Considerations for Cybersecurity in Blockchain
Blockchain software must be 100% open source. If it is not open source, then it is not blockchain, just a technical mechanism. This isn't just about ideals; fundamentally, blockchain software is truly trustless, with the source code available for everyone to inspect. The system runs through coding, and if there are any issues, everyone can bring them up, and improvements can be made through consensus. Those who agree will continue, and those who disagree will simply not participate. A large number of people being able to read code is the foundation of open-source consensus software. Recognizing code is sufficient for blockchain users, mutual acquaintance is unnecessary. In reality, most participants can't understand the code. Even those who can often don't bother to analyze it in detail. Therefore, a project's reputation usually focuses on the development team, positive and negative feedback is normal. Creative ideas often gain favor, which actually diverges significantly from the trustless nature of blockchain. For a project to succeed quickly and gain widespread support, those who understand the code bear a heavy responsibility. The core team must have comprehensive supervision. Projects that rely on non-technical people, investors' hype, or celebrity endorsements to profit from tokens often aim just for speculation with no innovative uses. Many are purely scams.
Qora Blockchain
Qora blockchain is 100% open source and original. Qora blockchain genesis allocated all Qora tokens to crowdfunding participants, raising a total of over a hundred bitcoins, all given to a programmer(or a group) as anonymous as Satoshi Nakamoto. Frankly, the Qora blockchain software hasn't been updated for years, but its existing functions have remained intact over the years. The private key or seed for wallet mechanism is just good like most of the blockchain projects. Some blockchain projects continually emphasize protection against quantum computing, but for Qora, it's not necessary to consider such a distant future for now. As long as Qora tokens and any asset tokens on the blockchain can be securely transferred, it's sufficient. With few full nodes and few people forging, web3 operation is UP, present Qora's utility situation doesn't offer much economic value to attract hackers. The PoS system means that mobilizing 51% or more or less for an attack would indicate high amount of the Qora tokens are active, which is better compared to the current about 1% of active forging Qora tokens. Currently, an attack on the Qora blockchain would not cause any significant value loss; at most, previously published web content would disappear and need to be republished. Before I decided to rescue Qora, the Qora blockchain was completely down for nearly a month with no full nodes, but someone eventually restarted a full node, and the old data returned. Theoretically, even if an attack rolled back the blockchain by several months, it wouldn't be a major issue if there are few users and nothing to exploit or scam.
Qora web3, release the power of pure HTML
After discussing the above technical issues regarding blockchain security, I want to convey that although the Qora software hasn't been updated for years, it is fundamentally a sound blockchain software. For me, it is an ideal tool for exploring blockchain concepts and education. Next, I'll talk about various security considerations for using Qora web3. Most people can't understand open source software code, but anyone who understands basic principles can easily evaluate the security of HTML source code. Major browsers allow viewing source code with a right-click, and Qora content pages are generally read-only with no interaction. When reviewing source code, look for any external links, usually starting with http or https. If they link to Microsoft or Oracle servers, they are generally reliable. Content pages should ideally be pure HTML, with external links only for images and avoiding external JavaScript or libraries.
Web3 is Wild West, so use cautiously.
Using your own computer's full node to browse Qora web3 is ideal, with no room for censorship. The code is 100% open for inspection to prevent any malicious actions. Qora web3, being fundamentally HTML, is 100% transparent, and it's up to the user to inspect and verify. General web pages rely on trust, with big companies being more trustworthy. Any blockchain content filtered by big companies or reliable people generally poses no cybersecurity risks. If you maintain your own full node, like I did with an Ethereum full node early on, you can directly spot many new token projects, most of which I complained about on Facebook as scams. Ethereum also can host any internet content, posing significant risks without browser filtering protection, so as Qora blockchain. Modern browsers like Google Chrome block most dangerous malware sites. Qora web3 mainly uses standard browsers to open documents. Any pop-up programs will require user permission, so use cautiously. Qora web3 is primarily read-only, with relatively low risk, but basic skills are necessary. Reviewing HTML source code from strangers is essential if used frequently. Otherwise, for convenience, rely on trust. The content I recommend is safe from cybersecurity issues, I will try my best to do the index.
Qora web3 is design for localhost browsing
When browsing on your own computer using localhost, whether http or https doesn't matter. If using gateway services, https is necessary for interactions. For read-only webpage, http suffices. If you are concerned about privacy, don't use gateway services; use localhost, it's much better than using Tor or a VPN to visit gateway sites. Once again, Only browse trusted content, my web3 pages on Qora are published by me, and those who trust me are welcome to visit and give feedback.
By okchai 20 June 2024.