I would worry more about backdoors in ASIC mining hardware.
If we end up in a situation where most of the ASIC miners needed to be competitive in the mining business come from a few suppliers in China that might reason to worry. Especially in the light of the recent allegations of government installed backdoors in telecoms equipment from Huawei and ZTE.
See: http://www.zdnet.com/former-pentagon-analyst-china-has-backdoors-to-80-of-telecoms-7000000908/
The bitcoin software is easy to audit. The mining hardware? not so much.
Topic: What if the devs are ordered by a US judge to include a government backdoor? - page 2. (Read 3037 times)
June 06, 2013, 07:51:59 PM
June 06, 2013, 07:35:23 PM
But this whole scenario sounds like a paranoid delusion; has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?
Not exactly on point, but this was just out this afternoon from the Washington Post:
http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_print.html
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time. ...
June 06, 2013, 05:04:59 PM
This one has not been confirmed.
And thousands people probably already looked at the code, because the case is like what 5 ? 10 ? years old ?
June 06, 2013, 03:33:52 PM
has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?
Not AFAIK.
Usually it is tried at least somewhat surreptitiously, e.g.
Report of FBI back door roils OpenBSD community
http://news.cnet.com/8301-31921_3-20025767-281.html
June 06, 2013, 01:16:03 PM
Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.
The devs would be forced to comply right?
The devs would be forced to comply right?
Pieter and Wladimir are not US citizens, so a US judge can't order them to do anything.
If I was ordered to insert a backdoor, I'd just resign as lead developer and find something else to work on.
But this whole scenario sounds like a paranoid delusion; has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?
June 06, 2013, 10:53:10 AM
Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.
The devs would be forced to comply right?
The devs would be forced to comply right?
Very unlikely scenario, but in that case I would be happy serving you an alternate implementation.
Bitcoin is a protocol, not an implementation and even less a binary.
Edit: Thinking through the technical implications, this would end up in a fork since older or alternate clients would not accept the transactions confiscating funds. The resolution of the fork would unlikely be a vote for a version that has these features.
June 06, 2013, 10:46:35 AM
Check out gitian and build your own binaries.
But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.
- http://en.bitcoin.it/wiki/Release_process#Bitcoin_Open_Source_Release_Process
- https://github.com/bitcoin/gitian.sigs
June 06, 2013, 10:20:02 AM
Getting the gitian build system working is not a trivial task. New releases are typically delayed for several hours while the dev team waits for more people with working systems to show up to verify the hash of the resulting binary.
If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.
If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.
+1
June 06, 2013, 08:15:53 AM
Also, all the alternative clients developers will have to understand the Bitcoin-qt code, some of them will notice it if there is anything wrong.
June 06, 2013, 08:05:29 AM
Getting the gitian build system working is not a trivial task. New releases are typically delayed for several hours while the dev team waits for more people with working systems to show up to verify the hash of the resulting binary.
If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.
If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.
June 06, 2013, 07:30:37 AM
Check out gitian and build your own binaries.
But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.
How will you confirm? With gitian, like he said. I admit I don't know much about it either, but this is near the the top of the page of the first Google result for "gitian":
Quote from: http://gitian.org/
Gitian uses a deterministic build process to allow multiple builders to create identical binaries. This allows multiple parties to sign the resulting binaries, guaranteeing that the binaries and tool chain were not tampered with and that the same source was used.
The official binaries are built this way, so you can build your own and verify that you get the exact same binary. That is how you will know the official binary is really built from the public sources.
Ah thanks, so the official binaries are built this way? Thats good to know. If we can verify the binaries then getting a back door in will be extremely hard if not impossible.
Life is good again!
June 06, 2013, 06:12:23 AM
Bitcoin uses gitian? Great
June 06, 2013, 06:07:54 AM
Check out gitian and build your own binaries.
But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.
How will you confirm? With gitian, like he said. I admit I don't know much about it either, but this is near the the top of the page of the first Google result for "gitian":
Quote from: http://gitian.org/
Gitian uses a deterministic build process to allow multiple builders to create identical binaries. This allows multiple parties to sign the resulting binaries, guaranteeing that the binaries and tool chain were not tampered with and that the same source was used.
The official binaries are built this way, so you can build your own and verify that you get the exact same binary. That is how you will know the official binary is really built from the public sources.
June 06, 2013, 05:54:46 AM
Check out gitian and build your own binaries.
But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.
Maybe I forget something to check
June 06, 2013, 04:57:11 AM
Check out gitian and build your own binaries.
But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.
June 06, 2013, 04:02:25 AM
Check out gitian and build your own binaries.
June 06, 2013, 03:52:22 AM
Why dont you have a look 
June 06, 2013, 03:12:27 AM
you would not necessarily know that there is a backdoor.
For an experienced programmer who reviews Bitcoin code on a daily basis it should be trivial to spot such a backdoor.
Git is such an extremely powerful tool to review exactly who does what and when. It will be almost unfeasible to put a backdoor in Bitcoin, currently.
Its less about the source code itself but more about the Bitcoin binary that everyone is downloading. I understand a lot of people watch the code but how many people are comparing the compiled binary to what the code is on Github?
If they put a backdoor into Bitcoin it will be in the binary only and it will never be in the source code. (The binaries are built by people, and are not automatically generated from the Github source.)
Who is comparing the compiled binary to the binary that should exist if compiled from the source code. Does anyone even check this? Is there a chance the binary we all have sitting on our computers is slightly modified from the Github source code?
June 06, 2013, 01:55:21 AM
Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.
The devs would be forced to comply right?
The devs would be forced to comply right?
The devs are not forced to comply because they can simply abandon the project. They have no obligation to contribute to the project.
If the government want to add a backdoor, they can always hire a programmer to work on that. They can also confiscate the bitcoin.org and put their version of bitcoin there.
However, people can still contribute to the original bitcoin project anonymously, e.g. through TOR network. In that case, a hardfork will happen: the original bitcoin and censored bitcoin
June 05, 2013, 11:59:46 PM
Also, if such a backdoor exists, you would need 51% of the network to upgrade to the bugged software for it to actually be implemented. The bug would be found before then.
Jump to: