Topic: Discussion: "Cybersecurity and Privacy" board + Poll (request v1) - page 3. (Read 3308 times)

While I agree with you about not being able to switch back to Windows, it should be noted that using Ubuntu out-of-the-box without a fear of being infected is not a sure-fire way to remain safe. There are still vulnerabilities that come with Linux, and recommendations to fix those. There are also great adjustments and tweaks that can be made to increase security.


Agreed! There is plenty of online documentation as well. Most of the time, you won't even need to create an account anywhere or ask questions...a lot of questions that would come up are already documented far and wide around the web from others who have been using Linux. The greatest thing about Linux and its distributions is that a lot of answers for other distros can also help in the one you are using.

I am one who could not switch back to windows. The main reason I have already mentioned i.e. you can use Ubuntu for years without installing AV or any fear of getting infected with Viruses. There is a saying about Linux, "Linux is also user friendly OS, its just picky about its friends"



Even if you are new to Linux then there is so much online support available for Linux flavors like Ubuntu. You can find solution to any problem you are facing while using Linux. Plus Linux has been built in a way that it adds a security layer which is not present in other OS like Windows.

The amount of power that they have in this day and age is ridiculous to say the least. Why there is not a basic browser with minimal capability that is kept up to date with security patches is something that I wonder every so often.


This is great. This would have taken some time to get used to but it goes to show how secure you are because you are openly able to talk about your strategy. I'm yet to master Qubes and ideally, I'd like to take a similar approach one day. For now I do have a solid desktop environment that is a good balance between convenience and a good standard of security and privacy. Enough to be able to browse and talk (seemingly) freely!


It's funny because a lot of people would prefer the way of Windows...click and paste less, pay for convenience, click next next next and install. Linux is really not that inconvenient, just like you said it's really just copy and pasting text - If that. Some distributions have made the process just as easy as windows.

It all comes down to awareness in my opinion. If people were aware that Linux is much simpler than it sounds, I'm sure they'd make the change. I hope the board is one day added to highlight this among other facts like this.

Who ever thought it was a good idea to give a web browser this kind of power? Let me guess: "it's so convenient"....

Paranoid as I am, I run my Tor browser as a separate user. It's an easy way to separate access for different programs, but it's annoying when I need to access a downloaded file in another program. Qubes OS takes it a step further, separating everything into it's own desktop environment.
I haven't used Windows in a while, so I don't know if it's possible to use different programs running as different users at the same time. If it is, at least your browser can't access your other files anymore.

First: I'm biased
Second: just compare online installation instructions. Windows: "download, pay for access, install, click here, click there, click click click". Linux: "copy this text, press Enter" I know which one I find easier.

This is not entirely true with reverse shell attacks. In fact, all it takes is to visit or load a resource from a website (as this requires the user to establish an outgoing connection to it) and the vulnerability becomes opened. For those who browse and visit new websites immensely from their Windows environment, they are exposed to the vulnerability. The only way to stop reverse shell attacks is to monitor all outgoing connections, which means screening each and every website that you visit before you visit it. This is next to impossible for the average user. The vulnerability is also open to anyone using Windows, whether they are using pirated software or not (though of course from a general standpoint, pirated software is by default more vulnerable than what licensed software is)


I definitely agree that using pirated software opens the end user up to a wide array of additional vulnerabilities. Pirated software used to be great, however the tables have definitely turned in the past few years. Unless it's for a very temporary and insensitive usage, there's little to no upside for using pirated software other than the cost savings.


You are definitely on the lucky end of the spectrum and it makes me curious as to the details of your usage. It has been reported that XP, Vista and Windows 7 are vulnerable almost as soon as they are deployed. The more you browse, the more you download, the more you are susceptible to vulnerability.

It should be noted that being infected does not necessarily mean that you lose your crypto. Some infections are limited to accumulating data about your usage, activity, etc. They might not actually have capability to take your clipboard, track your keystrokes, grab your files, etc.

Since you've mentioned that you only keep spending amounts in core and on your phone, do keep it that way. It is possible that there is simply not enough value for anything to be executed at the moment....though as soon as you receive a large amount in core, that will be another story.

Stay safe and congratulations that you're still able to use XP and 7 without issues. I loved both of those pieces of software in their hayday!


Firstly, It should be noted as well that Avirunes was not scammed. He was hacked. These are two entirely different things. Cybersecurity and Privacy can't help you in a scam, as being scammed is more to do with your own personal judgement than anything else. Being hacked is more to do with cybersecurity & privacy than it is to do with judgement (judgement is still a factor, but not the primary factor).

Secondly, how can you assume someones activity in a board or whether or not someone will read the content within a board before it is even created? Let me put a scenario out for you to validate what I had said earlier about if the board were added, it may have possibly prevented Avirunes situation:
- theymos announces "Cybersecurity & Privacy" board opened.
- People view this thread not just because of the title but also because theymos made the post.
* This alone would not be enough for active users even to view the board and the content within? Furthermore,
- This board is already full of ways to improve your security and privacy, prompting many users to learn, ask questions and implement strategies to increase their 'digital armor'

I am sure that Avirunes, like many other members of the forum, would read the board and the content within if it were created and theymos announced it. Whether or not they implement the security strategies are both up to how well the content within it is written, how easy it is to follow and how much the user values their security and privacy. That is something that neither you or I can assume.


Since there is no Cybersecurity and Privacy board, how can anyone measure whether anyone would participate in that board, or read the undoubtedly valuable content within it? Saying that it would have literally zero effect on him is an unrealistic assumption.


I maintain that the creation of the board would increase the chances of Avirunes being able to prevent what had happened to him.


As said above, being scammed and being hacked are two different scenarios. It is unlikely that your cybersecurity or privacy level will prevent you from being scammed if your judgement is poor. Judgement is the primary factor as to whether you are scammed or not.


You are totally right. The general assumption is that "Linux is unknown and therefore I will not know how to use it" however this is far from the case. Most distributions are entirely usable and their layout is quite similar to that of Windows. There are some distributions that are even designed just like Mac and Windows to make the transition easier. This is something I'd love to highlight if the board were to be added.


In a normal world, or pre-2020 I'd agree with you. The Windows software itself is the swiss cheese of software. I have experimented with securing Windows deployments and no matter what you do, it is not possible to achieve complete cybersecurity and privacy with this software. You can achieve an adequate level of cybersecurity, however at a severe cost of functionality and usability. Not to mention that this is a task that is not for the beginner.

Unless you are staying within the mainstream confines of the web, using a vpn, have taken basic firewall measures, using licensed software and not trying a range of new software/visiting a large amount of websites, then Windows only becomes more vulnerable the longer you use it. Linux on the other hand allows you to take less measures to increase your security further than Windows ever can quickly, and the attack surface is much lower.

Of course I admit that my bias is from my experience, as someone who has played around with securing and pentesting Windows. Maybe people have different experience. Maybe my definition of being secure is at a different standard to others. Maybe I know more, or maybe I know less. Either way, I will end this reply that in my opinion, Windows is inherently insecure and almost impossible to make secure and private, Linux can be made secure and private with ease, therefore (in my opinion) it is as clear-cut (from a cybersecurity and privacy standpoint) that Linux > Windows


I've sent two PM's, no feedback. NotATether has sent a PM or more also I believe, no feedback. No feedback on this thread either unfortunately. Hopefully one day there will be! I will be the first to report back if I ever receive feedback about this request.

It's funny how people always argue Linux is a good replacement for Microsoft, but never the other way around I am indeed pretty sure many Windows-users could switch to Linux, but not many Linux users could switch to Windows.

