1. What is the Crypto Scam Protection Solution?
It is a one-stop anti-phishing and anti-scam solution for the crypto world. Anyone can search data validated by security experts—and stored on decentralized Threat Reputation Database (TRDB)—by simply installing the UPPward Extension. For both whitelist and blacklist data stored in the TRDB, one can search and double check the correct information such as an ICO project’s wallet address or website URL before making any contributions.
2. What are the benefits of using the Crypto Scam Protection Solution?
You will not send your own funds to the wrong address if you are an active user of this solution. By installing the UPPward Extension, you can check whether the recipient wallet address is malicious or not. For example, when users search an ICO project, it will display the official information of the ICO project to prevent you from falling for social media impersonation, phishing sites, and typical crypto scams. Ultimately, the benefit is that this solution will protect you from sending your investment to the wrong wallet address.
3. Is it free to use the Crypto Scam Protection Solution?
Yes. The solution is free to use. Sentinel Protocol will be charging UPP tokens for advanced features that will be available at a later stage, such as the Machine Learning-based malformed transaction and distributed sandboxing. As for the TRDB, we may charge for API access eventually, but that will be after many crypto organizations understands the necessity and importance of using it.
4. How does the Crypto Scam Protection Solution work?
It’s a virtuous cycle. The more participants contributing the data, the more protection individuals and organizations will have from scams and fraud. All reported data from the UPPward Extension would be reviewed and validated by The Sentinels (Pre-Sentinels). The validated data then goes onto the blockchain in the TRDB. At that point, the data can be accessed by anyone using the UPPward Extension.
5. How do I provide feedback to the team?
For any product related inquiry, please submit it to firstname.lastname@example.org. You’re more than welcome to submit your feedback there as well.
1. Where can I install the UPPward Extension?
You can install the UPPward Extension from the Chrome Extension Store or Firefox Extension Store.
2. What type of data can be searched within the UPPward Chrome?
The UPPward Extension is the search engine for anything related to crypto investments and ICOs. Searchable inputs include website URl/URI, wallet address, smart contract address including non-ERC20 based addresses, telegram group and admin IDs, LinkedIn pages of the ICO project, etc.
3. Do I need to sign up to use the UPPward Extension?
No. Simple installation is all you need to use. To gather as much data as possible, we lowered the usage barrier by removing sign up and sign in feature in the August launch version. If wanted, one can provide his or her email address when reporting a new case so that retrospectively he or she can earn Sentinel Point later when account system is provided.
4. Why do some searches not have any results?
At this time, the UPPward Extension product is new. However, once used by more people and organizations, the faster we will collect data and the faster the TRDB will grow. Collective intelligence is the most ideal way to combat the fast malicious growth of fraudulent activity, and a mature TRDB will provide plenty of search results to help users protect themselves.
5. Where can I find the report feature?
The report feature is not the most explicit UPPward Extension feature at the moment. Rather, the search feature is the most important part of the product’s search engine concept. However, once you run a search and there are no search results, the Report Now button will be displayed.
6. What does Active Protection mean?
7. Will you support other browsers?
Yes. We have plans to support more browsers in the near future.
1. Does the TRDB only store malicious data?
No. The TRDB stores both authentic and malicious data, which means it has whitelisted and blacklisted information. For example, the official website URL of sentinelprotocol.io is whitelisted as authentic data. Conversely, sentinel-protocol.com is blacklisted as malicious data. For any search result not in either list will be marked as unknown data, in which case, please submit a new report!
2. How has been data collected?
The data has been collected by Pre-Sentinels, Uppsala Foundation, and allied security partners thus far. After the launch of the Crypto Scam Protection Solution, we expect that the general public will be able to contribute. We will see true collective intelligence at work.
3. How long does it take for validated data to go onto the blockchain?
Once the Pre-Sentinels or Sentinels validate the data by clicking the release button, the data will go into block creation. The EOS platform is known to take about 45 seconds to create each block.
4. Can anyone use the TRDB data via API?
Upon request and our review, yes. Crypto exchanges and wallets can integrate the TRDB API and query malicious and suspicious wallet address data for Anti-Coin Laundering (ACL) purposes. The API is expected to launch in Q4 2018 and its usage will be free until we believe users have learned its value after using it for some time. In other words, we will first focus on increasing adoption of the TRDB API among more organizations and ensure they benefit from it.
5. Since the TRDB is accessible by anyone, what if malicious actors somehow use the data against us?
Whether it is whitelisted or blacklisted, threat data on TRDB will be accessible as it is on the blockchain. We believe that there are more positives than negatives when we transparently share data that tracks malicious activity, because doing so is more likely to help more people protect themselves from bad actors than get exploited. We also believe that this transparency will deter malicious activity, further decreasing the likelihood that shared data will cause anyone harm.
