There’s a lot of chatter on Twitter between some of the biggest Cryptocurrency communities in the world — about leaving Slack in favor of a “more secure messaging platform”. This post is intended to persuade them not to move. At least not until there’s a better alternative.
My intention isn’t to write about MetaCert. But security is the biggest reason for people talking about a move. So it’s impossible for me to comment on the security of platforms without talking about MetaCert.
Jaiku was a better alternative to Twitter from a UI and UX perspective. It also had group-chat support — perhaps that helped to inspire my friend Chris Messina to come up with the brilliant idea for a #hashtag to group conversations. But Twitter won in the end. Mostly because everyone was on there already and the cost of moving your followers to another platform was too high. My original Twitter account had 8k followers in 2008 — I wasn’t prepared to move to another platform and lose those connections. The same challenge is faced by Crypto communities that are already on Slack today.
Everyone knows Slack. Some of the biggest and most popular cryptocurrency communities are on Slack. Moving communities is difficult, even when the alternative is “better” (whatever better is).
Slack is great for the following reasons:
Every messaging platform is going to be attacked by cybercriminals as soon as it’s worth their time and money
I’m going to write this from the perspective that a community is protected by MetaCert. This is mainly because every messaging platform is going to be attacked by cybercriminals as soon as it’s worth their time and money. It’s easy to attack people on Slack and there are a lot of potential victims. When the number of potential targets increases on other platforms, cybercriminals will focus their attention on them. Guaranteed. It’s not advisable to move to a non-secure platform just because you can disable DMs — that’s one feature that the bad guys will get around.
I predicted two years ago when we raised our second seed round, that phishing attacks would migrate from email to Slack.
Unedited open source investor pitch deck from MetaCert 2015 — 2016
And it has as you can see from the pitch deck above — unedited. I also predicted that the future of web browsing would be inside mobile messaging apps — and it is — with a WebView. Put the two together and you get insecure messaging apps that don’t have the same built-in security that comes with say, Gmail or Chrome.
MetaCert today addresses most security needs while addressing the rest in the coming weeks — such as banning people who update their username to impersonate admins, DM protection (tomorrow I hope), ability to automatically ban members across all of the communities protected by MetaCert when they send phishing scams...
I’m all for open source. I’d love nothing more than for the crypto world to have a great open source solution for building and harnessing communities. I look forward to that day. Here’s what needs to happen though:
In the context of this post I think it’s only right to give more insight to my background. I was part of the AOL team that launched AIM in 1997 (as the Global Test Manager). I was the first Technical Accounts Manager and International Beta Coordinator hired by AOL outside the US during the mid ‘90’s.
My first company was a mobile software testing company and was the first to test MMS picture messaging. I was one of the original seven founders of the W3C Mobile Web Initiative and I co-instigated the creation of the W3C Standard for URL Classification. And lastly to add context, I own a full patent for anti-phishing protection inside an app WebView.
So, when you put all of those together, you get someone who is extremely passionate about helping to protect communities from phishing links inside a mobile messaging app WebView. It’s almost as if everything I’ve done in my career, has been to add some value to the crypto world. I’m new to the crypto world and consider myself lucky to have met such great people who have shown us a lot of love and support. Thank you.
Furthermore, our COO Ian Hayward along with three of our engineers, built, funded and maintained the Mozilla developer community portal SpreadFireFox and they built the mainstream add-ons for digg, Delicious, Yahoo!, eBay, PayPal and Google as well as being significant contributors to Firefox. So, we really care about open source and open web standards.
If you run a crypto community on Slack this is the one of the most important posts for you to read. It explains how to disable the Slack API so impersonators can’t use it to send well designed phishing attacks that look legit.
☞ P**lease tap or click “**👏” to let Paul and others know that you appreciated this post. The number of claps indicates how much you liked the post so put those hands together as many times as you like.