Proposal: "I think I got hacked" sub-category of "User Support"

I would like to propose a “I think I got hacked” sub-category of “User Support”.

Why?

So all the confused and the ones who want to engage with them are in one place I can mute.

15 posts were merged into an existing topic: Forum Name

I would like to propose a “I think I got hacked” sub-category of “User Support”.

Why?

So all the confused and the ones who want to engage with them are in one place I can mute.

Perhaps there could also be an item in the FAQ about it, explaining how to collect necessary information and how to tell apart if it’s just a bug (mentioning that a good attacker doesn’t want you to find it out at all).

It’s actually not a personal issue for me as with mailing list mode and the respective tools my email client gives me (ignore thread, ignore author etc.) I have plenty of ways to not see what I perceive as noise.

However I am concerned about:

• the overall post quality in the forum sinking even lower than it already is
• these threads spreading lots of paranoia and ignorance that may both spread and attract more of the same kind
• all of the above distracting from what Qubes OS and this forum are supposed to be about

I also start thinking it was a grave mistake to host the forum at the same domain as the project. The fact that the URL reads forum.qubes-os.org gives the whole thing an official kind of look and as such encourages the casual observer to draw conclusions from the forum content onto the project.

Or maybe I am just wrong.

I think the forum should have a place for these discussions. There are some real at-risk users using Qubes and they may not be that technical. We should support them. A certain level of paranoia is to be expected as they are still learning to navigate the threats landscape and can’t really tell apart a bug from a hack.

As a matter of fact, I’ve been waiting for the wave of newcomers. Windows-native users like this recent case which don’t know a lot about Qubes or how it protects them. The quality will go down, but we (more experienced members) should counter it with good-quality:

1. answers (like the one I made)
2. boilerplate answers pointing to resources (like this one)
3. resources and guides (like What's Needed to Report Your System Getting Hacked? or one as you suggest about finding the system information to tell an attack apart)

Advantages of a “Was I hacked?” category

Allow us to have:

1. structured template (like the one one github issues)
   - allows us to point to resources
   - allows us to add warnings about the risks of publishing information (leaking usernames, etc.)
2. allow muting category
3. allow tracking category - concentrating response efforts - people who like helping on this can now follow this category with a higher priority / being notified of new posts

Risks / disadvantages

• attracting even more loonies

Thank you @deeplow and @fsflover, excellent points. To add to the list of advantages: having a category to move a thread to in case in lands in ‘General Discussion’ or ‘User Support’ proper. Just like the Whonix forum for Whonix questions and “All around Qubes” for general Linux/Admin questions.

I fear the general state of the world will continue to produce varying levels of anxiety and paranoia in all of us. Having this confined to a category allows engaging with it to be a choice depending on ones own state of mind and available energy.

Sorry for shitposting in original topic, but the topic goes in that direction anyway. What I can say as a new (not so inexperienced in linux but still transitioned from Windows user) that I can see more and more not technical but rather paranoid topics on this forum since my arrival. So I think that creating such subcategory with pined posts about how to report “Was I’m been hacked?” scenario, FAQ with security features of Qubes, and some general advises like “APT not targeting random people”, “every software have bug and glitches” etc. is good idea.

Whoops. Messed up a bit topic splitting and had to move things around quite a bit. Apologies to email users who’ll see my mistake more visually than anyone else

Maybe this is something we could push forward.

I missed this thread when it was opened, and FWIW I think it could be a good idea for the reasons mentioned above.

I’ve been thinking about how to deal with some recent very-low-quality-IMHO topics and replies in the forum—I decided to ignore them for now—and wondering how much they may shadow all the useful, informed, or at least not recklessly missleading replies to less sensationalistic topics.

@adw @michael @plexus @fiftyfourthparallel @fsflover @ludovic … could you please consider and comment?

How? … either they know the forum exists or they don’t. If they do, I don’t think a missing category is stopping them.

I don’t imagine this new category as a place where we let them “run freely”. We’d still be moderating and advising and at some point locking the thread as before. The only difference is that we give those who don’t want to see/engage with it a way of not having to.

(Obviously members of the moderation team won’t have that luxury)

Overall I support the idea - theres some good reasons outlined.

My concerns are aligned too. There is a reason that most community based things online (eg subreddits etc) tend to say “no ‘I was hacked’ posts” . In the past we have usually referred things that look like a genuine issue to the security team, however we don’t want to do that en-masse and overload things. And as Sven says, these posts are going to be made if we have a space for them or not.

