Interlock is an innovative project aimed at enhancing internet security by allowing users to stake tokens for the improvement of its security products. One of these products is ThreatSlayer, a cutting-edge browser extension designed to protect users from online threats. Our technology uses a hybrid of AI threat detection as well as user submissions in order to catch malicious users in the web3 space. In this article, we will explain how the token staking and crowdsourcing system for $ILOCK works, and how it contributes to the overall security of the platform.
Staking Process and Crowdsourcing
When a user submits a link, it enters a pending state. This requires our team to review and either approve or reject the submission. Approved links enter the staking-pool, while rejected links are removed from the system. To provide transparency and user feedback, we plan to make pending links publicly visible. This feature is not mandatory but aims to reassure users that their submissions are being processed.
The staking process serves as the crowdsourcing element of Interlock. However, as there are tokens involved, we only allow submissions that are not blatantly bogus or obviously fake. This prevents users from staking at random and profiting without contributing to the platform's security.
Users can either flag (i.e. submit malicious) or unlock (i.e. submit safe). The latter require our extension to incorrectly lock a site, while former can be done at any time. Right now we only support unlock (i.e. called "i trust this site" in the extension currently).
Semi-Automation and Heuristic Classification
At present, we cannot rely solely on either automation or blind crowdsourcing for our security measures. We need a balance of both human review and technology to ensure accurate identification of threats. As we manually review submissions, we learn the characteristics of bogus submissions, which allows us to develop heuristic classification methods.
Our goal is for crowdsourcing and heuristics to coevolve, using similar tools but different metadata as signals. This will enable us to refine our security measures continually.
Mitigating Hacks and Loopholes
If we were to implement a 100% crowdsourced system, users would need to stake tokens to submit links. Bogus submissions would result in the loss of staked tokens. This method, along with a combination of other strategies, helps mitigate potential hacks and loopholes in the system.
Interlock's approach to internet security shares similarities with PayPal's fraud prevention model. Both systems rely on a combination of human review and technology to safeguard their platforms.
Users do not have to stake tokens, but we will add a feature where they can enter a default stake-amount to their submission (we sort submission by how many tokens have been staked on it - which changes over time - and letting flagger/unlockers stake-on-submission will give their submission higher priority than it would have by default).
Smart Contract Code Audits
To ensure the safety and integrity of the staking process and the overall platform, Interlock has taken the essential step of having its smart contracts audited by Kudelski Security, a reputable independent cybersecurity firm. Kudelski Security is renowned for its expertise in conducting comprehensive security audits, identifying vulnerabilities, and recommending solutions to fortify the security of blockchain-based platforms.
By undergoing this rigorous audit process, Interlock demonstrates its commitment to maintaining the highest level of security for its users, while continually addressing potential risks and enhancing the platform's reliability and trustworthiness.
Earning $ILOCK: Different Methods
- Users sharing anonymized security data
- Browsing the web with the ThreatSlayer extension installed (at launch)
- Staking on grey-area entities (shortly after launch)
We have not yet finalized the reward strategy, but it varies between randomness and determinism:
- Random component: Users can receive a reward of variable and unpredictable size
- Determinism: Receiving a reward is determined by the amount of data shared, the uniqueness of that data, and the value-score that we give that data
Additional Incentives and Programs
- Bounty-hunter program: Users explicitly browse the web in a hardened web-browser, and bounty-hunters will probably get more rewards than ordinary users
- Ordinary users can level-up to being bounty hunters
Preventing Abuse and Manipulation
- Semi-automation instead of full automation: A hands-off system is easier to attack with repetitive tactics
- Pending-state for every submitted entry: Users cannot stake on a link until it is approved for staking
- Developing tools to make it easier for reviewers to evaluate submitted entities as the number of submissions scales
- Limiting the maximum stake-amount, maximum-per-user-stake, and stake-yield after approving a site for staking
- Enacting a minimum/initial stake/deposit that the submitter must place before submitting, causing them to lose tokens if their submission is rejected
- Restricting submissions to sites that contradict our heuristics, reducing the range of what can be submitted
Maintaining Transparency and Trust
Interlock maintains transparency and trust with users by implementing the following measures:
- Publicly browsable database of submitted, pending, approved, rejected, and closed links
- Rejected links will have a comment or tag describing why they were rejected
- Listing how much was staked and earned on each link
Interlock's unique approach to internet security, which combines token staking, crowdsourcing, and heuristic classification, holds great promise in enhancing the safety of users online. By continuously refining our methods and learning from user submissions, we aim to create a more secure browsing experience for everyone. Through rigorous smart contract audits and transparency measures, Interlock demonstrates its commitment to maintaining the highest level of security for its users, while continually addressing potential risks and enhancing the platform's reliability and trustworthiness. With a combination of different methods to earn $ILOCK and various incentive programs, Interlock encourages user engagement and contributions, further strengthening the overall security of the platform.