Last year, we wrote about an industry first for both cyber security and crypto: rewarding everyday users for the cyber security telemetry they generate passively, every day, just by using their mobile and computing devices. Since then, we’ve been asking PolySwarm’s customers and engine providers like Sentinel One, CrowdStrike, and Kaspersky what cyber security and malware data are most valuable to them and how we can help enlist everyday Internet users to make everyone more secure.
In this post, we’re sharing our 2022 plans for how we plan to reward everyday Internet users with PolySwarm’s NCT token for providing, enriching, and staking cyber security telemetry through PolySwarm’s platform.
During our in-depth discussions with existing and prospective customers, we keep hearing the same concern: large players like Google and CloudFlare re-centralizing the Internet through free services while encrypting and monetizing user data that is critical to cyber security.
PolySwarm’s initial NCT token rewards will focus on a critical source of cyber security data called Passive DNS. Anytime someone visits a web page, their web browser initiates dozens of DNS requests that translate domain names (e.g. polyswarm.io) to the IP addresses where those servers live on the Internet. Passive DNS data is compiled by aggregating millions of these DNS requests and is used by cyber security experts to spot attackers along with their malware and attack infrastructure. Today, this data is sourced from millions of user queries and monetized by collecting companies, all without users receiving rewards for their data, which ultimately has immense value in helping to spot cyber attacks.
Phase 1 May 2022: NCT Rewards to All Users
The PolySwarm development team is hard at work adding to our mainnet platform so that current NCT holders and new users can use PolySwarm for DNS resolution. Starting in May, PolySwarm will release a Beta version of this first and exclusively (at time of release) to existing NCT holders and polyswarm.network accounts. Holders will be invited first to start receiving NCT rewards just for performing their DNS queries through PolySwarm.
Beta users will be able to configure their Chrome browsers, iOS, and Android devices to start performing DNS lookups through PolySwarm, earning NCT in the process. PolySwarm’s global DNS resolver network will not only ensure fast query times but will also be the first to reward users with NCT for their contribution to PolySwarm’s Passive DNS data that cyber security professionals rely on.
For our Beta release, PolySwarm plans to dedicate fixed daily reward pools of NCT to apportion to user-contributed PolySwarm Passive DNS data. We expect total rewards over the first year of operation to reach $1M USD worth of NCT, funded from our treasury. We have allocated the necessary tokens from our treasury to build up this valuable dataset. As part of our Phase 1 release, we expect the majority of daily NCT rewards to go to users who submit DNS data that provides additional intelligence to the PolySwarm ecosystem, such as:
- Context around current threats being tracked in PolySwarm’s malware dataset, such as tying malicious domains to a known command and control IP address in current malware
- Geographic distribution and spread of malware domains
- Instances of attackers or authoritarian governments attempting to hijack legitimate website traffic
Phase 2 Q4 2022: Staking and Mining on Threats
PolySwarm Passive DNS (PPDNS) data is a great start for NCT-rewardable data that helps protect users. However, for many cyber security experts (including PolySwarm’s customers) PPDNS is only the tip of the iceberg and requires more context around unknown/strange domains. PolySwarm telemetry providers and NCT holders can provide this context, getting rewarded in the process, and that is exactly what we’re building for Phase 2: further rewards when NCT holders stake their holdings on certain threat’s validity and/or actively mine more context around PolySwarm threat data. Good examples of what staking and mining tasks are best summarized in as software-driven answers to questions that cyber security experts ask:
- Does badmalware.com serve any malicious URLs? (malicious URL mining)
- What secure certificates are in use on this potentially malicious site? Does that tie with other malicious sites? (threat mining, staking on high mal-potential sites)
- Is the attacker smart enough to geofence these URLs to one or more target countries to reduce visibility? (mining with geographic distribution)
Concretely, Phase 2 of NCT for telemetry will focus, via Chrome and other browser extensions, on allowing web users and PolySwarm NCT holders to earn rewards for identifying, enriching, and staking NCT by highlighting telemetry like malicious URLs. Our ambition is to replace widely leveraged sources, like Google’s safe browsing list, with high-quality, community built alternatives. In the process, PolySwarm’s NCT holders are continually rewarded for their roles in protecting users from harmful sites. Those rewards will be earned on data like URLs in three main ways:
- Identification - there are billions of unique pages on the Internet, many of which have the potential for malintent. Through installed browser extensions, PolySwarm NCT users will help identify, submit to PolySwarm's engines, and classify potential malicious sites. Think of this as mining on threats, and generally, NCT users earn outsize rewards when they’re first to spot a malicious URL, just like solving a block.
- Enrichment - initial discovery and conviction of a URL touches off a whole host of other processes that both verify the URL is bad and update advanced models to identify other bad URLs. PolySwarm users with installed browser extensions will automatically earn NCT for helping in these enrichment processes (e.g. JARM to enumerate TLS certificates used by the bad guys).
- Threat Staking - Cyber security experts see a lot of threat data on a daily basis, and a huge challenge remains in (a) weighting each threat and (b) hunting for specific threats in their enterprise. NCT holders and PolySwarm users can prioritize threats by staking their NCT against specific threats or PolySwarm users that have a knack for identifying fresh threats. When a PolySwarm customer identifies a staked threat in their environment (e.g. via match on PolySwarm’s feeds), those NCT holders that are staking receive a greater proportion of the rewards allocated by the market. For the DeFi types, you can think of this as threat liquidity mining.
Thanks for reading!