The MetaCert Protocol White Paper: Introduction

This section covers our vision, problem statement, and the proposed solution.

Paul Walsh
Jun 17, 2018 · 7 min read

Why publish on Medium?

By providing a version of our white paper on Medium, we aim to achieve two things;

  • Community engagement — please comment and question any section. If you find that your question or concern is answered elsewhere, please feel free to delete your comment so we don’t end up with more work than is necessary.
  • Accessibility — we don’t like reading PDFs but they’re a necessary evil in the crypto world. They’re expected. But we believe medium posts are more accessible across every device — including mobile.
Download a PDF version of the White Paper

Contents

Clicking on each heading will take you that section’s medium post.

1. Index

2. Introduction

3. The MetaCert Protocol

4. Token Mechanics

5. MetaCert’s Prior and Related Work

6. Design Goals

7. Solution: The MetaCert Protocol

8. Future Work

9. Token Sale Breakdown *(This section is not in the PDF)

Introduction

Our Vision

We are building an open security protocol for the Internet storing trust and reputation information about Uniform Resource Identifiers (URIs) including domain names, applications, bots, crypto wallet addresses, Application Programming Interfaces (APIs), and content classification. The Protocol’s registry is machine-readable and queryable for use by Internet Service Providers (ISPs), routers, crypto exchanges, Wi-Fi hotspots, mobile devices, browsers, websites, and applications to help address cyber threats such as phishing, malware, brand protection, child safety and news credibility.

Abstract

Not a week goes by without news of a crypto exchange being hacked [1], a major corporation or public institution suffering an Internet security breach or innocent victims falling prey to phishing scams [2]. Internet security is a critical necessity for organizations and individuals, but remains one of the most difficult problems to contain because threats continue to evolve.

MetaCert, the author of this document, isn’t just a company; we are a group of individuals driven by our collective passion to protect people from personal and financial losses and give guardians the chance to protect children from inappropriate content.

The team behind MetaCert has been working for years to create and maintain standards for security across the Internet. MetaCert’s founding members helped to create the W3C [3] Standard for URI Categorization — the most widely used standard across the Internet. Today, the MetaCert team combines its expertise in setting URI standards with years of experience in the realm of online safety and security in order to shift one of the world’s biggest cyber threat intelligence systems of URIs to the Blockchain (a distributed ledger). Therefore, MetaCert will introduce an open protocol called the MetaCert Protocol (“the Protocol”) that will improve the Internet’s trustworthiness and reputation.

Using distributed ledger technology, MetaCert will decentralize its categorized and currently centralized registry of URIs to democratize the submission, validation and dispute processes for URIs.

To enable the growth, development and utility of the Protocol, we are launching the META Token (the “Token”). Once the Protocol is operational, the Token will be the foundation of a tokenized economy that incentivizes users to behave appropriately, mitigating the risk of bad actors and reducing community security vulnerabilities.

What Motivates Us

We believe in a free, open and safe Internet for everyone where the public can access the resources they want while avoiding content they prefer not to see. You should feel confident identifying and avoiding dangerous links and be empowered to safeguard yourself and your children from links with inappropriate or distasteful content.

We believe it should be easy for people to avoid phishing scams, malicious software (malware), and other fraudulent, intrusive and deceptive ploys.

We believe it should be easier to tell the difference between what is real and what is fake news, so society can make better informed choices about who they vote for. And we believe brands should be protected so their consumers don’t become victims of online fraud.

These are just some of challenges we have been working to address for the past seven years.

The Problem

Who is the real owner of example.com? Is this app safe to download? Does this website contain JavaScript that will hijack my computing resources for crypto mining [4]? Is this content safe for kids? Does this news article come from a reliable source? Has this crypto wallet address been verified? Is this a fake Twitter account?

Each of these questions implicates an important aspect of the Internet — Uniform Resource Identifiers (URIs). URIs are used to identify resources such as domain names, social media accounts, news articles, apps, bots, crypto wallet addresses, APIs, or IoT devices, but can you rely on the safety of a URI before opening it?