The risk is that having this category increases/invites more loontastic

We would need to be prepared that this category would indeed be a dumpster fire with a low signal to noise ratio. It would need clear guidance of how to make a report and what it should contain. We would need clear guidance to set expectations that we wont be able to help in every case and in some cases users may not receive any engagement at all. We reserve right to lock threads we feel are PBKAC etc

After years of browsing this forum it’s easy for me to glaze over “I got hacked!” posts since the false-positive rate is very high, but I don’t really blame the posters. When I first started using Qubes I was in a paranoid state of mind, and anything that deviated from expectations was considered suspect. I imagine the same holds true for many others.

People typically don’t invest time and energy into learning Qubes (and sometimes money to get a compatible or even usable PC for the purpose) unless they felt under threat enough to justify the cost, so Qubes is by nature a magnet for these sorts of jumpy people–I don’t think it would be an exaggeration to say this is your core audience. Not that I am justifying the spammy “I got hacked!” posts or their variations, which signficantly adds to the noise-to-signal ratio in an already noisy forum.

Qubes is a somewhat complex system that’s challenging for new users, layman or technical, and the breadth of what can be done on this system means there are many errors to be made and bugs to be found. In hindsight, all my jump-scare cases were attributable to either me or bugs–if someone had the capability to break into your Qubes, chances are they won’t be conspicuous. They might even fix some bugs to prevent suspicion.

That said, arguing with emotion can be like blowing on fire, but leaving the fire unattended might lead to something uncontrolled. From a business perspective, is shutting out the cries (justified or not) of your core audience desirable? On the other hand, as I’ve mentioned in the past (before the LLM explosion), its possible for an adversary or competitor to flood the communication channels with noise in order to reduce Qubes’ user support effectiveness (which is critical for a challenging system) and consequently its foothold, and a variant of this attack is to repeatedly cry wolf with “I got hacked” posts. This is especially problematic for a system whose whole raison d’etre is security–Qubes, like any system, is not airtight, and there will come a day when a serious vulnerability is discovered that might first appear here, noticed by one of the many less-technically inclined users (like myself) and not on, say, GitHub.

I don’t hold a firm stance on the matter yet–I support having an “I got hacked!” category, but not so the power users and moderators can leave it unattended (I think @Plexus has the right idea). Just having the category helps with the general vibe of the place. However, I do feel for the staff, moderators, and power users who have to sift through (not necessarily respond to) all the noise.

I don’t have a strong opinion on the matter. In the absence of a clear and compelling reason to change things (in this case, add a new category), my inclination is to leave well enough alone.

People can rile each other up. People who would have otherwise remained silent might feel compelled to comment if someone else says something they perceive to be wrong. People who would not have started a thread on a questionable topic might feel emboldened to comment on it after someone else starts that thread.

Having a category where questionable threads are less likely to be shut down will probably shift the Overton window in that direction. I suppose the upside potential is that it might shift it in the opposite direction for other categories, since now the questionable threads will “have a place to go,” and moderators may feel less anxiety about being too heavy-handed.

I forgot to add: It’s also possible that users see (e.g. via this thread) or feel that the new category is essentially a dumpster and decide to miscategorize on purpose (this way, someone is bound to look over it), or find some other way to avoid being placed under that category.

Reframing an “I got hacked!” post as something else is trivial unless you want to end up dealing with an ever-expanding category. However the upside is that a reframed post is usually less loonie, for lack of a better word.

Another possible solution is the “I know it when I see it” method of categorization, which gives mods a lot of latitude to decide which posts to keep and which to re-categorize or remove entirely, with rules and regulations governing this board updated to include carve-outs for “I got hacked” posts or their variants. I feel this is a good compromise.

Such new Sub-Category would be indeed helpful, but only if my comment above is taken into account. Without a more or less clear list of required checks, we would have too many low-quality reports.

Perhaps we need something similar to how it is done for Issues, with a dedicated template.

I am not sure which information we really need here. Perhaps something like “Did you verify the signatures?”, “Did you check if it’s an existing Issue or was it discussed on the forum?”

When making the original post, I didn’t intent to propose being more relaxed in terms of moderation – quite the opposite.

Currently when a thread starts, we can usually tell by the beginning what it is going to be but it’s too early / too heavy handed to just shut it down. So we then inevitably let it simmer for a few days or weeks until it becomes bad enough to justify action.

My proposal is simply to have a category where the mods can move these threads at the outset, which will increase the signal-to-noise ratio in all other categories.

Maybe using a better name would help: “Bug/Compromise triage”, “Unexpected behavior”, “What did I see?”

It seems most of us mods (and community members) are aligned in wanting this category, if I read correctly.
There are some concerns, but at least we can more easily mark these posts.

I would advocate for a muted-by-default category. This would mean that users wanting to engage would need to actively go there or unmute it. This keeps the overall signal-to-noise ratio higher while still allowing for those discussions.

And I believe we should have a place for this because some cases (maybe 5%) will be a real situation.