The MetaCert Protocol White Paper: MetaCert’s Prior & Related Work

The section covers the groundbreaking historic efforts of our team’s core members, and our suite of existing products.

Paul Walsh
METACERT
Published in
8 min readJun 17, 2018

--

Download a PDF version of the White Paper

Contents

Clicking on each heading will take you that section’s medium post.

1. Index

2. Introduction

3. The MetaCert Protocol

4. Token Mechanics

5. MetaCert’s Prior and Related Work

6. Design Goals

7. Solution: The MetaCert Protocol

8. Future Work

9. Token Sale Breakdown *(This section is not in the PDF)

MetaCert’s Prior & Related Work

Crawlers and URI Categorization Technology

MetaCert built one of the most advanced Internet crawlers and URI categorization technologies in the world after realizing that every filtering tool on the market used antiquated techniques and technology, resulting in ineffective classification with high volumes of false positives. Existing systems built on legacy architecture failed to address the changing needs of today’s users. Over the past seven years, the MetaCert crawler gathered, categorized, and indexed over 10 billion URIs across 65 categories.

MetaCert is the only company in the world today capable of categorizing any part of a URI. For example, consider how http://imgur.com/r/nsfw would be categorized using MetaCert versus other existing technologies. Using MetaCert’s proprietary technology, imgur.com is categorized as “Image Sharing”, and /nsfw/ is categorized as “Pornography.” This level of granularity is a major advantage that MetaCert has over existing technologies.

This means the Protocol will be the very first that will allow people to submit and validate information about resources such as social media accounts and folders with user generated content without having to submit and validate the entire domain name. This incudes resources that go undetected by many cyber security companies like OpenDNS [6], Symantec [7], Bluecoat [8], and which evade detection by the Google Safe Browsing API [9].

To put things into perspective, OpenDNS, one of the world’s most respected filtering companies, receives over 135 billion DNS requests daily and has categorized 2 million unique domains into 65 categories. In comparison, MetaCert has categorized over 7 million unique domains just for Pornography, which is just one of over 60 categories.

We have over 800,000 unique domains in our review queue. These domains will be moved to the blockchain, where anyone will be able to sign-up to review and validate them in return for Tokens. By combining our existing wealth of data, designing a system to manage the integrity of this and all future data stored on the blockchain through a tokenized economy, we are laying the foundation for the Protocol described in this paper.

Our fully functional existing products will benefit from the transition to the Protocol.

Proven Track Record In Crypto

We have an established suite of security products that use the centralized categorized registry discussed throughout this document. Each product showcases how each of the security categories can be utilized.

MetaCert Security Slack Bot

MetaCert is one of the most established security companies in the messaging space. SingularDTV [10], a Blockchain Entertainment Studio, reached out to us for help in 2017 to protect their Slack community. Since then, MetaCert has become one of the most trusted companies when it comes to protecting Crypto companies such as Mercury Protocol [11], BigchainDB [12], Neufund [13] and COSS [14] from phishing scams inside their Slack communities. Our software, the MetaCert Security Slack Bot [15] currently protects over 250,000 people, and continues to grow.

MetaCert Security Bot for Telegram

Messaging service Telegram, which boasts over 200 million monthly active users, has become a prominent choice for hosting crypto communities including MetaCert. As these communities flourish, they’ve become ripe for phishing scams.

We launched a Security Bot for Telegram [16] in March 2018 to address these issues and the community responded favorably. This Security Bot currently protects more than 350,000 crypto enthusiasts across a number of communities and its adoption continues to grow.

Cryptonite Browser Extension

In December 2017, MetaCert started a social experiment to see if it was possible to build an entirely different solution for domain ownership verification — a process that could reduce the risk of phishing by more than 95%. We built and published a browser extension called Cryptonite [17] for Google Chrome, Mozilla Firefox, and Opera Browser that verifies domains owned by cryptocurrency exchanges, projects and wallets.

The screenshot above shows a Crypto company educating their community to look for the Cryptonite shield when visiting their website.

When an End User visits a site that is “Verified by MetaCert” like Coinbase[18], Cryptonite changes the color of the Cryptonite shield on the browser bar from black to green, thereby indicating that they are on the real Coinbase website and not a new phishing domain that hasn’t been discovered yet.

The feedback on this product has been overwhelming. Cryptonite gained over 50,000 active users in the first six weeks of launch. Users want to remain safe when buying and selling crypto and our user base continues to grow.

We now receive requests from some of the biggest exchanges in their respective jurisdictions, from Sweden to Malaysia, to verify their domains as their communities are complaining about not being verified by MetaCert.

