Securing the acronyms: preparing for the metaverse and Web3
The world has gone meta and crypto, wrapped in chains and coloured by NFTs. It is a whole new realm of digital innovation and technology that is transforming human engagement and interactions, and set to shift the boundaries of connection and commercialisation.
It is also a brand-new world of security risks, vulnerabilities and valid user concerns. For in as much as these innovations can break the boundaries of human interaction, they are also new opportunities for fraud, cybercrime and scams.
We are not sure where the metaverse, Web3 and NFTs are going to lead, or if blockchain will remain a viable solution to support these technologies, or even what the future of these digital worlds may hold; but we do know that they are all going to need better approaches to security.
There is a lot of money being invested into this field and a lot of money being stolen too. Even if it all appears over-hyped right now, we have to find ways to better protect the consumers, users and investors of these ecosystems.
Smart contracts, NFTs, dApps and cryptocurrencies are building blocks of the future metaverse and will need to be assessed more closely. Fad or not, the metaverse and its surrounding technologies can potentially evolve to provide organisations with additional places to operate and individuals with new worlds to explore, which means that security has to play a lead role in making sure that the billions being invested are not about to be the billions being stolen.
There are multiple definitions of the metaverse and what it means, but even though it is primarily conceptual right now, some elements exist already,” explains Collard. “Currently, it is an umbrella term for extended reality– virtual and augmented – and the rapid adoption and development of tools like Oculus, which made these more mainstream.
Spearheaded by the gaming community, AR and VR as well as the virtual worlds or “lands” in which we can play, engage, learn or meet one another are now being readily explored by children and adults alike.
The question here is how to ensure that these virtual realms are properly secured and protected. The access granted cannot be unrestricted and current security platforms are not geared to providing the layers required to ensure that this becomes adequately managed.
Another challenge lies in the management of assets within these realms – the future of ownership is changing. Metaverse design principles are making things composable, which means they can be reused across different worlds. Well, in theory. And this means that these assets have to be reliant on smart contract technologies that are secure and trusted enough to be shared and traded without compromise.
Decentralisation forms a large part of this as well, but that design principle brings with it a host of challenges. Blockchain evolved out of the wish to remove control of finance from an unscrupulous financial services industry as a result of the financial crisis of 2008.
However, decentralised finance, or “DeFi” brings with it the risk of repeating the same sins of the original unregulated banking system, and then makes it worse, such as enabling criminals and financial fraud or scams.
Also consider that the main investors in this space are venture capitalists and financial services groups and the biggest mining pools are controlled by a handful of companies. So the ecosystem is not even as decentralised as it is being made out to be.
Still, there exist many opportunities for creators, particularly in the gaming and art space, where new innovations and ideas can thrive. Where people can pay exorbitant amounts of money to attend exclusive virtual experiences that are as elite and enticing as those that are hosted in the real world.
And for avatars to be bought and customised, and for worlds to be curated and designed for specific people and interests. The process of getting to their full potential is still a long one that needs constant attention to ethics, security and control.
There will always be fraud and crime, especially if systems are decentralised or if we rely too much on pieces of code such as smart contracts.
At the end of the day, smart contracts are pieces of code written by people and people make mistakes. There is opportunity for vulnerabilities to be exploited on every layer. Let’s also not forget that criminals often target the users because they are the easiest to attack.
This does not mean that the world should not move forward and explore these opportunities, only that we have to educate developers and users and ensure that they are aware of the risks and that security is involved from the very first step.