Last year, we wrote about an industry first for both cyber security and crypto: rewarding everyday users for the cyber security telemetry they generate passively, every day, just by using their mobile and computing devices. Since then, we’ve been asking PolySwarm’s customers and engine providers like Sentinel One, CrowdStrike, and Kaspersky what cyber security and malware data are most valuable to them and how we can help enlist everyday Internet users to make everyone more secure.
In this post, we’re sharing our 2022 plans for how we plan to reward everyday Internet users with PolySwarm’s NCT token for providing, enriching, and staking cyber security telemetry through PolySwarm’s platform.
During our in-depth discussions with existing and prospective customers, we keep hearing the same concern: large players like Google and CloudFlare re-centralizing the Internet through free services while encrypting and monetizing user data that is critical to cyber security.
PolySwarm’s NectarNet (Beta) will focus on a critical source of cyber security data called Passive DNS. Anytime someone visits a web page, their web browser initiates dozens of DNS requests that translate domain names (e.g. polyswarm.io) to the IP addresses where those servers live on the Internet. Passive DNS data is compiled by aggregating millions of these DNS requests and is used by cyber security experts to spot attackers along with their malware and attack infrastructure. Today, this data is sourced from millions of user queries and monetized by collecting companies, all without users receiving rewards for their data, which ultimately has immense value in helping to spot cyber attacks.
Phase 1 May 2022: NectarNet (Beta) - NCT Rewards to All Users
The PolySwarm development team is hard at work adding to our mainnet platform so that current NCT holders and new users can earn NCT by sharing their DNS resolution data. As of Tuesday, June 7, the PolySwarm NectarNet Beta is now live. This latest version of NectarNet will be offered exclusively to existing NCT holders with polyswarm.network accounts who requested to participate in the Beta program. NectarNet Beta users will start receiving NCT rewards just for sharing their DNS queries with PolySwarm.
NectarNet (Beta) users can download and install the browser extension ‘here’. Just simply follow the instructions to start sharing DNS lookup data with PolySwarm, earning NCT in the process. PolySwarm will be the first to reward users with NCT for their contribution to PolySwarm’s Passive DNS data that cyber security professionals rely on.
For our Beta release, PolySwarm plans to dedicate fixed daily reward pools of NCT to apportion to user-contributed PolySwarm Passive DNS data. We expect total rewards over the first year of operation to reach $1M USD worth of NCT, funded from our treasury. We have allocated the necessary tokens from our treasury to build up this valuable dataset. As part of our Phase 1 release, we expect the majority of daily NCT rewards to go to users who submit DNS data that provides additional intelligence to the PolySwarm ecosystem, such as:
- Context around current threats being tracked in PolySwarm’s malware dataset, such as tying malicious domains to a known command and control IP address in current malware
- Geographic distribution and spread of malware domains
- Instances of attackers or authoritarian governments attempting to hijack legitimate website traffic
Since we launched PolySwarm in 2018, we’ve learned a lot about compensating security experts, and the crypto community has seen a lot of innovation for fair token rewards within two-sided marketplaces (e.g. PolySwarm’s cyber security customers and PolySwarm DNS users). We’re hard at work on modeling, refining, and providing adequate transparency (and privacy!) to this rewards structure and will share more information as we approach the Beta release.
Phase 2 2023: Staking and Mining on Threats
PolySwarm Passive DNS (PPDNS) data is a great start for NCT-rewardable data that helps protect users. However, for many cyber security experts (including PolySwarm’s customers) PPDNS is only the tip of the iceberg and requires more context around unknown/strange domains. PolySwarm telemetry providers and NCT holders can provide this context, getting rewarded in the process, and that is exactly what we’re building for Phase 2: further rewards when NCT holders stake their holdings on certain threat’s validity and/or actively mine more context around PolySwarm threat data. Good examples of what staking and mining tasks are best summarized in as software-driven answers to questions that cyber security experts ask:
- Does badmalware.com serve any malicious URLs? (malicious URL mining)
- What secure certificates are in use on this potentially malicious site? Does that tie with other malicious sites? (threat mining, staking on high mal-potential sites)
- Is the attacker smart enough to geofence these URLs to one or more target countries to reduce visibility? (mining with geographic distribution)
Today these questions are answered by a patchwork of paid cyber security data and software products, many of which mine user data, without the block-like reward. While there are many open source and free data sources for bad URLs, “free” products currently have 400M+ users’ cyber security data monetized. PolySwarm is re-inventing the economics of this market to reward users for threat data while at the same time helping cyber security experts quickly spot problem areas based on users' NCT stakes against the telemetry data.
Concretely, Phase 2 of NCT for telemetry will focus, via Chrome and other browser extensions, on allowing web users and PolySwarm NCT holders to earn rewards for identifying, enriching, and staking NCT by highlighting telemetry like malicious URLs. Our ambition is to replace widely leveraged sources, like Google’s safe browsing list, with a high-quality, community-built alternative. In the process, PolySwarm’s NCT holders are continually rewarded for their roles in protecting users from harmful sites. Those rewards will be earned on data like URLs in three main ways:
- Identification - there are billions of unique pages on the Internet, many of which have the potential for malintent. Through installed browser extensions, PolySwarm NCT users will help identify, submit to PolySwarm's engines, and classify potential malicious sites. Think of this as mining on threats, and generally, NCT users earn outsize rewards when they’re first to spot a malicious URL, just like solving a block.
- Enrichment - initial discovery and conviction of a URL touches off a whole host of other processes that both verify the URL is bad and update advanced models to identify other bad URLs. PolySwarm users with installed browser extensions will automatically earn NCT for helping in these enrichment processes (e.g. JARM to enumerate TLS certificates used by the bad guys).
- Threat Staking - Cyber security experts see a lot of threat data on a daily basis, and a huge challenge remains in (a) weighting each threat and (b) hunting for specific threats in their enterprise. NCT holders and PolySwarm users can prioritize threats by staking their NCT against specific threats or PolySwarm users that have a knack for identifying fresh threats. When a PolySwarm customer identifies a staked threat in their environment (e.g. via match on PolySwarm’s feeds), those NCT holders that are staking receive a greater proportion of the rewards allocated by the market. For the DeFi types, you can think of this as threat liquidity mining.
We’re currently in touch with our many customers about adding additional feedback loops for identification, enrichment, and threat mining and will update our progress on our blog in the coming months. In the meantime, we’re excited to develop this use case and welcome community feedback online.
Thanks for reading,