Topic: How governments could destroy bitcoin (for most) in one day - page 3. (Read 4306 times)
Ever heard about backups?
...if the auto-update can patch the bitcoin client and transfer your funds the next time you unlock it?
You've added more detail, yet there is still a problem. Even with auto-updates, not everyone will have the updates at the same time, and if the government has to wait weeks or months for everyone to get the malicious code, they risk getting caught by the source savvy power-users. And, there are a lot of different clients out there now. Granted, they mostly use similar code, but each has it's separate routes for updating. A more plausible attack would be to discredit bitcoins as an evil invention of drug dealers, gamblers, and weapons dealers... oh wait, that is what they are doing! If you use OSX, Windows, or any Linux with 'auto-update' then the government has a ready-made backdoor through which they could delete all traces of Bitcoin and their wallets from most computers.
They could send a 'stealth' update through normal channels, most computers would install it. Then on some specified date all bitcoin related files would be deleted including the client.
It would probably be an 'unpopular' move, but the government would probably find a way to make it look like a security breach by hackers rather than an intentional attack by government. They may even 'frame' someone and lock them up so people don't keep looking for the real attacker.
Highly unlikely. All updates by major software vendors are signed, and the signing keys are stored in specially designed hardware. It would be highly unlikely that ALL software vendors had their signing keys compromised.They could send a 'stealth' update through normal channels, most computers would install it. Then on some specified date all bitcoin related files would be deleted including the client.
It would probably be an 'unpopular' move, but the government would probably find a way to make it look like a security breach by hackers rather than an intentional attack by government. They may even 'frame' someone and lock them up so people don't keep looking for the real attacker.
Even if you were smart enough to have an off-line backup the vast majority would not.
LOL, who doesn't keep backups? It's going to be easier than ever with deterministic wallets.All 'trust' in the safety of bitcoin wallets would be destroyed taking the value of bitcoin with it.
No, people will just learn to BACKUP THEIR WALLETS.Ok, you don't need all vendors to be compromised at once and who said anything about them being 'hacked'. Governments can easily coerce any large company into signing anything.
Even with a wallet backup, you can have your client patched to steal your password and coins the next time you make a transaction.
Clearly this would only affect casual users, but I an assure you that most users are not being *that* careful with their wallets. They may have a backup on multiple different drives but what good is a backup if the auto-update can patch the bitcoin client and transfer your funds the next time you unlock it?
The point of this post was that your wallet and password is only as secure as the software you allow on to your system. The solution is an open source hardware wallet that is never updated, never has network connectivity, generates all keys, and for which there is no means to get the keys off of the device.
Then this wallet must be made as easy to use as possible. Ideally the entire wallet and hardware system is open source.
Users should never have more than the cash they normally carry with them backed by any private key that has ever existed on a networked computer.
Note when I said exe it was short for executable which linux certainly has.
The point of this post was that your wallet and password is only as secure as the software you allow on to your system. The solution is an open source hardware wallet that is never updated, never has network connectivity, generates all keys, and for which there is no means to get the keys off of the device.
Then this wallet must be made as easy to use as possible. Ideally the entire wallet and hardware system is open source.
Users should never have more than the cash they normally carry with them backed by any private key that has ever existed on a networked computer.
Note when I said exe it was short for executable which linux certainly has.
If you use OSX, Windows, or any Linux with 'auto-update' then the government has a ready-made backdoor through which they could delete all traces of Bitcoin and their wallets from most computers.
They could send a 'stealth' update through normal channels, most computers would install it. Then on some specified date all bitcoin related files would be deleted including the client.
It would probably be an 'unpopular' move, but the government would probably find a way to make it look like a security breach by hackers rather than an intentional attack by government. They may even 'frame' someone and lock them up so people don't keep looking for the real attacker.
Highly unlikely. All updates by major software vendors are signed, and the signing keys are stored in specially designed hardware. It would be highly unlikely that ALL software vendors had their signing keys compromised.They could send a 'stealth' update through normal channels, most computers would install it. Then on some specified date all bitcoin related files would be deleted including the client.
It would probably be an 'unpopular' move, but the government would probably find a way to make it look like a security breach by hackers rather than an intentional attack by government. They may even 'frame' someone and lock them up so people don't keep looking for the real attacker.
Even if you were smart enough to have an off-line backup the vast majority would not.
LOL, who doesn't keep backups? It's going to be easier than ever with deterministic wallets.All 'trust' in the safety of bitcoin wallets would be destroyed taking the value of bitcoin with it.
No, people will just learn to BACKUP THEIR WALLETS. 
Although it wouldn't be the direct cause of destroying bitcoin it would make the service less valuable if they did it regularly.
Simply deleting the wallet would not be enough. Most of us figured out pretty quick how to copy or replace the wallet.dat someplace safe. They can delete my whole hard drive, burn down my house, and lock me up for 20 years and I'm pretty sure I can at least get my wallet back. To really do any damage, the coins have to disappear. To do that they'd have to get the wallet, decrypt my password, and send the coins to never, never land. Easy enough for a couple of thousand wallets, but to hurt the whole community, doing it millions of times before we caught on would be daunting even for a quantum computer.
Quote
Linux is better than most alternatives. At least it should be possible to audit the source and validate checksums of exe
There are no exe's on linux, it is a windows binary format. It wouldn't bother me much, it's just the way your whole post is: no basis for anything that you write, but you do surround terms like auto-update with apostrophes for some reason, I guess to strengthen your point and make up for claims which have no grounds? 
