Why we moved from Slack
Dear Wanchain Community,
Initially we started off our community on Slack. We were just a few hundred people in mid-August.
After a high interest and influx of thousands of users, we started experiencing security issues with Slack.
What were the security issues?
1) Slackbot was being manipulated by unofficial parties to send phishing messages by direct message. These phishing messages included links (urls) to fake My Ether Wallet sites (MEW). The hyperlink in the texts showed the correct address but the redirected pages were all scam sites. This meant that any user attempting to login using their private key on these sites were at a very high risk of having their private keys stolen.
2) Slackbot was disabled from the start by the admins but malicious users were still able to manipulate the code and send out “fake reminders” to users. The reminders included fake smart contract addresses as well as fake Wanchain websites.
3) Users could pose as “admins” and direct message any other user with the fake information. (as of today, there is still no way of disabling direct messages on Slack).
Is Slack meant for crypto groups?
Short answer no. Slack was made to be used primarily by project managers from various companies to manage their internal communications, prepare presentations, handle documents -allowing only those with the registered company domains to join (e.g. email@example.com). In summary, people with a whitelisted company e-mail domain were the only ones able to join Slack. That was until third-party apps were created to bypass this rule. This was great at first for creating large communities on Slack but the third-party app proved to be a haven for scammers.
The third-party app herokuapp
The herokuapp is a third-party program used to bypass having to register with the company e-mail domain and allow anyone to join Slack. This made it easy for anyone to join, resulting in complications managing Slack.
How many malicious accounts were deactivated because of this?
We deactivated a total of 168 malicious accounts. Most of the accounts were from the same e-mail domain but given the limitations of Slack, we were unable to blacklist these domains.
As it became harder to manage and we had over 7000 members on slack, we decided to open a Telegram Announcements Channel and a Telegram Chat Group. The transition to Telegram was smooth and as of today we have over 3,600 members in the chat group and over 7,500 subscribers to our announcements channel.
Why did we choose Telegram?
We chose telegram because of the advanced security features it offered in comparison to Slack.
1Group-butler: A bot that can be configured to help control flooding, kick/ban users who spam or post inappropriate links. The admins have control over its configurations. That means no users can manipulate the bot code and use it to their advantage.
2 Two-way opt-in: A scammer is unable to direct message all users on Telegram. You have the choice to accept or reject these chats, however you do not need to add someone as a friend to accept chats.
3End-to-end encryption: Due to end-to-end encryption, data is sent in a scrambled form until it reaches the destined user.
4 Temporary text messages: For sensitive data, you can choose to send messages that self-destruct after a selected time.
5 Phone number is required: You need to have a valid phone number to use Telegram. There are ways to bypass this but it makes it more complicated for malicious users to join.
6Admin tools for Telegram: This application allows admins to manage the users and chat group efficiently. You can mute, ban, kick and remove messages when users join. You can also prepare a welcome message to all new joiners (e.g. Welcome to Wanchain Chat, please read the pinned post and subscribe to our announcements channel: t.me/WanchainANN).
Moving to Telegram has given us the ability to manage the spam and phishing attempts more efficiently.
Our admins were never compromised on Slack or any other social platform but malicious users posed as “admins”, copying the names and direct messaging everyone as well as using Slackbot to send reminders at different times. The migration to Telegram was essential in protecting our community.
If Telegram works so well, why did we move to Discord?
Even though we have been happy moving to Telegram, we felt that many users from our Slack community did not want to join. To keep as many people in the community happy, as well as protect them, we decided to open a Discord channel as voted by the community.
Discord offers many improved features whilst keeping the User Interface (UI) similar to Slack.
We hope that by having two communication platforms for our community we can accommodate everyone. Those who prefer Slack over Telegram will not find it too difficult to adjust to Discord (given the similar but more secure features).
It is also mandatory for all admins to have 2FA enabled on Discord.
What advantages does Discord have over Telegram?
1 Similar UI to Slack: This will make most Slack users happy. The user interface is very similar. We have enabled the same channels as we have on Slack:
#announcements — only admins can post important updates.
#general — everyone can post here.
#random — chat for anything not related to Wanchain.
2 Open source bots: We have added various bots to our Discord, which were unable to be used on Telegram. These include:
Dynobot: This bot can be configured to blacklist urls, whitelist urls, move users over to a new channel, delete swear words, control flooding, kick users that violate terms several times and many more functions. *At the moment, we have disabled all links but will integrate a whitelist for links*.
ICO-Moderator: This bot was made by users to delete fake contract addresses and phishing sites. The code and blacklisted urls can be viewed on: https://github.com/Plenglin/ICO-Moderator
3 Roles: In discord, you can assign roles based on a vast number of moderation tools.
These roles range from minimum user powers, admin powers to complete admin powers. Users can have assigned roles when joining the chat e.g. read only in #announcements channel and a limited number of messages per minute (to avoid flooding).
4 Disabling direct messages completely: Discord allows admins to completely disable direct messaging. The only way to message someone (as opposed to Telegram) is by sending a friend request first. Only after the end-user accepts the friend request, a direct chat can begin. This is more secure and efficient than the current programming in Telegram and Slack, which allows users to send direct messages to anyone in the group without accepting a friend request first.
5 Everything is in one place: As opposed to Telegram, all the important channels are in one place. You do not need to subscribe to a separate announcements channel to receive important updates. It is right there along with the #general and #random channels.
To conclude, we believe Discord and Telegram will allow the community to further expand as well as protect it from future phishing attempts. Security is essential in this ecosystem. There has been so many hackings and scams that we are constantly looking at the best options to better serve our community.
We hope that we will continue receiving new joiners and that together, we can help protect our fellow community members from malicious attacks and keep them informed of all important updates.
These are the official social platforms you can join and bookmark:
Telegram announcements: https://t.me/WanchainANN
Telegram chat: https://t.me/WanchainCHAT