Web3 Security Best Practices: Part 1

Web3 Does Not Have a Customer Service Hotline

Web3 and ENS technology, alongside the decentralized banking system it operates under, has many advantages. None more so than the freedom to ‘be your own bank’. But with the many benefits comes great responsibility, and potentially grave consequences, if the appropriate security measures aren’t taken. Simply put, there is no recourse if we make a mistake and sign our assets away by mistake.

In these series of articles, the aim is to educate and protect you from these pitfalls so you hopefully don’t fall foul to an expensive mistake. Moreover, if you practice high-security measures day-to-day, the effort of these actions will become more like second nature rather than a chore.

That said, being safe and careful will always require more time and effort, but it’s worth doing so. This advice can only guide you. But if you understand and implement what’s laid out, the chances of you losing your assets will decrease greatly.

Protect Your Identity

• It’s common practice for many in web3 to not reveal their real identity, i.e name, face, location, etc. A natural process of integrating yourself into web3 will be engaging in conversations within communities. These often strike up in Discord and Telegram chats where people will innocently get to know each other. Try to be vague with specifics regarding your location, profession, and personal details – anything which would allow someone with malicious intent to zero in on your identity and place of residence.
  Whilst this is not a primary utility, ENS provides a great solution for keeping you anonymous. Many choose to adopt their favorite ENS domain as their online identity, just one example.
• As a general rule, never share your screen. This is something that scammers will try and get you to do in order to relinquish your wallet’s security keys. In any case, while sharing your screen you may inadvertently display personal information about yourself. This can include personal email addresses, full name, bank details, etc. Again, something we want to avoid if we wish to remain incognito.
• Creating a secondary/burner Gmail account for interacting with Google Docs, and general correspondence via email is a wise move. For example, Google Sheets displays a list of names by which the document can be accessed by. This would negate all the previous work you’d done to cover your tracks.

With all that said, many in web3 do indeed prefer to ‘doxx’ themselves and go by their real identities. This can be extremely valuable in an emerging space such as this. Opportunities abound to learn and create with bright thinkers, but the competition can be quite fierce. A digestible point of reference to your skills and experience could put you at an advantage over an anonymous, privacy-driven individual.

Just be sure to enact tight security measures if you do go public with your identity, and regardless, never over-divulge.

Downloads, Extensions and Internet Connections

• Never trust links or files sent to you via Discord, Telegram or Twitter DMs. If you do not know the sender, it’s almost certainly a malicious link/file which will aim to drain your wallet or compromise your device. If the sender is trusted, you can run downloads through VirusTotal which will scan the file and tell you if there is anything malicious inside. However, do not fully rely on this tool; only use it as a companion and always trust your own judgment.
• Anti-virus software is a must and will give you an added layer of peace of mind while navigating your way through the web3 space. Malwarebytes is highly regarded as the best antivirus protection for your devices, with the cost being very affordable at around $30 per year.
• Be selective with your browser extensions. Always be absolutely certain that you have downloaded the legitimate version of your desired web3 application (Metamask, Phantom Wallet, etc)
  A popular method of doing this is to search for ‘Metamask’ on Twitter and seek out their verified account. In the bio of the account will be a link to their official website where you will be able to download their extension. Always ensure that the account has the verified checkmark, and check the recent activity of the account for anything suspicious that will lead you to believe the Twitter account is compromised.
• Always ensure that the internet connection you’re using is secure, and never use public wifi for anything web3-related. By connecting to an unencrypted WiFi network, your data could be leaked and accessed by hackers. You should also disable the NFC and Bluetooth functions on your device while in public spaces.