Topic: Discussion: "Cybersecurity and Privacy" board + Poll (request v1) - page 4. (Read 3308 times)

You're right, however this post would be most accurate pre-2020's and just minding behavior (no matter how vigilant) is not entirely enough. The advancement of threats in the last couple of years has grown exponential. As I highlighted on Avirunes thread, attacks such as Reverse shell attacks can compromise your system just by you connecting to a website that might not even seem malicious. In this case, it is actually imperative that you're using a secure OS or else you are exposed at all times, even if you are using Windows and behaving with pre-existing knowledge and taking precautions. The fact is, Windows is absolutely not the OS to use for day-to-day activities let alone crypto activity, where coins can be very easily stolen.

My point being - We are at a stage now where minding behavior such as not downloading unknown files and blocking inbound connections via firewall are simply not enough. More steps are needed to prevent vulnerabilities from being exploited. It should be noted that this discussion only talks about cybersecurity as well, covering the base of privacy too is an entirely new discussion in itself.

If people don't change behaviors, these problems will continue to arise! It doesn't matter what OS you use or whether or not you have a cold wallet, if your online browsing attitude continues carelessly, you may have these or other problems. Of course, using a more secure OS or using the cold wallet more may be less exposed to problems, but what really makes the difference is the overall behavior.

How are we going to change behaviors? This is difficult, but we are trying and warning.

You've referred to one sentence in a thread that is out of sight for a lot of the time. A detailed, well reasoned thread giving reason and proof as to why Windows is so dangerous paired with a detailed guide to switch to Linux might help to persuade those who are still using it to make the transition. A detailed thread would provide the ability to ask questions about making the change, inform people about why Windows is so dangerous and push them much more toward making a change. If this request is never attended to, I'll go ahead and make the thread myself. Though I would be much more motivated to post it in a section where it belongs instead of a board that anyone who doesn't consider themselves a beginner to Bitcoin itself (a lot of bitcointalk members I am sure) would never read.

I thoroughly believe that if this board was introduced around the time julerz12 was hacked, which was one of the prompts for this request, this guide would have been posted by myself or someone else and it is very possible that the scenario with Avirunes have a chance of being avoided.

That's very unlikely to happen. I wrote this years ago:
A more realistic suggestion would be to use a hardware wallet, but both julerz12 and Avirunes knew that already.

On April 30 2023, Avirunes received a loan from shasan and was reportedly hacked of the whole amount lent (0.015 BTC, approx $450 USD market value). The hack shows a lot of similarities to the situation that occurred with julerz12, Avirunes was likely to have been infected with malware that was able to either grab the secret/seed phrase of the Electrum wallet, or sweep/send from the electrum wallet to the hackers address.

If the Cybersecurity and Privacy board was added any time in the last 3 months after the situation with julerz12, maybe a post there (such as one explaining and emphasizing that all users should be using Linux over Windows) may have prevented the OP from being hacked.

The Cybersecurity and Privacy board is becoming imperative for the safety of BitcoinTalk users as two incidents have now effected and caused damage to the BitcoinTalk economy.

---

Update May 01, 2023:
- Updated OP to include one call to action and necessary information relating to the request. Also cleaned and improved the look and layout of the thread for cleaner reading.
- Move past calls to action into the second post

Ponzis that aren't ponzis, aren't ponzis (if that makes sense ). The strategy can't really be changed, just the face of it. They should change their strategy to just building legitimate products!


The non-refundable nature of transactions will never be fixed, sure, but that is not a downfall of Bitcoin nor is it a digital security issue. Strengthening each human link is one of the motivations toward the Cybersecurity & Privacy board. The more people that learn, the more people become strong enough to resist attacks. Even web administrators and smart contract developers could benefit from the cybersecurity part of the board. It might not be something that can be completely eliminated (unless security innovation beats hacking innovation) however it can be significantly be reduced...especially when you think about how many users still use flawed Microsoft and Apple products over how many people know about let alone use Linux.

Its good to see the crypto community getting matured and not falling to ponzi schemes anymore. Its time may be for ponzi schemes to change there strategy as existing ones are no longer getting success. On the other hand the community should be ready for new wave of frauds/ponzi.


This is an inherit feature of Bitcoin and can never be fixed. The weakest link in digital security of every entity is the human link. As long as humans are willing to make some mistakes, the hacking business will continue to exists. 

Theymos, enable us to increase our online armor and to help do the same for individuals who are otherwise vulnerable by adding the Cybersecurity & Privacy board!

---

This is a rather older article that I stumbled across recently however I believe that it highlights the shift from being a victim of deception (controllable by common sense, experience, reduced naivety, skepticism and/or wisdom) to being a victim of hacks - which is controllable only with exposure to knowledge. The majority of people don't have access to accurate information without looking for it, which is what I hope the Cybersecurity & Privacy board here on BitcoinTalk would achieve!

Source: https://edition.cnn.com/2022/08/16/tech/crypto-hack-rise-2022/index.html
The good news: Significantly less people are falling for ponzi schemes similar to BitConnect than in 2017:
The bad news: Over $1.9 billion has been hacked or stolen from protocols and users during the first 7 months of 2022

Some more validation of the need for the Cybersecurity & Privacy board below.

---

As of March 2023, ransomware attacks are increasing
Source: https://www.ghacks.net/2023/04/22/ransomware-attacks-record-march/

Basic cybersecurity measures can very easily prevent the threat of non-targeted ransomware.