Oh brother... The mental energy that is exhausted in this forum is astounding. Could power a small nation.
Would that not make the surviving bitcoins ultravaluable after a decimal shift?
Also,
+1
Also,
Quote
If you use OSX, Windows, or any Linux with 'auto-update' then the government has a ready-made backdoor through which they could delete all traces of Bitcoin and their wallets from most computers.
So yeah, different linux distributions are located in different countries. Which government has the auto update backdoor into them? Maybe all goverments? Or even aliens?
That's a good synopsis for a bitcoin scifi novel, are you a writer?
Linux is better than most alternatives. At least it should be possible to audit the source and validate checksums of exe. Unfortunately, the other 99% of normal everyday users would be in trouble.
I didn't say it would affect all users, I just said 'most users' and few would know how the virus got on their computers.
I didn't say it would affect all users, I just said 'most users' and few would know how the virus got on their computers.
Quote
If you use OSX, Windows, or any Linux with 'auto-update' then the government has a ready-made backdoor through which they could delete all traces of Bitcoin and their wallets from most computers.
So yeah, different linux distributions are located in different countries. Which government has the auto update backdoor into them? Maybe all goverments? Or even aliens?
51% attack would be far less damaging and I do not believe is a real threat.
I imagined it in more straightforward way - grab some pool owners by the balls, find where majority of asics are located, seize them and make 51% attack.
If you use OSX, Windows, or any Linux with 'auto-update' then the government has a ready-made backdoor through which they could delete all traces of Bitcoin and their wallets from most computers.
They could send a 'stealth' update through normal channels, most computers would install it. Then on some specified date all bitcoin related files would be deleted including the client.
It would probably be an 'unpopular' move, but the government would probably find a way to make it look like a security breach by hackers rather than an intentional attack by government. They may even 'frame' someone and lock them up so people don't keep looking for the real attacker.
Even if you were smart enough to have an off-line backup the vast majority would not. All 'trust' in the safety of bitcoin wallets would be destroyed taking the value of bitcoin with it.
What we need is an innovative and effective means at protecting our computers from backdoors through 'official' and 'trusted' channels and to make sure that everyone is aware of this backdoor through which the government can 'tap' all of our computers.
Sure the blockchain would survive, and many users would still have their wallets. But if the true 'source' of the hack was not revealed then it could occur over and over again and each time the government would blame some anonymous hacker that exploited a buffer overflow to spread the virus far and wide and completely ignore the fact that the 'buffer overflow' as intentionally put in place to allow such an attack.
I am not sure how we solve this except by making paper wallet backups 'mandatory' best practices and really bring to light the nature of this threat so that people take it seriously.
When you consider the shear number of vendors we trust with 'auto-updates', each and every one of these vendors could be coerced into providing a backdoor. (MS, Apple, Adobe,Office,Parallels,Skype,...) Only one needs to be compromised.
Conclusion: we need a system for vetting software updates from any source and a means to protect our wallets from malicious deletion.
Protecting wallets from malicious deletion could be achieved by 'storing' the private keys encrypted in the blockchain or some DHT. Alternatively we could make 'brain walets' the norm. The other strategy is to 'hide' the wallet data in some manner than a virus could not readily identify the wallet files.
Note this attack vector need not be 'global' but instead could be targeted toward individuals known to have large balances or anti-government.
Even brain wallets can be attacked if the virus simply patches the bitcoin software to redirect funds the next time the password is entered. Is there anything we can do to protect ourselves from this without making the software 'unusable'?
They could send a 'stealth' update through normal channels, most computers would install it. Then on some specified date all bitcoin related files would be deleted including the client.
It would probably be an 'unpopular' move, but the government would probably find a way to make it look like a security breach by hackers rather than an intentional attack by government. They may even 'frame' someone and lock them up so people don't keep looking for the real attacker.
Even if you were smart enough to have an off-line backup the vast majority would not. All 'trust' in the safety of bitcoin wallets would be destroyed taking the value of bitcoin with it.
What we need is an innovative and effective means at protecting our computers from backdoors through 'official' and 'trusted' channels and to make sure that everyone is aware of this backdoor through which the government can 'tap' all of our computers.
Sure the blockchain would survive, and many users would still have their wallets. But if the true 'source' of the hack was not revealed then it could occur over and over again and each time the government would blame some anonymous hacker that exploited a buffer overflow to spread the virus far and wide and completely ignore the fact that the 'buffer overflow' as intentionally put in place to allow such an attack.
I am not sure how we solve this except by making paper wallet backups 'mandatory' best practices and really bring to light the nature of this threat so that people take it seriously.
When you consider the shear number of vendors we trust with 'auto-updates', each and every one of these vendors could be coerced into providing a backdoor. (MS, Apple, Adobe,Office,Parallels,Skype,...) Only one needs to be compromised.
Conclusion: we need a system for vetting software updates from any source and a means to protect our wallets from malicious deletion.
Protecting wallets from malicious deletion could be achieved by 'storing' the private keys encrypted in the blockchain or some DHT. Alternatively we could make 'brain walets' the norm. The other strategy is to 'hide' the wallet data in some manner than a virus could not readily identify the wallet files.
Note this attack vector need not be 'global' but instead could be targeted toward individuals known to have large balances or anti-government.
Even brain wallets can be attacked if the virus simply patches the bitcoin software to redirect funds the next time the password is entered. Is there anything we can do to protect ourselves from this without making the software 'unusable'?
Jump to: