What we’re doing to prevent spam and phishing attempts in the cryptominded community.
While many wonderful people are joining the cryptominded community on a daily basis, unfortunately there will always be bad actors trying to join as well. As many of you know, there have been many phishing attempts targeting cryptocurrency related communities, and cryptominded has not been an exception to that. In this article I want to outline what we’re doing to prevent this from happening again in the future.
Just like many other slack communities, we’ve always been using a small slack tool called: Slackin, which auto-invites people once they enter their email on a simple landing page.
However, the problem with this process is that once a bad actor is in the slack community, moderators can only respond to them reactively. And while there are many people working hard to help with mitigating this problem, such as MetaCert, all of these methods can only act reactively for now as well. They do not prevent the bad actor from spamming people through direct messages and causing the person to receive emails or notifications. Unfortunately, by the time moderators will be able to act and ban the bad actor from the community, the damage is usually already done.
Considering these factors, we’ve decided to change the invite process of the cryptominded community. From now on, people will have to enter their details on a new landing page that we set-up asking for some more information including a social profile.
Once they’ve submitted the form, the cryptominded moderators will receive a notification containing the details:
We’re then able to reject or accept the request to join. Accepting the request will result in a slack invitation email to be send out which allows them to join the community. No longer will bad actors be able to get this email automatically without a moderator reviewing the request.
Why does this help?
It’s pretty simple actually. Bad actors don’t like to be identified. We ask for a social profile, which we check to see if it’s a real profile. Then we check whether the email, name & social profiles all line up. If not? Then we don’t let the person in.
Can this be gamed? Yes, it could technically be gamed, but we hope this increases the barrier of entry enough to those bad actors to stop trying.
On the left you see an example of a phishing scammer trying to sign-up for the community. Obviously they don’t want to be identified, but these are easily spotted and rejected. Keeping the community safe & spam free.
How about anonymity?
A few people have raised concerns with me that this means people joining the community are no longer anonymous. While this is entirely a fair concern, I like to address those concerns and why I decided to set it up this way anyway:
- The join request will only be visible to a group of 7 moderators in total. Moderators in the community can be identified by the cryptominded symbol behind there name.
- Members that join will remain completely anonymous to the rest of the community. Email address won’t be visible for other community members and they can choose the name they want whenever they receive the slack invite.
- While I truly believe in the need for anonymity in certain cases, I’m making a small trade-off here in the hope we can keep a quality community. And again, people remain anonymous to the rest of the community.
If someone really does have problems with revealing their identity to the select group of trusted moderators, we unfortunately have to deny their request at this point of time.
Why stay with slack?
While many cryptocurrency communities (mostly those related to token projects) have started to make the move to other open-source alternatives such as Riot.im and Rocket.chat, I personally believe in staying with slack for a few reasons.
- Adoption. We’re a community focused on beginners in the cryptocurrency space. Many people interest in this space happen to be the same target audience as slack. This means that most members joining, have already installed slack on their devices. The main benefit that comes with this, is that people won’t easily forget the slack group, unlike communities on platforms they don’t already use in their daily routine. This is a really big factor for me personally.
- Moving platforms does not necessarily solve the problem. Now, of course, you can actually modify the other platforms as they are open-source, but at this moment we do not have the development resources to make this happen. Just moving platforms does not solve the spam problem or mitigate the phishing attempts in itself. Slack has been a big target because it’s relatively easy and many communities were using slack, but that doesn’t mean it’s exclusive to slack.
Thank you for putting up with this so far
I want to thank you for being able to put up with this so far. I know the spam has been an incredibly annoying aspect of being in the slack community, but I sincerely hope our measures will help prevent this from happening in the future.
That said, we’re still looking for a moderator based on the west coast of the USA, so if this is something you’re interested in, feel free to reach out to me on slack (@dylandasmsma).
Also, if you’ve any tips on how we could further improve the quality of the community, we’re always open to feedback on the #community channel.
P.S. If you’re interested in using The Invitational for your own slack community, comment below, send me a message on our slack or connect with me via twitter.