Active Participation In Community Growth

A number of our customers and their End Users are consumers and contributors to our existing centralized registry. Many of them submit and validate URIs already and this existing network of participants will help accelerate the growth of the Tokenized economy for the Protocol.

We currently maintain products using our registry in the following categories:

  • Phishing
  • Malware
  • Child Safety
  • Brand Protection
  • News Credibility

In addition to providing products utilizing the Protocol, we want to see the development of new and innovative applications of the Protocol that haven’t yet been considered. To facilitate this we will provide Token grants and incubation to help third parties build new products and services that address real, everyday problems on the Internet.

A Team With Proven Domain Expertise And Experience

Paul Walsh, our founder and CEO, co-initiated the creation of the W3C Standard for URI Categorization that formally replaced Platform for Internet Content Selection (“PICS”) [19], the previously used worldwide standard in 2009.

Paul also holds a US Patent for in-app WebView security for anti-phishing based on the URI categorization with two more patents pending for advertising, news credibility, and many other categories.

Ian Hayward, our COO, sponsored the engineering build and maintenance of spreadfirefox.com [20] as Mozilla’s lead community admin from 2005 to 2009, where he helped guide Firefox’s grassroots community marketing. It is Ian’s unique approach to open source projects that enables MetaCert to build and support an active contributor and evangelist community.

Overcoming the Challenge of Crowdsourced Data

While crowdsourcing does exist for some URI categories, it only covers a fraction of potential threats on the Internet and it doesn’t properly incentivize participants. This is because centralized entities are more concerned with “owning” trust and reputation than they are about building a more secure network.

PhishTank [21], launched in October 2006 as an offshoot of OpenDNS (Cisco), offers a community-based phishing verification system where users submit suspected phishing websites and other users “vote” on whether it is a phishing website or not. Unfortunately, because contributors don’t get rewarded for their participation and it is relatively easy for bad actors to spoil the quality of this data.

By moving their efforts from PhishTank, and other similar lists to our Protocol, contributors will be rewarded for their hard work and have a say in the future governance with the ability to react much faster to changing markets and product needs.

Historic Approaches

PICS was a specification created by W3C that used metadata to label webpages for the first time to help parents and teachers control what children and students could access on the Internet. The W3C Protocol for Web Description Resources project integrated PICS concepts with the Resource Description Framework (“RDF”).

PICS often used content labeling from the Internet Content Rating Association [22], which has been discontinued by the Family Online Safety Institute’s board of directors. Internet Explorer 3, released in 1996, was one of the early web browsers to offer support for PICS. With the release of Internet Explorer 5, Microsoft added a feature called approved sites, which allowed extra sites to be added to the PICS list when it was being used. Apple’s parental controls still relies in part on PICS labels on websites today.

PICS was superseded by the Protocol for Web Description Resources (“POWDER”) [23] in December 2009, a system that was co-initiated by Paul Walsh and Phil Archer. Although MetaCert doesn’t strictly use the POWDER specification, our founder’s work to establish it demonstrates how MetaCert became the world’s authority on URI Classification and Content Labeling. Paul Walsh has been working on URI Classification and Content Labeling techniques, standards and tools since 2004 when he founded a Web Accessibility Compliance Certification company called Segala. Ian Hayward built the first browser extension for Segala, which was later formally endorsed by the W3C as one of the most compelling implementations of the semantic Web.

Contents

Clicking on each heading will take you that section’s medium post.

1. Index

2. Introduction

3. The MetaCert Protocol

4. Token Mechanics

5. MetaCert’s Prior and Related Work

6. Design Goals

7. Solution: The MetaCert Protocol

8. Future Work

9. Token Sale Breakdown *(This section is not in the PDF)

🖌 Please feel free to respond with questions or comments about anything you read in our White Paper or Technical Paper directly within Medium, and be sure to engage with other members of the community who also have questions or comments.

🔐 MetaCert Protocol is based on established enterprise-grade technology that powers live products. These products protect hundreds of thousands of people on the Internet today, but this is just the start. We need the community to help us iterate this work. Together we can help make the Internet a safer place for everyone.

Don’t forget to click 👏🏻 to let MetaCert and others know how much you appreciate this post.

Install Cryptonite to help protect your crypto from phishing scams. https://metacertprotocol.com/cryptonite

Use our Telegram Security Bot to check the status of links and crypto addresses, and warn users about phishing in Telegram communities. https://metacertprotocol.com/telegram-bot

Join our Telegram channel where you can engage with the core team and the community. https://t.me/metacert

Download a PDF version of the White Paper

--

--

Paul Walsh
METACERT

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.