Sorry Let's say it's a free bump for the topic And a bit on-topic too: people's personal preferences make up a huge part of their system's security, and even if they want to change it, it's going to take a lot of time to get used to new ways. Something as simple as setting up a decent password manager took me hours when I made the switch, but once it's working, it doesn't take more time than my old "system" (and it is actually more convenient).

Let's not turn the board into an r/linuxmasterrace sub.

It amuses me a bit to read about the various N=1 anecdotes, misconceptions and semi-truths in the last few pages alone.. Only strengthens the argument for a 'Cybersecurity and Privacy' board on the front page, though.

OS choice would definitely be a fun first topic. Just a short TL;DR: it's not as clear-cut as 'Linux > Windows' or 'Everyone should use Linux on the Desktop'; neither is 'Linux unhackable and does not require antivirus' nor are you 'guaranteed to lose your BTC on a Windows / Mac machine'.

Anyways; any progress on the board? Changes / suggestions? Feedback from @theymos?

The only reason why people still are inclined towards Microsoft and Apple is because they don't wanna leave there comfort zone (everyone is comfortable with Next, Next and Finish). Though Linux flavors like Ubuntu are as easy to use as any other Operating system like Microsoft or MAC, there is lack of awareness among people about Linux ease of use and what additional features it is offering. I have Ubuntu 22.04 installed on my laptop for almost a year and it offers everything one can do on Microsoft or MAC and really cool thing is I don't have to install any anti virus here.

I said yes to this idea. Already, Bitcoin is facing a lot of attacks by scammers and those who are against it. Considering the fact that this is a more effective Bitcoin discussion community in which Bitcoiners and all newbies can still be guided without falling victim to some scams, I think this board is really necessary to be added because if it's created, it will contain all the other threads about security that you have listed out instead of being scattered across different threads. If not for how you listed all of them out, I really could not find anything up to the level of the helpful thread you provided (thanks for that).

Highly unlikely that creating a board in forum would prevented anyone from getting scammed (unless he is actually active in that board).
I saw multiple posts explaining how to protect against stupid scams like this, and I have been advocating switching to Linux OS everywhere in forum.
After taking a quick look at Avirunes post history I can see that he is writing majority of his posts in Gambling section, so new Cybersecurity and Privacy board would have literally zero effect on him.
I am not against creating this board, and I would probably be active there, but let's try to be more realistic with your assumptions.

Most people wear them just to avoid getting a ticket from police for not wearing them 
Imagine government and police care so much about people lives, this must be some parallel dimension.
In the same time you can drive buses, trains without seat belt as a passenger just fine, this is like using centralized exchanges that are perfectly ''safu'' for a ride 

bit OT but where i lived back in the day you just left the car doors unlocked all the time and never left stuff in it overnight. otherwise peeps would bust a window anyway just to open the doors a search.

so let em open it and look. see? nothing here for you. maybe they will even be extra polite and close it after.

Of course, any of us who are sharing some of our coinholding arrangements run some risks in terms of perhaps describing our set-ups, and many of us recognize some value in terms of security through obscurity (even though that might not necessarily resolve some weak security practices either).... such as leaving your pass word in one room and your device in the other room, so it could be likely that for 10 years, no one even saw the two devices and put the matter together that they could have become richie at your expense.. but no one looked or asked... but still not a good practice for when the more cunning, observant, and perhaps dishonest person comes into your space.

For sure, if you invite an attacker or even tell the attacker that there is something of value present, then that would likely cause you to become more of a target, and depending on the sophistication and/or determination of your attacker, you may have to increase your security practices by magnitudes - merely because you drew attention to the matter.

I have had several occasions that I went on walks and did not lock my door, and even went to bed without locking my doors - and nothing happened in terms of my losing belongings or my getting attacked in my sleep. 

I remember a pattern of occasions from about 15 years ago, in which my car (in a carport) kept getting broken into, but part of the problem was that I had continued to forget to hit the lock on the alarm key.. so the fact of the matter was that it kept getting broken into by mere handle testing of some passerby.. and I am not even sure if it was the same person.. but I am sure that there were some occasions in which not too many valuables were taken, and there were other occasions in which I was saying "oh shit, I wished that had not gotten taken from me."

I suppose some of the folks who might use a variety of ways of "securing their coins" might be more free to describe their various security practices, and surely sometimes there still might be needs for someone to actually physically visit before writing down your seeds on a note pad becomes an issue, in the event that no one ever visits you (who knows that your seeds are written on a notepad).... or other people who visit you and know that the seeds are written on the notepad do not really know how to use the seeds... or how much value is associated with the seeds.. even if they were to take possession of the seeds... for sure with the passage of time, more and more people are learning about what seeds are, why they are important and how to potentially use them  - once they got their hands on some seeds.

funny you mention seat belts. i wear mine. but not for when i get hit although that reason is a pretty up there. but i wear them mainly to stay in the drivers seat when doing "stupid vapourminer things" like drifts, catching air in the favorite "how high can you get road jump" and stuff like that. as it sure does help still being in your seat to regain control when finally back on 4 wheels. so not sure if thats a good analogy? but off topic so..

survivorship bias is a thing thats for sure. as im living proof with all the seriously serious stupid things that i done lived through that a few friends didnt. RIP my some of old buddies.

anyhow i certainly dont advocate rolling with windows for security stuff for the general peeps with coin. but my results does go to show that if one is careful (and luck has a bit to do there too) you can be fairly safe.

gonna have to get my CP/M rig up. hack THAT

That sounds like survivor bias. Many people have never lost their coins, but that doesn't change the fact that many others did lose their coins. I've never needed my seat belt, but that doesn't guarantee I won't need it in the future.

True. But it can help a lot. I'm not installing Wine to run Windows malware.

And that's how it should be As long as you can afford losing it, there's nothing wrong with using hot wallets.

38 votes for versus 4 votes against - theymos, let's have that cybersecurity board now.

basically, this. i am truly amazed at how many people run pirated software, and no matter what the OS you will get compromised doing that.

as for the OS yeah linux etc. ive run it. but i still run windows for 90% of my daily driver stuff. as it generally does what i want it.

consider: i have run windows and the same btc wallet (core) since literally 2011 and its run 24/7.  winxp, win7, win10. all running 24/7 with wallet.dat and core and connected to the net 24/7 also. i just move the 2011 wallet.dat to the new install/upgrade when they happen.

AND guess how much ive lost to malware/virus/ransomware: IN 12 YEARS OF A HOT CORE WALLET IN WINDOWS,. ZERO NOTHING NADA ZILCH NEGATIVE

so yeah linux is inherently  "safer" but even windows can be configured to be pretty close.

security all comes down to the person. rarely is it ONLY the OS thats the security problem..

just my observations over 12 years in the space, and certainly not to be taken as The Only Way To Do It., so have fun tearing my "security" apart.

btw i use hardware wallets and paper wallets for my main stash, core and my phone have spending amounts.

You are right in terms of business and security. I'm not even going to debate that point.

But, back to the same thing, to start this type of attack, the user will need to have at some point something that exposed him to the situation. Many still continue to use pirated OS, continue not to perform updates, not to mention using pirated software. If the person does not meet the basic requirements, no matter what OS he uses, he will be exposed to the same kind of problems.

That's odd. No login required here.

Microsoft are too big to fail. Their operating system is recognized and used by most of the western world. When it comes down to user safety versus profit, Microsoft will choose profit. While the responsible thing to do at this point is to terminate Windows and build a new operating system from scratch, Microsoft won't take this kind of action. The same thing is happening to Apple, however it's harder for the user to see it happening and the age old "apple can't get infected" myth is still believed by the wider users of Apple products.

The site asks for a login, so I can't read it. If what you're saying is true, that's simply ridiculous! How is it even legal to sell an OS that can get compromised from visiting a website, and why is the manufacturer not liable for that?