Web3

Security in the Metaverse: What You Need to Know Now

Security in the Metaverse: What You Need to Know Now

Ahh, the metaverse. Depending on who you ask, it is either an impressive evolution of the online experience or a poorly defined marketing ploy. And, at least for now, there isn’t just one metaverse, which has lots of implications for how to protect yourself from one to another  Regardless of how many there are or what side you take on whether any of them will succeed, you can sum up the idea like this:

The metaverse is almost like a parallel dimension—it blurs the lines between the physical world that you and I know and the virtual world…like artificial reality and cryptocurrency. –  from IFM’s metaverse blog post

Wouldn’t it be fantastic if we could plan for digital identity and security in the metaverse even while the metaverse is still being figured out? When the Internet was first designed, it missed the boat when it came to building in digital identity and security. Everything we know about how to verify someone’s identity online was added long after the bones of the Internet were set. 

Owning your security in the metaverse

The old saying is, “On the Internet, no one knows you’re a dog.” In the metaverse, no one will know if the “person” they are interacting with is really a person or a computer simulation. Creating digital accounts is really pretty easy. Making them realistic is just as easy, as humans don’t do a good job of protecting their personal information. Birthdates, location data in photographs, responses to Internet memes—it’s all out there waiting to be used to either hack existing accounts or create new ones that look like a real person for the purposes of fraud or harassment

Several of the companies working on their version of the metaverse hope to include identity and security by using Web3 technologies like blockchains that guarantee the uniqueness and ownership of a piece of information online. Which is good as far as it goes, but it doesn’t go far enough (yet). NFTs, built on supposedly secure Web3 and blockchain technologies, have already seen their fair share of fraud despite the technology. Still, we’re in the early days of figuring out how to make NFTs and Web3 long-term useful ideas, so there may be something there. Or not. We’ll see.

Regardless of whether fancy new technology will try to come in and save the day, you as the human actually have a lot you can do to help make your experience more secure. The good news is that what you can do to secure yourself in the metaverse are the same things you should do to protect yourself online today:

  • Control the information you share online (and don’t respond to silly memes, no matter how much you want to know what your name should be on the next royal wedding invitation).
  • Use good passwords. (We have a post about that.)
  • Never assume that the new person you’re talking to is who (or what) they say they are. 

Authenticating when you’re already there

Let’s look at where the metaverse is closer to reality: virtual reality! Those companies already branching out into metaverse products, like VR meetings or immersive games, now have to figure out how to authenticate users in VR (remember, use good passwords!). They could try and go old-school and have someone type on a virtual keyboard…except most users will only be using the VR headset. So, what are they supposed to do? A laser pointer at a virtual keyboard, hunting and pecking for each key? Uh, no. There are always biometrics, of course. Retinal scans, voice scans, fingerprints…But each of those needs a fallback for when the physical reality means biometrics aren’t feasible

No problem! Let’s make the VR device itself be your password! That actually has some promise and is an area already being explored, but there are still issues with how to handle shared devices (as anyone with more than one kid can tell you when it comes time to share the game controllers) as well as the reality that gamers rarely sign in as themselves. Also, the idea of moving away from traditional passwords is not without its challenges. Hacks are still possible (drat those hackers!), and there are questions as to whether it’s even a good idea to tell users to just “trust the magic” of what they don’t see.

At the end of the day, there’s just a lot that needs to be explored to make the metaverse a more safe and secure experience for everyone. 

Conclusion

The metaverse is expected to be THE online experience of the future. Right now, it seems like it is not only inheriting the security flaws of the Internet, but it’s coming up with new ones all on its own. CNBC has a great article on what kind of dangers are being introduced, which is scary, but it’s also an opportunity. We know the dangers (at least, we know some of them) which means we can plan for them. 

Posted by heather in Web3, Data Security, Line Dancing, 0 comments
The Metaverse: A Parallel Dimension

The Metaverse: A Parallel Dimension

A few weeks ago, my mother, a lovely woman who really loves cruise ships and social media, called and asked: “So, what is this metaverse thing?” 

Is there a single media site that isn’t talking about the wonder, glory, and confusion that is the metaverse? Companies like Meta (aka, Facebook) are putting BILLIONS of dollars into their interpretation of it. Alphabet (parent company of Google) is, too. Across the board, there’s a lot of money floating into an idea that hasn’t truly been defined yet.

The best definition I have for you? 

