Proposal: "I think I got hacked" sub-category of "User Support"

I don’t have a strong opinion on the matter. In the absence of a clear and compelling reason to change things (in this case, add a new category), my inclination is to leave well enough alone.

People can rile each other up. People who would have otherwise remained silent might feel compelled to comment if someone else says something they perceive to be wrong. People who would not have started a thread on a questionable topic might feel emboldened to comment on it after someone else starts that thread.

Having a category where questionable threads are less likely to be shut down will probably shift the Overton window in that direction. I suppose the upside potential is that it might shift it in the opposite direction for other categories, since now the questionable threads will “have a place to go,” and moderators may feel less anxiety about being too heavy-handed.

I forgot to add: It’s also possible that users see (e.g. via this thread) or feel that the new category is essentially a dumpster and decide to miscategorize on purpose (this way, someone is bound to look over it), or find some other way to avoid being placed under that category.

Reframing an “I got hacked!” post as something else is trivial unless you want to end up dealing with an ever-expanding category. However the upside is that a reframed post is usually less loonie, for lack of a better word.

Another possible solution is the “I know it when I see it” method of categorization, which gives mods a lot of latitude to decide which posts to keep and which to re-categorize or remove entirely, with rules and regulations governing this board updated to include carve-outs for “I got hacked” posts or their variants. I feel this is a good compromise.

Such new Sub-Category would be indeed helpful, but only if my comment above is taken into account. Without a more or less clear list of required checks, we would have too many low-quality reports.

Perhaps we need something similar to how it is done for Issues, with a dedicated template.

I am not sure which information we really need here. Perhaps something like “Did you verify the signatures?”, “Did you check if it’s an existing Issue or was it discussed on the forum?”

When making the original post, I didn’t intent to propose being more relaxed in terms of moderation – quite the opposite.

Currently when a thread starts, we can usually tell by the beginning what it is going to be but it’s too early / too heavy handed to just shut it down. So we then inevitably let it simmer for a few days or weeks until it becomes bad enough to justify action.

My proposal is simply to have a category where the mods can move these threads at the outset, which will increase the signal-to-noise ratio in all other categories.

Maybe using a better name would help: “Bug/Compromise triage”, “Unexpected behavior”, “What did I see?”

It seems most of us mods (and community members) are aligned in wanting this category, if I read correctly.
There are some concerns, but at least we can more easily mark these posts.

I would advocate for a muted-by-default category. This would mean that users wanting to engage would need to actively go there or unmute it. This keeps the overall signal-to-noise ratio higher while still allowing for those discussions.

And I believe we should have a place for this because some cases (maybe 5%) will be a real situation.

We could have a canned response that is pasted in these threads to make the users consider more plausible options. Something like:

I want to prop this up a little, and say that @Plexus’s reply a few posts above brought it home for me that picking “I […] got hacked” as a name could be read as giving legitimacy to the tendency that some folks have to call any unexpected behavior a hack.

Besides, I don’t believe that using a name like the ones that Sven suggests would prevent folks with more serious reasons for concern from being heard.

In short, I think that’s a good idea!

If we make a good template like I suggested, some users will be able to see themselves whether it might be just a bug or mistake. This would decrease the work for moderators.

I think the original name “I think I got hacked”, or even “Have I been hacked?” (implying “no” answer!) would fit better, allowing to separate such discussions easier. We already have a reasonably working Category for questions.

Otherwise everyone would start posting there about every bug they found.

Good point.

Love it.

Users involved in those threads (before and after it was moved to that category) will continue to get notifications without explicitly de-muting the entire category – right?

I think this is a good idea as long as it doesn’t alienate people who just don’t understand their own system, or have genuine concerns. So far what I’ve seen just seems like trolling, main-character syndrome in terms of paranoia, and just a general lack of realistic threat modeling. Some posts that say well if it isn’t a silver bullet, why bother? That isn’t really a meaningful topic for example, dichotomy is never a good thought response when something isn’t how you want it to be. I think any reasonable person acting in good faith would understand that, so posts like that seem like -posting on the internet.

