Bitcoin Forum

Latest call to action

Call to action for attention to this request, posted on August 31, 2023


All calls to action (4) (https://bitcointalk.org/index.php?topic=5434404.msg61581548#msg61581548)

---

Request information

Last edit: February 15, 2023, 05:29:33 PM

Another (less detailed) request can be found here (https://bitcointalk.org/index.php?topic=5381463.0) however I wish to update this thread constantly with more precedent and reasoning over time, as I believe very strongly that this board will be of great use to this forum, its users and users of Bitcoin.

Credits for first posting the idea goes to takuma sato (https://bitcointalk.org/index.php?action=profile;u=3357194) for creating the first request for this new board which was bought to my attention after posting this thread.

---

Name: Cybersecurity and Privacy
Category: Other
Description: Discussion about cybersecurity and online privacy and its improvement to minimize the risk of data breaches, hacks, tracking or system compromise which may result in exploitation or loss of funds.

Reasons:
- Discussion that will help to prevent personal system compromise which can result in the loss of Bitcoins
- Improving online privacy and protection from data collection & user tracking, which is in line with a core value of Bitcoin, privacy.
- Informing users on the downfalls of existing popular systems and exploring/informing about stronger alternatives
- Preventing malicious activity by growing informative and other resources that can improve personal security and online privacy.
- Keep record of events that are a result of poor cybersecurity and privacy to raise the awareness of its importance.
& much more.

More info:
In this day and age, cybersecurity is a very, very important aspect of digital life than many people are completely ignorant to until it is too late.

I think where funds are involved, security should be too. Which leads to the request for a dedicated cybersecurity board, which will feature discussion of cybersecurity from a personal to an enterprise level, which ultimately will prevent people from having their coins unwillingly sent from their wallets, and therefor is definitely relevant to Bitcoin.

I will update this thread with a lot of precedent when I am online next. Here are two very recent cases, one right here in bitcointalk:
Bitcoin Developer @lukedashjr's wallet was hacked (https://bitcointalk.org/index.php?topic=5432665.0)
I've been hacked (Electrum 4.3.2) (https://bitcointalk.org/index.php?topic=5433643.0)

I'd like to note that a lot of the time (maybe even more of the time), hacks are due to the user and their lacking of security knowledge/implementations. This discussion point seems to be very scattered and therefor becomes a solo journey for most. It would be very good for BitcoinTalk to become a place where people can not only discuss and learn Bitcoin & blockchain, but also how to protect their Bitcoins as well as increase their security from the infinite threats online today.


Board placement suggestion
Other > Cybersecurity & Privacy
- Between Beginners & Help and Off-Topic
- Above or below Politics & Society

Board structure suggestion
[Main Board] Cybersecurity & Privacy: Discussions and questions about cybersecurity and privacy
[Child board] Education: Tutorials, guides and informative topics that help teach improving cybersecurity and/or privacy
- Suggested pin topic: Topic [tagging] etiquette to distinguish tips, tutorials, information, etc. For example [Tutorial] for a detailed how-to, [Tip] for a tip/hint, [Information] for increasing knowledge.
[Child board] News: A board structure like the Bitcoin Discussion > Press section that contains dated threads about news/press relating to cybersecurity/privacy
- Suggested pin topic: Enforced [date tagging] etiquette to create a date/timestamped board structure, like the Bitcoin press section.


Compilation of threads that could be moved to the board or one of its suggested sub-boards


New addition to list above on February 15:
[Tips] Ways to Protect Recovery Phrase - Mnemonic  (https://bitcointalk.org/index.php?topic=5392035.0) by joker_josue

---

Users who have expressed support for this idea, their ranks, and their merit count

Members who possibly support the proposal (OP/multiple post +Merit though no post of support)

LoyceV (https://bitcointalk.org/index.php?action=profile;u=459836) - Legendary (Merit: 13245)

JayJuanGee (https://bitcointalk.org/index.php?action=profile;u=252510) - Legendary (Merit: 7833)
Link to feedback (https://bitcointalk.org/index.php?topic=5434404.msg61758617#msg61758617)

Members who expressed via posting support directly and/or by contributing to the proposal (with quotes)

Welsh (https://bitcointalk.org/index.php?action=profile;u=84521) - [Staff] Legendary (Merit: 3895)


ETFBitcoin (https://bitcointalk.org/index.php?action=profile;u=359716) - Legendary (Merit: 5798)


BlackHatCoiner (https://bitcointalk.org/index.php?action=profile;u=2775483) - Legendary (Merit: 5283)


DaveF (https://bitcointalk.org/index.php?action=profile;u=300014) - Legendary (Merit: 4998)


Not A Tether (https://bitcointalk.org/index.php?action=profile;u=2739424) - Legendary (Merit: 4858)


n0nce (https://bitcointalk.org/index.php?action=profile;u=3373858) - Hero Member (Merit: 4826)


lovesmayfamilis (https://bitcointalk.org/index.php?action=profile;u=1982152) - Legendary (Merit: 3480)


mk4 (https://bitcointalk.org/index.php?action=profile;u=886521) - Legendary (Merit: 3461)


vapourminer (https://bitcointalk.org/index.php?action=profile;u=33156) - Legendary (Merit: 2714)


Upgrade00 (https://bitcointalk.org/index.php?action=profile;u=2423488) - Legendary (Merit: 1942)


joker_josue (https://bitcointalk.org/index.php?action=profile;u=97582) - Legendary (Merit: 1830)


FatFork (https://bitcointalk.org/index.php?action=profile;u=2738899) - Legendary (Merit: 1741)


PowerGlove (https://bitcointalk.org/index.php?action=profile;u=3486361) - Senior Member (Merit: 1585)


Stalker22 (https://bitcointalk.org/index.php?action=profile;u=2739454) - Legendary (Merit: 1056)


julerz12 (https://bitcointalk.org/index.php?action=profile;u=950662) - Hero Member (Merit: 784)


ScamViruS (https://bitcointalk.org/index.php?action=profile;u=2581425) - Hero Member (Merit: 655)


digaran (https://bitcointalk.org/index.php?action=profile;u=806776) - Hero Member (Merit: 646)


Bigpiggy01 (https://bitcointalk.org/index.php?action=profile;u=16933) - Hero Member (Merit: 507)


FlexyStar (https://bitcointalk.org/index.php?action=profile;u=37277) - Full Member (Merit: 175)


Saisher (https://bitcointalk.org/index.php?action=profile;u=1145246) - Full Member (Merit: 158)


geeyow (https://bitcointalk.org/index.php?action=profile;u=1057218) - Newbie (Merit: 6)


yusrime (https://bitcointalk.org/index.php?action=profile;u=3509114) - Newbie (Merit: 0)

This has been requested before Cybersecurity subforum (https://bitcointalk.org/index.php?topic=5381463.0), lock your topic and continue in this thread.

Thank you! Locked & updated OP.

Edit - I am leaving this thread open as I wish to update the precedent and elaborate on the details of the OP much further than the other post. I am also going to request the OP of the other thread to lock his topic so that new discussion can occur here about it.

Edit 2 - I have requested the OP of the original thread to lock their thread and move to this one with good reason, if they are open to doing it:

---

Edit May 01 2023 - Adding past call to actions into this post

---

Call to action for attention to the community vote, posted on August 31, 2023


Call to action for attention to this request, posted on May 1, 2023

---

Call to action for attention to this request, posted on April 23, 2023

---

Call to action for attention to this request, posted on March 30, 2023

Not sure if one is necessary, as they can pretty much fall under the Wallet software section. https://bitcointalk.org/index.php?board=37.0

On the other hand, such a section would probably be good for things like the LastPass breach, etc which aren't necessarily bitcoin/crypto-related.

We are permanently in a state of digital warfare, where people are targeted even without prompting. I think it probably was not necessary when Bitcoin started, or even 2-3 years ago it could have been called "somewhat necessary"...but now, I think it is definitely necessary. I have done a lot of research and reading to support this view, trust me!

Under the wallets section would be most viable to relating it to Bitcoin (as cybersecurity in terms of Bitcoin is to protect your wallet and funds). Though (and I know aesthetics is not a primary focus for anyone) I think it aesthetically won't fit well there considering all of the other boards are for specific wallet software rather than subject/topic categories. I do think it deserves to be at most a sub-board, rather than a sub-board of a sub-board. Where it fits is challenging.

If someone's exchange is hacked, that can go to exchange board. If someone's wallet is hacked, that can go to software wallet board. If it is a web wallet that is hacked, it can go to web wallet board.

He has a new idea to be updating the OP with cyber security threads which can be a reason why this thread is different from the old one, but no good reason we should have a cyber security board.

Yea a reconstruction of the Wallet section is great as well!

Instead of Bitcoin > Wallet software

a better construction would probably be:

Security > Wallet software > Bitcoin wallets

So we can have other things like Security > Internet security general, etc

I think you've missed the entire premise/purpose of the board request. It is definitely not primarily to post about being hacked. It is meant to discuss everything surrounding cybersecurity such as ways to defend yourself online or improve overall system security in order to prevent being hacked in the first place.


Do you know what the word "precedent" is, or means? Every single thread that is and will be linked are proof that people need to know how to improve their cybersecurity and serves as an individual reason as to why a board that includes information to prevent the same thing from happening again is needed.

I'm not going to lie to you, I'm pretty astounded with your post. If I could negative merit it, I would.


The solutions in the wallet section are kind of outdated, some definitely don't need their own board. I think that the wallet section is another can of worms though.

I think a Cybersecurity section is as important as Politics and Society, and it would even deserve a place in the "Other" category.

Better yet, since privacy (in a way) goes hand in hand with security, or at least the content of both topics could exist within the same board, naming the board "Privacy and Security" or "Cybersecurity and Privacy" would allow it to fit well above or below "Politics and Society".

I don't like the idea of putting it under the wallets subboard. You can try perhaps under the Development and Technical discussion board, but even there, I do not think that it is a suitable location either. Another place could be somewhere under the Economy board: Economy > Cybersecurity.

Economy is good. I suggested under "Other" with the additional label of privacy to go along with it. "Cybersecurity and Privacy".

I will do some more thinking and elaborate on the OP at some stage when I have some free time.

I like the idea. A dedicated board for discussing the latest threats, sharing tips and resources, and asking questions related to cybersecurity would be a valuable addition to the community. I do not see any negative side to this proposal.

The point of such board isn't to address your issue (only). It is to educate yourself about security, with guides, lists, stories etc. And I'm in favor of such board.

I don't like it. Lots of sub-boards can bring worry. If you want to talk about something specific for a Bitcoin wallet, use a Wallet software sub-board. If you want to ask questions related to wallet software, use that board. If you're interested in improving your competence around security, you should visit the proposed board.

We should also have a separate privacy-related sub-board, in my opinion, but that's off-topic.

Potentially having a privacy section that's a child of security as they're somewhat related or simply a dedicated Security & Privacy section. Probably one of the few times I'd like to see something implemented not based on demand, but because I think it's somewhat important to understand. Plus, I could probably talk security a lot, and would have some threads in mind to contribute to the section which don't really fit anywhere worthwhile currently. Off topic or very loosely Beginners & Help maybe.

I'd probably contribute some specific Qubes features which could be beneficial for Bitcoin users in securing their assets as well as some unrelated security benefits.

That's actually a neat idea. Both freedoms from risk in one board.

If it doesn't get recognition, I'm not of the opinion that we should impose it (I mean, how could ever do it anyway, this forum isn't run by regular users), but it wouldn't be bad to try it out, and see how it goes.

With the recent cases of hack and loss of bitcoins even affecting more experienced users and devs, it is imperative to have a dedicated board or child board which discusses the possibilities of a breach and how one can protect themselves. It could also help with some of the complacency some users feel when they've held bitcoins for a while.

This could work and serve as an umbrella board for all posts related to security and privacy. Many of such posts will fit loosely in either the Bitcoin, altcoin or economy boards, or any of the wallet child boards. But having a dedicated section where one can find all posts in one place, or at least all related to Bitcoin would be helpful.

While, I haven't given it a massive amount of though, that's probably the biggest complexity if we were to add it. Where exactly would be fit it in, and what would be allowed, and not allowed in the section. I'd like to see it implemented into the main Bitcoin sections, but then that would mean we'd likely have to limit to Bitcoin related content regarding security rather than general cybersecurity principles. Which, personally I'm okay with. Off topic can house generic cybersecurity concerns. That section needs a few quality discussions going on or potentially serious discussion, but that limits the audience that can participate.

The only logical place to put it is within Other

Other -> Cybersecurity & Privacy

best to put it besides Beginner & Help.

Topics like:
Hacking incidents or tutorials on how to prevent them
News about potential wallet exploits and bugs (BTC or Altcoin)
Tutorials about anonymity

It appears that some members, even those who seem to be experienced in this field, are not fully aware of or do not fully understand the significance of securing their cryptocurrency assets, and may not be utilizing all the tools at their disposal. So, in my view, having a dedicated Cybersecurity & Privacy board within a forum discussing Bitcoin and cryptocurrencies would be extremely beneficial. This board could provide a centralized place for members to discuss, share knowledge, and learn about the security and privacy of their assets and transactions, which are crucial in this ecosystem. As cryptocurrencies involve sensitive financial data and transactions, so I think it's important to ensure the safety and privacy of users.

Given that the cryptocurrency ecosystem is constantly evolving, new threats and vulnerabilities are frequently discovered. A dedicated board would be a great way for the community to stay informed about the latest developments and threats in the field, and would provide focused discussions and resources on topics such as preventing hacking and fraud, safely storing assets, and could lead to better security practices overall. I fully support this idea.

Yes. I agree:

I think that this is definitely the best fit.

Meanwhile, I am compiling more internal and external precedent, and seeking to expand on another users' post which includes existing threads that would fit into the forum. For now, I've updated the OP with our progress. I think that Cybersecurity and Privacy under the Other board is the winner for the board's location.

Details added:

I also just added a poll to the thread, since we have ironed out some more details.

Voted Yes, not only because I'm one of those idiots who got hacked, but also because it is beneficial to see all security and privacy-related threads put in one place, into one board, rather than scattered all over the forum. Easier for everyone to gather information.
I also like the idea of placing it on Other. That way, it's much easier to notice than placing it as a sub-board of Wallet software. Other is like the middle-ground between Bitcoin-related topics and Altcoin-related topics. Users will be able to discuss security and privacy-related topics for both Bitcoin and the rest of all the Altcoins on it; placing it there just makes sense.

You're not an idiot. If you look at things from a grand perspective, it is the fault of big companies who have opened up these flaws due to their greed, they are the "root idiot" if you will. If they focused more on protecting their consumers and eliminating these possibilities, then we would not experience or have to worry about compromise. I believe that when you are using a proprietary operating system like Windows or Mac OS X, then you should be absolutely protected to the fullest extent and you should not have to even have the slightest bit of worry. Unfortunately though, we don't live in a world where companies care about consumers, so we are left to fend for ourselves if we want adequate enough cybersecurity that will allow us to use our systems in peace.

I think it's now a solid consensus between this thread and the other thread that Other > Cybersecurity and Privacy is the best fit. Now, to build upon the reasoning, find the old topics that fit in the board, find more precedent, compile it all in this thread and get more people on board to make this happen!

To which faults are you referring to?