The metaverse is almost like a parallel dimension—it blurs the lines between the physical world that you and I know and the virtual world…like artificial reality and cryptocurrency. 

Ultimately, the idea of the metaverse isn’t about a NEW technology or platform, though that might end up being part of it. It’s about how people interact with the digital world we already know.

The idea of blurring the boundaries between the virtual and the physical isn’t new. Second Life is a multimedia platform that has lived this idea since well before “metaverse” was used as a word outside of science fiction (it was first mentioned in the sci-fi novel Snow Crash in the early 90s!). The problem Second Life had when it started back in 2003, though, was that the technology wasn’t available to support the vision. 

But, that was nearly 20 years ago. Twenty years ago, when Apple was just launching the iTunes store. Google hadn’t started trading on the stock market (that didn’t happen until 2004). Facebook wasn’t even a thing. AND, most critically for this conversation, the fastest broadband Internet speeds in 2003 were around 500 kilobits per second (kbs) for downloads, as compared to 1000 megabits per second (Mbps) today. (Just to throw in some math, 1 megabit equals 1000 kilobits. So, yeah, Internet speeds are sooooooooo much faster today!)

For people who have access to the Internet today (and remember, a third of the world does not fall in that category), this metaverse thing has a lot of potential. Some of that potential is fantastic: experience new cultures, see the world from new perspectives, try on jeans at home without having to wait for them to physically arrive, yay! 

The metaverse is almost like a parallel dimension—it blurs the lines between the physical world that you and I know and the virtual world…like artificial reality and cryptocurrency. 

But what about the fact that there will be greater difficulty in protecting personal privacy and more opportunities for cyberbullying, adding to the digital divide? Either way, the potential for both good and bad is there, and all it needs is people to take the idea and run with it, defining the details as they go.

If I were Queen of the Universe (which I’m not, but I’ve got my tiara ready), the big companies that are trying to win the race to BE the source of the metaverse would focus instead on HOW to make their metaverse ‘neighborhood’ interact with other metaverse hosts. Which may sound simple, but if you’ve ever played a computer game with online stores, imagine trying to use Game A’s credits in Game B’s store. At least today, that’s just not going to work. Could it in the future? Sure. It happened with the Internet. Email flows whether you’re using Outlook or Gmail or AOL. Websites can be viewed from completely unrelated browsers; with some exceptions, you can surf the web whether you’re using Safari, Chrome, Firefox, Brave, Opera. So, can new protocols be developed that would allow metaverse functionality to work across platforms? Absolutely. We’re just not there yet. 

So, what is the metaverse? It’s an idea, currently being explored by lots of different people and organizations, to blend the digital world with the physical world. The idea as it stands today is pretty far ahead of what’s currently possible. We’re a lot closer, though, than we were twenty years ago.

Photo by julien Tromeur on Unsplash

Posted by heather in Web3, Mosh Pit, 0 comments
So, About Those NFTs…

So, About Those NFTs…

NFTs, or Non-Fungible Tokens, are almost as popular to talk about as cryptocurrency these days! But where crypto has at least some analogy to the physical world (it’s all about the forms money can take), NFTs are an entirely different kettle of (virtual) fish. NFTs are about establishing a virtual asset that is unique in and of itself and has no interchangeable equivalent.

Coming back to one of my favorite resources, Investopedia, they say:

“Non-fungible tokens or NFTs are cryptographic assets on a blockchain with unique identification codes and metadata that distinguish them from each other. Unlike cryptocurrencies, they cannot be traded or exchanged at equivalency. This differs from fungible tokens like cryptocurrencies, which are identical to each other and, therefore, can be used as a medium for commercial transactions.”

A great definition, but that’s only if you know what “cryptographic asset,” “blockchain,” “fungible,” and “cryptocurrencies” mean. Let’s start there.

  • Cryptographic asset: A digitally expressed piece of information that uses cryptography such that it cannot be copied or duplicated
  • Blockchain: A technology in many ways like a database that has pieces of itself distributed across the internet that cryptocurrencies use to support their claim of being uber-secure and highly resistant to fraud.
  • Fungible: This basically means mutually interchangeable with another item. A dollar bill is a fungible asset—any one modern dollar bill (or bitcoin) is completely interchangeable with another modern dollar bill (or bitcoin).
  • Cryptocurrency: See more about this in our previous blog post. We describe crypto “as defined by Investopedia … is “a digital or virtual currency that is secured by cryptography, which makes it nearly impossible to counterfeit or double-spend.”

