Top 5 Tips On Staying Safe On Decentralized Social Media
We’re always taking steps to improve trust and safety in the NFT space and make sure users feel comfortable connecting with us in all of our community channels. But for users to stay safe in web3, they also need to be careful on Decentralized social media like discord or any other cult favorite account.
How to use Decentralized social media safely
There are several channels where you can hang out and talk with other community members about the latest NFT trends. We encourage you to join in! But be careful when talking to and asking questions of the wider community on Decentralized social media. Everyone who works officially has an authenticated mark next to their username.
Meta’s announcement on decentralized social media may seem like a good move, but is it really worth the investment?
— Speed ⚡ Bitcoin lightning payment platform (@speed_LN) March 10, 2023
As a reminder, A genuine Decentralized social media staff will NEVER:
- DMs first to you.
- Ask for the seed phrase for your crypto wallet.
- Ask to see the QR code on your wallet.
- Ask you to sign any message with your wallet or send you to a link that will ask you to sign a message with your wallet.
- Ask you to prove who you are in any way, like by sending you to an outside website to log in to a different server.
- Ask you to move cryptocurrencies or non-fiat currencies for them.
- Ask you to click on any links. other than the official ones from the Decentralized social media server you are using.
- Ask you to scan a QR code to verify a collection or get help with technology.
- This is an example of a suspicious DM request
If you’ve received any of the above requests, it’s likely that it’s a suspicious one. Please tell Decentralized social media about the sender.
First, safety: what to do
Here is a list of operational security (opsec) best practices that people from all walks of life should follow regularly. Even the most experienced Web3 users can fall for scams and phishing attempts in the community ecosystem since bad actors are always moving around.
1) Avoid DMs
We think you should block DMs on Decentralized social media. To do so:
In the settings for Decentralized social media, you can turn off all direct messages by default. Most scams and phishing attempts start with direct messages. If someone you don’t know asks you for something, you should always check it out first. This is true for other chat apps like Telegram and Signal that is used a lot in the web3 community.
2) Be wary of requests to be friends
By default, DMs will be turned off on the most popular Decentralized social media servers in Web 3. In this case, users can only send DMs to each other if they are already talking to each other or if another member, whether bad or not, sends a friend request.
Pending: This is where you can see, accept, or delete friend requests.
If you need to talk to someone through DMs, it’s best to make sure they are who they say they are. You can take a screenshot of their request and check with that person directly over Twitter or email to make sure it’s real.
3) Don’t click on links you don’t know or download files you don’t know.
This tip is as old as the internet but still applies to web3.
If you don’t know a link or file, don’t click on it or download it, whether it’s in Decentralized social media or elsewhere. It could have malicious scripts that could compromise your account (or, worse, your device). You should be very suspicious if someone asks you to install or run a programme. Even something as simple as adding a bookmark to your browser can put your Decentralized social media account at risk.
4) Use Two-Factor Authentication based on timestamps (2FA)
SMS can be used for 2FA on Decentralized social media. But if your phone’s SIM card has been hacked, getting 2FA via SMS could be a security risk. With apps like Google Authenticator, the best way to use 2FA is with a timestamp-based method. This is something you can change in your Discord settings.
Make sure to use an app like Google Authenticator or Authy to turn on 2FA based on a timestamp.
In general, if you can, you should use timestamp-based 2FA on all of your most important web3 apps.
5) Use multiple accounts & devices
Recently, Discord added a new feature that lets you manage more than one account from the same device. If you belong to more than one Web3 community, a good way to reduce risk is to use separate accounts for each server. The next step is to use a device that is only for Decentralized social media. For example, you can install Decentralized social media on an older smartphone and sign in to your account through your browser.