You can't, because there is no such thing as 100% protection, literally. You should worry when using a computer that is connected to the Internet, and that's why you should take the necessary precautions. You're responsible for your security.

Plain false. If companies don't care about consumers, why are consumers picking them anyway? Companies that are careless with the user experience, go out of business. The fact that most consumers don't care about security or privacy is the root of evil. Companies only follow demand.

All of the flaws you see in Microsoft today are as a result of their own intrusions into user privacy. If they never intruded privacy, and instead focused on providing a secure operating system for their consumers, Windows would not be near as vulnerable as it is today. This is called greed.


As I said, that's not the world we live in:
I stand by that providing a secure environment for the end user in an ideal world should be a top priority for an operating system provider especially when they constantly market their products as secure, which they all do.


Because most normal consumers have no choice, lack of knowledge, awareness, etc. If potential vulnerabilities or what happened to the normal consumers' information were clearly stated before you booted up the OS in a picture presentation and they were made aware that this could just as easily happen to them than anyone else, do you really think everyone would still be using Windows with no precaution, as so many do? Even julerz did, and he got hacked, but my reasoning is exactly why I think he IS NOT an idiot. The reason this information is not clear unless you look for it, is because Windows want you to THINK you are safe with their "windows defender" and other garbage painted with marketing to make the end user think that they are secure, when in reality their system is as vulnerable as swiss cheese.

Look at the cause. Microsoft is a company, and a company always tries to maximize profit. There is no doubt that privacy intrusion, as long as it's not against the law, is profitable. And not just profitable, but the single most important asset of current Internet companies. If consumers don't care about that, don't expect Microsoft to blame their ethics. They're going to take advantage of it.

Now as for security, it doesn't have to do much with focus, but with another fundamental problem that is inherited in closed-source software, which is smaller group of code auditors.

I can acknowledge an abuse, but there are alternatives, such as Linux. If security and privacy was the top priority of these consumers, they'd have already switched years now.

No single person would ever use a service that discredits itself. But, people have already discovered that there are more secure and privacy-respecting software; most just don't care.

^--- this guy knows what he's talking about.


Not to mention that they had *many* different security products, and rebranded each of them with the "Windows Defender" moniker as they were throwing out old products, eg. The original Windows defender (which was just an anti-spyware FTW), then MS Security Essentials, and now whatever is being branded as "Microsoft Defender" is some completely different codebase, as MSE never had any of this stuff. And of course, "Azure Defender" which is just for cloud but who knows if they will port that to PCs as well.

3rd party AVs are not much better though; Norton(LifeLock) getting their password vault hacked again, and previously there was Kaspersky and others also hacked, ... these things are only good for protecting someone who is an actual idiot who clicks on "You Won" pages.

If people were given a choice to have security and privacy over not, then the vast majority would surely choose it. People don't care about it because the reality is that it's too difficult to care about it or there is not enough easy to follow information that allows them to attain it (until the Cybersecurity and Privacy subforum here on bitcointalk, am I right folks?). As for Microsoft being a company, that's why I said that unfortunately we aren't in a world where companies care about the security of their consumers. In an ideal world, this would be a priority of a company offering proprietary software. In fact, I think it would be a responsibility in an ideal world. Again, we aren't in that world. In that respect I am talking (and have been since my original post) from a world that we don't live in.

Most average-knowledge users would believe that they are secure using these systems and wouldn't understand the pitfalls of using proprietary operating systems in comparison to operating systems like Linux until it's too late. Then only after being a victim will they look for alternatives and make the switch. It is not inherently their fault either as they are marketed into believing that using proprietary operating system is "secure enough".


+2

We could also talk about cybersec topics outside of only wallets, though. For instance, in the hardware wallet section we sometimes stumble about general (even though maybe related) questions like: 'how (in)secure is NFC' and such, but creating a topic like that just doesn't fit in the wallet section.

We could then also quote and link between topics e.g. if someone asks about the threats of using a wired USB connection with their hardware wallet, link to a cybersecurity board topic talking about USB exploits.

I like this idea! Privacy board going under the Cybersecurity board, wherever that may be placed.

That doesn't apply here. Focusing on privacy and security or not for a company is orders of magnitude different. It costs more to do so. If people were given a choice to have security and privacy with higher price, I'm sure lots would ignore it.

In an ideal world, there wouldn't be security, because there wouldn't be cyber attacks either. If that sounds extreme, in an ideal world, people would value their privacy and security more than they do now.

Yes it does cost more for a company to actually focus on privacy and security instead of lying about it, which is why it is lied about instead of actually being secure ::)

I also disagree that people would not pay for security and privacy under this circumstance that it could be opted into for a price. If the theoretical prompt to "opt in" or "opt out" of security and privacy was accurately described in great detail AND if this paid "opt in" was renowned and worked as intended with no doubt, I believe more people would opt in (pay) than not.

Yes, in an ideal world all of what I have said about what's in an ideal world and everything you have stated here would be true. Yes it sounds extreme in comparison to the way things are now, but it also sounds like how it should be.

I'm not in favor of Microsoft, I don't say they're the best company that fits users' needs most appropriately; it's well known that they're fined frequently. What I'm saying is this: if people cared about stuff such as privacy, big companies would be more careful with it. Less demand for privacy preservation and high demand for personal information from multi-nationals pushes companies to take advantage of users' privacy.

A business is a reflection of the consumer.

So by the same logic, on a farm; the sheep would control the Shepard?

I don't understand how you reached to this conclusion. It's obviously a flawed analogy to me.

I agree that less demand from multi-nationals would push companies less to take advantage of user data.

My analogy meant that companies are what have pushed the exploitation of user data and the consumer continues using the product because that is what they are familiar with. Consumers are people with lives, people who have jobs, people who do not have the time and probably can not put enough effort to form as a collective group to boycott a company for exploiting them. People accept being exploited because they do not have anywhere near enough power in comparison to the company in control of the product.

The analogy was about your comments in bold, about the business being a reflection of the consumer and that if consumers cared about privacy, companies would be more careful with it. This inherently isn't true. People do care about privacy and if they were fully aware of the changes over time to how their data was treated and had the power to say no to the way this transition happened, it would not have happened. Your comments said to me that the consumer is in control, and why I said that according to your logic, the consumer is the Shepard and the company is the sheep. In reality though, the company is the Shepard as they are in control of the product, how they conduct their business/how they treat their consumers and the consumers are the sheep as they ultimately have no control over the way the company conducts itself or how the company/its products treat them, and have little practical ability to change how it treats them without sacrificing their livelihoods temporarily/permanently for doing so.

Consumers aren't sheep; they can not only switch OS, but also e.g. use locked-down Windows VMs or dedicated machines for certain software that doesn't run on Linux, as well as spreading awareness of Microsoft's practices and pressuring software vendors to release Linux binaries and pressuring companies to switch to FOSS software that compiles for any machine.

I agree with BlackHatCoiner that if lots of people cared for better privacy in their OS, more would switch, protest or complain, and thus show MS that they need to change their strategy.

---

Anyhow; this is all stuff we can discuss whenever we get our board. Let's not derail the thread in the meantime... ;D
Let's get in some more votes everybody!

What percentage of internet users do you think know how to set up a VM or have considered trying linux? My guess is 90% aren't aware of how to set up a VM and also don't know how to use Linux.

I agree that people the majority who care for their privacy would maybe use some software like VPNs, no where near as many would go to the extent of switching their operating systems (again, as they perceive that what they are doing is enough for privacy, despite this perception being wrong).

Those who care about privacy, no matter what level of knowledge they have, would not protest. There are no where near enough people or communities that gather enough people to start a protest and even if so, most know that protesting will not do much, that big tech can not really be stopped at this point and due to the fact that the vast majority of users will continue to fuel data-hungry companies and software due to their lack of comprehension of the subject.

I will agree to stop there unless prompted to respond further.

On a related note, I would love to the person who voted "no" to at least post some reasoning as to why not. Otherwise, the poll and general topic sentiment on both threads are showing a clear positive view on the request. Awesome to see!

Also far better considering it does not focus on just special security topics such as Cybersecurity! With the increased involvement of high level coding such as chat gpt, AI is taking over swiftly. It has started now with one goal of making the world far more easier and reliable on AI. However, it will start imposing the security threats sooner than we think.

Security concerns such as this will start flourishing in no time. Its better we have such subforum where pre-discussions, alerts about AI hacks, preventive measures can be discussed prominently. This is must have subforum.

Interestingly, if you skim through the hacker forums, there are always sections on cybersecurity and privacy. It turns out that this is useful for hackers; they have entire sections on how to protect themselves, and a forum that assumes knowledge of how to store your important data so that nothing is stolen from you is not interested in this.
I support your initiative, OP. You have almost begun to cover some useful aspects. It would be helpful to have proper guides from knowledgeable people who can help in a timely manner, rather than scouring the internet and trusting those who might be amateurs in the field of online security.

Even though, the vast majority of hackers aren't hackers in the traditional sense, but use programs coded by others, and their security sections are usually quite basic. Whereas, I think given enough effort by certain users here, we might get some real useful information related to security since Bitcoin sort of attracts those sorts of people.

If there was anywhere I'd like to read about security issues it would be stack exchange dedicated to security or Bitcointalk, because of the types of users that are here. I know for one I'd be typing up a few things about security, but I imagine there's some other highly respected users here willing to teach us a thing or two. Potentially, even discussing the specifics of security involving Bitcoin. Technically, we have sections for that now, and there's been a reasonable amount of discussion on it over the years, but I feel having a new section dedicated to it could actually motivate users further to talk about it. Hence, why I'm not against this when you look at the demand.

I am a newbie but I vote YES with this suggestion.

Would be good if it was setup like the Bitcoin Discussion > Press section.
This way it could be looked at quickly so people could see if things are going to matter to them.

[2023-01-12] Cisco Warns of Critical Vulnerability in EoL Small Business Routers
[2023-01-11] Dell PowerEdge Server Security Update for AMD Server Vulnerabilities 

And the 1st few lines should have a brief description and links to the appropriate information.

This MIGHT get people to at least scan it to see if there is something about a product that they use.
Otherwise it really does stand a good chance of getting buried on page 7 never to be seen.

-Dave

The entire board or just cybersecurity/privacy news kind of threads? I think a sub-board within the Cybersecurity and Privacy board for news, just like the press board within Bitcoin Discussion would be great!


Thank you for the feedback! You are right about your comments about having to scour the internet for knowledge about cybersecurity. I hope that Bitcointalk becomes a resource for this kind of topic.


I look forward to seeing some of your posts Welsh, and I would be right there with you on writing a few things up. You are right in that there are not enough places that really go in depth the allow the average user to become secure, in more ways than just "running an av" or "using a vpn", which commonly people think is enough to be secure. You're right as well on the type of people here on Bitcointalk who probably have much more extensive knowledge than those in other places. StackExchange is great, but I think the Bitcointalk community will create a great board for this topic.

I would actually go the other way that the main board was with things that people could quickly glance at to see if it matters to them and below that a more open discussion. There would probably be some topic that would stay more or less at the top, and I would worry that others that are important / relevant to some people would gut buried unless they were forced into the date / subject order.

Using what I posted above, a discussion about firewall security could go on for pages and pages with people discussing brands and settings and whatever. A big obvious your old Cisco router is now vulnerable may get a few more eyeballs on it.

Just my view. I also think that if people can give a quick glance for 'Cisco' or 'Asus' or whatever it might help.

But also lets be serious, as a group we still can't get not your keys not your coins pounded thought some peoples heads.

-Dave

...no.

Certainly those posts would be welcome in the new board, but introducing this kind of rule will inhibit any organic topics about cybersecurity.

This isn't bleepingcomputer after all, and there's no reason to make it like one.

It's a yes from me. It would be nice to have a place to post about security/privacy topics (e.g. Tor, Tails, Qubes, Whonix, etc.) and help other members to improve their opsec and keep their BTC safe.

Right between B&H and Off-topic seems like a good spot:

https://imgvb.com/images/2023/01/20/5c5428d538586b78d88ad93ad8c1e277.png

Ah. I don't know about the main board being restricted to a specific format like this. I think a sub-board would serve the same purpose well, while not restricting the main board to a certain format.


Fits well! It's nice to be able to visualize it.

22 votes for to 1 vote against. I think it's a matter of when than if at this point.

Send a PM to theymos with a link to this thread, so that he can create it sooner.

Maybe when we hit 100 votes and he still has not appeared and/or made a comment by then, also once I have improved the OP some more, then I will do this!

So far the result :
"Cybersecurity and Privacy" board in "Other" cattegory
Yes   - 24 (96%)
No   - 1 (4%)
Total Voters: 25

I'm sure if many people will stumble or lead to this thread they will vote yes to have that category, we need this category with so much hacking and so many breaches going on, there are many articles and videos about Cybersecurity and Privacy but we want an in-depth discussion to get the best possible solution and results, I don't want only one guy teaching about security without being questioned on what he is discussing.

I love how this looks. Also agree that a part of it reserved for cybersecurity news, breaches etc. with a certain title format would be helpful. Whether that's the main page and there's a sub-board for more 'organic' topics like advice, guides, and discussion, or the other way round, that's both fine for me.

'Hardware wallets' is pretty deeply buried, too, and I still visit it almost every day.

I'd lean towards having the 'general, organic' cybersecurity part up front and the 'news / press' in a sub-board, though.

Only thing I disagree with is the caption, that seems too specific for me. It's not just about protecting your own machines, but also about general concepts, research discussion and whatever people feel like discussing.

I find the idea of a section dedicated to this topic interesting.

Although we all have different concepts of security and privacy, and use different methods to apply them, it would be good to analyze different perspectives, so that as a whole we can all improve our security and privacy.

If they could add a child board "Education" where people could demonstrate how to run commands/build open source applications themselves, the things they should avoid doing when dealing with certain softwares etc, then  I'd vote yes, asking administration to consider please.

Exactly!


I am working on updating the original post at the moment that compiles suggestions from posters here, adds more precedent/justification for the board and also past threads that would move into the board/one of its sub-boards. This gives me the additional idea to create a few proposed board setups too. I will add that to the list. I am working on it in the little spare time I have at the moment but it will be done! Thank you for the suggestion.


With the above in mind, I will also work on a few board captions that can be discussed.

---

I would love for any of the 3 negative voters to post their reasoning as to why not The only thing that I can deduce is that it may be those who are somehow benefiting from peoples lack of cybersecurity. I would love to be enlightened if this is not the case though.

That sounds great. Maybe 'Education' and 'News' as 2 sub-boards with all the other threads belonging to the main board.

I just added this to the OP.  It seems that these suggestions have been most supported by other posters in the thread.  Below it I also added quotes of the posts that contributed to the idea and seemed to be most supported by others.

Thank you to DaveF and digaran for some great ideas for the child boards. I think that the board structure as suggested would fit perfectly. The main board for general discussion, news section with a log of all of the news and press related to cybersecurity/privacy, and a knowledge base for education relating to the subject. I can't think of a better setup!

WTF... I actually thought that board existed when  saw that screenshot and I had no idea, even after browsing for 4 days!  :o


I feel that the "Education" subboard is made redundant by the parent board so I don't really see the benefit for it. People will just treat it is "Cybersecurity board #2".

Stickied threads exist for a reason. But we will need a moderator for that board so that we don't have to continually pester global mods to sticky stuff.

I'm not sure what a moderator role entails, but already considered volunteering as 1 of 2 moderators for this new board, in case there are no other volunteers.