Back to what that means for an NFT: an NFT is a unique digital record for an object. You can buy or sell the NFT, but you can’t make duplicates of it, nor can you change it. And if you do buy or sell it, the original record gets a note that the exchange happened. Every future exchange adds another note, thus keeping the full record of everything that’s happened to that unique digital record.

The technology that enables this is called a blockchain, which as described above is a very special kind of technology that has no single, centralized “home” where all the data is ultimately stored. Blockchains are (often) decentralized, and everyone who engages with that blockchain is part of the process to validate the addition of any new information (or block) to the chain.

Now let’s talk a bit more about what you can do with an NFT. One popular use case is that of artists. Artists create things, but once their thing is sold (and sometimes even before that), they lose all control over that asset. If the asset is resold, the original artist usually doesn’t see any commission. An NFT can serve as a receipt that makes sure that every future transaction gives the artist some additional compensation for their creation. This is a potential game-changer for artists, but it’s not perfect. Here’s where we touch on some of the biggest misunderstandings in the NFT world:

The NFT is the receipt. It is not necessarily the actual item. Someone can create an NFT for a digital or physical object; that does not necessarily give the purchaser the right to have and hold that object. They may just have some percentage of the object or, in more nefarious situations, they may have been sold something the creator of the NFT has no right to actually sell. And for digital objects, assigning the object an NFT does not mean that all copies of that object are magically associated with that NFT.

Think of it this way. You have a photo on your phone that you received fantastic feedback on from your friends when you posted it to Instagram. You decide you want to make it into an NFT so you can sell it. You can do that … but all those copies already out there, which are visually indistinguishable from the original, are not protected. Don’t confuse an NFT with copyright!

That said, you may still have questions. After all, SURELY something that has net a person $3 million US dollars (way to go, Jack Dorsey of Twitter) must be something big! Right? Well, to be honest, I can’t explain that. The problem content creators like artists have when it comes to being fairly compensated for what they do is a problem. And if the world were a fair and reasonable place where NFTs would magically make the assets the NFT provides a receipt for somehow different (like different in appearance, or different in how people might see them online) then maybe this would justify the NFT craze.

The NFT is the receipt. It is not necessarily the actual item. Someone can create an NFT for a digital or physical object; that does not necessarily give the purchaser the right to have and hold that object.

Alas, the world is not a fair and reasonable place. Today’s use of NFTs often enters into the realm of the absurd. What many people are hoping for, however, is that NFTs will provide a powerful mechanism in the world of Web 3 to encourage more content creation with fair and enforceable concepts of ownership and compensation. 

If you’d like to watch a particularly entertaining skit on NFTs, Saturday Night Live recorded a fun session on it. If, however, you’ve got time and want a really deep dive into a skeptic’s view of NFTs, there’s a two-hour video on YouTube for you. Still, never let it be said that there aren’t some really strong voices out there in favor of NFTs: read about Animoca’s success in the NFT economy.

And if what you’d really like to do is to start investing now, well, as ya like. You might want to talk to your financial advisor.

Photo by Shubham Dhage on Unsplash

Posted by heather in Web3, Line Dancing

Cryptocurrency: Creepy…Or Awesome?

Crypto. Blockchain. Digital Currency. Bitcoin. From the front page of the New York Times to Reddit posts, lots of terms are floating around that most people know have _something_ to do with money and tech, but they aren’t quite sure of the details. And, given the host of ads that ran in this year’s Super Bowl, people are bound to become even more crypto-curious.

If you are one of them, this article is for you. We’ll start with a list of some of the more common words used in the media, and then talk about what this all actually means for the world today.

  • Crypto used to be (and still is in some circles) short for cryptography, the study of making communications between two parties absolutely secure (there’s usually a lot of math involved). But these days, crypto is almost always about cryptocurrency.
  • Cryptocurrency, as defined by Investopedia (great resource if you’re not already familiar with it), is “a digital or virtual currency that is secured by cryptography, which makes it nearly impossible to counterfeit or double-spend.”
  • Digital Currency, coming back again to Investopedia, is “a form of currency that is available only in digital or electronic form. It is also called digital money, electronic money, electronic currency, or cybercash.” Some organizations in this space insist that there is a difference between digital currency and cryptocurrency, saying the former has national backing in the same way that governments back the euro, the dollar, the peso, and so on. They see the latter as outside any government backing, so you’re on your own if you invest in the cryptocurrency space.
  • Bitcoin is one expression of cryptocurrency, and is currently the one with the biggest market share in the crypto space. 
  • Ethereum is another big name you might hear, and it is a cryptocurrency like Bitcoin, holding quite a bit of the market share itself.
  • Blockchain is not a cryptocurrency. It is a technology like a database is a technology, though in this case it is a technology that cryptocurrencies use to support their claim of being uber-secure and highly resistant to fraud.