My concern is maintaining a professional image for the community, and by professional I mean just not sinking down to the level of -posters. If this is to be done, I can only suggest that the presentation of this is done so in a manner that doesn’t make the Qubes community seem unfriendly to new users. We’re imperfect humans, but we do have a responsibility to maintain a positive image.

Yes, I think that is the case.

I have talked with other mods and it looks like we’re moving ahead with this idea.

Topic Template Draft

PLEASE READ BEFORE POSTING

While it is certainly possible that your Qubes computer was hacked, it’s often the case that these are just problems in the software that other users are experiencing. So, before posting, please search for the symptoms of your issue on the forum to see if someone has experienced them before. Also, check the list of known issues that currently affect Qubes OS. Many users found a solution like this.

If you still suspect your system might be hacked, bad news is that there is no reliable way to find out if it is true. However, good news is that Qubes provides a dedicated procedure to recover from a compromised system.

Before going down the path of such actions, it is worth stepping back and reflecting on your threat model. EFF’s Surveillance Self-Defense goes into further detail into thinking about who would want to hack you, why, how much resources they have, etc. And more generally, it is good to acknowledge the stress you are likely under because of how you are feeling, and how that might affect your decisionmaking, communications with others, etc.

Feedback / changes welcome (this is a wiki post)

I made an edit an added a couple of links.

i made edits & added link to EFF’s SSD article on threat modelling

As a developer of Whonix for more than a decade, I can confirm there’s a large number of laymen who do a very superficial analysis and then think they found a security issue or have been hacked.

The problem is that laymen think that simple stuff such as a duplicate desktop icon can be evidence for a hack. People more knowledgeable on computer security, malware know that this doesn’t make any sense whatsoever. So laymen have to be told that in a diplomatic way, that they do not possess the required skills to perform malware analysis.

You absolutely need a FAQ about it. And it needs to be on the website, not in the forums, for increased authority.

Kicksecure / Whonix forums I am using one or another link in these cases:

• Malware, Computer Viruses, Firmware Trojans and Antivirus Scanners chapter Valid Compromise Indicators versus Invalid Compromise Indicators in Kicksecure wiki
• Bug Reports, Software Development and Feature Requests chapter Support Request Policy in Whonix wiki

This usually resolves the issue.

I support the initiative.

These two links might indeed answer most questions and could be placed under the

warning.

If you would allow my comment, I would say this:

Please do not use the word “forum”. Forum, by definition, is the place where people talk as they please.

Please do not make more rule to force people playing by your rules.

Please do not discriminate people by number of (quality) post they made, or by “rank”, e.g. Moderator or Newbie.

Please be invisible. If you can provide quality answer to a question, please provide it without saying who you are. Please just delete what not meeting your definition of quality without the word “deleted” or talking about it.

Please make your product in such a way that people can use it without question, like a pencil.

Please write a book full of quality information so people do not have to look elsewhere asking silly questions, if you cannot make your product like a pencil.

Please remember what questions you have asked when you were kindergarten. Did your teacher display a banner: PLEASE READ BEFORE POSTING?

About Qubes security: Qubes is about giving you a false sense of security. If an Intel CPU is in your computer with ME enabled, you are done. Same goes with AMD and almost all recently manufactured computing devices too. Any three-letter-agency can send a “magic” packet to your IP address, and when it reaches your computer, no matter via Wifi, Bluetooth, Ethernet or whatever interface you use, your device becomes a reporting tool. And Qubes cannot stop it, you can be sure of that.

Qubes OS is a game, a good one. It can stop some thieves and small hackers. But unless you start making computer chips and build computer yourself, no software in the world can really protect you. People will think they got hacked, because they will get hacked one way or another. Instead of making a special room for them so you do not have to see and deal with them, please let them talk their mind, and help them instead with your expertise.

Thank you.

The very first big, red, scary warning box at the top of the installation guide says:

Warning: Qubes has no control over what happens on your computer before you install it. No software can provide security if it is installed on compromised hardware. Do not install Qubes on a computer you don’t trust. See installation security for more information.

How is it a “false sense of security” when we warn you before you even start the installation process?

(Note: I am not saying your speculative claims about hardware security are correct or incorrect. Rather, I am pointing out that if you believe your hardware cannot be trusted, then this warning applies.)