I don't recall ever seeing "requirements for being a Mod.," but it just could be coincidental.... of course, having some level of technical expertise in the area being moderated or activism on the forum.. or maybe even thinking about number of posts or how many merits or trust you have received would be likely considerations.. and you never know if theymos might already have a list of already existing members in mind..  I know that I have seen posts that praise/criticize mods, so surely the topic of what are mod requirements and/or concerns about whether a mod is sufficiently fulfilling requirements comes up from time to time.. I might be rusty on the topic.. which sometimes might include how much any of us, including yours truly, follows Meta threads?

I don't know about any official requirements or lists (internal or public) either, and you're correct that I don't follow Meta a lot. When I have the time to browse or post here, I'm mostly roaming around in the technical sections. Just wanted to throw it out there in case moderation should be a concern for theymos.

I'd be glad if another member, more experienced and with more free time, takes on the burden. ;)

@theymos: if lack of moderation is an issue, I volunteer as well.

There are two of us... I don't know the criteria either. But, if you say what they are, I will be able to assess whether I fit in. It wasn't the first time he was a forum moderator.

Mods should fulfil at least one thing well and that thing is handling reports on that board. If a pile of reports keeps accumulating for that particular board then that means the moderator isn't doing their job properly and needs to be replaced by someone who's active enough to take an action on them. Of course having some technical competence helps too as that will help you judge whether reports should be thrown out or acted upon.

Reserving this post for replies from my last one until this one, and also to say that if I happen to qualify as a moderator, I'd love to fill that position also and would increase my activity just to maintain that board. I hope that it's added, I feel it will add a lot of value to this community and its members!

I started compiling a list until I stumbled across compilations and decided to bulk them all into one post. With all of these, a solid board of resources could be created. This does not include the ample amount of new information that could be created by topic creators if this board were to become a reality.

My contributions, varying in press, general discussion and informative:
[CyberSecurity] Have you ever been pwned? Protect yourself from cyberattacks.  (https://bitcointalk.org/index.php?topic=5238894.0)
[2017-10-28] Law Firms Are Opening Bitcoin Wallets to Prepare for Data Breaches (https://bitcointalk.org/index.php?topic=2329267.0)
How to protect yourself from crytoshuffle Trojan (https://bitcointalk.org/index.php?topic=2357966.0)
KUCOIN Hacked (https://bitcointalk.org/index.php?topic=5278327.0)
Security and Privacy Topics on Guides and Protection. (https://bitcointalk.org/index.php?topic=5387164.0)
[INFO] Website Security Protocols (https://bitcointalk.org/index.php?topic=5341706.0)
Words of advice (https://bitcointalk.org/index.php?topic=5386519.0)
Warning: About Apple Mac Hack (https://bitcointalk.org/index.php?topic=5193406.0)
[2019-04-27]Dangerous Malware Threatening Italians, Blockchain Could Protect Vic (https://bitcointalk.org/index.php?topic=5137004.0)
US Govt shares tips on defending against cyberattacks via Tor (https://bitcointalk.org/index.php?topic=5259931.0)
{WARNING} Cybersecurity vulnerabilities/flaws: Ledger exploit (10.08.20).  (https://bitcointalk.org/index.php?topic=5158581.0)
US government imposing fines for those companies paying ransomware (https://bitcointalk.org/index.php?topic=5279731.0)
Cyber attack could be very dangerou (https://bitcointalk.org/index.php?topic=5278116.0)
Are you afraid of hackers? (https://bitcointalk.org/index.php?topic=2838572.0)
[2018-01-31] Japan’s Finance Minister Tells Crypto Exchanges to Toughen Up (https://bitcointalk.org/index.php?topic=2854905.0)
[2016-09-16] calvinayre.com] NEW YORK PROPOSES LANDMARK CYBERSECURITY REGULATION (https://bitcointalk.org/index.php?topic=1618680.0)
Keyless encryption and passwordless authentication (https://bitcointalk.org/index.php?topic=5204368.0)
What you should know about Hackers (https://bitcointalk.org/index.php?topic=5257292.0)

All of the below were compiled from Security and Privacy Topics on Guides and Protection. (https://bitcointalk.org/index.php?topic=5387164.0) by Rich222:
Guide and advice for new Users before you Download anything from the Forum | by Lafu (https://bitcointalk.org/index.php?topic=5167236.0)
Crypto Security - Additional Protection For Your Seed/Private Keys | by Lucius (https://bitcointalk.org/index.php?topic=5230920.0)
Bitcoin’s Public-Key Security Level | by nullius (https://bitcointalk.org/index.php?topic=2859033.0)
Bitcoin Privacy - How easy it is for someone to find all your wallets addresses | by bitmover (https://bitcointalk.org/index.php?topic=5186216.)
[Guide] Protect your Crypto: Security tips for your home computer & network | by aundroid
[url=https://bitcointalk.org/index.php?topic=5221497.0]Why KYC is extremely dangerous – and useless | By 1miau (https://bitcointalk.org/index.php?topic=5184366.0)
Authentication: Types, Risks/ Attacks, Advice | By OcTradism (https://bitcointalk.org/index.php?topic=5258244.0)
Hope people that give out personal address safe? Ledger wallet users' attacks | By Charles-Tim (https://bitcointalk.org/index.php?topic=5302132.0)
Protecting Your Account | By LFC_Bitcoin (https://bitcointalk.org/index.php?topic=5266445.0)
[Guide] How to know if your email address was part of any data breach | By nelson4lov (https://bitcointalk.org/index.php?topic=5201569.0)
Basic security guide (firewall, backups, antivirus..) | By testbug (https://bitcointalk.org/index.php?topic=3319747.0)
Privacy at risk using mobile phones. Not only Bitcoin-related | By fillippone (https://bitcointalk.org/index.php?topic=5184282.0)
{Warning}: Many 2FA hardware are vulnerable to attacks | By Baofeng (https://bitcointalk.org/index.php?topic=5309112.0)
Aegis Authenticator, a decent alternative to Google Authenticator and Authy | By mk4 (https://bitcointalk.org/index.php?topic=5192978.0)
Brave browser hijacking links and affiliate codes! | By notblox1 (https://bitcointalk.org/index.php?topic=5253913.0)
Hacker blackmailing me and ask for money. Did you also get this email? | By sujonali1819 (https://bitcointalk.org/index.php?topic=5278364.0)
Crypto security: Passwords and Authentication (Livestream -aantonop) | By Andreas Antonopoulos (https://bitcointalk.org/index.php?topic=5297349.0)
[GUIDE] Disposable Email Address for anonymity | By Jawhead999 (https://bitcointalk.org/index.php?topic=5226359.0)
How to lose your Bitcoins with CTRL-C CTRL-V | By LoyceV (https://bitcointalk.org/index.php?topic=5190776.0)
Cyber actors are now targeting Tor exit nodes to perform SSL stripping | By cryptomaniac_xxx (https://bitcointalk.org/index.php?topic=5268039.0)
Let's talk about Privacy | By bitmover (https://bitcointalk.org/index.php?topic=3210982.0)
{WARNING} Cybersecurity vulnerabilities/flaws: Linux and Mac users (04.02.20) | By TheBeardedBaby (https://bitcointalk.org/index.php?topic=5158581.0)
#DeGoogle - Take back control of your privacy | By xxjumperxx (https://bitcointalk.org/index.php?topic=5247817.0)
[Howto] Use Ledger Nano as Security Key | By aundroid (https://bitcointalk.org/index.php?topic=5096882.0)
Discord Deskt. client can steal your Password,Cryptocurrencies via PM Link! | By Lafu (https://bitcointalk.org/index.php?topic=5256348.0)
Overview on browsers. Which one should we use? Support free web while browsing | By bitmover (https://bitcointalk.org/index.php?topic=5156114.0)
[Eng: Tutorial] PGP Signature - Encrypt/Decrypt message - Fingerprint | By mdayonliner (https://bitcointalk.org/index.php?topic=4059348.0)
[LEARN] Phishing Quizzes - Beginners & Experts | By dkbit98 (https://bitcointalk.org/index.php?topic=5178375.0)
[Tips and Information] Privacy and How to Stay Anonymous Online | By Krislaw (https://bitcointalk.org/index.php?topic=5201482.0)
How to Install Tails OS on USB flash drive for Wallet Purpose | By DroomieChikito
[url=https://bitcointalk.org/index.php?topic=5146701.0][BEWARE] Sim Port Attack | By GreatArkansas
[url=https://bitcointalk.org/index.php?topic=5132378.0][GUIDE] How to Create a Strong/Secure Password | By GreatArkansas (https://bitcointalk.org/index.php?topic=5228801.0)

All of the below were compiled from Good topics on security and privacy (https://bitcointalk.org/index.php?topic=5239098.0) by OcTradism:
Aegis Authenticator, a decent alternative to Google Authenticator and Authy (https://bitcointalk.org/index.php?topic=5192978.0) | By mk4 (https://bitcointalk.org/index.php?action=profile;u=886521)
Crypto Security - Additional Protection For Your Seed/Private Keys. (https://bitcointalk.org/index.php?topic=5230920.0) | By Lucius (https://bitcointalk.org/index.php?action=profile;u=533583)
[BEWARE] Sim Port Attack (https://bitcointalk.org/index.php?topic=5146701.0) | By GreatArkansas (https://bitcointalk.org/index.php?action=profile;u=1164368)
[GUIDE] How to Create a Strong/Secure Password (https://bitcointalk.org/index.php?topic=5132378.0) | By GreatArkansas (https://bitcointalk.org/index.php?action=profile;u=1164368)
Windows 7 stopped product supports. Please upgrade your Windows and wallets ASAP (https://bitcointalk.org/index.php?topic=5218279.0) | By tranthidung (https://bitcointalk.org/index.php?action=profile;u=1292764)
How to Install Tails OS on USB flash drive for Wallet Purpose (https://bitcointalk.org/index.php?topic=5228801.0) | By DroomieChikito (https://bitcointalk.org/index.php?action=profile;u=938833)
Using mobile phone as a full mobile wallet (https://bitcointalk.org/index.php?topic=5237614.msg54149363#msg54149363) | By nc50lc (https://bitcointalk.org/index.php?action=profile;u=1237156)
[Guide] Secure air-gapped crypto wallet storage method (https://bitcointalk.org/index.php?topic=2828437.0) | By Sowik (https://bitcointalk.org/index.php?action=profile;u=598832)
Bitcoin’s Public-Key Security Level (https://bitcointalk.org/index.php?topic=2859033.0) | By nullius (https://bitcointalk.org/index.php?action=profile;u=976210)
CoinJoin: Bitcoin privacy for the real world (https://bitcointalk.org/index.php?topic=279249.0) | By gmaxwell (https://bitcointalk.org/index.php?action=profile;u=11425)
Basic security guide (firewall, backups, antivirus..) (https://bitcointalk.org/index.php?topic=3319747.0) | By testbug (https://bitcointalk.org/index.php?action=profile;u=197661)
Let's talk about Privacy (https://bitcointalk.org/index.php?topic=3210982.0) | By bitmover (https://bitcointalk.org/index.php?action=profile;u=1554927)
#DeGoogle - Take back control of your privacy (https://bitcointalk.org/index.php?topic=5247817.0) | By xxjumperxx (https://bitcointalk.org/index.php?action=profile;u=943435)
Traditional Authentication, 2FA and 2SV (https://bitcointalk.org/index.php?topic=5256264.0) | By Luzin (https://bitcointalk.org/index.php?action=profile;u=2813627)
Overview on browsers. Which one should we use? Support free web while browsing (https://bitcointalk.org/index.php?topic=5156114.0) | By bitmover (https://bitcointalk.org/index.php?action=profile;u=1554927)
How to stay private when using Android (protonmail blog) (https://bitcointalk.org/index.php?topic=5211207.0) | By bitmover (https://bitcointalk.org/index.php?action=profile;u=1554927)
Bitcoin Privacy - How easy it is for someone to find all your wallets addresses (https://bitcointalk.org/index.php?topic=5186216.0) | By bitmover (https://bitcointalk.org/index.php?action=profile;u=1554927)
2FA HW security keys, Yubikey and such (https://bitcointalk.org/index.php?topic=5223442.0) | By Captain-Cryptory (https://bitcointalk.org/index.php?action=profile;u=1048813)
Discord Deskt. client can steal your Password,Cryptocurrencies via PM Link! (https://bitcointalk.org/index.php?topic=5256348.0) | By Lafu (https://bitcointalk.org/index.php?action=profile;u=805820)
Brave browser hijacking links and affiliate codes! (https://bitcointalk.org/index.php?topic=5253913.0) | By notblox1 (https://bitcointalk.org/index.php?action=profile;u=2015418)
[TUTORIAL] Generate 2FA with Keepass (instead of Authenticator App) (https://bitcointalk.org/index.php?topic=5248019.0) | By bct_ail (https://bitcointalk.org/index.php?action=profile;u=963640)
[INFORMATION] The Cipher, it's meaning, types and connection in cryptography (https://bitcointalk.org/index.php?topic=5249739.0) | By Nellayar (https://bitcointalk.org/index.php?action=profile;u=1287090)
[Education] Bitcoin Privacy and Anonymity (https://bitcointalk.org/index.php?topic=5229148.0) | By Husna QA (https://bitcointalk.org/index.php?action=profile;u=1827294)
[Tips and Information] Privacy and How to Stay Anonymous Online (https://bitcointalk.org/index.php?topic=5201482.0) | By Krislaw (https://bitcointalk.org/index.php?action=profile;u=993793)
[Howto] Use Ledger Nano as Security Key (https://bitcointalk.org/index.php?topic=5096882.0) | By aundroid (https://bitcointalk.org/index.php?action=profile;u=1015954)
[Guide] Protect your Crypto: Security tips for your home computer & network (https://bitcointalk.org/index.php?topic=5184366.0) | By aundroid (https://bitcointalk.org/index.php?action=profile;u=1015954)
{WARNING} Cybersecurity vulnerabilities/flaws: Linux and Mac users (04.02.20).  (https://bitcointalk.org/index.php?topic=5158581.0) | By TheBeardedBaby (https://bitcointalk.org/index.php?action=profile;u=1291828)
[Guide] How to know if your email address was part of any data breach (https://bitcointalk.org/index.php?topic=5201569.0) | By nelson4lov (https://bitcointalk.org/index.php?action=profile;u=919511)
What to do to avoid phishing sites (https://bitcointalk.org/index.php?topic=5171134.0) | By hd49728 (https://bitcointalk.org/index.php?action=profile;u=1520746)
Host-file to deal with phishing sites (https://bitcointalk.org/index.php?topic=5178198.0) | By hd49728 (https://bitcointalk.org/index.php?action=profile;u=1520746)
[LEARN] Phishing Quizzes - Beginners & Experts (https://bitcointalk.org/index.php?topic=5178375.0) | By dkbit98 (https://bitcointalk.org/index.php?action=profile;u=1410401)
UPDATED!!! Punycode and how to protect yourself from Homograph Phishing attacks? (https://bitcointalk.org/index.php?topic=5184169.0) | By wwzsocki (https://bitcointalk.org/index.php?action=profile;u=131333)
Authentication: Types, Risks/ Attacks, Advice (https://bitcointalk.org/index.php?topic=5258244.0) | By OcTradism (https://bitcointalk.org/index.php?action=profile;u=2590147)
Visiting official websites and download official apps, not fake ones. (https://bitcointalk.org/index.php?topic=5259689.0) | By OcTradism (https://bitcointalk.org/index.php?action=profile;u=2590147)
WATCH OUT - TikTok app is a SPYWARE!!! (https://bitcointalk.org/index.php?topic=5260298.0) | By wwzsocki (https://bitcointalk.org/index.php?action=profile;u=131333)
Privacy-o-meter, a free tool to assess the privacy level of your BTC transaction (https://bitcointalk.org/index.php?topic=5258274.0) | By BlockchairExplorer (https://bitcointalk.org/index.php?action=profile;u=2501401)
Forum account: security, privacy, and recovery (https://bitcointalk.org/index.php?topic=5261696.0) | By OcTradism (https://bitcointalk.org/index.php?action=profile;u=2590147)
A treatise on privacy (https://bitcointalk.org/index.php?topic=5261713.0) | By fillippone (https://bitcointalk.org/index.php?action=profile;u=1852120)
Why KYC is extremely dangerous – and useless (https://bitcointalk.org/index.php?topic=5221497.0) | By 1miau (https://bitcointalk.org/index.php?action=profile;u=2143453)
Critical Electrum vulnerability (https://bitcointalk.org/index.php?topic=2702103.0) | By theymos (https://bitcointalk.org/index.php?action=profile;u=35)
How Scammer tried to Hack my Bitcointalk and how to Protect yourself? (https://bitcointalk.org/index.php?topic=5173531.0) | By dkbit98 (https://bitcointalk.org/index.php?action=profile;u=1410401)
Protecting Your Account (https://bitcointalk.org/index.php?topic=5266445.0) | By LFC_Bitcoin (https://bitcointalk.org/index.php?action=profile;u=379487)
Privacy at risk using mobile phones. Not only Bitcoin-related.  (https://bitcointalk.org/index.php?topic=5184282.0) | By fillippone (https://bitcointalk.org/index.php?action=profile;u=1852120)
Why it’s important to avoid telling everyone about your crypto holdings (https://bitcointalk.org/index.php?topic=5254941.0) | By 1miau (https://bitcointalk.org/index.php?action=profile;u=2143453)
Cyber actors are now targeting Tor exit nodes to perform SSL stripping (https://bitcointalk.org/index.php?topic=5268039.0) | By cryptomaniac_xxx (https://bitcointalk.org/index.php?action=profile;u=2789889)
Archive.is has stopped supporting Brave Browser (https://bitcointalk.org/index.php?topic=5268599.0) | By witcher_sense (https://bitcointalk.org/index.php?action=profile;u=1433865)
Hacked and Changed Email addresses Account using Yopmail accounts (https://bitcointalk.org/index.php?topic=4679777.0) | By Swenna (https://bitcointalk.org/index.php?action=profile;u=1118745)
Using Disposable Email Address to Prevent Spam (https://bitcointalk.org/index.php?topic=5272327.0) | By ImThour (https://bitcointalk.org/index.php?action=profile;u=2775128)
2FA-Recovering your KYC Google Auth Keys. (https://bitcointalk.org/index.php?topic=5271271.0) | By condoras (https://bitcointalk.org/index.php?action=profile;u=740502)
[SECURITY | GUIDE] How to protect your wallets and private keys (https://bitcointalk.org/index.php?topic=4360427.0) | By Nestade (https://bitcointalk.org/index.php?action=profile;u=134226)
Password Spray Attack vs Brute Force Attack (https://bitcointalk.org/index.php?topic=5277679.0) | By Jating (https://bitcointalk.org/index.php?action=profile;u=763588)
Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses (https://bitcointalk.org/index.php?topic=4601535.0) | By Lafu (https://bitcointalk.org/index.php?action=profile;u=805820)
How to lose your Bitcoins with CTRL-C CTRL-V (https://bitcointalk.org/index.php?topic=5190776.0) | By LoyceV (https://bitcointalk.org/index.php?action=profile;u=459836)
Hacker blackmailing me and ask for money. Did you also get this email? (https://bitcointalk.org/index.php?topic=5278364.0) | By sujonali1819 (https://bitcointalk.org/index.php?action=profile;u=961008)
Privacy, ways to protection (https://bitcointalk.org/index.php?topic=5280274.0) | By Charles-Tim (https://bitcointalk.org/index.php?action=profile;u=2776678)
Guide and advice for new Users before you Download anything from the Forum (https://bitcointalk.org/index.php?topic=5167236.0) | By Lafu (https://bitcointalk.org/index.php?action=profile;u=805820)
Report Malware and Suspicious Links here so Mods can take Action ! (https://bitcointalk.org/index.php?topic=5182222.0) | By Lafu (https://bitcointalk.org/index.php?action=profile;u=805820)
A hands-on lesson on why you should check PGP fingerprints! (https://bitcointalk.org/index.php?topic=5225902.0) | By nullius (https://bitcointalk.org/index.php?action=profile;u=976210)
[Eng: Tutorial] PGP Signature - Encrypt/Decrypt message - Fingerprint (https://bitcointalk.org/index.php?topic=4059348.0) | By mdayonliner (https://bitcointalk.org/index.php?action=profile;u=1432468)
[GUIDE] Disposable Email Address for anonymity (https://bitcointalk.org/index.php?topic=5226359.0) | By Jawhead999 (https://bitcointalk.org/index.php?action=profile;u=2578892)
Crypto security: Passwords and Authentication (Livestream -aantonop) (https://bitcointalk.org/index.php?topic=5297349.0) | By Andreas Antonopoulos (https://www.youtube.com/watch?v=m8jlnZuV1i4)
Hope people that give out personal address safe? Ledger wallet users' attacks (https://bitcointalk.org/index.php?topic=5302132.0) | By Charles-Tim (https://bitcointalk.org/index.php?action=profile;u=2776678)
Bitcoin security and privacy (https://bitcointalk.org/index.php?topic=5312045.0) | By Charles-Tim (https://bitcointalk.org/index.php?action=profile;u=2776678)
{Warning}: Many 2FA hardware are vulnerable to attacks (https://bitcointalk.org/index.php?topic=5309112.0) | By Baofeng (https://bitcointalk.org/index.php?action=profile;u=984384)

All of the below were compiled from the Security section of Beginners & Help Encyclopedia (https://bitcointalk.org/index.php?topic=5364418.0) by Ratimov:
multi-chain blockchain ecosystem is risky (https://bitcointalk.org/index.php?topic=5380387.0) (by _act_)
Why it’s important to avoid telling everyone about your crypto holdings (https://bitcointalk.org/index.php?topic=5254941.0) by 1miau
So how safe is Tails when using my hardware wallet or online accounts (https://bitcointalk.org/index.php?topic=5238949.0) by 20kevin20
My network is not your network, crosscheck before sending funds! (https://bitcointalk.org/index.php?topic=5375737.0) by Accardo
Be careful of INFLUENCER REVIEWS (https://bitcointalk.org/index.php?topic=5164440.0) by adekogbe
Wondering why account are hack or stolen? HTTP VS HTTPS (https://bitcointalk.org/index.php?topic=5223819.0) by akirasendo17
[Wiki] An Informal Introduction to Plausible Deniability (https://bitcointalk.org/index.php?topic=5276381.0) by AlcoHoDL
Crypto criminal activities. (https://bitcointalk.org/index.php?topic=5278638.0) by Alucard1
Ways to prevent Cryptojacking ,hacking etc. (https://bitcointalk.org/index.php?topic=5224239.0) by Asuspawer09
Newbies beware of influencers -they might not know it all/it's can go wrong- (https://bitcointalk.org/index.php?topic=5266530.0) by BIT-BENDER
Dangers and Risks for Beginners (https://bitcointalk.org/index.php?topic=5274373.0) by Bitcoin_bullish
There is more that meet the eye (https://bitcointalk.org/index.php?topic=5321628.0) by Bravehash
Some potholes to avoid in every website (https://bitcointalk.org/index.php?topic=5387715.0) (by Cookdata)
Your stupidity is opportunity for scammers! (https://bitcointalk.org/index.php?topic=5134017.0) by COOLCRYPTOVATOR
Network security for beginners (https://bitcointalk.org/index.php?topic=5008860.0) by cryptolord2077
Why looking for a crack software version is dangerous, specially for crypto user (https://bitcointalk.org/index.php?topic=5279123.0) by cryptomaniac_xxx
For Crypto Users: Reasons why we should not download pirated softwares (https://bitcointalk.org/index.php?topic=5256363.0) by cryptomaniac_xxx
Do not use any note taking apps for recording your crypto keys and password (https://bitcointalk.org/index.php?topic=5285432.0) by cryptomaniac_xxx
[GUIDE] Keeping your crypto secure: DOs and DON'Ts (https://bitcointalk.org/index.php?topic=3834677.0) by cryptosec.info
Don't auto Save your login details (https://bitcointalk.org/index.php?topic=5228492.0) by CryptoYar
Tor browser Bitcointalk members read this (https://bitcointalk.org/index.php?topic=5375940.0) by dkbit98
Beginners Guide to Security and Privacy (https://bitcointalk.org/index.php?topic=2804153.0) by encryptedmind26
Dust Attack, what it is, why it is dangerous and how to prevent falling to it (https://bitcointalk.org/index.php?topic=5175238.0) by fillippone
Security tips for beginners (https://bitcointalk.org/index.php?topic=5039099.0) by gron88-05
Greediness could make you prone to these Hacks or Phishing attacks. (https://bitcointalk.org/index.php?topic=5083831.0) by Harkorede
Just because It’s on GitHub. It doesn’t mean it’s safe> (https://bitcointalk.org/index.php?topic=5139034.0) by hugeblack
A case against using Avast (https://bitcointalk.org/index.php?topic=5221236.0) by jseverson
Identity Security: A Newbies' Priority (https://bitcointalk.org/index.php?topic=5384625.0) (by KingsDen)
Mapping the crypto fraud landscape (https://bitcointalk.org/index.php?topic=5114955.0) by koshj
Guide and advice for new Users before you Download anything from the Forum ! (https://bitcointalk.org/index.php?topic=5167236.0) by Lafu
Double Check Bitcointalk Username Before Download or Invest to Avoid Virus/Scam (https://bitcointalk.org/index.php?topic=5194839.0) by masulum
[Guide] How To Stay Safe From Scam Advertising When Use Search Engine (https://bitcointalk.org/index.php?topic=5202226.0) by masulum
[Security Awareness] Online payment transactions. (https://bitcointalk.org/index.php?topic=5188746.0) by maxreish
Save your crypto, Disable WPS! (https://bitcointalk.org/index.php?topic=5120386.0) by mikeywith
Are you using a Public DNS server? your coins are at risk ! (https://bitcointalk.org/index.php?topic=3458297.0) by mikeywith
Officially visit websites & download apps, not fake ones. (https://bitcointalk.org/index.php?topic=5259689.0) by OcTradism
Security for Beginners (https://bitcointalk.org/index.php?topic=4661920.0) by opg777
Be careful of shitcoins (https://bitcointalk.org/index.php?topic=5257046.0) by Oshosondy
Don't buy steemit accounts from others, buy it officially and legally (https://bitcointalk.org/index.php?topic=4961756.0) by r1s2g3
Don't send your personal data to anyone in PM (https://bitcointalk.org/index.php?topic=5376671.0) by Ratimov
Certificate of Incorporation- what it is and why it shouldn't be trusted! (https://bitcointalk.org/index.php?topic=5189932.0) by Rikafip
How to protect yourself from fake giveaways. (https://bitcointalk.org/index.php?topic=5222603.0) by ScamViruS
Cryptocurrency Attacks To Be Aware In 2021 (https://bitcointalk.org/index.php?topic=5351556.0) by Shamm
Newbies Avoid complacency adhere to guides lines (https://bitcointalk.org/index.php?topic=5127010.0) by Sharon121212
Be careful of BTT account impersonation On and off the forum (https://bitcointalk.org/index.php?topic=5172105.0) by Sharon121212
As the price rises so should our sense of security rise (https://bitcointalk.org/index.php?topic=5142119.0) by Sharon121212
Important, Beginners should know !!! (https://bitcointalk.org/index.php?topic=5291676.0) by skarais
Newbies attention. Don't get trap yourself with greed. (https://bitcointalk.org/index.php?topic=5222628.0) by sujonali1819
Newbie Tips - How to check SHORTLINK safely ? (https://bitcointalk.org/index.php?topic=5185856.0) by terizla
Basic security guide (firewall, backups, antivirus..) - not only for beginners (https://bitcointalk.org/index.php?topic=3319747.0) by testbug
Guide on avoid red tags by supporting already known scam projects (https://bitcointalk.org/index.php?topic=5104083.0) by tranthidung
Fundraising threads on behalf of COVID-19. Don't trust, verify. (https://bitcointalk.org/index.php?topic=5243353.0) by tranthidung
(Beware) on Fake Screenshot Details (https://bitcointalk.org/index.php?topic=5137416.0) by yazher
Credential Stuffing Attack (https://bitcointalk.org/index.php?topic=5269353.0) by Yogee
[PSA] DOUBLE-SPENDING SCAM - WHY CONFIRMATIONS ARE IMPORTANT (https://bitcointalk.org/index.php?topic=5206513.0) by YourNeko
Newbies, don't be naive (https://bitcointalk.org/index.php?topic=5373312.0) by Ratimov
Meet bots asking you for otp (https://bitcointalk.org/index.php?topic=5370626.0) by libert19

All of the below were compiled from the Privacy section of Beginners & Help Encyclopedia (https://bitcointalk.org/index.php?topic=5364418.0) by Ratimov:
How to stay private when using Android (protonmail blog (https://bitcointalk.org/index.php?topic=5211207.0) by bitmover
Let's talk about Privacy (https://bitcointalk.org/index.php?topic=3210982.0) by bitmover
Bitcoin Privacy - How easy it is for someone to find all your wallets addresses (https://bitcointalk.org/index.php?topic=5186216.0) by bitmover
Differences between anonymity & privacy (https://bitcointalk.org/index.php?topic=5344652.0) by BlackHatCoiner
Privacy, ways to protection (https://bitcointalk.org/index.php?topic=5280274.0) by Charles-Tim
Privacy enhancing strategy on centralized exchanges possible? (https://bitcointalk.org/index.php?topic=5343100.0) by Charles-Tim
Privacy is not a crime, learn to do it yourself (DIY) (https://bitcointalk.org/index.php?topic=5381402.0) by Cookdata
A Treatise on Bitcoin and Privacy (https://bitcointalk.org/index.php?topic=5271127.0) by fillippone
[Education] Bitcoin Privacy and Anonymity (https://bitcointalk.org/index.php?topic=5229148.0) by Husna QA
[Tips and Information] Privacy and How to Stay Anonymous Online (https://bitcointalk.org/index.php?topic=5201482.0) by Krislaw
Privacy while making use of Bitcoin (https://bitcointalk.org/index.php?topic=5365797.0) by Nathrixxx
While using bitcoin there should be privacy (https://bitcointalk.org/index.php?topic=5260157.0) by Oshosondy
A few thoughts on privacy (https://bitcointalk.org/index.php?topic=5363117.0) by zasad@

You've done a great job bringing these important threads together. For a new forum user this list can be a great way to learn how to stay safe in the crypto market. And to stay safe in the crypto world, a crypto user must need to know about Cybersecurity.

So I think it is important to add Cybersecurity and Privacy board, to educate crypto users more about Cybersecurity and privacy.

And that's not even counting the discussions about cybersecurity/privacy - these all resemble "howtos", the kind of stuff you'd make tutorials out of.

There are enough threads here to make a small board out of. Even when you consider that many of these threads have been made recently, you could still fill at least 2 pages with these topics.

That has me questioning whether we can justify the subboards of a cybersecurity and privacy board at all. Perhaps volume will be the same as other boards if we just combine everything together into one board?

A good topic naming convention like [Tutorial] and then a sticky post linking to all tutorials will help keep the one board organized. It's not a bad idea to create a sub board for tutorials either. Definitely more thought could be put into the way the boards are arranged/which sub-boards are created to fit in topics. The more I think about it, a tutorial sub-board is probably a good addition. I'll put some more thought into some ideas for board structure again soon.

I totally agree. Thank you both for your words, and support!

I believe now we've just got to start pinging @theymos / sending him PMs, especially linking to that huge compilation of threads that would fit in this board.. ;D
From the 'Sceptical Chymist saga' (https://bitcointalk.org/index.php?topic=5427457.0), I learned that he just has to be reminded a bit more frequently about such kind of stuff... 0:)


Personally, I expected fewer threads, and was banking on the creation of such a board inspiring more discussion about the topic. But apparently, boards that I visit less frequently, are already filled with privacy and security topics, so that's even better.

In my opinion some more thought needs to be put into this as a community (like into the board structure) so that Theymos is able to visit here and easily implement what we all agreed on or at least have a clear idea of what we have all discussed. I suppose PM'ing him is something to do soon though.

I know that theymos likes to see existing threads, and then make a section for it. I respect that, but I know for a fact that having a security section would encourage users to talk more about it, and personally because I'm very passionate about the subject, I'd be all for experimenting with it, and seeing how it does. I mean we have the serious discussion section which is the only other section I'd be interested in maybe posting about security related topics, but then that section isn't very active anyhow. Plus, it prevents some users from participating which I don't really want to do.

There's actually a lot of discussion about security, but they can fit into other sections. Something about wallets for example, is going to go into the appropriate wallet section, since that would be the better fit. Even, if we did have a security section, it would still go into the corresponding wallet section.

Bumping this topic with some updates to the OP.

I added suggested pinned topics for two boards.

Board structure suggestion
[Main Board] Cybersecurity & Privacy: Discussions and questions about cybersecurity and privacy
[Child board] Education: Tutorials, guides and informative topics that help teach improving cybersecurity and/or privacy
- Suggested pin topic: Topic [tagging] etiquette to distinguish tips, tutorials, information, etc. For example [Tutorial] for a detailed how-to, [Tip] for a tip/hint, [Information] for increasing knowledge.
[Child board] News: A board structure like the Bitcoin Discussion > Press section that contains dated threads about news/press relating to cybersecurity/privacy
- Suggested pin topic: Enforced [date tagging] etiquette to create a date/timestamped board structure, like the Bitcoin press section.

I also updated the bottom of the OP with a list of those who have expressed support for the proposal, ordered by merit (if I missed anyone, let me know!). Quoted below:


I think that this suggestion is just about ready to be sent to theymos. The poll results validate this as does this amazing list of shown support. Before I do, I would like to make the process for adding this board as easy as possible and for the suggestion to be as elaborate as it can be. If anyone has further suggestions before I send the PM, please let me know. I plan to send the PM off tomorrow after making any updates based on anyone's' suggestions for further improvement.

For the record: the fact that I Merited a post doesn't (necessarily) mean I agree or support the post. It means I think the post is worth reading.
In this case: I wouldn't be against a privacy board, and considering how many topics you've listed, I'd probably spend some time reading there.

Understood. I made the heading a bit more appropriate in this case:

It is good to hear that you would make use of the board in any case. May I add this as a quote for post support or just leave it as-is? Your support would be quite influential I believe.

I hope not :P If I can't convince people with facts, I don't want to do it with my opinion.

Ah, I mean in the eyes of theymos...Your name on top of the fantastic support list already would be a nice cherry on the sundae to potentially help bring this to life! In reply to what you said though, in no way should that list sway a forum members' opinion. It's purely there to show the great support so far and to help the final decision when/if that time comes.

I am not sure if you are forcing my hand, but many folks already likely realize that I have difficulties committing to certain kinds of things, and from my perspective sending merits does not necessarily indicate support (nor understanding of the ideas being discussed), even though for me, I send merits for posts that either seem to raise interesting points or maybe I believe that a certain amount of work/effort went into constructing a post (but who knows with ChatBots these days?), but I don't necessarily agree with or support the posts that I merit, merely because I merited them.

I will say that substantively I am getting more and more won over by the idea of having some kind of separation and categorization of security/privacy type issues, and part of the reason for my inclination towards supporting such ideas in general is that it does seem that some security/privacy separation/categorization may well stimulate better thoughts into those areas to make some of these concerns more presentable and user-friendly to normies (and even for more technologically-oriented folks to present their ideas in more normie-friendly ways.. not sure if that would be an argument for better organizing/separation or just keeping the security/privacy topics intermingled through the forum?) - even though frequently security/privacy seems to overlap with a vast number of topics already, so it is not like security and privacy is not being discussed..

And, of course the direction of the poll of members at the top of the thread seems to show that members are not really against it, and no one seems to really be arguing against it.. but does that lack of argument against it mean that it is needed or preferred to have it incorporated?  

I have not even thought through the topic well enough beyond just what I believe to be common sense and off the top of my head considerations that the main argument against it could be that there could be some concerns that some security/privacy comes through obscurity of the methods and those who choose to jeopardize security/privacy (the hackers) could be benefited from the existence of such organizing of privacy/security categories, so in some sense we (normies) can be advantaged when we don't say how we are storing our cornz or how we are maintaining our privacy (to the extent that we really are accomplishing any of that very well?).... so in some sense, I am not really opposed to the ideas of security/privacy through obscurity nor ideas that if it is not broke, then why fix it?..

...but at the same time, I appreciate that I may well not realize what I am missing in terms of aspects of the organizing of information on the forum until I see it (and sometimes I get scared or rolled over by some of the technological area of discussions, even though I try to have some participation in those areas and consider and understand some of those kinds of discussions too, to the extent that I might be able to grasp some of the core ideas being shared).. so in the overall sense of this topic, I don't even have strong feelings (even though I did vote "yes" in the poll.. of still a relatively small number of folks in the forum, really), even while I had been feeling (in the one month existence of this thread) that I should send merits to many of the seemingly brilliant (or otherwise provocative) discussions/posts taking place in this thread.


How come LoyceV (you fuck) always says things better than this here cat?   hahahaha

Awesome post. Sorry if it came across as forcing your hand  ;) I made the title more appropriate after LoyceV mentioned it:


I won't respond to the whole post (I like the train of thought though) but I will answer this part. I think that whether it is needed or not depends on the user. I am sure a lot of users are vulnerable while a minority would be considered adequately secure. I think this minority could help tip the scale, at least for this community. So I guess to an extent, it is needed? I suppose only those who feel/know they are secure would say otherwise.

loyce and jjg, you two saved me a bunch of typing, thanks! as i too also will merit posts i may not agree with as long as the post is presented well.

i do support a security board though and would spend time there. but my support means nothing lol

One thing is for sure, it worked! All that's missing is ETFBitcoin saying something...  ::)


Thank you for quoting me, but among all these people, I am the least likely to have influence.  :-X
But I got the idea. The idea you want to convey is that several users, in some way known, would appreciate this type of board.



EDIT
I remembered a topic I created some time ago, which might fit into this category:
https://bitcointalk.org/index.php?topic=5392035.0

If you find it appropriate, it's one more for the list. (I pass the ad.)

IMO this topic definitely should also cover trade-off between security, privacy and convenience.


I hereby announce that i support creation of "Cybersecurity and Privacy" board on bitcointalk.org.

You are all very modest. Individual support grows the collective support. The more, the merrier! I would not say it means nothing and from an outside perspective. I'd even say some of you may be under estimating yourselves, as "nothing" in a collective effort is a definite under estimation and arguably no one is little! In my opinion anyway  :)

I'll be sending the thread to theymos soon as it seems input has reduced significantly and there does not seem to be new feedback. Let's hope for the best!

Not that this is too important, but:
JayJuanGee loved your post and analysis. thank you for the input! To add to the OP, your post is so long and I am not sure what to snip or whether or not to count anything as personal support. So I'll just leave it be for the time being but included a link to input.
LoyceV I suppose not being against it is not necessarily supporting it either, so I just left that quote in the section it was.

Thanks for the posts guys.


Added to OP, thank you!

I haven't been overly active on here outside my main project thread in a while but this is an initiative I am happy to support. I've been in education for ages and would be happy to help condense some of the threads on best practices and attack vectors, particularly on anything that applies more or less across btccodebase altcoins as well into doodle vids or other simplified media should this get approved.
This is also something that would add immense value to a lot of speculative mining communities as they are frequently the low hanging fruit to get targeted.

Great to hear another so-far unmentioned sector that is directly related to Bitcoin and could benefit from this board.

As of this message, a PM was just sent to Theymos requesting a review and some feedback!

Let's hope for this idea to become a reality 8) I am excited to start posting there!

My concern is that "cybersecurity" is far too broad for Bitcointalk, there must be better places to find this information. "Privacy", however, is (in my opinion) severely underrated.

I would concur, though it's hard when it would be in the same section as Politics & Society...I don't think there is a topic/board that could ever be as broad as that. I guess another way to put cybersecurity the strength of your infrastructure/system on a network and operating system level. Privacy is the next layer after the network layer. Things become a little harder to understand on the cybersecurity layer though that is one of the main points for it to be included.

While privacy prevents data exploitation, prying eyes etc, it's not enough/almost redundant for one to just be private. One should be at least to the minimal standard, secure as well. Security prevents things like losing funds, accounts being hacked, even prying eyes that privacy measures otherwise wouldn't cover.

I'd like to post ideas / thoughts and discussion about security-related topics relating to Bitcoin wallets (hardware & software) and nodes, attack vectors, attacker models, advantages & disadvantages of certain options and such. Of course, I can go to https://security.stackexchange.com .. but I like it here! ;)
That place is also more about questions & answers, no real place for discussion. And obviously it is much broader (not tied to Bitcoin / cryptocurrency)..

There is no doubt it's well on the broad side but if it's kept to bitcoin/altcoin relevant points I don't see any harm in it. Also very frequently privacy and security go hand in hand, as for most users security without privacy/obscurity isn't attainable.
Looking at the more positive side of things, there are a lot of people on here who are happy to share and have some very teachable moments.

If it's within the main Bitcoin sections, then it shouldn't be a problem. Since, the section it's in, takes precedence. Although, I'd agree, cybersecurity is actually limiting the threads that could pop up. Security & Privacy is just much better, since there's also physical security, and we'll forever be plagued with privacy issues. For example, there's a thread out there investigating companies for selling data, and this sort of thing will always be a threat. There could be companies looking to sell a product, but ultimately catering their business to collect data on Bitcoin users.

So, there's a ton of possibilities if you name it "Security & Privacy" or something along those lines, but ultimately it's in the main Bitcoin section. Therefore, should be limited to Bitcoin related topics. Physical protection of backups, installing software related to Bitcoin, and splitting your wallet up into multiple virtual machines or physical devices all come to mind.

I suppose physical protection of backups or software relating to Bitcoin could go in the wallets section. Security offline is a bit more about common sense, and would open up discussion to things that might not be entirely relevant. All of a sudden you will have a board with too-broad of a topic range. If it's limited to cybersecurity and privacy, at least these fit in the realms of "digital"/"cyber". Talking about using devices i.e anything that involves "cyber"/"digital" devices to store backups and protecting these, that's fine, as at least there's a digital element involved, or in other words there is a technical level that can be taught. Protecting a paper wallet from physical intrusion on the other hand, that can go in the wallet section (as it already does). That's my 2 cents anyway.


Since it would be in the Other category, we shouldn't limit posts about security/privacy just to Bitcoin/altcoins. Both are vital aspects of being safe online, being safe online should be the ultimate goal rather than topics strictly related to keeping your coins safe. The symptom of being safe online means that your coins should be safe too.


Right. We shouldn't be saying "there are other places to discuss this" as a reason not to introduce the board anyway. Like you said, we like it here; we like the format of the forum, the people, and their brains!

---

So far, no response from theymos unfortunately guys. I guess no news can sometimes be good news though! Maybe it's in the works  :-X

Maybe he's on holiday ;) so wait for a week or so and "Quote" the PM to him again in another reply. I had to do that like twice in order to get bitcoincleanup.com a factoid.


I also agree that the name of the board should be "Security and Privacy" and not cybersecurity, so long as the topic has something at least marginally to do with crypto.

I'll be sure to give it another try at another stage!

I don't fully agree with Security and Privacy. I understand the point and that physical security is still important...should we really want to deviate away from a specific focus on digital security, and introduce physical security to be mixed in with this board though? It feels like it would become a bit of a wide-range mess after some time. I feel like being physically secure is more subjective anyway...it's not difficult/is mostly common sense to maximize physical security in comparison to keeping a computer system safe in this day and age, in my opinion.

The point is that those who cannot behave safely in their daily lives are unlikely to act safely online.

Now, I don't think it makes sense to mix things up either. This is an online forum and what you are supposed to do is help people to behave safely online.

Also, physical security changes a lot from country to country and city to city. A person's sense of physical security in New York must be different from one in Barcelona. What is physically safe in Texas can be very different in Maimi.

Therefore, the focus should not be on physical security, which is very variable but on online security, which is the same worldwide.

I think 'digital' is implied when talking about 'security' in the context of privacy and Bitcoin. There may be one or two interesting topic ideas about e.g. ways to physically secure seed phrase backups against thefts or something, and I wouldn't report them as off-topic, even if the board was called 'cybersecurity', to be honest.
So, both names are fine for me.

I wouldn't say so. Similar to what joker says, I suppose that the default interpretation of 'security' would be different for everyone. You're right, there would be interesting topics on this subject to do with backups, seeds, etc. I think they wouldn't be reported as off-topic but instead moved to the Wallets board as they relate to this most, and most posts about this already reside there. Aside from protecting your seed/private keys, there is not much else that is actually related to Bitcoin in terms of physical security that isn't wildly off topic in my opinion, and all of these topics would probably fit better in the Wallets board than they would in the 'cybersecurity' board.

If we welcome physical security posts generally with the intention that it will relate to bitcoin, I believe it would open up the avenue for people to talk about things like personal/home surveillance, setting up these tools, protecting yourself in the street, etc. Not that there is anything wrong with it, but again, I feel that it is wildly off topic. The board name would kind of allow it too...since the board will be generally named 'security and privacy'.

TLDR: Cybersecurity links to bitcoin because low cybersecurity = more risk to your coins. Privacy is in line with Bitcoin ethos. Physical security? It doesn't really fit outside of protecting offline storage/keys/seeds, all of which can be discussed in the Wallets board.

Despite the poll slowly gaining some new positive votes, the request seems to be stagnant. So far there has not been an official response from Theymos. I have sent another PM as of this message in the hopes for some feedback!

That's a good idea, we definitely need Cybersecurity and Privacy board, it will attract not only bitcoin enthusiasts but other people who are looking for enhanced security.
To be honest, we need structured WIKIs in each section too. For example, have a look at the wiki of buildapc subboard: Planning on building a computer but need some advice? This is the place to ask! (https://www.reddit.com/r/buildapc/wiki/beginnersguide/#wiki_.26lt.3B_wiki_index)
If you read and follow steps on this WIKI, you will understand what to consider when building a pc, when and where to buy components, how to assemble it and even more.

It will be amazing if we create similar wiki about bitcoin development, economics, etc. Since this thread is focused at cybersecurity and privacy, imagine how good it will be to have wiki on bitcointalk that will cover the information about:
1. Linux distros like TailsOS.
2. Browser Privacy
3. Tor and VPN
4. Information encryption including messages, videos, files, disk, etc.

If we create Cybersecurity and Privacy board with sticked Wiki thread and ombine all the information in Wiki thread, this will enlighten more people and will truly do amazing job for society.

Right on, very much with you on the wiki idea! I can't speak for the other boards but I am very sure that wiki(s) would naturally arise after the boards creation. Privacy is kind of limited as to how much you can know and apply, but Cybersecurity is extremely widespread. I can visualize a ton of information with this addition.

I am still very excited every time I see PowerGlove's snapshot of where the board might sit. I hope that it becomes a reality.

Attention, not overdoing the PM.

Sometimes these things take some time to have an answer. So we really have to wait with patience.  ;)

Definitely not over doing. I've only sent two PM's and I probably will not send another. Other supporters can in the future if they really feel like it :) I won't annoy him anymore ;)


Gave that a shot!...

Though on this day of March 06, 2023, we still have no Cybersecurity & Privacy board  :-\

I will support this idea of creating cyber security and privacy board since cybersecurity is a necessity these days. Most of us take security forgranted and embrace it only once we are hacked or experience any cyber security breach. All of us can contribute to cybersecurity according to our knowledge.
I recently cleared 'ISACA Cyber security' exam and can help ( to best of my knowledge) who is trying to pursue ISACA certification in cyber security.

I want to support this request, it is a subforum in my opinion useful for grouping these news or articles that have no place at the moment
in the end it seems like a sector destined to remain with smart working which has now become a normal thing

I'll ask him myself. It seemed to work for me last time.

Great to see some more support! Congratulations on passing your exam WatChe. It sounds like you would be one of the many assets to the board if it were to be added 8)


Hopefully we get some feedback :) I hope that that new "no" vote was not him! If you receive any response, let us all know :D

Thanks a bunch.

Defiantly I will be there on cyber security board once it's created. Getting new board these days is not easy, we are also trying to get a local board for Pakistani community and thread is there but no success so far. But we are fully motivated and will keep reminding the administrator about our request. Same is required to create a separate thread for Cybersecurity. We may not get that in a week or two but keep this thread active.
https://bitcointalk.org/index.php?topic=5430735.0

Bump.

Never forget this request.

Since the demise of ChipMixer, users have begun to question lately about whether or not it is a wise move to participate in mixing signature campaigns, and if there are any risk to users who are being paid to have these services in their signatures around the forum, such as in this thread:
Participating in Mixer Signatures (https://bitcointalk.org/index.php?topic=5446802.0)

BitcoinTalk staff were allegedly asked not to promote these services, raising more cause for concern:
staff were asked to stop advertising mixing services (https://bitcointalk.org/index.php?topic=5446803.0)

Additionally, recent news has exposed that an unknown person or group (dubbed "LinkingLion") may be collecting IP addresses from Bitcoin nodes/users (https://bitcointalk.org/index.php?topic=5446855.0).

If the Cybersecurity & Privacy board were added, I would be almost certain that there would be a bountiful amount of knowledge and resources that would allow people to reduce their fears and take comfort in the measures that they are taking to keep their privacy from being compromised. The reasons for adding this board are only increasing by the day and I could bet that it would soon become a necessity if we want to help to assist the (unfortunately) wider, currently unaware/uninformed portion of the community in upholding their anonymity and privacy.

Theymos, enable us to increase our online armor and to help do the same for individuals who are otherwise vulnerable by adding the Cybersecurity & Privacy board!

---

This is a rather older article that I stumbled across recently however I believe that it highlights the shift from being a victim of deception (controllable by common sense, experience, reduced naivety, skepticism and/or wisdom) to being a victim of hacks - which is controllable only with exposure to knowledge. The majority of people don't have access to accurate information without looking for it, which is what I hope the Cybersecurity & Privacy board here on BitcoinTalk would achieve!

Source: https://edition.cnn.com/2022/08/16/tech/crypto-hack-rise-2022/index.html
The good news: Significantly less people are falling for ponzi schemes similar to BitConnect than in 2017:
The bad news: Over $1.9 billion has been hacked or stolen from protocols and users during the first 7 months of 2022

Some more validation of the need for the Cybersecurity & Privacy board below.

---

As of March 2023, ransomware attacks are increasing
Source: https://www.ghacks.net/2023/04/22/ransomware-attacks-record-march/

Basic cybersecurity measures can very easily prevent the threat of non-targeted ransomware.

---

GDAC hot wallet hacked for $13 million

List of some recent exchange hacks: https://www.hedgewithcrypto.com/cryptocurrency-exchange-hacks/

The end-user could have easily prevented their exposure to centralized exchange hacks by not using them altogether or keeping their coins off-exchange unless they need to use the exchange (last resort, many alternatives out there nowadays).  

---

Some other non-crypto hacks in 2023 where the end-user may have been able to reduce their exposure if they were taking intermediate to advanced privacy measures:


How risk for the end user could have been mitigated:
- Don't upload personal/sensitive information where you don't need to (why on earth would you upload a drivers license/ID card to these companies anyway?)
- Use non-identifiable information and a pre-paid debit card to make purchases, if possible.
- Don't trade your identity/privacy/payment information for convenience.


How risk for the end user could have been mitigated:
- Using PVA's to create a ChatGPT account in conjunction with a VPN/Proxy to make the data less/non-identifiable to the chatGPT user.


How risk could have been mitigated by the end user:
- Using a pre-paid debit card solution separate from the main bank account would allow the user to easily disable access to funds without effecting day to day life.



How risk for the end user could have been mitigated:
- Using a privacy-friendly, disposable email with non-identifiable information for the activision account to make the mistake of the employee of no concern for the end-user.


How risk could have been mitigated by the end user:
- Don't use paypal (there are many alternatives that serve the same purpose out there)


How risk could have been mitigated by the end user:
- Using offline encryption methods on external storage to protect passwords instead of using supposedly "encrypted" and "secure" cloud storage services


Source: https://tech.co/news/data-breaches-updated-list

Its good to see the crypto community getting matured and not falling to ponzi schemes anymore. Its time may be for ponzi schemes to change there strategy as existing ones are no longer getting success. On the other hand the community should be ready for new wave of frauds/ponzi.


This is an inherit feature of Bitcoin and can never be fixed. The weakest link in digital security of every entity is the human link. As long as humans are willing to make some mistakes, the hacking business will continue to exists. 

Ponzis that aren't ponzis, aren't ponzis (if that makes sense :)). The strategy can't really be changed, just the face of it. They should change their strategy to just building legitimate products!


The non-refundable nature of transactions will never be fixed, sure, but that is not a downfall of Bitcoin nor is it a digital security issue. Strengthening each human link is one of the motivations toward the Cybersecurity & Privacy board. The more people that learn, the more people become strong enough to resist attacks. Even web administrators and smart contract developers could benefit from the cybersecurity part of the board. It might not be something that can be completely eliminated (unless security innovation beats hacking innovation) however it can be significantly be reduced...especially when you think about how many users still use flawed Microsoft and Apple products over how many people know about let alone use Linux.

On April 30 2023, Avirunes received a loan from shasan and was reportedly hacked of the whole amount lent (0.015 BTC, approx $450 USD market value) (https://bitcointalk.org/index.php?topic=5450708.0). The hack shows a lot of similarities to the situation that occurred with julerz12 (https://bitcointalk.org/index.php?topic=5433643.0), Avirunes was likely to have been infected with malware that was able to either grab the secret/seed phrase of the Electrum wallet, or sweep/send from the electrum wallet to the hackers address.

If the Cybersecurity and Privacy board was added any time in the last 3 months after the situation with julerz12, maybe a post there (such as one explaining and emphasizing that all users should be using Linux over Windows) may have prevented the OP from being hacked.

The Cybersecurity and Privacy board is becoming imperative for the safety of BitcoinTalk users as two incidents have now effected and caused damage to the BitcoinTalk economy.

---

Update May 01, 2023:
- Updated OP to include one call to action and necessary information relating to the request. Also cleaned and improved the look and layout of the thread for cleaner reading.
- Move past calls to action into the second post

That's very unlikely to happen. I wrote this years ago:
A more realistic suggestion would be to use a hardware wallet, but both julerz12 and Avirunes knew that already.

You've referred to one sentence in a thread that is out of sight for a lot of the time. A detailed, well reasoned thread giving reason and proof as to why Windows is so dangerous paired with a detailed guide to switch to Linux might help to persuade those who are still using it to make the transition. A detailed thread would provide the ability to ask questions about making the change, inform people about why Windows is so dangerous and push them much more toward making a change. If this request is never attended to, I'll go ahead and make the thread myself. Though I would be much more motivated to post it in a section where it belongs instead of a board that anyone who doesn't consider themselves a beginner to Bitcoin itself (a lot of bitcointalk members I am sure) would never read.

I thoroughly believe that if this board was introduced around the time julerz12 was hacked, which was one of the prompts for this request, this guide would have been posted by myself or someone else and it is very possible that the scenario with Avirunes have a chance of being avoided.

If people don't change behaviors, these problems will continue to arise! It doesn't matter what OS you use or whether or not you have a cold wallet, if your online browsing attitude continues carelessly, you may have these or other problems. Of course, using a more secure OS or using the cold wallet more may be less exposed to problems, but what really makes the difference is the overall behavior.

How are we going to change behaviors? This is difficult, but we are trying and warning.

You're right, however this post would be most accurate pre-2020's and just minding behavior (no matter how vigilant) is not entirely enough. The advancement of threats in the last couple of years has grown exponential. As I highlighted on Avirunes thread, attacks such as Reverse shell attacks (https://www.techtarget.com/searchsecurity/tip/What-reverse-shell-attacks-are-and-how-to-prevent-them) can compromise your system just by you connecting to a website that might not even seem malicious. In this case, it is actually imperative that you're using a secure OS or else you are exposed at all times, even if you are using Windows and behaving with pre-existing knowledge and taking precautions. The fact is, Windows is absolutely not the OS to use for day-to-day activities let alone crypto activity, where coins can be very easily stolen.

My point being - We are at a stage now where minding behavior such as not downloading unknown files and blocking inbound connections via firewall are simply not enough. More steps are needed to prevent vulnerabilities from being exploited. It should be noted that this discussion only talks about cybersecurity as well, covering the base of privacy too is an entirely new discussion in itself.

The site asks for a login, so I can't read it. If what you're saying is true, that's simply ridiculous! How is it even legal to sell an OS that can get compromised from visiting a website, and why is the manufacturer not liable for that?

That's odd. No login required here.

Microsoft are too big to fail. Their operating system is recognized and used by most of the western world. When it comes down to user safety versus profit, Microsoft will choose profit. While the responsible thing to do at this point is to terminate Windows and build a new operating system from scratch, Microsoft won't take this kind of action. The same thing is happening to Apple, however it's harder for the user to see it happening and the age old "apple can't get infected" myth is still believed by the wider users of Apple products.

You are right in terms of business and security. I'm not even going to debate that point.

But, back to the same thing, to start this type of attack, the user will need to have at some point something that exposed him to the situation. Many still continue to use pirated OS, continue not to perform updates, not to mention using pirated software. If the person does not meet the basic requirements, no matter what OS he uses, he will be exposed to the same kind of problems.

basically, this. i am truly amazed at how many people run pirated software, and no matter what the OS you will get compromised doing that.

as for the OS yeah linux etc. ive run it. but i still run windows for 90% of my daily driver stuff. as it generally does what i want it.

consider: i have run windows and the same btc wallet (core) since literally 2011 and its run 24/7.  winxp, win7, win10. all running 24/7 with wallet.dat and core and connected to the net 24/7 also. i just move the 2011 wallet.dat to the new install/upgrade when they happen.

AND guess how much ive lost to malware/virus/ransomware: IN 12 YEARS OF A HOT CORE WALLET IN WINDOWS,. ZERO NOTHING NADA ZILCH NEGATIVE

so yeah linux is inherently  "safer" but even windows can be configured to be pretty close.

security all comes down to the person. rarely is it ONLY the OS thats the security problem..

just my observations over 12 years in the space, and certainly not to be taken as The Only Way To Do It., so have fun tearing my "security" apart.

btw i use hardware wallets and paper wallets for my main stash, core and my phone have spending amounts.

38 votes for versus 4 votes against - theymos, let's have that cybersecurity board now. :)

That sounds like survivor bias. Many people have never lost their coins, but that doesn't change the fact that many others did lose their coins. I've never needed my seat belt, but that doesn't guarantee I won't need it in the future.

True. But it can help a lot. I'm not installing Wine to run Windows malware.

And that's how it should be :) As long as you can afford losing it, there's nothing wrong with using hot wallets.

funny you mention seat belts. i wear mine. but not for when i get hit although that reason is a pretty up there. but i wear them mainly to stay in the drivers seat when doing "stupid vapourminer things" like drifts, catching air in the favorite "how high can you get road jump" and stuff like that. as it sure does help still being in your seat to regain control when finally back on 4 wheels. so not sure if thats a good analogy? but off topic so..

survivorship bias is a thing thats for sure. as im living proof with all the seriously serious stupid things that i done lived through that a few friends didnt. RIP my some of old buddies.

anyhow i certainly dont advocate rolling with windows for security stuff for the general peeps with coin. but my results does go to show that if one is careful (and luck has a bit to do there too) you can be fairly safe.

gonna have to get my CP/M rig up. hack THAT

Of course, any of us who are sharing some of our coinholding arrangements run some risks in terms of perhaps describing our set-ups, and many of us recognize some value in terms of security through obscurity (even though that might not necessarily resolve some weak security practices either).... such as leaving your pass word in one room and your device in the other room, so it could be likely that for 10 years, no one even saw the two devices and put the matter together that they could have become richie at your expense.. but no one looked or asked... but still not a good practice for when the more cunning, observant, and perhaps dishonest person comes into your space.

For sure, if you invite an attacker or even tell the attacker that there is something of value present, then that would likely cause you to become more of a target, and depending on the sophistication and/or determination of your attacker, you may have to increase your security practices by magnitudes - merely because you drew attention to the matter.

I have had several occasions that I went on walks and did not lock my door, and even went to bed without locking my doors - and nothing happened in terms of my losing belongings or my getting attacked in my sleep. 

I remember a pattern of occasions from about 15 years ago, in which my car (in a carport) kept getting broken into, but part of the problem was that I had continued to forget to hit the lock on the alarm key.. so the fact of the matter was that it kept getting broken into by mere handle testing of some passerby.. and I am not even sure if it was the same person.. but I am sure that there were some occasions in which not too many valuables were taken, and there were other occasions in which I was saying "oh shit, I wished that had not gotten taken from me."

I suppose some of the folks who might use a variety of ways of "securing their coins" might be more free to describe their various security practices, and surely sometimes there still might be needs for someone to actually physically visit before writing down your seeds on a note pad becomes an issue, in the event that no one ever visits you (who knows that your seeds are written on a notepad).... or other people who visit you and know that the seeds are written on the notepad do not really know how to use the seeds... or how much value is associated with the seeds.. even if they were to take possession of the seeds... for sure with the passage of time, more and more people are learning about what seeds are, why they are important and how to potentially use them  - once they got their hands on some seeds.

https://www.mememaker.net/static/images/memes/4866489.jpg

bit OT but where i lived back in the day you just left the car doors unlocked all the time and never left stuff in it overnight. otherwise peeps would bust a window anyway just to open the doors a search.

so let em open it and look. see? nothing here for you. maybe they will even be extra polite and close it after.

Highly unlikely that creating a board in forum would prevented anyone from getting scammed (unless he is actually active in that board).
I saw multiple posts explaining how to protect against stupid scams like this, and I have been advocating switching to Linux OS everywhere in forum.
After taking a quick look at Avirunes post history I can see that he is writing majority of his posts in Gambling section, so new Cybersecurity and Privacy board would have literally zero effect on him.
I am not against creating this board, and I would probably be active there, but let's try to be more realistic with your assumptions.

Most people wear them just to avoid getting a ticket from police for not wearing them  :P
Imagine government and police care so much about people lives, this must be some parallel dimension.
In the same time you can drive buses, trains without seat belt as a passenger just fine, this is like using centralized exchanges that are perfectly ''safu'' for a ride  :D

I said yes to this idea. Already, Bitcoin is facing a lot of attacks by scammers and those who are against it. Considering the fact that this is a more effective Bitcoin discussion community in which Bitcoiners and all newbies can still be guided without falling victim to some scams, I think this board is really necessary to be added because if it's created, it will contain all the other threads about security that you have listed out instead of being scattered across different threads. If not for how you listed all of them out, I really could not find anything up to the level of the helpful thread you provided (thanks for that).

The only reason why people still are inclined towards Microsoft and Apple is because they don't wanna leave there comfort zone (everyone is comfortable with Next, Next and Finish). Though Linux flavors like Ubuntu are as easy to use as any other Operating system like Microsoft or MAC, there is lack of awareness among people about Linux ease of use and what additional features it is offering. I have Ubuntu 22.04 installed on my laptop for almost a year and it offers everything one can do on Microsoft or MAC and really cool thing is I don't have to install any anti virus here.

It amuses me a bit to read about the various N=1 anecdotes, misconceptions and semi-truths in the last few pages alone.. ;) Only strengthens the argument for a 'Cybersecurity and Privacy' board on the front page, though.

OS choice would definitely be a fun first topic. Just a short TL;DR: it's not as clear-cut as 'Linux > Windows' or 'Everyone should use Linux on the Desktop'; neither is 'Linux unhackable and does not require antivirus' nor are you 'guaranteed to lose your BTC on a Windows / Mac machine'.

Anyways; any progress on the board? Changes / suggestions? Feedback from @theymos?

Let's not turn the board into an r/linuxmasterrace sub.

It's funny how people always argue Linux is a good replacement for Microsoft, but never the other way around ;) I am indeed pretty sure many Windows-users could switch to Linux, but not many Linux users could switch to Windows.

Sorry :( Let's say it's a free bump for the topic :) And a bit on-topic too: people's personal preferences make up a huge part of their system's security, and even if they want to change it, it's going to take a lot of time to get used to new ways. Something as simple as setting up a decent password manager took me hours when I made the switch, but once it's working, it doesn't take more time than my old "system" (and it is actually more convenient).

This is not entirely true with reverse shell attacks. In fact, all it takes is to visit or load a resource from a website (as this requires the user to establish an outgoing connection to it) and the vulnerability becomes opened. For those who browse and visit new websites immensely from their Windows environment, they are exposed to the vulnerability. The only way to stop reverse shell attacks is to monitor all outgoing connections, which means screening each and every website that you visit before you visit it. This is next to impossible for the average user. The vulnerability is also open to anyone using Windows, whether they are using pirated software or not (though of course from a general standpoint, pirated software is by default more vulnerable than what licensed software is)


I definitely agree that using pirated software opens the end user up to a wide array of additional vulnerabilities. Pirated software used to be great, however the tables have definitely turned in the past few years. Unless it's for a very temporary and insensitive usage, there's little to no upside for using pirated software other than the cost savings.


You are definitely on the lucky end of the spectrum and it makes me curious as to the details of your usage. It has been reported that XP, Vista and Windows 7 are vulnerable almost as soon as they are deployed. The more you browse, the more you download, the more you are susceptible to vulnerability.

It should be noted that being infected does not necessarily mean that you lose your crypto. Some infections are limited to accumulating data about your usage, activity, etc. They might not actually have capability to take your clipboard, track your keystrokes, grab your files, etc.

Since you've mentioned that you only keep spending amounts in core and on your phone, do keep it that way. It is possible that there is simply not enough value for anything to be executed at the moment....though as soon as you receive a large amount in core, that will be another story.

Stay safe and congratulations that you're still able to use XP and 7 without issues. I loved both of those pieces of software in their hayday!


Firstly, It should be noted as well that Avirunes was not scammed. He was hacked. These are two entirely different things. Cybersecurity and Privacy can't help you in a scam, as being scammed is more to do with your own personal judgement than anything else. Being hacked is more to do with cybersecurity & privacy than it is to do with judgement (judgement is still a factor, but not the primary factor).

Secondly, how can you assume someones activity in a board or whether or not someone will read the content within a board before it is even created? Let me put a scenario out for you to validate what I had said earlier about if the board were added, it may have possibly prevented Avirunes situation:
- theymos announces "Cybersecurity & Privacy" board opened.
- People view this thread not just because of the title but also because theymos made the post.
* This alone would not be enough for active users even to view the board and the content within? Furthermore,
- This board is already full of ways to improve your security and privacy, prompting many users to learn, ask questions and implement strategies to increase their 'digital armor'

I am sure that Avirunes, like many other members of the forum, would read the board and the content within if it were created and theymos announced it. Whether or not they implement the security strategies are both up to how well the content within it is written, how easy it is to follow and how much the user values their security and privacy. That is something that neither you or I can assume.


Since there is no Cybersecurity and Privacy board, how can anyone measure whether anyone would participate in that board, or read the undoubtedly valuable content within it? Saying that it would have literally zero effect on him is an unrealistic assumption.


I maintain that the creation of the board would increase the chances of Avirunes being able to prevent what had happened to him.


As said above, being scammed and being hacked are two different scenarios. It is unlikely that your cybersecurity or privacy level will prevent you from being scammed if your judgement is poor. Judgement is the primary factor as to whether you are scammed or not.


You are totally right. The general assumption is that "Linux is unknown and therefore I will not know how to use it" however this is far from the case. Most distributions are entirely usable and their layout is quite similar to that of Windows. There are some distributions that are even designed just like Mac and Windows to make the transition easier. This is something I'd love to highlight if the board were to be added.


In a normal world, or pre-2020 I'd agree with you. The Windows software itself is the swiss cheese of software. I have experimented with securing Windows deployments and no matter what you do, it is not possible to achieve complete cybersecurity and privacy with this software. You can achieve an adequate level of cybersecurity, however at a severe cost of functionality and usability. Not to mention that this is a task that is not for the beginner.

Unless you are staying within the mainstream confines of the web, using a vpn, have taken basic firewall measures, using licensed software and not trying a range of new software/visiting a large amount of websites, then Windows only becomes more vulnerable the longer you use it. Linux on the other hand allows you to take less measures to increase your security further than Windows ever can quickly, and the attack surface is much lower.

Of course I admit that my bias is from my experience, as someone who has played around with securing and pentesting Windows. Maybe people have different experience. Maybe my definition of being secure is at a different standard to others. Maybe I know more, or maybe I know less. Either way, I will end this reply that in my opinion, Windows is inherently insecure and almost impossible to make secure and private, Linux can be made secure and private with ease, therefore (in my opinion) it is as clear-cut (from a cybersecurity and privacy standpoint) that Linux > Windows :P


I've sent two PM's, no feedback. NotATether has sent a PM or more also I believe, no feedback. No feedback on this thread either unfortunately. Hopefully one day there will be! I will be the first to report back if I ever receive feedback about this request.

Who ever thought it was a good idea to give a web browser this kind of power? Let me guess: "it's so convenient"....

Paranoid as I am, I run my Tor browser as a separate user. It's an easy way to separate access for different programs, but it's annoying when I need to access a downloaded file in another program. Qubes OS takes it a step further, separating everything into it's own desktop environment.
I haven't used Windows in a while, so I don't know if it's possible to use different programs running as different users at the same time. If it is, at least your browser can't access your other files anymore.

First: I'm biased :P
Second: just compare online installation instructions. Windows: "download, pay for access, install, click here, click there, click click click". Linux: "copy this text, press Enter" :P I know which one I find easier.

The amount of power that they have in this day and age is ridiculous to say the least. Why there is not a basic browser with minimal capability that is kept up to date with security patches is something that I wonder every so often.


This is great. This would have taken some time to get used to but it goes to show how secure you are because you are openly able to talk about your strategy. I'm yet to master Qubes and ideally, I'd like to take a similar approach one day. For now I do have a solid desktop environment that is a good balance between convenience and a good standard of security and privacy. Enough to be able to browse and talk (seemingly) freely!


It's funny because a lot of people would prefer the way of Windows...click and paste less, pay for convenience, click next next next and install. Linux is really not that inconvenient, just like you said it's really just copy and pasting text - If that. Some distributions have made the process just as easy as windows.

It all comes down to awareness in my opinion. If people were aware that Linux is much simpler than it sounds, I'm sure they'd make the change. I hope the board is one day added to highlight this among other facts like this.

I am one who could not switch back to windows. The main reason I have already mentioned i.e. you can use Ubuntu for years without installing AV or any fear of getting infected with Viruses. There is a saying about Linux, "Linux is also user friendly OS, its just picky about its friends"



Even if you are new to Linux then there is so much online support available for Linux flavors like Ubuntu. You can find solution to any problem you are facing while using Linux. Plus Linux has been built in a way that it adds a security layer which is not present in other OS like Windows.

While I agree with you about not being able to switch back to Windows, it should be noted that using Ubuntu out-of-the-box without a fear of being infected is not a sure-fire way to remain safe. There are still vulnerabilities that come with Linux, and recommendations to fix those. There are also great adjustments and tweaks that can be made to increase security.


Agreed! There is plenty of online documentation as well. Most of the time, you won't even need to create an account anywhere or ask questions...a lot of questions that would come up are already documented far and wide around the web from others who have been using Linux. The greatest thing about Linux and its distributions is that a lot of answers for other distros can also help in the one you are using.

Guys, our proposal is probably going to be denied if we turn this topic to a cybersecurity and privacy mega-thread.  :P

To me the main reason is privacy. Microsoft is known to not share the same ethics as I do. I think now in Windows 11, you're being surveilled even in the last corner of your filesystem. That, and the fact that in comparison with stable linux distributions it's worse security-wise, it is enough for me to avoid it.

I have been using Linux solely as computer OS for over a year, and I now more find it less complicated than Windows. It's all about what you're used to.

If we turn this thread into a cybersecurity & privacy mega-thread, I would be almost certain that the replies would extend over 1000 quite quickly :P I agree with you that we should save the discussion for when the board is added, though it is good to see that there are members who are eager to have the discussion. It only validates further that we need this board!.

Timely reminder that a Privacy and Security board would be a very useful addition to the Bitcointalk forum.

I voted in favor of the creation of the proposed board as a place for newbies and experts to share good practices for security and privacy. New users are likely not patient enough to thoroughly search the forum or maybe are simply too lazy for it. There is a lot of valuable information all over the forum, but it is nicer to have the request's addressed topics more or less in one place.

I support this request!

Bump

I was looking for such a board here just yesterday. I constantly have these types of questions, often involving btc stuff , and so rarely does it fall under GMax’s & Achow’s tech boards.  Neither have the time to discuss my simpleton questions anyhow I’m sure.

I do a lot of research stuff on scams that’s for the community here (mainly collectible related) , but Im constantly running in to questions in this realm (when is it okay to accept cookies, what browser is best for what, how to more efficiently search for connected websites, is it okay to use my phone for this or that or should I be on a secured PC  etc etc).  

I could google this stuff right?.. I have no idea if what I research is legit info or a well designed ad or some idiots blog that does a good job at boosting themselves on google searches…But I know forum members like Loyce (for example) are knowledgeable Mr Robot types often willing to  help others like myself.  

Someone like yourself is exactly who we'd aim to help, with replying to topics including questions and by creating topics which answer the questions to begin with. Unfortunately right now, there is no place to discuss centrally which is why we are hoping for the board to be added. I do welcome you to PM me any questions though and I will answer in my spare time as best as I can.

No javascript, blocking third party cookies & clearing all cookies automatically after each session, using private search engines (like duckduckgo and startpage), and using Tor are some quick tips to help for this purpose. Desktops are more secure than phones by default. How secure you need to be really depends on your threat level (who are you protecting yourself from?)

You can...though it's kind of counter-intuitive, especially if you are using google. Private search engines are a lot better. A board here would save you a monumental amount of time though.

It is generally advisable to do your own research at first and ask concrete questions after some base knowledge has been acquired.

Somewhat according to the StackOverflow 'How to Ask' (https://stackoverflow.com/help/how-to-ask) guidelines.

For instance, you could search with a web search engine (like Startpage or DuckDuckGo - while we're on the subject of cybersecurity / privacy related recommendations) at first, try to understand whether any recommendations found there are plausible, and if there is still uncertainty, post your question in a forum.

It helps dramatically to help someone who already has a base understanding of their problem.

But yes; collecting information like this in the context of Bitcoin was one of the core ideas for this board.

For those interested in a community vote withing a structure thread, see Community Vote: Add "Cybersecurity & Privacy" board to Bitcointalk.  (https://bitcointalk.org/index.php?topic=5462155.0)

This should strengthen the chances of what is being requested being understood quickly, and gaining more official votes from members.

In the meantime, a nice stat to see 7 months on from the initial request:

As of this post, "request v1" poll achieved 90.7% consensus in agreement that the board should be added.

I think we should be proud of that as cybersecurity & privacy advocates! The request v1 poll will remain open, no need to close it. More votes are still welcomed.

I voted yes, I consider cybersecurity an integral part of everything related to computers and the Internet, so it is natural that there is a section dedicated to security in the forum because we use computers, the Internet and mobile phones in all our dealings with Crypto.

Frankly, I was surprised, since I registered in the forum, why there is no section for security and protection, and I remember that I asked this question, but I did not receive a good answer.

Personally, I consider cybersecurity and privacy the most important part of my knowledge in Crypto, because if you do not learn how to protect your assets well, as well as how to maintain your privacy, you should leave the field better.

Thanks for opening this thread. I voted YES

I consider myself less techie when using the Bitcoin and related instruments. Such as software and hardware wallets. On top of that it is also risky when we are involved with the exchangers, trading on daily basis and that needs movement of crypto currencies from one wallet to the other. Above all, it is also increasing trend that we are using various mixers and it could get as risky as we use external resources to save our identity in the world of Bitcoin.

I think keeping ourselves informed all the time about various instruments mentioned above and not limited to them can help someone save their hard earned money.

In this section we can also discuss about other security threats that may or may not be directly involved with the Bitcoin alone. For all of the reasons mentioned here, I vote Yes.

Too right. I am too surprised that there is no central discussion point for security and privacy. As you said, they are integral keys to safety on the computer, mobile device, internet and in the world of blockchain and cryptocurrency.

I hope all of the support and efforts eventually bring this board to life!


Hey, great post. Thank you for the insight into your reasoning, I fully agree with you! We all appreciate the vote in the poll, though do be sure to also look at the community vote! (https://bitcointalk.org/index.php?topic=5462155.0)

Call to action

Have you casted a vote in the unofficial community vote for a cybersecurity and privacy board?

If you haven't, it is now very easy to cast a vote. All you need to do is state your position on the topic, and either quote a member who you agree with for your reasoning, or share your opinion!

Cast your vote here (https://bitcointalk.org/index.php?topic=5462155.0)

I'm confused, why is there a community vote happening for this? Is this what theymos suggested? To me it seems completely unnecessary.

I don't understand the need for 80%+ consensus either. Either there will be enough users to use that board or not, and already 50+ people voted Yes for it with 90% support. To me it seems pretty simple. You either create the board or not and assign a mod to move the topic into it. Takes a few hours at most. I'm not criticising you for this, I appreciate the initial proposal, I'm simply questioning the long-winded process.

What is the threshold of interested users for a board to be instantiated? I assume there're no fixed numbers. Are there clear rules? I don't think so, maybe except that you have to prove somehow the interest of users and benefit for the forum. I also quite understand the reluctance of the admins for such a request. On one hand you don't want to fragment the forum into meaningless little corners, on the other hand the forum is for the users, not for the admins.

This request should not go forgotten! We are at a state around the globe where governments and cyber security departments are struggling to protect citizens data (that they're not probably already selling to corporations within their nation anyway!)

What can we do?

Support the proposal.
- Vote here in the poll
- Make an official post in the unofficial community vote (https://bitcointalk.org/index.php?topic=5462155.msg62650130#msg62650130)


80%+ = appropriate consensus level.

Good question about the long winded process. The reason is that the more expression there is, the more input, the more grounds to add the board. The poll vote is great except it's too easy and simple to vote, it encourages herd mentality imo. An unofficial voting thread with nothing but reasoned votes has a lot more weight.

I think there must be a separate board for emerging technologies like cyber security, Artificial intelligence, data sciences etc. Technologies will be kept emerging with time and there is not a specific place where we can ask or contribute about new emerging technologies.

Here is a small contribution from my side about a cyber security certification from ICS2. You can get training material and first attempt free of cost. After you clear exam you can  pay 50$ to claim your certificate.
CC - Certified in Cybersecurity by ICS2 (https://bitcointalk.org/index.php?topic=5466993.msg62854953#msg62854953)

When I started BTC was worth  6 bucks back in 2012.

There were times I could mine 0.001 of the entire network in my garage.

Basically 21gh against a network of 21 th.

My power costs was 10kwatts an hour.

To mine 0.001 of the network today I would need 400ph that is 4000 s19 units burning 12000 kwatts an hour.

so the power cost to mine 0.001 of the network has increased 1000 fold

21 th to 400eh is 190000 fold the hash power..

This directly relates to security for the network.

also the cash value in 2012 was maybe 60 million

and the cash value now is 560 billion an increase of 9000 fold in value.


all of the above mean secure handling of your coins is a must.

I like DaveF idea of putting it as a head liner in bitcoins discussion .

While I can never tell if PytagoraZ is trolling or not (which makes him my favorite troll), there is actually a good point within this post.

Talking about security does lead to discussion about exploits, discussion about exploits might make the people curious for the wrong reasons (even though hacking is an elaborate skill in itself, and generally isn't something that you get an idea about and go and do).

We don't want to inspire hackers, but inspire patches, fixes and defence against hackers! I think this should be prevalent in the boards ruleset to help it flow through the board itself.

One rule that PytagoraZ has inspired me to think about is (very roughly) outlined below:

What other ideas for rules do you all think we should discuss for the board if it were to be added? I am surprised we have not discussed this one yet!

It's the first post I read from him and I feel like you're giving him too much credit. It is so badly written that one can barely understand what point he is trying to get across.

Furthermore, if his point is that by talking about computer security, you could motivate or educate someone to do bad stuff with this information, it basically boils down to the 'security by obscurity' fallacy.
It is beyond debunked and dumb, especially in this case where so much information is already out there. This board will always only be able to contain a subset of the computer security knowledge that is freely available for everyone online. In fact, bad actors have even more information that is hidden / non-public, so actually the best thing we can do to counter that is to openly talk and discuss possible threats, loopholes and vulnerabilities and implement measures that protect us from them.

I am against such a rule. If you find a serious security issue, you will submit it for bug bounty or sell it on the exploit market anyway. If you publish it here instead, someone else will do that and it will be fixed by the manufacturer. Plus, it informs users that this issue exists and they can come together to find a band-aid solution for the meantime.
More information is always better than less information, in my opinion.

To me, it's clear that he has no idea what he is talking about so I wouldn't take this 'No' vote too seriously.

I apologize for quoting more than I would usually do, but I want to emphasize the context that I'm trying to reply to.

I don't believe in the flawed idea of "security by obscurity" and in my opinion that's what PytagoraZ reasoning is asking for. That doesn't work and protect people. It's like sticking your head into the sand like an ostrich and hoping the predator doesn't see you, too. It is necessary to address issues that can lead to exploits publicly. A robust scheme is the concept of responsible disclosure. Things that are established in the computer security scene of white hat hackers. Of course I'm aware there're black hats out there. Fixing bugs and issues and applying better practices is what protects you from them, not sticking your head into the sand and hoping for the best.

Forum rules already address malware posting and similar nefarious activities, though there's probably not a sufficiently specific framework of rules if we get a cybersecurity section. Establishing a good framework here should be discussed, latest when we get a cybersecurity section which I sincerely hope we do. @theymos: please!

Edit: I just realized this is a different thread. I thought my vote had been deleted  ;D


Sorry, I'm not good at English so my writing is probably very bad.

So in my opinion, if there is a board about cybersecurity then the discussion in it will be about hacking cases, the methods used for hacking, and how to secure wallets. I think the discussion will discuss how hackers get information, the code/script used, how malware works, etc. This will indirectly reveal how a hacker works, so that from here people will know how to hack and know what to learn in hacking

I know that there are many benefits to these boards if they are available but there are also many dangers in them. I honestly wouldn't mind if this board existed, although I would prefer it not. Security questions can be asked in the wallet section and I'm sure no one will ask about "how to hack a wallet", but the question is "how to secure a wallet?"

If there is a cybersecurity board then there is likely a discussion of "hacker A breaks into site Y with type X malware method". In the discussion, we will discuss how hackers break into sites, how malware works, etc. I think the discussion will focus on hacking (both security and hacking)

That's reasonable and I completely agree with your point.

I suppose the positive that came out of this series of posts is a new line of discussion that hasn't yet been covered: rules

I doubt this is why theymos hasn't yet added the board, or maybe it is? Either way, let's keep making his life easy do that there are no excuses for the board not to be added.

Any suggestions for rules/rulesets for this board anyone?

I think we can should call it "Guidelines" for the board, instead of calling them "rules", after all rules are same across the forum.

- All topics/ posts must directly be related to cybersecurity and privacy.
- Respect the privacy of individuals. Do not share personal information, and do not engage in discussions that compromise the privacy of others.
- When discussing potential threats or vulnerabilities, be cautious not to provide detailed instructions that could be misused.
- Encourage and share best practices for online security and privacy.
- Recent cybersecurity news, trends, and developments are encouraged.
- Back up your claims and recommendations with credible sources or references (avoid spreading unnecessary fear or misinformation)
- Do not post clickable links to suspicious or potentially harmful websites.

I think you're absolutely correct, and that those guidelines are a terrific baseline to work with. I will put some more thought into this when I have had a coffee :) Nice work!

If anyone else has ideas for guidelines to add on top of shahzadafzal's post, do go right ahead. I think that this is one of the few things (maybe, the only thing) that will make life easier for theymos if/when he decides to add this board, other than moderators, which I am sure many highly reputable members in this thread would put their hand up for with passion!

It seems too hasty to create rules before the board is available, or perhaps you would also choose a board moderator?

But whether there is a board or not is not really a problem for me. There are just a few things I want to write about here

1. A security board without discussion of hacking is superficial.
2. Bitcoin is a financial system, malware is an attack on computers
3. With the existence of special security and privacy boards, the security of Bitcoin is questioned and its privacy is also questioned or we simply consider it unsafe.
4. Without a discussion of hacking then the discussion will only be:
a. how to secure your wallet
b. use Linux OS to be safe
c. use a mixer for privacy
d. don't trust KYC and AML
e. use a hardware wallet
f. etc, the discussion will be superficial and only about that

Or maybe people who agree with this board have a general idea of ​​what will be discussed there?

We're talking about guidelines and there is nothing wrong with discussing.

The board only seems like it will be superficial for you as it seems like your knowledge is superficial as well, given your points from 2, 3, and all points in 4. Which are all not accurate, purely opinion. As posted earlier, there are already hundreds of threads that can fill the board, when you take into account current events, new cyber security/privacy measures, vulnerabilities, etc. and how that landscape continually evolves, it will continue to be populated with new content. The content will definitely span further than what you've posted in point 4 and sub points, though even these topics can go much deeper than what you've posted. I

The best way for me to describe the problem with your posts (now that I understand that you're serious and not trolling) is with a quickly thought metaphor.

What you are saying is possibly comparative to saying to a biologist "I have a body, why talk about it unless we're talking about disease that could kill me" - and completely disregarding the complex immune system within the body, which learning about might protect from disease.

It's not 100% comparative but I'm sure you understand what I mean. Things are only seeming superficial to you, because you believe that there is nothing to cybersecurity and privacy...however, there is a lot to it and the landscape is always changing (for better and worse).

Yes, as I said before, I don't know about cybersecurity. However, in my opinion, if there is a board cybersecurity but does not discuss hacking, it will be very superficial . I am sure there are members here who are competent on this matter, but on the other hand, talking about hacking is also very dangerous. Can you explain/exemplify the discussion that will occur on the board?

Honestly, I don't mind if this board is available and there may be many benefits in it, I just have a different view and the dangers that may arise from this board. Hopefully you understand and we have different points of view to discuss so as to produce a comprehensive analysis

It is likely not needed to present hacking or malware techniques in such a detail that it could easily be used in nefarious ways. On the other hand it is necessary and beneficial to discuss countermeasures or protections from various possible hacking techniques.

I really don't get your stance of "let's not talk about hacking, because it's gonna be dangerous". Security by obscurity and not talking about it just doesn't work very well. It doesn't help the ostrich to stick his head into sand where it can't see the predator. Most of the ostrich is still visible to the predator and thus easy prey. (I don't know exactly if ostriches actually behave like this...)

I don't think a cybersecurity subforum here will turn out to be a recipe book for script kiddies, hackers and malware creators.

I agree with your opinion. That hacking and malicious malware still have to be discussed and I agree there is no need to discuss it in detail, maybe it is not that dangerous.

Btw, do proposals for new boards usually take a long time to be realized? or if theymos refuse he will give the reason?

There are a few things to think about in reference to whether the board will be approved.

- Is it in the interests of the forum administration and any external forces to enthuse members to increase their cyber shield?
- Does theymos care enough about the cybersecurity and privacy of the forum members to even pay attention to the board?
- Does theymos believe that cybersecurity and privacy is something that should be correlated with Bitcoin?
- How much demand does it take before theymos applies/considers community decisions, and is that even a factor?

These are simple questions to write but much more complex to answer for even theymos himself to answer I am sure.

The fact we have not yet heard from theymos is both a positive and negative sign. It is positive because "no" is not yet a word that has been uttered. It is a negative sign because there is so much approval but not even an opinion to date, which emphasizes the validity of some of the otherwise somewhat controversial questions above.

In the lead up to the next halving, and while the bitcoin and cryptocurrency markets are showing great promise, Cybersecurity & Privacy will be important in ensuring that your hard earned work does not go into any other hands other than your own.

With this in mind, a monthly bump is in order.

Please also be sure to vote in the Community Vote (https://bitcointalk.org/index.php?topic=5462155.msg62650130#msg62650130) if you have not already as well, as a written and reasoned post carries much more weight than just a poll vote!

Be safe 8)

Now that mixers are banned on this forum, the accessibility of the ability to achieve easy on-chain privacy in exchange for a fee has taken a hit. This board will help those legitimately seeking on and off chain privacy to achieve such through the help of their fellow community members.

Theymos. Please take action on this topic. It is more urgent than ever.

I don't think he is going to make another boards. He rarely shows up and only on important matters. Also there are tons of requests, appeals are laying idle that are left unhandled for a long time. I guess you'll have to wait and see, if he ever responses.

This was an important matter, and now it's even more important. If bitcointalk want to remove the ability to achieve on-chain privacy for a fee via custodial mixers, then a new alternative must be put in place in order to allow members to freely and openly discuss other solutions.

Without mixers, and without this board, what exactly is holding up the anonymity/privacy foundation of bitcoin in this board? Notnmuch, outside of various threads that are scatterer and lost in various boards. This board is needed.

This thread was created on Jan 12, 2023 and its almost one year since this thread was initiated. The best thing is to keep it active, so it will remain in the mind of theymos. Already there are many demands for new boards and that may be reason why cyber security board creation is delayed. I am sure it will be approved one day because of its importance.


Training and awareness of humans is mostly overlooked in cyber security domain. That's why attacks keep on occurring due to negligence of humans. One thing must be very clear to all of us that no matter how much advance technology products we use for cyber shielding the weakest link is and will always be humans. For instance, malwares link STUXNET (hitting Iran nuclear program) or POSRAM (hitting TARGET, a general merchandise retailer in 2014) may be very sophisticated but they find there way to destination using mistakes of humans.
That's why its best to train and create awareness among forum member about cyber security.

Keeping it active is no problem, there is constantly a new form of news or threat that comes to Bitcoin and internet users on both topics of Cybersecurity and Privacy. As time goes on, this thread will not only prove a need for this forum, but maybe even a need for a forum or wiki alone just for the topic...if it's not already needed at this point.

I would hope that it would be approved one day due to its importance as you said, however I think that there is an agenda that we are unaware of, that may be limiting the privacy-focused aspects of Bitcoin from being kept alive. I feel like there is a war going on against privacy and anonymity, and Bitcoin is right in the middle of it. I hope that privacy prevails.


I completely agree - and to add to this - if corporations with large amounts of resources can be hacked, one could only imagine how vulnerable the day-to-day user is as well. Awareness and education are a growing need on both topics.

The difference between fiat and Bitcoin is that the later one provides privacy and anonymity. Initially this aspect was ignored but with rise in popularity of Bitcoin now government and its allied agencies are taking it serious. Bitcoin initial concept is P2P electronic cash transfer that does not involve any middlemen like bank. Its very obvious that centralised institutes backed by governments does not want them to be ruled out of this huge financial system that's why they are cracking hard on this aspect of Bitcoin.