There’s a lot of chatter on Twitter between some of the biggest Cryptocurrency communities in the world — about leaving Slack in favor of a “more secure messaging platform”. This post is intended to persuade them not to move. At least not until there’s a better alternative.
My intention isn’t to write about MetaCert. But security is the biggest reason for people talking about a move. So it’s impossible for me to comment on the security of platforms without talking about MetaCert.
Moving communities is difficult
Jaiku was a better alternative to Twitter from a UI and UX perspective. It also had group-chat support — perhaps that helped to inspire my friend Chris Messina to come up with the brilliant idea for a #hashtag to group conversations. But Twitter won in the end. Mostly because everyone was on there already and the cost of moving your followers to another platform was too high. My original Twitter account had 8k followers in 2008 — I wasn’t prepared to move to another platform and lose those connections. The same challenge is faced by Crypto communities that are already on Slack today.
Everyone knows Slack. Some of the biggest and most popular cryptocurrency communities are on Slack. Moving communities is difficult, even when the alternative is “better” (whatever better is).
Why Slack is the best solution for crypto communities
Slack is great for the following reasons:
- Most crypto enthusiasts are members of multiple communities. So if they’re already using Slack for one, it will be easier to onboard them to other communities.
- Onboarding is better than other platforms. Could be improved though. When I join a community via the website, I’d like it to automatically sync with my desktop and mobile apps — so I don’t have to log into each one as if I’m setting up a new account every time — that’s a pain. The mobile and desktop apps are what makes Slack so good.
- Slack has the best UI and best UX of any collaboration software in my opinion. MetaCert has been building integrations for longer than 99% of companies in the messaging space. So we’re familiar with many of the platform features, design, user experience and their developer APIs. Slack wins. HipChat is a close second — falling behind mostly because it’s API is not as developer-friendly. I still need to check out their new product so my opinion is subject to change. I also need to learn more about the open source solutions but from what I’ve heard from many commentators, their UI, UX and performance lack dramatically in either one or more area.
- The basic account is free. This isn’t an important factor for established Token / ICOs — they now have the money to pay for a good service. But it is for most new companies. The paid version however, is way too expensive for communities. I mean, it’s extremely expensive.
- With MetaCert installed, Slack is by far the most secure anti-phishing platform that you will find. The alternatives are not even comparable. In short, MetaCert addresses all of Slack’s weaknesses from a security perspective. So, moving from Slack due to the lack of security is only a decision that should be made when you’re not prepared to install MetaCert.
Where Slack is lacking
Every messaging platform is going to be attacked by cybercriminals as soon as it’s worth their time and money
I’m going to write this from the perspective that a community is protected by MetaCert. This is mainly because every messaging platform is going to be attacked by cybercriminals as soon as it’s worth their time and money. It’s easy to attack people on Slack and there are a lot of potential victims. When the number of potential targets increases on other platforms, cybercriminals will focus their attention on them. Guaranteed. It’s not advisable to move to a non-secure platform just because you can disable DMs — that’s one feature that the bad guys will get around.
I predicted two years ago when we raised our second seed round, that phishing attacks would migrate from email to Slack.
And it has as you can see from the pitch deck above — unedited. I also predicted that the future of web browsing would be inside mobile messaging apps — and it is — with a WebView. Put the two together and you get insecure messaging apps that don’t have the same built-in security that comes with say, Gmail or Chrome.
MetaCert today addresses most security needs while addressing the rest in the coming weeks — such as banning people who update their username to impersonate admins, DM protection (tomorrow I hope), ability to automatically ban members across all of the communities protected by MetaCert when they send phishing scams...
- It’s not open source. Personally, I don’t care because the value of the product outweighs this fact by an order of magnitude. But this is a very important point for some people. My opinion will change when open source alternatives get a little closer to Slack’s potential.
- It does’t support end to end encryption.
- It is a US-based company. And we all know what the US Government is like when it comes to hacking or requesting data from the big companies. This means all conversations are open to the US Government in the future should they request Slack to hand over communications. This could be a concern in the longterm when we see a juncture between Slack getting big and cryptocurrency conversations becoming more important in criminal investigations.
- No support. Slack’s response to the Crypto community whenever the product falls short of expectation is; “we’re not designed for communities”. Unless they change this stance, crypto communities won’t see new features that are designed with them in mind. I believe this is a mistake because one of their major announcements this week at Frontiers, was the ability for companies to share channels with each other. Every security complaint made by communities can be transferred to this major release. Frankly, I’m staggered that the product team didn’t consider these security implications when designing this new major release. It’s a massive problem waiting to happen. It’s a bigger mistake because there are many potential enterprise customers who are members of these communities and they’re now put off supporting Slack inside their company. BIG product marketing mistake.
What can open source messaging apps do to win over Slack
I’m all for open source. I’d love nothing more than for the crypto world to have a great open source solution for building and harnessing communities. I look forward to that day. Here’s what needs to happen though:
- Improve their UI and UX.
- Integrate an anti-phishing security solution like MetaCert.
In the context of this post I think it’s only right to give more insight to my background. I was part of the AOL team that launched AIM in 1997 (as the Global Test Manager). I was the first Technical Accounts Manager and International Beta Coordinator hired by AOL outside the US during the mid ‘90’s.
My first company was a mobile software testing company and was the first to test MMS picture messaging. I was one of the original seven founders of the W3C Mobile Web Initiative and I co-instigated the creation of the W3C Standard for URL Classification. And lastly to add context, I own a full patent for anti-phishing protection inside an app WebView.
So, when you put all of those together, you get someone who is extremely passionate about helping to protect communities from phishing links inside a mobile messaging app WebView. It’s almost as if everything I’ve done in my career, has been to add some value to the crypto world. I’m new to the crypto world and consider myself lucky to have met such great people who have shown us a lot of love and support. Thank you.
Furthermore, our COO Ian Hayward along with three of our engineers, built, funded and maintained the Mozilla developer community portal SpreadFireFox and they built the mainstream add-ons for digg, Delicious, Yahoo!, eBay, PayPal and Google as well as being significant contributors to Firefox. So, we really care about open source and open web standards.
If you run a crypto community on Slack this is the one of the most important posts for you to read. It explains how to disable the Slack API so impersonators can’t use it to send well designed phishing attacks that look legit.
☞ Please tap or click “👏” to let Paul and others know that you appreciated this post. The number of claps indicates how much you liked the post so put those hands together as many times as you like.