Topic: Discussion: "Cybersecurity and Privacy" board + Poll (request v1) (Read 3308 times)

Bump...

Why has this fizzled out? These threads would fit better on the new board rather than on Off-topic.

The difference between fiat and Bitcoin is that the later one provides privacy and anonymity. Initially this aspect was ignored but with rise in popularity of Bitcoin now government and its allied agencies are taking it serious. Bitcoin initial concept is P2P electronic cash transfer that does not involve any middlemen like bank. Its very obvious that centralised institutes backed by governments does not want them to be ruled out of this huge financial system that's why they are cracking hard on this aspect of Bitcoin.   

Keeping it active is no problem, there is constantly a new form of news or threat that comes to Bitcoin and internet users on both topics of Cybersecurity and Privacy. As time goes on, this thread will not only prove a need for this forum, but maybe even a need for a forum or wiki alone just for the topic...if it's not already needed at this point.

I would hope that it would be approved one day due to its importance as you said, however I think that there is an agenda that we are unaware of, that may be limiting the privacy-focused aspects of Bitcoin from being kept alive. I feel like there is a war going on against privacy and anonymity, and Bitcoin is right in the middle of it. I hope that privacy prevails.


I completely agree - and to add to this - if corporations with large amounts of resources can be hacked, one could only imagine how vulnerable the day-to-day user is as well. Awareness and education are a growing need on both topics.

This thread was created on Jan 12, 2023 and its almost one year since this thread was initiated. The best thing is to keep it active, so it will remain in the mind of theymos. Already there are many demands for new boards and that may be reason why cyber security board creation is delayed. I am sure it will be approved one day because of its importance.


Training and awareness of humans is mostly overlooked in cyber security domain. That's why attacks keep on occurring due to negligence of humans. One thing must be very clear to all of us that no matter how much advance technology products we use for cyber shielding the weakest link is and will always be humans. For instance, malwares link STUXNET (hitting Iran nuclear program) or POSRAM (hitting TARGET, a general merchandise retailer in 2014) may be very sophisticated but they find there way to destination using mistakes of humans.
That's why its best to train and create awareness among forum member about cyber security.

This was an important matter, and now it's even more important. If bitcointalk want to remove the ability to achieve on-chain privacy for a fee via custodial mixers, then a new alternative must be put in place in order to allow members to freely and openly discuss other solutions.

Without mixers, and without this board, what exactly is holding up the anonymity/privacy foundation of bitcoin in this board? Notnmuch, outside of various threads that are scatterer and lost in various boards. This board is needed.

I don't think he is going to make another boards. He rarely shows up and only on important matters. Also there are tons of requests, appeals are laying idle that are left unhandled for a long time. I guess you'll have to wait and see, if he ever responses.

Now that mixers are banned on this forum, the accessibility of the ability to achieve easy on-chain privacy in exchange for a fee has taken a hit. This board will help those legitimately seeking on and off chain privacy to achieve such through the help of their fellow community members.

Theymos. Please take action on this topic. It is more urgent than ever.

In the lead up to the next halving, and while the bitcoin and cryptocurrency markets are showing great promise, Cybersecurity & Privacy will be important in ensuring that your hard earned work does not go into any other hands other than your own.

With this in mind, a monthly bump is in order.

Please also be sure to vote in the Community Vote if you have not already as well, as a written and reasoned post carries much more weight than just a poll vote!

Be safe

There are a few things to think about in reference to whether the board will be approved.

- Is it in the interests of the forum administration and any external forces to enthuse members to increase their cyber shield?
- Does theymos care enough about the cybersecurity and privacy of the forum members to even pay attention to the board?
- Does theymos believe that cybersecurity and privacy is something that should be correlated with Bitcoin?
- How much demand does it take before theymos applies/considers community decisions, and is that even a factor?

These are simple questions to write but much more complex to answer for even theymos himself to answer I am sure.

The fact we have not yet heard from theymos is both a positive and negative sign. It is positive because "no" is not yet a word that has been uttered. It is a negative sign because there is so much approval but not even an opinion to date, which emphasizes the validity of some of the otherwise somewhat controversial questions above.

I agree with your opinion. That hacking and malicious malware still have to be discussed and I agree there is no need to discuss it in detail, maybe it is not that dangerous.

Btw, do proposals for new boards usually take a long time to be realized? or if theymos refuse he will give the reason?

It is likely not needed to present hacking or malware techniques in such a detail that it could easily be used in nefarious ways. On the other hand it is necessary and beneficial to discuss countermeasures or protections from various possible hacking techniques.

I really don't get your stance of "let's not talk about hacking, because it's gonna be dangerous". Security by obscurity and not talking about it just doesn't work very well. It doesn't help the ostrich to stick his head into sand where it can't see the predator. Most of the ostrich is still visible to the predator and thus easy prey. (I don't know exactly if ostriches actually behave like this...)

I don't think a cybersecurity subforum here will turn out to be a recipe book for script kiddies, hackers and malware creators.

Yes, as I said before, I don't know about cybersecurity. However, in my opinion, if there is a board cybersecurity but does not discuss hacking, it will be very superficial . I am sure there are members here who are competent on this matter, but on the other hand, talking about hacking is also very dangerous. Can you explain/exemplify the discussion that will occur on the board?

Honestly, I don't mind if this board is available and there may be many benefits in it, I just have a different view and the dangers that may arise from this board. Hopefully you understand and we have different points of view to discuss so as to produce a comprehensive analysis

We're talking about guidelines and there is nothing wrong with discussing.

The board only seems like it will be superficial for you as it seems like your knowledge is superficial as well, given your points from 2, 3, and all points in 4. Which are all not accurate, purely opinion. As posted earlier, there are already hundreds of threads that can fill the board, when you take into account current events, new cyber security/privacy measures, vulnerabilities, etc. and how that landscape continually evolves, it will continue to be populated with new content. The content will definitely span further than what you've posted in point 4 and sub points, though even these topics can go much deeper than what you've posted. I

The best way for me to describe the problem with your posts (now that I understand that you're serious and not trolling) is with a quickly thought metaphor.

What you are saying is possibly comparative to saying to a biologist "I have a body, why talk about it unless we're talking about disease that could kill me" - and completely disregarding the complex immune system within the body, which learning about might protect from disease.

It's not 100% comparative but I'm sure you understand what I mean. Things are only seeming superficial to you, because you believe that there is nothing to cybersecurity and privacy...however, there is a lot to it and the landscape is always changing (for better and worse).

It seems too hasty to create rules before the board is available, or perhaps you would also choose a board moderator?

But whether there is a board or not is not really a problem for me. There are just a few things I want to write about here

1. A security board without discussion of hacking is superficial.
2. Bitcoin is a financial system, malware is an attack on computers
3. With the existence of special security and privacy boards, the security of Bitcoin is questioned and its privacy is also questioned or we simply consider it unsafe.
4. Without a discussion of hacking then the discussion will only be:
a. how to secure your wallet
b. use Linux OS to be safe
c. use a mixer for privacy
d. don't trust KYC and AML
e. use a hardware wallet
f. etc, the discussion will be superficial and only about that

Or maybe people who agree with this board have a general idea of ​​what will be discussed there?

I think you're absolutely correct, and that those guidelines are a terrific baseline to work with. I will put some more thought into this when I have had a coffee Nice work!

If anyone else has ideas for guidelines to add on top of shahzadafzal's post, do go right ahead. I think that this is one of the few things (maybe, the only thing) that will make life easier for theymos if/when he decides to add this board, other than moderators, which I am sure many highly reputable members in this thread would put their hand up for with passion!

I think we can should call it "Guidelines" for the board, instead of calling them "rules", after all rules are same across the forum.

- All topics/ posts must directly be related to cybersecurity and privacy.
- Respect the privacy of individuals. Do not share personal information, and do not engage in discussions that compromise the privacy of others.
- When discussing potential threats or vulnerabilities, be cautious not to provide detailed instructions that could be misused.
- Encourage and share best practices for online security and privacy.
- Recent cybersecurity news, trends, and developments are encouraged.
- Back up your claims and recommendations with credible sources or references (avoid spreading unnecessary fear or misinformation)
- Do not post clickable links to suspicious or potentially harmful websites.

That's reasonable and I completely agree with your point.

I suppose the positive that came out of this series of posts is a new line of discussion that hasn't yet been covered: rules

I doubt this is why theymos hasn't yet added the board, or maybe it is? Either way, let's keep making his life easy do that there are no excuses for the board not to be added.

Any suggestions for rules/rulesets for this board anyone?

Edit: I just realized this is a different thread. I thought my vote had been deleted  


Sorry, I'm not good at English so my writing is probably very bad.

So in my opinion, if there is a board about cybersecurity then the discussion in it will be about hacking cases, the methods used for hacking, and how to secure wallets. I think the discussion will discuss how hackers get information, the code/script used, how malware works, etc. This will indirectly reveal how a hacker works, so that from here people will know how to hack and know what to learn in hacking

I know that there are many benefits to these boards if they are available but there are also many dangers in them. I honestly wouldn't mind if this board existed, although I would prefer it not. Security questions can be asked in the wallet section and I'm sure no one will ask about "how to hack a wallet", but the question is "how to secure a wallet?"

If there is a cybersecurity board then there is likely a discussion of "hacker A breaks into site Y with type X malware method". In the discussion, we will discuss how hackers break into sites, how malware works, etc. I think the discussion will focus on hacking (both security and hacking)

I apologize for quoting more than I would usually do, but I want to emphasize the context that I'm trying to reply to.

I don't believe in the flawed idea of "security by obscurity" and in my opinion that's what PytagoraZ reasoning is asking for. That doesn't work and protect people. It's like sticking your head into the sand like an ostrich and hoping the predator doesn't see you, too. It is necessary to address issues that can lead to exploits publicly. A robust scheme is the concept of responsible disclosure. Things that are established in the computer security scene of white hat hackers. Of course I'm aware there're black hats out there. Fixing bugs and issues and applying better practices is what protects you from them, not sticking your head into the sand and hoping for the best.

Forum rules already address malware posting and similar nefarious activities, though there's probably not a sufficiently specific framework of rules if we get a cybersecurity section. Establishing a good framework here should be discussed, latest when we get a cybersecurity section which I sincerely hope we do. @theymos: please!

It's the first post I read from him and I feel like you're giving him too much credit. It is so badly written that one can barely understand what point he is trying to get across.

Furthermore, if his point is that by talking about computer security, you could motivate or educate someone to do bad stuff with this information, it basically boils down to the 'security by obscurity' fallacy.
It is beyond debunked and dumb, especially in this case where so much information is already out there. This board will always only be able to contain a subset of the computer security knowledge that is freely available for everyone online. In fact, bad actors have even more information that is hidden / non-public, so actually the best thing we can do to counter that is to openly talk and discuss possible threats, loopholes and vulnerabilities and implement measures that protect us from them.

I am against such a rule. If you find a serious security issue, you will submit it for bug bounty or sell it on the exploit market anyway. If you publish it here instead, someone else will do that and it will be fixed by the manufacturer. Plus, it informs users that this issue exists and they can come together to find a band-aid solution for the meantime.
More information is always better than less information, in my opinion.

To me, it's clear that he has no idea what he is talking about so I wouldn't take this 'No' vote too seriously.