---

GDAC hot wallet hacked for $13 million

List of some recent exchange hacks: https://www.hedgewithcrypto.com/cryptocurrency-exchange-hacks/

The end-user could have easily prevented their exposure to centralized exchange hacks by not using them altogether or keeping their coins off-exchange unless they need to use the exchange (last resort, many alternatives out there nowadays).  

---

Some other non-crypto hacks in 2023 where the end-user may have been able to reduce their exposure if they were taking intermediate to advanced privacy measures:


How risk for the end user could have been mitigated:
- Don't upload personal/sensitive information where you don't need to (why on earth would you upload a drivers license/ID card to these companies anyway?)
- Use non-identifiable information and a pre-paid debit card to make purchases, if possible.
- Don't trade your identity/privacy/payment information for convenience.


How risk for the end user could have been mitigated:
- Using PVA's to create a ChatGPT account in conjunction with a VPN/Proxy to make the data less/non-identifiable to the chatGPT user.


How risk could have been mitigated by the end user:
- Using a pre-paid debit card solution separate from the main bank account would allow the user to easily disable access to funds without effecting day to day life.



How risk for the end user could have been mitigated:
- Using a privacy-friendly, disposable email with non-identifiable information for the activision account to make the mistake of the employee of no concern for the end-user.


How risk could have been mitigated by the end user:
- Don't use paypal (there are many alternatives that serve the same purpose out there)


How risk could have been mitigated by the end user:
- Using offline encryption methods on external storage to protect passwords instead of using supposedly "encrypted" and "secure" cloud storage services


Source: https://tech.co/news/data-breaches-updated-list

Since the demise of ChipMixer, users have begun to question lately about whether or not it is a wise move to participate in mixing signature campaigns, and if there are any risk to users who are being paid to have these services in their signatures around the forum, such as in this thread:
Participating in Mixer Signatures

BitcoinTalk staff were allegedly asked not to promote these services, raising more cause for concern:
staff were asked to stop advertising mixing services

Additionally, recent news has exposed that an unknown person or group (dubbed "LinkingLion") may be collecting IP addresses from Bitcoin nodes/users.

If the Cybersecurity & Privacy board were added, I would be almost certain that there would be a bountiful amount of knowledge and resources that would allow people to reduce their fears and take comfort in the measures that they are taking to keep their privacy from being compromised. The reasons for adding this board are only increasing by the day and I could bet that it would soon become a necessity if we want to help to assist the (unfortunately) wider, currently unaware/uninformed portion of the community in upholding their anonymity and privacy.

Bump.

Never forget this request.

Thanks a bunch.

Defiantly I will be there on cyber security board once it's created. Getting new board these days is not easy, we are also trying to get a local board for Pakistani community and thread is there but no success so far. But we are fully motivated and will keep reminding the administrator about our request. Same is required to create a separate thread for Cybersecurity. We may not get that in a week or two but keep this thread active.
https://bitcointalksearch.org/topic/request-new-local-board-for-pakistan-urdu-5430735

Great to see some more support! Congratulations on passing your exam WatChe. It sounds like you would be one of the many assets to the board if it were to be added


Hopefully we get some feedback I hope that that new "no" vote was not him! If you receive any response, let us all know

I'll ask him myself. It seemed to work for me last time.

I want to support this request, it is a subforum in my opinion useful for grouping these news or articles that have no place at the moment
in the end it seems like a sector destined to remain with smart working which has now become a normal thing

I will support this idea of creating cyber security and privacy board since cybersecurity is a necessity these days. Most of us take security forgranted and embrace it only once we are hacked or experience any cyber security breach. All of us can contribute to cybersecurity according to our knowledge.
I recently cleared 'ISACA Cyber security' exam and can help ( to best of my knowledge) who is trying to pursue ISACA certification in cyber security.

Definitely not over doing. I've only sent two PM's and I probably will not send another. Other supporters can in the future if they really feel like it I won't annoy him anymore


Gave that a shot!...

Though on this day of March 06, 2023, we still have no Cybersecurity & Privacy board 

Attention, not overdoing the PM.

Sometimes these things take some time to have an answer. So we really have to wait with patience. 

Right on, very much with you on the wiki idea! I can't speak for the other boards but I am very sure that wiki(s) would naturally arise after the boards creation. Privacy is kind of limited as to how much you can know and apply, but Cybersecurity is extremely widespread. I can visualize a ton of information with this addition.

I am still very excited every time I see PowerGlove's snapshot of where the board might sit. I hope that it becomes a reality.

That's a good idea, we definitely need Cybersecurity and Privacy board, it will attract not only bitcoin enthusiasts but other people who are looking for enhanced security.
To be honest, we need structured WIKIs in each section too. For example, have a look at the wiki of buildapc subboard: Planning on building a computer but need some advice? This is the place to ask!
If you read and follow steps on this WIKI, you will understand what to consider when building a pc, when and where to buy components, how to assemble it and even more.

It will be amazing if we create similar wiki about bitcoin development, economics, etc. Since this thread is focused at cybersecurity and privacy, imagine how good it will be to have wiki on bitcointalk that will cover the information about:
1. Linux distros like TailsOS.
2. Browser Privacy
3. Tor and VPN
4. Information encryption including messages, videos, files, disk, etc.

If we create Cybersecurity and Privacy board with sticked Wiki thread and ombine all the information in Wiki thread, this will enlighten more people and will truly do amazing job for society.

Despite the poll slowly gaining some new positive votes, the request seems to be stagnant. So far there has not been an official response from Theymos. I have sent another PM as of this message in the hopes for some feedback!