So now you have some basic terms, and for the sake of this article, I’m going to hold that  “cryptocurrency” includes digital currency backed by governments and cryptocurrency backed by anyone else.

Cryptocurrency is definitely a concept that’s making waves in the world, and more than with just the geeky crowd. There are entire countries getting involved in this space and making it a financial reality to be reckoned with. n an individual level, popular financial management companies like Betterment and Personal Capital are offering cryptocurrency options as part of their investment portfolios. Crypto is _everywhere_.  

OK, fine, but is it really REAL? I mean, how real can it be if it isn’t a physical asset, and it isn’t backed by gold, silver, or a government’s promise? Well, let me ask you a different question: Why do you believe the piece of paper in your (physical) wallet has value? Probably because when enough people believe in the value of crypto, the perception becomes a reality. When people stop believing in it, you have something like a bank run, and if you get enough of those, you can entirely trash a nation’s (or even a world’s) economy (there’s some interesting research regarding bank runs and the Great Depression, if you’re interested in some ‘light’ reading on economic theory—ha!).

Ironically enough, cryptocurrency started to take off as a popular topic of discussion around 2017, as the first big ‘bubble’ formed and then burst. Bitcoin dropped 65% of its value in 2018 to about $3500 per bitcoin, and everyone was talking about it. Enough people talked about it that they (apparently) got very excited about buying these new, speculative thingies while they were on “sale” due to the crash. Now Bitcoin is back up to being worth about $44,340. It’s an amazing rollercoaster of speculation.

As with all market speculations, you’re going to find people who believe Very Strongly in the thing they are buying. You’re also going to find people who believe Equally Strongly that it’s a scam. And, you know what? They’re both going to be right. Cryptocurrency has value as long as people believe that it does. Enough people currently believe this is the future of the finance industry that they’ve convinced governments to ride the wave, providing further apparent legitimacy to the idea. And, like every market-driven enterprise, the value will go up and down in cycles—it is no more a “sure thing” for investment than gold. (Example: Do a search on “can never go wrong buying gold” and you’ll find as many articles suggesting “never do it” as you will articles about how great of an idea it is to buy gold.) If you’d really like to geek out on the technology behind cryptocurrency and how some people argue that it’s better than humans at determining monetary policy, this article in Wired might be for you. 

Finally, just a note, this article is to offer you a quick reference for the key terms you’ll see in articles about the crypto space. It is not financial advice; your acceptance of risk in your investments is all up to you. But as with everything covered by IFM, we hope you’ll find our information helpful in making informed decisions!

Photo by Jp Valery on Unsplash

Posted by heather in Web3, Line Dancing, 0 comments
Web3 – It’s About Disruption

Web3 – It’s About Disruption

To understand Web 3, it helps if you’ve read Malcolm Gladwell’s The Tipping Point: How Little Things Can Make A Big Difference. Not because that book has anything to do with the web, but more because it gets into market disruption and why it happens. In a nutshell, innovation gets things started, then adoption happens … and happens … and happens … until it is just a BFD and there isn’t room to innovate anymore, and so people decide “I can do this simpler/better/faster!”  They abandon the big, stable thing in order to get back to innovation. And then the innovation is successful, and adoption happens … and happens … You get the idea. 

Web 3 is like that. It’s a reaction to the fact that Web 2.0 is this thing driven by a few successful, ginormous platforms, leaving little room for out-of-the-box innovation. The market is pretty darn stable compared to where it was even a decade ago. And there are people out there who desperately want to innovate. It’s cool and fun, after all. And maybe, if they innovate well enough, their ideas will grow and grow and grow, and they will be wildly successful and everyone will throw money at them. 

There’s nothing wrong with a desire to innovate and to break a market apart to support new ideas and technologies. The main challenge with understanding Web 3, though, is that the marketing of what it means to be Web 3 doesn’t match the reality of what people want or can be expected to do. So let’s take a step back and look at what the web was initially, what it is today, and what Web 3 promoters say it’s going to be.

In the beginning, there were a few computers networked together, starting the Internet. It looked a lot like this:

(Source: nasa.gov)

Just a couple of computers, connected to a couple of other computers, mostly with black screens and green text. The thing that became the Internet (the Arpanet) started in 1969, and it looked a lot like that for a while. When the World Wide Web kicked off in 1993, it was based on that model where people were in charge of their own computers and everyone was able to share content everywhere. This is called a “decentralized” environment. No one in charge, cats and dogs living together, it was glorious anarchy. OK, maybe not anarchy. But there really wasn’t anyone particularly “in charge” leaving a greenfield ready and waiting for innovative ideas to happen. 

Here’s the thing, though. My mom does not want to do all the stuff on a computer that’s needed for it to share content like that. She’s not going to run server software (and make sure it’s patched). She’s not going to set up a dashboard so she can clearly see and manage who has been allowed the different bits of information about her.  But that’s ok! Innovation happens, and suddenly there are companies willing to make it easy. To do the value-add of hosting a computer for you. Heck, they’ll do EVERYTHING for you, so all you have to do is throw money at them, upload your cat photos, and you’re good to go! There used to be a lot of those companies, but a few became really, really successful. And a trend towards fewer, bigger companies is centralization and that’s at the heart of Web 2.0.

So if a decentralized model was Web 1, and centralized was Web 2, then what’s left for Web 3? Well, here’s where it gets a little complicated. 

The promise of Web 3 as made by the people motivated to make it a thing is the promise of decentralization. It’s power to the people! Innovation in everything from finance to personal records to digital identity! People will be able to take control of their own online experiences in ways that haven’t been done before thanks to new technologies like blockchains. Think of it as a reaction against “you’re not the consumer, you’re the product” as companies sell information about you to other companies, leaving you with advertisements and them with money. If you have ultimate control over your own information, then the world can only be a safer, more personally profitable place.

Doesn’t that sound lovely?

Now step back from the lovely picture and think for a minute about what that actually requires. Let’s start with the “you control all the information about you” (like your name, your phone number, your email address, your age, your location, your preference for cats instead of dogs, your sexual orientation, your political orientation, and so on and so on and so on) and therefore who gets to see it. That means you need to keep on top of that information, sometimes making sure it’s verified by a third-party (e.g., a government agency). You need to respond to every request for that information by companies that are offering you stuff. You not only have power, you have _responsibility_.

Let’s be honest, that gets really tedious. It gets worse if part of the power means running stuff on your own computer, which, back in Web 1, used to be pretty easy. It’s not like computers went anywhere. They were these big things that plugged into the wall 24/7. Now, ‘running stuff on your computer’ could mean your phone, or your tablet, or your laptop, or your desktop, or even your watch. 

And here’s where innovation tends to strike. There are people out there who, for a small (or medium, or large) fee, would be more than happy to make this easier for you. To build a platform that would take care of lots of the details for you so you could get back to your cat photos. At first, there will be lots of little platforms, all trying to differentiate themselves with various value-add features to the underlying technology to improve their own adoption. And adoption will happen … and happen … and happen… until the most adopted wins, innovation is stifled, and how on earth did we get back to this part of the cycle again? What you’ll have is some strange combination of centralized platforms supporting decentralized technologies, combining the best and worst of Web 1 and Web 2.

Since we’re at that point in the cycle where we have really big, successful players AND a really solid attempt at disruption by lots of innovative little players, this is a space that’s filled more with hype and ideals than solid services and market definition. It’s different from the same point in the cycle that was the difference between Web 1 and Web 2 because there are so many more people online today and computers are capable of so much more. People like my mom have expectations about what her user experience is going to be like online, and not a whole lot of patience with technical details. There are people who are ‘born digital’ that are more comfortable with technology and yet have an expectation that much of the hard work of offering online services will just be … taken care of. So, yeah. It’s not the same world as the first major shift in the nature of the web. It’s a world where literally everything is promised, and anything can happen, but the thoughtful human will take a moment and really think about the implications of the hype before they dive in.

If you’d like to dive a little deeper into thoughts on Web3, you might find Fabio Manganiello’s blog post “Web 3.0 and the undeliverable promise of decentralization” and Moxie Rosenfeld’s (more commonly known as Moxie Marlinspike) “My first impressions of web3” interesting, though a bit more technical. 

Posted by heather in Web3, Mosh Pit, 0 comments