Pages:
Author

Topic: What if the devs are ordered by a US judge to include a government backdoor? - page 2. (Read 3047 times)

hero member
Activity: 761
Merit: 500
Mine Silent, Mine Deep
I would worry more about backdoors in ASIC mining hardware.

If we end up in a situation where most of the ASIC miners needed to be competitive in the mining business come from a few suppliers in China that might reason to worry. Especially in the light of the recent allegations of government installed backdoors in telecoms equipment from Huawei and ZTE.

See: http://www.zdnet.com/former-pentagon-analyst-china-has-backdoors-to-80-of-telecoms-7000000908/

The bitcoin software is easy to audit. The mining hardware? not so much.
legendary
Activity: 4228
Merit: 1313
But this whole scenario sounds like a paranoid delusion; has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?

Not exactly on point, but this was just out this afternoon from the Washington Post:

http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_print.html


The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time. ...
legendary
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
     Report of FBI back door roils OpenBSD community
     http://news.cnet.com/8301-31921_3-20025767-281.html

This one has not been confirmed.

And thousands people probably already looked at the code, because the case is like what 5 ? 10 ? years old ?
legendary
Activity: 1596
Merit: 1100
has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?

Not AFAIK.

Usually it is tried at least somewhat surreptitiously, e.g.

     Report of FBI back door roils OpenBSD community
     http://news.cnet.com/8301-31921_3-20025767-281.html

legendary
Activity: 1652
Merit: 2301
Chief Scientist
Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.

The devs would be forced to comply right?

Pieter and Wladimir are not US citizens, so a US judge can't order them to do anything.

If I was ordered to insert a backdoor, I'd just resign as lead developer and find something else to work on.

But this whole scenario sounds like a paranoid delusion; has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?
hero member
Activity: 836
Merit: 1030
bits of proof
Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.

The devs would be forced to comply right?

Very unlikely scenario, but in that case I would be happy serving you an alternate implementation.

Bitcoin is a protocol, not an implementation and even less a binary.

Edit: Thinking through the technical implications, this would end up in a fork since older or alternate clients would not accept the transactions confiscating funds. The resolution of the fork would unlikely be a vote for a version that has these features.
legendary
Activity: 2506
Merit: 1010
Check out gitian and build your own binaries.

But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.

 - http://en.bitcoin.it/wiki/Release_process#Bitcoin_Open_Source_Release_Process
 - https://github.com/bitcoin/gitian.sigs
legendary
Activity: 1596
Merit: 1100
Getting the gitian build system working is not a trivial task.  New releases are typically delayed for several hours while the dev team waits for more people with working systems to show up to verify the hash of the resulting binary.

If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.

+1

hero member
Activity: 784
Merit: 1000
Also, all the alternative clients developers will have to understand the Bitcoin-qt code, some of them will notice it if there is anything wrong.
kjj
legendary
Activity: 1302
Merit: 1026
Getting the gitian build system working is not a trivial task.  New releases are typically delayed for several hours while the dev team waits for more people with working systems to show up to verify the hash of the resulting binary.

If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.
legendary
Activity: 1176
Merit: 1015
Check out gitian and build your own binaries.

But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.

How will you confirm?  With gitian, like he said.  I admit I don't know much about it either, but this is near the the top of the page of the first Google result for "gitian":

Quote from: http://gitian.org/
Gitian uses a deterministic build process to allow multiple builders to create identical binaries. This allows multiple parties to sign the resulting binaries, guaranteeing that the binaries and tool chain were not tampered with and that the same source was used.

The official binaries are built this way, so you can build your own and verify that you get the exact same binary.  That is how you will know the official binary is really built from the public sources.

Ah thanks, so the official binaries are built this way? Thats good to know. If we can verify the binaries then getting a back door in will be extremely hard if not impossible. Smiley

Life is good again!
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
Bitcoin uses gitian? Great
sr. member
Activity: 448
Merit: 254
Check out gitian and build your own binaries.

But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.

How will you confirm?  With gitian, like he said.  I admit I don't know much about it either, but this is near the the top of the page of the first Google result for "gitian":

Quote from: http://gitian.org/
Gitian uses a deterministic build process to allow multiple builders to create identical binaries. This allows multiple parties to sign the resulting binaries, guaranteeing that the binaries and tool chain were not tampered with and that the same source was used.

The official binaries are built this way, so you can build your own and verify that you get the exact same binary.  That is how you will know the official binary is really built from the public sources.
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
Check out gitian and build your own binaries.

But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.
Build with same versions of g++ and qmake, same architecture, same dependency (if any, I don't know) and compare
Maybe I forget something to check
legendary
Activity: 1176
Merit: 1015
Check out gitian and build your own binaries.

But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.
legendary
Activity: 2618
Merit: 1007
Check out gitian and build your own binaries.
sr. member
Activity: 302
Merit: 250
Why dont you have a look  Cheesy
legendary
Activity: 1176
Merit: 1015
you would not necessarily know that there is a backdoor.

For an experienced programmer who reviews Bitcoin code on a daily basis it should be trivial to spot such a backdoor.

Git is such an extremely powerful tool to review exactly who does what and when. It will be almost unfeasible to put a backdoor in Bitcoin, currently.

Its less about the source code itself but more about the Bitcoin binary that everyone is downloading. I understand a lot of people watch the code but how many people are comparing the compiled binary to what the code is on Github?

If they put a backdoor into Bitcoin it will be in the binary only and it will never be in the source code. (The binaries are built by people, and are not automatically generated from the Github source.)

Who is comparing the compiled binary to the binary that should exist if compiled from the source code. Does anyone even check this? Is there a chance the binary we all have sitting on our computers is slightly modified from the Github source code?
legendary
Activity: 1792
Merit: 1111
Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.

The devs would be forced to comply right?

The devs are not forced to comply because they can simply abandon the project. They have no obligation to contribute to the project.

If the government want to add a backdoor, they can always hire a programmer to work on that. They can also confiscate the bitcoin.org and put their version of bitcoin there.

However, people can still contribute to the original bitcoin project anonymously, e.g. through TOR network. In that case, a hardfork will happen: the original bitcoin and censored bitcoin
sr. member
Activity: 266
Merit: 250
aka 7Strykes
Also, if such a backdoor exists, you would need 51% of the network to upgrade to the bugged software for it to actually be implemented. The bug would be found before then.
Pages:
Jump to: