Discussion: "Cybersecurity and Privacy" board + Poll (request v1)

[BenCodie]

Voted Yes, not only because I'm one of those idiots who got hacked, but also because it is beneficial to see all security and privacy-related threads put in one place, into one board, rather than scattered all over the forum. Easier for everyone to gather information.
I also like the idea of placing it on Other. That way, it's much easier to notice than placing it as a sub-board of Wallet software. Other is like the middle-ground between Bitcoin-related topics and Altcoin-related topics. Users will be able to discuss security and privacy-related topics for both Bitcoin and the rest of all the Altcoins on it; placing it there just makes sense.

You're not an idiot. If you look at things from a grand perspective, it is the fault of big companies who have opened up these flaws due to their greed, they are the "root idiot" if you will. If they focused more on protecting their consumers and eliminating these possibilities, then we would not experience or have to worry about compromise. I believe that when you are using a proprietary operating system like Windows or Mac OS X, then you should be absolutely protected to the fullest extent and you should not have to even have the slightest bit of worry. Unfortunately though, we don't live in a world where companies care about consumers, so we are left to fend for ourselves if we want adequate enough cybersecurity that will allow us to use our systems in peace.

I think it's now a solid consensus between this thread and the other thread that Other > Cybersecurity and Privacy is the best fit. Now, to build upon the reasoning, find the old topics that fit in the board, find more precedent, compile it all in this thread and get more people on board to make this happen!

[1714670225]

1714670225

[BlackHatCoiner]

You're not an idiot. If you look at things from a grand perspective, it is the fault of big companies who have opened up these flaws due to their greed, they are the "root idiot" if you will.

To which faults are you referring to?

I believe that when you are using a proprietary operating system like Windows or Mac OS X, then you should be absolutely protected to the fullest extent and you should not have to even have the slightest bit of worry.

You can't, because there is no such thing as 100% protection, literally. You should worry when using a computer that is connected to the Internet, and that's why you should take the necessary precautions. You're responsible for your security.

Unfortunately though, we don't live in a world where companies care about consumers

Plain false. If companies don't care about consumers, why are consumers picking them anyway? Companies that are careless with the user experience, go out of business. The fact that most consumers don't care about security or privacy is the root of evil. Companies only follow demand.

[BenCodie]

You're not an idiot. If you look at things from a grand perspective, it is the fault of big companies who have opened up these flaws due to their greed, they are the "root idiot" if you will.

To which faults are you referring to?

All of the flaws you see in Microsoft today are as a result of their own intrusions into user privacy. If they never intruded privacy, and instead focused on providing a secure operating system for their consumers, Windows would not be near as vulnerable as it is today. This is called greed.

I believe that when you are using a proprietary operating system like Windows or Mac OS X, then you should be absolutely protected to the fullest extent and you should not have to even have the slightest bit of worry.

You can't, because there is no such thing as 100% protection, literally. You should worry when using a computer that is connected to the Internet, and that's why you should take the necessary precautions. You're responsible for your security.

As I said, that's not the world we live in:

I believe that when you are using a proprietary operating system like Windows or Mac OS X, then you should be absolutely protected to the fullest extent and you should not have to even have the slightest bit of worry. Unfortunately though, we don't live in a world where companies care about consumers, so we are left to fend for ourselves if we want adequate enough cybersecurity that will allow us to use our systems in peace.

I stand by that providing a secure environment for the end user in an ideal world should be a top priority for an operating system provider especially when they constantly market their products as secure, which they all do.

Unfortunately though, we don't live in a world where companies care about consumers

Plain false. If companies don't care about consumers, why are consumers picking them anyway? Companies that are careless with the user experience, go out of business. The fact that most consumers don't care about security or privacy is the root of evil. Companies only follow demand.

Because most normal consumers have no choice, lack of knowledge, awareness, etc. If potential vulnerabilities or what happened to the normal consumers' information were clearly stated before you booted up the OS in a picture presentation and they were made aware that this could just as easily happen to them than anyone else, do you really think everyone would still be using Windows with no precaution, as so many do? Even julerz did, and he got hacked, but my reasoning is exactly why I think he IS NOT an idiot. The reason this information is not clear unless you look for it, is because Windows want you to THINK you are safe with their "windows defender" and other garbage painted with marketing to make the end user think that they are secure, when in reality their system is as vulnerable as swiss cheese.

[BlackHatCoiner]

All of the flaws you see in Microsoft today are as a result of their own intrusions into user privacy. If they never intruded privacy, and instead focused on providing a secure operating system for their consumers, Windows would not be near as vulnerable as it is today.

Look at the cause. Microsoft is a company, and a company always tries to maximize profit. There is no doubt that privacy intrusion, as long as it's not against the law, is profitable. And not just profitable, but the single most important asset of current Internet companies. If consumers don't care about that, don't expect Microsoft to blame their ethics. They're going to take advantage of it.

Now as for security, it doesn't have to do much with focus, but with another fundamental problem that is inherited in closed-source software, which is smaller group of code auditors.

Because most normal consumers have no choice, lack of knowledge, awareness, etc.

I can acknowledge an abuse, but there are alternatives, such as Linux. If security and privacy was the top priority of these consumers, they'd have already switched years now.

If potential vulnerabilities or what happened to the normal consumers' information were clearly stated before you booted up the OS in a picture presentation and they were made aware that this could just as easily happen to them than anyone else, do you really think everyone would still be using Windows with no precaution, as so many do?

No single person would ever use a service that discredits itself. But, people have already discovered that there are more secure and privacy-respecting software; most just don't care.

[NotATether]

^--- this guy knows what he's talking about.

Because most normal consumers have no choice, lack of knowledge, awareness, etc. If potential vulnerabilities or what happened to the normal consumers' information were clearly stated before you booted up the OS in a picture presentation and they were made aware that this could just as easily happen to them than anyone else, do you really think everyone would still be using Windows with no precaution, as so many do? Even julerz did, and he got hacked, but my reasoning is exactly why I think he IS NOT an idiot. The reason this information is not clear unless you look for it, is because Windows want you to THINK you are safe with their "windows defender" and other garbage painted with marketing to make the end user think that they are secure, when in reality their system is as vulnerable as swiss cheese.

Not to mention that they had *many* different security products, and rebranded each of them with the "Windows Defender" moniker as they were throwing out old products, eg. The original Windows defender (which was just an anti-spyware FTW), then MS Security Essentials, and now whatever is being branded as "Microsoft Defender" is some completely different codebase, as MSE never had any of this stuff. And of course, "Azure Defender" which is just for cloud but who knows if they will port that to PCs as well.

3rd party AVs are not much better though; Norton(LifeLock) getting their password vault hacked again, and previously there was Kaspersky and others also hacked, ... these things are only good for protecting someone who is an actual idiot who clicks on "You Won" pages.

[BenCodie]

All of the flaws you see in Microsoft today are as a result of their own intrusions into user privacy. If they never intruded privacy, and instead focused on providing a secure operating system for their consumers, Windows would not be near as vulnerable as it is today.

Look at the cause. Microsoft is a company, and a company always tries to maximize profit. There is no doubt that privacy intrusion, as long as it's not against the law, is profitable. And not just profitable, but the single most important asset of current Internet companies. If consumers don't care about that, don't expect Microsoft to blame their ethics. They're going to take advantage of it.

Now as for security, it doesn't have to do much with focus, but with another fundamental problem that is inherited in closed-source software, which is smaller group of code auditors.

Because most normal consumers have no choice, lack of knowledge, awareness, etc.

I can acknowledge an abuse, but there are alternatives, such as Linux. If security and privacy was the top priority of these consumers, they'd have already switched years now.

If people were given a choice to have security and privacy over not, then the vast majority would surely choose it. People don't care about it because the reality is that it's too difficult to care about it or there is not enough easy to follow information that allows them to attain it (until the Cybersecurity and Privacy subforum here on bitcointalk, am I right folks?). As for Microsoft being a company, that's why I said that unfortunately we aren't in a world where companies care about the security of their consumers. In an ideal world, this would be a priority of a company offering proprietary software. In fact, I think it would be a responsibility in an ideal world. Again, we aren't in that world. In that respect I am talking (and have been since my original post) from a world that we don't live in.

Because most normal consumers have no choice, lack of knowledge, awareness, etc.

I can acknowledge an abuse, but there are alternatives, such as Linux. If security and privacy was the top priority of these consumers, they'd have already switched years now.

Most average-knowledge users would believe that they are secure using these systems and wouldn't understand the pitfalls of using proprietary operating systems in comparison to operating systems like Linux until it's too late. Then only after being a victim will they look for alternatives and make the switch. It is not inherently their fault either as they are marketed into believing that using proprietary operating system is "secure enough".

^--- this guy knows what he's talking about.

Because most normal consumers have no choice, lack of knowledge, awareness, etc. If potential vulnerabilities or what happened to the normal consumers' information were clearly stated before you booted up the OS in a picture presentation and they were made aware that this could just as easily happen to them than anyone else, do you really think everyone would still be using Windows with no precaution, as so many do? Even julerz did, and he got hacked, but my reasoning is exactly why I think he IS NOT an idiot. The reason this information is not clear unless you look for it, is because Windows want you to THINK you are safe with their "windows defender" and other garbage painted with marketing to make the end user think that they are secure, when in reality their system is as vulnerable as swiss cheese.

Not to mention that they had *many* different security products, and rebranded each of them with the "Windows Defender" moniker as they were throwing out old products, eg. The original Windows defender (which was just an anti-spyware FTW), then MS Security Essentials, and now whatever is being branded as "Microsoft Defender" is some completely different codebase, as MSE never had any of this stuff. And of course, "Azure Defender" which is just for cloud but who knows if they will port that to PCs as well.

3rd party AVs are not much better though; Norton(LifeLock) getting their password vault hacked again, and previously there was Kaspersky and others also hacked, ... these things are only good for protecting someone who is an actual idiot who clicks on "You Won" pages.

+2

[n0nce]

Not sure if one is necessary, as they can pretty much fall under the Wallet software section. https://bitcointalk.org/index.php?board=37.0

On the other hand, such a section would probably be good for things like the LastPass breach, etc which aren't necessarily bitcoin/crypto-related.

We could also talk about cybersec topics outside of only wallets, though. For instance, in the hardware wallet section we sometimes stumble about general (even though maybe related) questions like: 'how (in)secure is NFC' and such, but creating a topic like that just doesn't fit in the wallet section.

We could then also quote and link between topics e.g. if someone asks about the threats of using a wired USB connection with their hardware wallet, link to a cybersecurity board topic talking about USB exploits.

Potentially having a privacy section that's a child of security as they're somewhat related or simply a dedicated Security & Privacy section.

I like this idea! Privacy board going under the Cybersecurity board, wherever that may be placed.

[BlackHatCoiner]

If people were given a choice to have security and privacy over not, then the vast majority would surely choose it.

That doesn't apply here. Focusing on privacy and security or not for a company is orders of magnitude different. It costs more to do so. If people were given a choice to have security and privacy with higher price, I'm sure lots would ignore it.

In an ideal world, this would be a priority of a company offering proprietary software.

In an ideal world, there wouldn't be security, because there wouldn't be cyber attacks either. If that sounds extreme, in an ideal world, people would value their privacy and security more than they do now.

[BenCodie]

If people were given a choice to have security and privacy over not, then the vast majority would surely choose it.

That doesn't apply here. Focusing on privacy and security or not for a company is orders of magnitude different. It costs more to do so. If people were given a choice to have security and privacy with higher price, I'm sure lots would ignore it.

Yes it does cost more for a company to actually focus on privacy and security instead of lying about it, which is why it is lied about instead of actually being secure

I also disagree that people would not pay for security and privacy under this circumstance that it could be opted into for a price. If the theoretical prompt to "opt in" or "opt out" of security and privacy was accurately described in great detail AND if this paid "opt in" was renowned and worked as intended with no doubt, I believe more people would opt in (pay) than not.

In an ideal world, this would be a priority of a company offering proprietary software.

In an ideal world, there wouldn't be security, because there wouldn't be cyber attacks either. If that sounds extreme, in an ideal world, people would value their privacy and security more than they do now.

Yes, in an ideal world all of what I have said about what's in an ideal world and everything you have stated here would be true. Yes it sounds extreme in comparison to the way things are now, but it also sounds like how it should be.

[BlackHatCoiner]

Yes it does cost more for a company to actually focus on privacy and security instead of lying about it, which is why it is lied about instead of actually being secure

I'm not in favor of Microsoft, I don't say they're the best company that fits users' needs most appropriately; it's well known that they're fined frequently. What I'm saying is this: if people cared about stuff such as privacy, big companies would be more careful with it. Less demand for privacy preservation and high demand for personal information from multi-nationals pushes companies to take advantage of users' privacy.

A business is a reflection of the consumer.

[BenCodie]

Yes it does cost more for a company to actually focus on privacy and security instead of lying about it, which is why it is lied about instead of actually being secure

I'm not in favor of Microsoft, I don't say they're the best company that fits users' needs most appropriately; it's well known that they're fined frequently. What I'm saying is this: if people cared about stuff such as privacy, big companies would be more careful with it. Less demand for privacy preservation and high demand for personal information from multi-nationals pushes companies to take advantage of users' privacy.

A business is a reflection of the consumer.

So by the same logic, on a farm; the sheep would control the Shepard?

[BlackHatCoiner]

So by the same logic, on a farm; the sheep would control the Shepard?

I don't understand how you reached to this conclusion. It's obviously a flawed analogy to me.

[BenCodie]

So by the same logic, on a farm; the sheep would control the Shepard?

I don't understand how you reached to this conclusion. It's obviously a flawed analogy to me.

Yes it does cost more for a company to actually focus on privacy and security instead of lying about it, which is why it is lied about instead of actually being secure

What I'm saying is this: if people cared about stuff such as privacy, big companies would be more careful with it. Less demand for privacy preservation and high demand for personal information from multi-nationals pushes companies to take advantage of users' privacy.

A business is a reflection of the consumer.

I agree that less demand from multi-nationals would push companies less to take advantage of user data.

My analogy meant that companies are what have pushed the exploitation of user data and the consumer continues using the product because that is what they are familiar with. Consumers are people with lives, people who have jobs, people who do not have the time and probably can not put enough effort to form as a collective group to boycott a company for exploiting them. People accept being exploited because they do not have anywhere near enough power in comparison to the company in control of the product.

The analogy was about your comments in bold, about the business being a reflection of the consumer and that if consumers cared about privacy, companies would be more careful with it. This inherently isn't true. People do care about privacy and if they were fully aware of the changes over time to how their data was treated and had the power to say no to the way this transition happened, it would not have happened. Your comments said to me that the consumer is in control, and why I said that according to your logic, the consumer is the Shepard and the company is the sheep. In reality though, the company is the Shepard as they are in control of the product, how they conduct their business/how they treat their consumers and the consumers are the sheep as they ultimately have no control over the way the company conducts itself or how the company/its products treat them, and have little practical ability to change how it treats them without sacrificing their livelihoods temporarily/permanently for doing so.

[n0nce]

~

Consumers aren't sheep; they can not only switch OS, but also e.g. use locked-down Windows VMs or dedicated machines for certain software that doesn't run on Linux, as well as spreading awareness of Microsoft's practices and pressuring software vendors to release Linux binaries and pressuring companies to switch to FOSS software that compiles for any machine.

I agree with BlackHatCoiner that if lots of people cared for better privacy in their OS, more would switch, protest or complain, and thus show MS that they need to change their strategy.


Anyhow; this is all stuff we can discuss whenever we get our board. Let's not derail the thread in the meantime...
Let's get in some more votes everybody!

[BenCodie]

~

Consumers aren't sheep; they can not only switch OS, but also e.g. use locked-down Windows VMs or dedicated machines for certain software that doesn't run on Linux, as well as spreading awareness of Microsoft's practices and pressuring software vendors to release Linux binaries and pressuring companies to switch to FOSS software that compiles for any machine.

I agree with BlackHatCoiner that if lots of people cared for better privacy in their OS, more would switch, protest or complain, and thus show MS that they need to change their strategy.


Anyhow; this is all stuff we can discuss whenever we get our board. Let's not derail the thread in the meantime...
Let's get in some more votes everybody!

What percentage of internet users do you think know how to set up a VM or have considered trying linux? My guess is 90% aren't aware of how to set up a VM and also don't know how to use Linux.

I agree that people the majority who care for their privacy would maybe use some software like VPNs, no where near as many would go to the extent of switching their operating systems (again, as they perceive that what they are doing is enough for privacy, despite this perception being wrong).

Those who care about privacy, no matter what level of knowledge they have, would not protest. There are no where near enough people or communities that gather enough people to start a protest and even if so, most know that protesting will not do much, that big tech can not really be stopped at this point and due to the fact that the vast majority of users will continue to fuel data-hungry companies and software due to their lack of comprehension of the subject.

I will agree to stop there unless prompted to respond further.

On a related note, I would love to the person who voted "no" to at least post some reasoning as to why not. Otherwise, the poll and general topic sentiment on both threads are showing a clear positive view on the request. Awesome to see!

[Flexystar]

Security & Privacy section.

That's actually a neat idea. Both freedoms from risk in one board.

Probably one of the few times I'd like to see something implemented not based on demand, but because I think it's somewhat important to understand.

If it doesn't get recognition, I'm not of the opinion that we should impose it (I mean, how could ever do it anyway, this forum isn't run by regular users), but it wouldn't be bad to try it out, and see how it goes.

Also far better considering it does not focus on just special security topics such as Cybersecurity! With the increased involvement of high level coding such as chat gpt, AI is taking over swiftly. It has started now with one goal of making the world far more easier and reliable on AI. However, it will start imposing the security threats sooner than we think.

Security concerns such as this will start flourishing in no time. Its better we have such subforum where pre-discussions, alerts about AI hacks, preventive measures can be discussed prominently. This is must have subforum.

[lovesmayfamilis]

Interestingly, if you skim through the hacker forums, there are always sections on cybersecurity and privacy. It turns out that this is useful for hackers; they have entire sections on how to protect themselves, and a forum that assumes knowledge of how to store your important data so that nothing is stolen from you is not interested in this.
I support your initiative, OP. You have almost begun to cover some useful aspects. It would be helpful to have proper guides from knowledgeable people who can help in a timely manner, rather than scouring the internet and trusting those who might be amateurs in the field of online security.

[Welsh]

Interestingly, if you skim through the hacker forums, there are always sections on cybersecurity and privacy. It turns out that this is useful for hackers; they have entire sections on how to protect themselves, and a forum that assumes knowledge of how to store your important data so that nothing is stolen from you is not interested in this.
I support your initiative, OP. You have almost begun to cover some useful aspects. It would be helpful to have proper guides from knowledgeable people who can help in a timely manner, rather than scouring the internet and trusting those who might be amateurs in the field of online security.

Even though, the vast majority of hackers aren't hackers in the traditional sense, but use programs coded by others, and their security sections are usually quite basic. Whereas, I think given enough effort by certain users here, we might get some real useful information related to security since Bitcoin sort of attracts those sorts of people.

If there was anywhere I'd like to read about security issues it would be stack exchange dedicated to security or Bitcointalk, because of the types of users that are here. I know for one I'd be typing up a few things about security, but I imagine there's some other highly respected users here willing to teach us a thing or two. Potentially, even discussing the specifics of security involving Bitcoin. Technically, we have sections for that now, and there's been a reasonable amount of discussion on it over the years, but I feel having a new section dedicated to it could actually motivate users further to talk about it. Hence, why I'm not against this when you look at the demand.

[yusrime]

The only logical place to put it is within Other

Other -> Cybersecurity & Privacy

best to put it besides Beginner & Help.

Topics like:
Hacking incidents or tutorials on how to prevent them
News about potential wallet exploits and bugs (BTC or Altcoin)
Tutorials about anonymity

I am a newbie but I vote YES with this suggestion.

[DaveF]

Would be good if it was setup like the Bitcoin Discussion > Press section.
This way it could be looked at quickly so people could see if things are going to matter to them.

[2023-01-12] Cisco Warns of Critical Vulnerability in EoL Small Business Routers
[2023-01-11] Dell PowerEdge Server Security Update for AMD Server Vulnerabilities 

And the 1st few lines should have a brief description and links to the appropriate information.

This MIGHT get people to at least scan it to see if there is something about a product that they use.
Otherwise it really does stand a good chance of getting buried on page 7 never to be seen.

-Dave