AMA: Ethics and Privacy in DeFi
Interlock was present at another AMA, hosted by Koii Network and was also joined by The KYC Alliance’s Chris and Joinfire’s Jeff Krantz. Rick, our CEO, was representing Interlock and spoke about all things related to Web3 and DeFi security ethics. This comes after another AMA was held with Koii Network a few weeks ago.
What the projects are doing to secure Web3
Interlock’s focus is to build community-focused security products to protect DEFI users. “What we're really trying to do is protect individual people as they browse the web, interact with smart contracts, transfer money, buy cryptocurrency, you know, whatever you can think of in web three, we're essentially trying to protect them across the gamut,” Rick said.
He also mentioned that our first products will be a Discord bot and a browser extension that's going to “encase your browser and shield it against malicious websites, bad browser extensions, malicious scripts, mining scripts, and bad downloads”.
In the future, it will warn you about smart contracts, letting you assess whether you think what you're visiting is safe or not, and “giving you a reward for helping our network determine, say, the safety of a smart contract you're interacting with.”
When it comes to Joinfire, the first product they are going to release is a Chrome browser extension that does two things. It simulates any transaction you're about to send before you send it and introduces the option to whitelist and blacklist smart contracts.
Chris from The KYC Alliance comes from the traditional security world; corporate security, safety, and fraud investigations. “I bring a lot of that into the crypto world by way of studying the scammers and the crooks out there [...] Then I use that to educate people. I use that to show people how these scams work so people can recognize them for themselves,” said Chris.
Victim blaming: Security should fall into the hands of crypto projects, not individuals
All three projects highlighted that they were not pleased with the victim-blaming that happens in the Web3 space when it comes to being scammed.
“I've generally been annoyed and disappointed and becoming more and more so as I see victim blaming,” Jeff said. He noted that common statements like ‘do your own research’ or ‘didn't you read the smart contract before you signed that transaction?’ do not lead to anything.
The only way to solve this problem, he remarked, is through education and greater User Experience (UX).
Chris concurred, saying that it is something that really needs to change. There needs to be resources easily available that explain what you are signing up to when signing a smart contract, such as that you have to approve a token before you can actually trade the token.
“There was a recent update to Meta Mask that shows you much more clearly what permissions you're signing [...] that's something that should have been in place on day one [...] UX and education are absolutely what we need in this space,” Chris said.
Rick pointed out that these types of problems have been in Web3 for as long as he remembers. “Here we are, 8 to 9 years later, with similar problems in Web3 except different applications have emerged. But yeah, it all comes back down to education and UX,” he said.
Crypto projects need to make sure that “regular people can understand it, which, in my opinion, also leads to how we get mass adoption,” Rick observed.
Tornado Cash: Ethical judgment
The three projects also had their say on the topic of Tornado Cash, which was in the headlines during the past few weeks because the U.S. authorities sanctioned it.
Chris remarked that crypto projects should at least warn that they are an OFAC sanctioned entity.
He further questioned another ethical issue; should these products be blocked or should they just issue a warning about using them?
From his part, Rick noted that, “just because something is sanctioned doesn't mean that we agree with it [...] It depends on why it was sanctioned and for what purpose.”
Jeff said, “my kind of guiding light for Web3–or my definition of Web3–is user control.”
All three projects agreed that Web3 developers should not block Tornado Cash, but at least warn the users that it is an OFAC-sanctioned site.
Privacy of data in Web3
The three projects were also asked about data privacy. Rick had a lot to say about this as Interlock’s position has always been to safeguard user data privacy, and if users want to share their data, they earn rewards in $ILOCK for it.
“We're in that position. Part of what we do is collect certain anonymous, private data from browsing, which helps us improve security. We collect threat intelligence that can help determine why something's happening or where it happened, or even what happened,” Rick remarked.
“Usually cybersecurity companies–as well as large enterprises–consume threat intelligence for the purpose of helping investigations, and that's our whole goal; to get that data to them from the last untapped data-source. That last data source that hasn't been tapped is the individual user just browsing the internet and doing what they do.”
“We have the ability to collect everything we want inside the browser, but on our end, our decision from the start was to make sure that we're only collecting what is opt-in completely,” he said.
Rick also noted that what the user would be sharing with Interlock in terms of data would be crystal clear so that the users are aware of what is going on. “Part of that mechanism, of course, is our token, which users will be rewarded with for sharing their data,” he said.
“We keep it as private and anonymous as possible while getting the most value out of that data and making sure it is improving security not only for us, but also our users and then even more so in the broader aspect.”
“If you picture an individual user creating threat intelligence that's going to end up back on Coinbase’s threat intel list, they'll be using it to make sure that both internal and external clients are going to be protected,” Rick said.
Jeff concurred that data privacy is “in the spirit of Web3”.
“I think opt-in is very important, opt-out is very important and transparency is very important. Ideally, the data that you upload is open data – in the spirit of Web3 – and anonymous, and you've got the ability also to remove that data if you wish,” Jeff said.
Chris also agreed, saying that, “transparency is absolutely the crucial piece of all of this; being 100% open and transparent about what is being collected and how it is being used. This is something that we really don't have in the typical Web2 space.”
He also pointed out that such projects should be wary of if this data-privacy process “is personally identifiable and then goes through some anonymization process” or is anonymised completely off the bat. This would especially be a question to ask if law enforcement were to contact such projects and companies.
Rounding up, Rick said that the Web3 security space stemmed from being aware of what is most ethically correct, and it looks like the space is going to stay that way.
“We're going to release the things that seem to be the most ethical and the freest for everyone as a mass. I don't just mean as a company. I mean like when I'm working with anyone or talking with anyone related to Web3; we're going to release the things that seem the most ethical and open to everyone,” he concluded.