.
Even if every security company in the world was merged into one, and the world’s most sophisticated AI and ML was applied, it would still be **mathematically impossible** to detect, review and validate every new phishing URL before people are compromised.
How MetaCert is different
First, some background…
MetaCert isn’t as well known as most security companies. But we punch above our weight. URL classification is the one thing we’ve been focused on for the past 16 years — since before MetaCert was founded. I’m one of the two people who co-instigated the creation of the W3C standard for URL Classification. The W3C is the standards body for the World Wide Web, and is responsible for other standards such as HTML. I own a portfolio of foundational patents for anti-phishing and anti-malware as well as identity signals inside mobile apps. So, there are few people in the world with as much expertise and experience as us when it comes to URL classification and content labeling.
After eradicating the phishing epidemic for the crypto world on Slack in 2017, we came to realize that even with an amazing threat intelligence system, and a massive community to help us to classify new scams quickly, we were never quick enough to reduce the number of victims in the crypto space to zero. So we decided to try something different…
How MetaCert is different
Our software protects people from known dangerous URLs, but that’s not the main utility — because it’s no longer effective, remember? MetaCert is the first security company in the world to focus on telling you when URLs are verified as safe. So, if the URL you just opened isn’t verified as safe, you should assume it’s a new scam that hasn’t been reported or validated yet.
To date, no person or company has ever fallen for a dangerous URL, or any kind of phishing-led cyberattack when protected by MetaCert.
We use a number of tools and techniques for verifying web addresses at scale. But even that’s not as good as we’d like. The best way to achieve massive scale is to automate and decentralize the decision making process for URL Classification.
The concept for crowdsourcing this type of work isn’t new. Projects such as PhishTank have existed for years, and a lot of security solutions continue to use their data. Sadly, these crowdsourcing projects are not effective or reliable for the reasons I described above. In fact, it can take weeks, and sometimes months, for the PhishTank community to validate phishing submissions.
It’s also exceptionally difficult and time consuming to address the problem of false positives — i.e. community members purposely submitting safe domains while pretending they’re dangerous. No technology could address this particular problem, until now.
Pay people in MetaCert Tokens
The only way to crowdsource this type of work is with crypto. Members who wish to submit new URLs for classification as either ‘dangerous’ or ‘verified as safe’, will first need to stake some Tokens. By using a staking model, members are motivated to submit good quality, honest data.
Validators who have gained reputation, will be randomly chosen to validate submissions — this will reduce the risk of collaboration between bad actors. When consensus is achieved, URLs are classified and everyone gets paid in MetaCert Tokens. “MetaCert” has been removed from the equation of trust. Anyone can dispute the classification of a URL at any time, again by staking Tokens.
The value of the work will be determined by the value of the data. And the value of the data is determined by how many companies pay to use it. Literally, any security product on the market can integrate MetaCert’s API to enable a Zero Trust security strategy. The size of the opportunity is massive. In fact, we’re already in discussion with a few security companies who are currently building products that are 100% powered by our data. So our unique approach is being validated by incumbents.
The people who are most keen to get involved in this work, already use our software — mostly because they will get paid for helping to make their own software better, thereby improving their own protection. We’re lucky to be working on a mission that means so much to so many people. For me, the most successful tokens will be those that are actually used on a daily basis by a community/ecosystem. I’d rather see 50,000 people use one token each, every day, than to see one person use 50,000 tokens. We’re mostly interested in the long tail.
One of the pieces of the puzzle that we have to solve will be the ability to “spend” MetaCert Tokens that are earned. This needs to be part of the overall solution. There is no point is launching a token unless people can earn them and then use/spend them in a meaningful way.
👉 If you haven’t already, you should install our software metacert.com — it’s free for 14 days. You don’t need a credit card. 1 minute to install / no setup. You can remove it with just two mouse clicks. And it will protect you way better than any other solution on the market.
No matter where you open a link on your computer, it will always load inside your preferred internet browser — that’s where our security sits. MetaCert supports Chrome, Brave, Microsoft Edge, Opera and Firefox. We’ll add support for Safari in the near future.
Stay safe! 🤓
