Learn About Trust and Safety in Web3
After completing this unit, you’ll be able to:
- Articulate the ethical principles for Salesforce’s Web3 product innovation.
- Identify potential downsides and risks in Web3.
- Identify strategies and best practices for keeping safe and secure in the Web3 space.
Blockchain, cryptocurrency, and NFTs are driving innovation and commerce at scale. As with any early stage technology, potential outcomes can be unknown. Which is why it’s critical for those innovating in this space to do so in a responsible, ethical way. If we want Web3 to improve the lives of everyone within the ecosystem, not just a handful of people at the top, we need to design it in a values-led way.
Principles-Led Product Innovation
At Salesforce, we believe that products in the Web3 space should be created with these principles in mind.
- Trust and Security. We will embed best-in-class brand and consumer protections, identifying—and preventing the use of the product for—fraud, force, or fear.
- Sustainability. We commit to quantify, disclose, minimize, and neutralize environmental impacts resulting in net zero emissions while driving increased sustainability in the sector more broadly.
- Equality. We will provide guidance and guardrails to ensure fairness, diversity, and empowerment of customers and consumers.
- Accountability. We will empower the end-user with explainable governance and engage stakeholders in ongoing evaluation.
- Integrity and Transparency. We commit to share clear, precise communication about the product and create trusted experiences and marketplaces where safety is top of mind.
We believe that by leading with our values, we can help guide this new space in a positive direction.
The Challenges of an Emerging Web3 Landscape
While there is much to be excited about when it comes to Web3, there’s also reason to proceed with a degree of caution as the space grows and matures. Here are some of the known and potential risks within the ecosystem.
The Dutch tulip mania from 1634 to 1637 is the classic example of a significant difference between the financial value of an asset and its intrinsic value. It created a speculative bubble, which saw the price of tulips reach incredibly high levels. There have been many such bubbles since, and some claim that Web3 is in such a moment.
Assets in Web3 are susceptible to price volatility, since Bitcoin and other cryptocurrencies can be argued to have no intrinsic value. And unlike other traditional currencies, they aren’t backed by a government or central bank. As a result, their price is driven only by supply and demand. As their value increases, this success may attract new investors, sending prices upward. On the flip side, a negative event or even a tweet can drive prices downward.
Lack of Diversity
NFTs sit at the intersection of two historically white and male dominated industries: visual art and crypto. The bulk of NFT sales—roughly 77%—are flowing to male creators while only 5% of sales go to female artists. Similarly, it’s posited that the average NFT purchaser is a 38-year-old male who makes over $100,000/year. This poses an issue for promoting equality and inclusion. If most of the NFT community is male and white, there is market pressure to create NFTs that mirror this population and create barriers to entry for nonwhite, nonmale folks to get involved in the space.
Lack of Privacy
One of the benefits of cryptocurrency is it allows for anonymity. Connecting one’s identity to a wallet is optional, and many people prefer to keep their cryptocurrency wallet address private for good reason. Imagine if, when you sent digital payment to a lunch partner for your half of the meal, they could now see every other transaction you’d ever made—and not just on that platform, but the ones you made with your credit card, bank transfer, or other apps, and with no option to set the visibility of the transfers to “private.”
Another feature of blockchains is their immutability: Once data is written to the blockchain, it’s there forever. While this has many useful applications, such as for storing transaction records, it can be a challenge for user-created data, particularly when considering online abuse and harassment. If someone stores harmful, inflammatory or hateful material on a blockchain, it cannot be removed. The platforms might be petitioned to hide the content, but the offensive content would still remain on the chain.
Lack of Third-Party Protection
Third-party intermediaries, like banks or credit unions, play a critical role in safeguarding customers’ interests. Banks, for example, have ways of detecting activity by malicious actors, and consumers can challenge fraudulent transactions on their credit cards. When transactions take place without a third party, customers have no one to whom they can appeal for help. For example, if someone loses their private key—which functions like a password—then owners can no longer access their wallets, with no recourse. In January 2021, The New York Times reported that $140 billion worth of bitcoin is locked in wallets whose private keys have been lost or forgotten.
The Early Days of Regulation
Today, cryptocurrencies and NFTs are largely exempt from legal and financial regulation, which means there is little or no protection for those who create, invest, or trade in them.
Data Hosting and Storage: An NFT and the digital asset it represents are usually stored separately. The NFT is stored on the blockchain and contains information about where the digital asset is located, but the NFT could be deleted or the server hosting it could fail or be hacked. This would make the NFT worth little or nothing—and the law has not yet addressed what rights the NFT owner would have in such a situation.
Data Protection: NFTs may contain personal information that is subject to data protection laws. Some of these laws—like GDPR (the EU’s General Data Protection Regulation)—allow individuals to erase or amend their personal data. However, NFTs are linked to the blockchain, where that is impossible (immutability!). These issues of security and data sharing for NFTs have so far received little consideration.
Intellectual Property Rights: The buyer of an NFT may erroneously think they own the actual art associated with the NFT. In reality, the only person with the right to copy, distribute, alter, or publicly display the art is its original creator. There is the possibility that a disgruntled NFT buyer may bring legal action if they feel that there was misrepresentation when they were sold the NFT, as they believed they were buying the copyright.
Taxation: The US and other nations have little or no legislation in this regard, nor any official advice relating to NFTs and tax. While it can be expected that profits and losses relating to NFTs would be liable for capital gains tax, and that the NFTs themselves would be considered assets for the purposes of other taxes—including inheritance tax—the official position has yet to be confirmed.
Safety and Security in Web3
Beyond the dynamics noted, there are a number of scams and frauds that are perpetrated in the NFT space, and it’s useful to be able to recognize and avoid them. Here are the six most common.
The originators of a crypto project take the capital raised from a token sale and disappear.
Pump and dump
A particular crypto asset is hyped, leading to a short-term spike in the asset’s price as buy orders flood in. The instigators then sell off their holdings, triggering a crash, with other investors left “holding the bag.”
The price of a crypto asset is artificially inflated by repeatedly trading it between wallets controlled by the same individual or group.
Capital from later investors in a crypto asset is used to pay returns to earlier investors.
Protocols or wallets are hacked and owners’ crypto assets stolen.
Attackers use social engineering techniques to trick a target into revealing information that can be used to gain access to their crypto assets.
Ways to Protect Yourself
How to Spot a Scam
As a user, the first step of prevention is to keep your eyes peeled for potential signs of scams. Here’s how to recognize some common, dubious tactics.
- Phishing: Users get a seemingly legitimate email from a platform or exchange they frequently use, with a malicious link embedded that lures them to make a transaction. Or it may even inject malware that scans for seed phrases stored in laptops.
- Hacking: Hackers sometimes airdrop malicious NFTs to user accounts as a Trojan Horse. Interacting with these malicious NFT airdrops prompt the user to sign a message that allows hackers to gain access and drain the account.
- FOMO: A cool new project comes up with a timer counting down on the purchase page, inducing serious FOMO (fear of missing out). When the user signs the transaction and makes that purchase, hackers obtain access to their wallets. Unknown to the user, the purchase page was linked to a scam URL.
Protect Your Seed Phrase and Secure Your Device
A seed phrase is a group of words that are used to restore a crypto wallet. A seed phrase looks like this:
It’s very important to keep this phrase private and secure, since anyone with your seed phrase can use it to take over your wallet.
This is where hackers come in and use various methods, including social engineering, to try and steal your seed phrase. One form of this is a scam where they pretend to be support staff from a marketplace or crypto business and ask for your details like your seed phrase or Metamask recovery QR code. Even experienced crypto-natives have fallen for these types of scams. Whenever someone asks you for this information, it should immediately set off alarm bells in your head.
Whatever type of wallet you use, take caution and practice a security-conscious approach to keeping your device and browser clear of any potential malware. This includes doing due diligence on websites you interact with, keeping your software up-to-date with security patches, and ignoring emails, links, or DMs from strangers.
Now that you’re aware of potential risks, let’s discuss how to mitigate them! Here are our overall best practices for staying safe in the new Web3 reality.
- Always visit the original website—a trusted, first-party marketplace—for any sale or offer.
- Only download applications and software from the originating source.
- If you’re using them, disable direct messages on Telegram and Discord from people who are not on your friends list.
- Never click any link sent to you from an unverified source without properly checking it.
- Never send your seed phrase to anyone.
- Never open an email link that looks suspicious.
- Never install any file with a “.exe” or “.scr” extension sent to you by an unknown sender.
- Never fill your wallet password and seed phrase into any form that you are not sure of.
- Store your cryptocurrency in a cold wallet or have multiple wallets (separating your daily use wallet from the wallet where you keep the bulk of your funds).
- Generate your keys securely—on a newly reset, offline device if possible.
- Keep your device, such as mobile phone or desktop, clear of malware and update frequently to the latest security patch.
- Make sure you interact only with audited smart contracts.
- Disconnect your wallet after every transaction.
- Be vigilant—always double-check your transactions, recipient addresses, and browser URL.
- Use common sense and trust your intuition—if something seems too good to be true, well, it just might be.
As a company, Salesforce is deeply committed to creating technology with ethics and inclusion built-in—not bolted on. Our Office of the Ethical and Humane Use of Technology actively partners with our product and engineering teams to approach product development with intention, identifying risks and innovating new solutions with our values at the core. The potential risks should not stop you from exploring and interacting with crypto and NFTs. There’s a world of opportunity out there, but just remember to take the necessary steps to protect yourself and proceed with caution.