1. Only The Sentinels can create an account. Why?
The first and early version of the Sentinel Portal launched in August is an initial version designed with Pre-Sentinels’ critical needs in mind, rather than all the features that individuals can enjoy. The development priority was given to building features for Pre-Sentinels workflow and user interface. Individual crypto users are encouraged to use the new product UPPward Extension, where you can search, check, and report.
2. What kind of information is needed when submitting a report?
It has a form that guides you on what information to fill in, such as blacklist information or whitelist information, types of threat tags, and additional details. Additional details can include your recent internet use behavior for Pre-Sentinels to investigate, such as receiving a suspicious email that appears legitimate, or downloading any files.
The key is to describe how you lost your crypto assets. If requested, you would need to prove the ownership of the original crypto wallet. A description guide is as follows below: 1. Did you visit a phishing site? Provide the URL. 2. Did you receive a suspicious email that looks legitimate? If so, please do the following: 1. Copy the email title and body. 2. Copy the email headers.
In Outlook live:
- Open the message in your inbox.
- Click the down arrow in the upper right corner of the message.
- Click "View Message Source"
- Open the message in your inbox.
- Click the down arrow in the upper right corner of the message.
- Click "Show original" 3. Did you download any suspicious files? Exe? Doc? 4. Provide your browser history. You may use a screenshot of your browser history around the suspected time when the incident occurred. 5. Attach any suspected malicious files.
3. How do you penalize fake reports?
In the case of repeated false report attempts, we penalize false reporters by flagging their reports as originating from a ‘bad IP address.’ With an account system in the works, users will eventually be required to sign in to submit a report, thereby making it easier to penalize malicious attempts.
4. Can I earn Sentinel Points by reporting a case?
The Sentinel Point system will be fully available once we have enough usage pattern data to set up a reasonable and practical conversion rate with UPP tokens. We will use both the users and the Pre-Sentinels’ usage patterns plan to structure the point system. We expect to spend at least two to three months monitoring the usage pattern of the UPPward Extension and Sentinel Portal. Still, when you report, you can submit your email address so you can retroactively earn Sentinel Points when the point system is active.
5. How do you guarantee that the data displayed on the Sentinel Portal are not compromised?
First of all, the TRDB is safe from data forgery as it is stored on the blockchain. Sentinel Protocol takes security measures seriously, so we make sure that the Sentinel Portal is hosted in an industry-standard secure hosting system. Besides using third-party web application firewall and IPS/IDS services, the UPPward Extension and its server communications are secured by both SSL\TLS encryption and Sentinel Protocol’s own custom protective measures. Uppsala Foundation, the team behind Sentinel Protocol, is also trained to deal with potential malicious attacks that attempt to gain unlawful access to our internal network.
1. Who are the Pre-Sentinels? Will they become The Sentinels later?
In the early stages, the 14 Pre-Sentinels security experts, who were recruited and thoroughly interviewed in February and March, will take on the role of the Sentinels. This role consists of collecting data manually, reviewing reported cases involving hacking incidents and new ICO data, and confirming the validity of that data. These responsibilities are evenly distributed among the Pre-Sentinels, with one Pre-Sentinel initially reviewing the data, and the Uppsala Foundation security team double-checking the validity of the same data.
2. Who are in the pipeline for The Sentinels? When will they be in the works?
The Pre-Sentinels are in line to become The Sentinels. Additionally, conventional security vendors and a group of white hat hackers are in the pipeline to be The Sentinels. The Sentinels are expected to be deployed in the upcoming product lines when these have full features embedded.
3. How do the Sentinels create consensus?
In the initial version, case validation occurs among Pre-Sentinels, where data from one Pre-Sentinel double-checked by the Uppsala Foundation’s security team. Eventually, under DPOS consensus, 7 Sentinels will validate incident data and the correspondent block will be created. For any malicious attempts by a Sentinel, that Sentinel will be penalized, losing Sentinel Points and thus losing financial rewards and reputation. With this incentive and penalty structure, The Sentinels are expected to make the correct validations.
4. What if The Sentinels make mistakes? Can they be fixed after going onto blockchain?
Within the Sentinel Portal, case statuses can be fixed by the Sentinel himself or by the other Sentinels. For the data already stored on blockchain, only the Sentinels have the authority to create blocks. They can overwrite the previous block and create a new one. This will also happen when the status of a site or an address status (e.g. a whitelisted address can later be blacklisted).
5. Do the Sentinels ever require private keys for investigation purposes?
No. The Sentinels may request you to prove ownership of the original cryptocurrency wallet, but they will never ask for any private keys. Never share your private key anywhere or with anyone—this includes the Sentinel Protocol ecosystem.