The general issue with trust and reputation on the Internet is a question of checks and balances: who checks the checkers and who decides who can be trusted? Until now, users have had little choice but to trust centralized organizations with an almost monopolistic grip on what is considered trusted.

Even open source, transparent lists are just arbitrary lists of URIs that are considered good or bad. Where’s the guarantee each item on these lists is error free and genuine and if users rely on them, where’s the guarantee they will remain up-to-date?

What about Extended Validation (EV) certificates? These types of certificates require a more rigorous vetting process for verifying ownership of a domain, confirming the physical location and the asserted identity of the legal entity requesting this form of certificate. Despite good intentions, recent research has shown that EV certificates can be abused by bad actors [5].

In short, users don’t know who to trust. Opening the wrong URI can result in users logging into a phishing website, having their personal information stolen, or losing their cryptocurrency. Users may also end up downloading malicious software (malware) or ransomware onto their devices.

We believe the problem can be distilled into three main issues:

  1. Users are not adequately capable of detecting and avoiding security threats due to ineffective threat identification and categorization
  2. Detected threats are often incorrectly categorized
  3. Users and service providers aren’t properly incentivized to fix the existing detection and categorization issues

The Proposed Solution

Over the years, MetaCert has researched and developed one of the world’s most advanced crawlers and threat intelligence systems for categorizing URIs. Using our proprietary technology, innovative approach and help from thousands of people in our community, we have built one of the biggest sources of trust and reputation information about URIs in the world.

MetaCert is building a query and response protocol on the blockchain that stores open sourced and community verified information on resources such as domain names, IP addresses, social media accounts, bots, applications, crypto wallet addresses or autonomous system identities. The Protocol stores and delivers content in a human and machine readable format. The information stored on the Protocol can be used by anyone to build products or services to address issues such as phishing, malware, brand protection, child safety and news credibility.

Using the blockchain, it is now possible to create new open systems that curate data sets through smart contract rewards, incentivize good behavior and mitigate the risk of bad behavior using fairly applied counter-measures and punishments. Once structured and populated on the main blockchain or its side chains, these curated data sets become immediately eligible for global distribution on a mass scale.

The Protocol is a special case of this incentivized curation and distribution network, extolling security, openness, and transparency across the entirety of its operations. The Protocol will contain the world’s foremost high-quality information and determinations on URI reputation and it cannot be edited without an audit trail for all to see.

With the Protocol, the trust and reputation of the Internet is placed back into the hands of everyday people. It will be enabled through a system of checks and balances to ensure high quality participation and authentic behavior that is incentivized by a Tokenized economy.

Contents

Clicking on each heading will take you that section’s medium post.

1. Index

2. Introduction

3. The MetaCert Protocol

4. Token Mechanics

5. MetaCert’s Prior and Related Work

6. Design Goals

7. Solution: The MetaCert Protocol

8. Future Work

9. Token Sale Breakdown *(This section is not in the PDF)


🖌 Please feel free to respond with questions or comments about anything you read in our White Paper or Technical Paper directly within Medium, and be sure to engage with other members of the community who also have questions or comments.

🔐 MetaCert Protocol is based on established enterprise-grade technology that powers live products. These products protect hundreds of thousands of people on the Internet today, but this is just the start. We need the community to help us iterate this work. Together we can help make the Internet a safer place for everyone.

Don’t forget to click 👏🏻 to let MetaCert and others know how much you appreciate this post.

Install Cryptonite to help protect your crypto from phishing scams. https://metacertprotocol.com/cryptonite

Use our Telegram Security Bot to check the status of links and crypto addresses, and warn users about phishing in Telegram communities. https://metacertprotocol.com/telegram-bot

Join our Telegram channel where you can engage with the core team and the community. https://t.me/metacert

Download a PDF version of the White Paper

METACERT

MetaCert builds tools to help protect people from phishing attacks.

Paul Walsh

Written by

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.

METACERT

METACERT

MetaCert builds tools to help protect people from phishing attacks.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade