web3

Security in the Metaverse: What You Need to Know Now

Security in the Metaverse: What You Need to Know Now

Ahh, the metaverse. Depending on who you ask, it is either an impressive evolution of the online experience or a poorly defined marketing ploy. And, at least for now, there isn’t just one metaverse, which has lots of implications for how to protect yourself from one to another  Regardless of how many there are or what side you take on whether any of them will succeed, you can sum up the idea like this:

The metaverse is almost like a parallel dimension—it blurs the lines between the physical world that you and I know and the virtual world…like artificial reality and cryptocurrency. –  from IFM’s metaverse blog post

Wouldn’t it be fantastic if we could plan for digital identity and security in the metaverse even while the metaverse is still being figured out? When the Internet was first designed, it missed the boat when it came to building in digital identity and security. Everything we know about how to verify someone’s identity online was added long after the bones of the Internet were set. 

Owning your security in the metaverse

The old saying is, “On the Internet, no one knows you’re a dog.” In the metaverse, no one will know if the “person” they are interacting with is really a person or a computer simulation. Creating digital accounts is really pretty easy. Making them realistic is just as easy, as humans don’t do a good job of protecting their personal information. Birthdates, location data in photographs, responses to Internet memes—it’s all out there waiting to be used to either hack existing accounts or create new ones that look like a real person for the purposes of fraud or harassment

Several of the companies working on their version of the metaverse hope to include identity and security by using Web3 technologies like blockchains that guarantee the uniqueness and ownership of a piece of information online. Which is good as far as it goes, but it doesn’t go far enough (yet). NFTs, built on supposedly secure Web3 and blockchain technologies, have already seen their fair share of fraud despite the technology. Still, we’re in the early days of figuring out how to make NFTs and Web3 long-term useful ideas, so there may be something there. Or not. We’ll see.

Regardless of whether fancy new technology will try to come in and save the day, you as the human actually have a lot you can do to help make your experience more secure. The good news is that what you can do to secure yourself in the metaverse are the same things you should do to protect yourself online today:

  • Control the information you share online (and don’t respond to silly memes, no matter how much you want to know what your name should be on the next royal wedding invitation).
  • Use good passwords. (We have a post about that.)
  • Never assume that the new person you’re talking to is who (or what) they say they are. 

Authenticating when you’re already there

Let’s look at where the metaverse is closer to reality: virtual reality! Those companies already branching out into metaverse products, like VR meetings or immersive games, now have to figure out how to authenticate users in VR (remember, use good passwords!). They could try and go old-school and have someone type on a virtual keyboard…except most users will only be using the VR headset. So, what are they supposed to do? A laser pointer at a virtual keyboard, hunting and pecking for each key? Uh, no. There are always biometrics, of course. Retinal scans, voice scans, fingerprints…But each of those needs a fallback for when the physical reality means biometrics aren’t feasible

No problem! Let’s make the VR device itself be your password! That actually has some promise and is an area already being explored, but there are still issues with how to handle shared devices (as anyone with more than one kid can tell you when it comes time to share the game controllers) as well as the reality that gamers rarely sign in as themselves. Also, the idea of moving away from traditional passwords is not without its challenges. Hacks are still possible (drat those hackers!), and there are questions as to whether it’s even a good idea to tell users to just “trust the magic” of what they don’t see.

At the end of the day, there’s just a lot that needs to be explored to make the metaverse a more safe and secure experience for everyone. 

Conclusion

The metaverse is expected to be THE online experience of the future. Right now, it seems like it is not only inheriting the security flaws of the Internet, but it’s coming up with new ones all on its own. CNBC has a great article on what kind of dangers are being introduced, which is scary, but it’s also an opportunity. We know the dangers (at least, we know some of them) which means we can plan for them. 

Posted by heather in Web3, Data Security, Line Dancing, 0 comments
The Metaverse: A Parallel Dimension

The Metaverse: A Parallel Dimension

A few weeks ago, my mother, a lovely woman who really loves cruise ships and social media, called and asked: “So, what is this metaverse thing?” 

Is there a single media site that isn’t talking about the wonder, glory, and confusion that is the metaverse? Companies like Meta (aka, Facebook) are putting BILLIONS of dollars into their interpretation of it. Alphabet (parent company of Google) is, too. Across the board, there’s a lot of money floating into an idea that hasn’t truly been defined yet.

The best definition I have for you? 

The metaverse is almost like a parallel dimension—it blurs the lines between the physical world that you and I know and the virtual world…like artificial reality and cryptocurrency. 

Ultimately, the idea of the metaverse isn’t about a NEW technology or platform, though that might end up being part of it. It’s about how people interact with the digital world we already know.

The idea of blurring the boundaries between the virtual and the physical isn’t new. Second Life is a multimedia platform that has lived this idea since well before “metaverse” was used as a word outside of science fiction (it was first mentioned in the sci-fi novel Snow Crash in the early 90s!). The problem Second Life had when it started back in 2003, though, was that the technology wasn’t available to support the vision. 

But, that was nearly 20 years ago. Twenty years ago, when Apple was just launching the iTunes store. Google hadn’t started trading on the stock market (that didn’t happen until 2004). Facebook wasn’t even a thing. AND, most critically for this conversation, the fastest broadband Internet speeds in 2003 were around 500 kilobits per second (kbs) for downloads, as compared to 1000 megabits per second (Mbps) today. (Just to throw in some math, 1 megabit equals 1000 kilobits. So, yeah, Internet speeds are sooooooooo much faster today!)

For people who have access to the Internet today (and remember, a third of the world does not fall in that category), this metaverse thing has a lot of potential. Some of that potential is fantastic: experience new cultures, see the world from new perspectives, try on jeans at home without having to wait for them to physically arrive, yay! 

The metaverse is almost like a parallel dimension—it blurs the lines between the physical world that you and I know and the virtual world…like artificial reality and cryptocurrency. 

But what about the fact that there will be greater difficulty in protecting personal privacy and more opportunities for cyberbullying, adding to the digital divide? Either way, the potential for both good and bad is there, and all it needs is people to take the idea and run with it, defining the details as they go.

If I were Queen of the Universe (which I’m not, but I’ve got my tiara ready), the big companies that are trying to win the race to BE the source of the metaverse would focus instead on HOW to make their metaverse ‘neighborhood’ interact with other metaverse hosts. Which may sound simple, but if you’ve ever played a computer game with online stores, imagine trying to use Game A’s credits in Game B’s store. At least today, that’s just not going to work. Could it in the future? Sure. It happened with the Internet. Email flows whether you’re using Outlook or Gmail or AOL. Websites can be viewed from completely unrelated browsers; with some exceptions, you can surf the web whether you’re using Safari, Chrome, Firefox, Brave, Opera. So, can new protocols be developed that would allow metaverse functionality to work across platforms? Absolutely. We’re just not there yet. 

So, what is the metaverse? It’s an idea, currently being explored by lots of different people and organizations, to blend the digital world with the physical world. The idea as it stands today is pretty far ahead of what’s currently possible. We’re a lot closer, though, than we were twenty years ago.

Photo by julien Tromeur on Unsplash

Posted by heather in Web3, Mosh Pit, 0 comments
Web3 – It’s About Disruption

Web3 – It’s About Disruption

To understand Web 3, it helps if you’ve read Malcolm Gladwell’s The Tipping Point: How Little Things Can Make A Big Difference. Not because that book has anything to do with the web, but more because it gets into market disruption and why it happens. In a nutshell, innovation gets things started, then adoption happens … and happens … and happens … until it is just a BFD and there isn’t room to innovate anymore, and so people decide “I can do this simpler/better/faster!”  They abandon the big, stable thing in order to get back to innovation. And then the innovation is successful, and adoption happens … and happens … You get the idea. 

Web 3 is like that. It’s a reaction to the fact that Web 2.0 is this thing driven by a few successful, ginormous platforms, leaving little room for out-of-the-box innovation. The market is pretty darn stable compared to where it was even a decade ago. And there are people out there who desperately want to innovate. It’s cool and fun, after all. And maybe, if they innovate well enough, their ideas will grow and grow and grow, and they will be wildly successful and everyone will throw money at them. 

There’s nothing wrong with a desire to innovate and to break a market apart to support new ideas and technologies. The main challenge with understanding Web 3, though, is that the marketing of what it means to be Web 3 doesn’t match the reality of what people want or can be expected to do. So let’s take a step back and look at what the web was initially, what it is today, and what Web 3 promoters say it’s going to be.

In the beginning, there were a few computers networked together, starting the Internet. It looked a lot like this:

(Source: nasa.gov)

Just a couple of computers, connected to a couple of other computers, mostly with black screens and green text. The thing that became the Internet (the Arpanet) started in 1969, and it looked a lot like that for a while. When the World Wide Web kicked off in 1993, it was based on that model where people were in charge of their own computers and everyone was able to share content everywhere. This is called a “decentralized” environment. No one in charge, cats and dogs living together, it was glorious anarchy. OK, maybe not anarchy. But there really wasn’t anyone particularly “in charge” leaving a greenfield ready and waiting for innovative ideas to happen. 

Here’s the thing, though. My mom does not want to do all the stuff on a computer that’s needed for it to share content like that. She’s not going to run server software (and make sure it’s patched). She’s not going to set up a dashboard so she can clearly see and manage who has been allowed the different bits of information about her.  But that’s ok! Innovation happens, and suddenly there are companies willing to make it easy. To do the value-add of hosting a computer for you. Heck, they’ll do EVERYTHING for you, so all you have to do is throw money at them, upload your cat photos, and you’re good to go! There used to be a lot of those companies, but a few became really, really successful. And a trend towards fewer, bigger companies is centralization and that’s at the heart of Web 2.0.

So if a decentralized model was Web 1, and centralized was Web 2, then what’s left for Web 3? Well, here’s where it gets a little complicated. 

The promise of Web 3 as made by the people motivated to make it a thing is the promise of decentralization. It’s power to the people! Innovation in everything from finance to personal records to digital identity! People will be able to take control of their own online experiences in ways that haven’t been done before thanks to new technologies like blockchains. Think of it as a reaction against “you’re not the consumer, you’re the product” as companies sell information about you to other companies, leaving you with advertisements and them with money. If you have ultimate control over your own information, then the world can only be a safer, more personally profitable place.

Doesn’t that sound lovely?

Now step back from the lovely picture and think for a minute about what that actually requires. Let’s start with the “you control all the information about you” (like your name, your phone number, your email address, your age, your location, your preference for cats instead of dogs, your sexual orientation, your political orientation, and so on and so on and so on) and therefore who gets to see it. That means you need to keep on top of that information, sometimes making sure it’s verified by a third-party (e.g., a government agency). You need to respond to every request for that information by companies that are offering you stuff. You not only have power, you have _responsibility_.

Let’s be honest, that gets really tedious. It gets worse if part of the power means running stuff on your own computer, which, back in Web 1, used to be pretty easy. It’s not like computers went anywhere. They were these big things that plugged into the wall 24/7. Now, ‘running stuff on your computer’ could mean your phone, or your tablet, or your laptop, or your desktop, or even your watch. 

And here’s where innovation tends to strike. There are people out there who, for a small (or medium, or large) fee, would be more than happy to make this easier for you. To build a platform that would take care of lots of the details for you so you could get back to your cat photos. At first, there will be lots of little platforms, all trying to differentiate themselves with various value-add features to the underlying technology to improve their own adoption. And adoption will happen … and happen … and happen… until the most adopted wins, innovation is stifled, and how on earth did we get back to this part of the cycle again? What you’ll have is some strange combination of centralized platforms supporting decentralized technologies, combining the best and worst of Web 1 and Web 2.

Since we’re at that point in the cycle where we have really big, successful players AND a really solid attempt at disruption by lots of innovative little players, this is a space that’s filled more with hype and ideals than solid services and market definition. It’s different from the same point in the cycle that was the difference between Web 1 and Web 2 because there are so many more people online today and computers are capable of so much more. People like my mom have expectations about what her user experience is going to be like online, and not a whole lot of patience with technical details. There are people who are ‘born digital’ that are more comfortable with technology and yet have an expectation that much of the hard work of offering online services will just be … taken care of. So, yeah. It’s not the same world as the first major shift in the nature of the web. It’s a world where literally everything is promised, and anything can happen, but the thoughtful human will take a moment and really think about the implications of the hype before they dive in.

If you’d like to dive a little deeper into thoughts on Web3, you might find Fabio Manganiello’s blog post “Web 3.0 and the undeliverable promise of decentralization” and Moxie Rosenfeld’s (more commonly known as Moxie Marlinspike) “My first impressions of web3” interesting, though a bit more technical. 

Posted by heather in Web3, Mosh Pit, 0 comments