Yup they have had this stuff for years, peripherals like printers have back doors programmed into them by law.
But the movement is already beginning with the opensource/openhardware movement. We'll be securing our own chip designs pretty soon. and fortunately the smartest members of the population which this community is composed of probably know how to protect themselves if cautioned about this.
an active, intelligent, informed, educated, highly interconnected community can counter any threat as long as it is identified.
I figure we better continue with the FPGA chips, build custom rigs secure from outside interference with custom opensource operating systems and the foundries can churn out backdoor free chips, couple that with advances in secure meshnetworks and we are homefree.
If it is in our collective best interest, we will solve it sooner or later, every thing is discovered sooner or later; we can learn from History and adapt to new conditions as long as we clearly communicate our ideas to each other sharing what we know to be true.
Topic: Windows 8, DRM plus TPM 2.0 can pose a serious threat to Bitcoin. - page 2. (Read 9638 times)
August 22, 2013, 09:26:18 AM
August 22, 2013, 09:17:05 AM
this thread is FUD
August 22, 2013, 08:39:45 AM
This crap came up with TC was first designed. It was FUD with no connection to reality then, and I don't know of anything that's changed to make it suddenly accurate. I follow developments in TC pretty closely.
The idea that you have to remotely attest to get onto the internet was a doomsday scenario back then that never came true and we've had over a decade to get there. Remote attestation doesn't even work on most computers. I'm hoping it'll get better with the introduction of Intel SGX because it's tremendously useful for Bitcoiners and the bitcoin community. See bcflick for an example of what it can do.
The idea that you have to remotely attest to get onto the internet was a doomsday scenario back then that never came true and we've had over a decade to get there. Remote attestation doesn't even work on most computers. I'm hoping it'll get better with the introduction of Intel SGX because it's tremendously useful for Bitcoiners and the bitcoin community. See bcflick for an example of what it can do.
August 22, 2013, 08:35:52 AM
Since I'm using windows 8, this concerns me. I'll be storing a lot more in paper wallets now.
http://en.wikipedia.org/wiki/Trusted_Platform_Module
Quote
Microsoft's operating systems Windows Vista, Windows 7 and Windows 8 as well as Microsoft Windows Server starting from Windows Server 2008, use the chip in conjunction with the included disk encryption software named BitLocker.
If people share your logic for concern, so should Windows 7 and Vista users.
How do you generate your paper wallets? How can you be sure there isn't a back door in the website you use to generate it, or your connection, or the software you use to generate it, or the printer you use to print it out, or the paper/pen you use to write it down?
Out of interest, Moonshire, where do you draw the line?
August 22, 2013, 08:19:44 AM
Since I'm using windows 8, this concerns me. I'll be storing a lot more in paper wallets now.
August 22, 2013, 08:09:37 AM
TPM and such has been around for so incredibly long (edit: 10 years.) I remember many years ago reading about this and the potential damage it could do and there were plenty of e-petitions that could be signed to stop it.
http://en.wikipedia.org/wiki/Trusted_Computing_Group
IIRC, my uni issued laptop has a TPM module in it. It encrypted the drive and prevented bios access. It's circumventable. I imagine most business issued devices probably have this or similar protections.
Users will always have the choice whether to use this platform, and there will pretty much always be a more open alternative.
The underlying thing in this story is that there's a platform which some companies have control over what runs on it. This isn't really that much difference from the Apple ecosystem - they could easily remove bitcoin apps from their store (if there are any that is.)
If someone creates something, and they want control over it, they should be allowed that control. It's only a really big issue when there are no alternatives.
Unless you're willing to build, from raw materials, your own computing device, or scan and understand every single little circuit in your device, then you must place trust somewhere (you can always say "well maybe there's a backdoor in this little chip")
http://en.wikipedia.org/wiki/Trusted_Computing_Group
IIRC, my uni issued laptop has a TPM module in it. It encrypted the drive and prevented bios access. It's circumventable. I imagine most business issued devices probably have this or similar protections.
Users will always have the choice whether to use this platform, and there will pretty much always be a more open alternative.
The underlying thing in this story is that there's a platform which some companies have control over what runs on it. This isn't really that much difference from the Apple ecosystem - they could easily remove bitcoin apps from their store (if there are any that is.)
If someone creates something, and they want control over it, they should be allowed that control. It's only a really big issue when there are no alternatives.
Unless you're willing to build, from raw materials, your own computing device, or scan and understand every single little circuit in your device, then you must place trust somewhere (you can always say "well maybe there's a backdoor in this little chip")
August 22, 2013, 07:19:52 AM
DRM is a joke in itself, all it has done is caused trouble and done more harm than good ever.
August 22, 2013, 07:11:05 AM
The following article shows the Big Brother potential of propriety software married with DRM and "Trusted" Computing. German Government Warns Key Entities Not To Use Windows 8 – Links The NSA. http://www.businessinsider.com/leaked-german-government-warns-key-entities-not-to-use-windows-8--links-the-nsa-2013-8 and also
http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfIWGUt1
If you treat your security seriously, you simply don't use windows for important tasks.http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfIWGUt1
Windows is useful for me as a gaming machine, but i wouldn't dare run Bitcoin on it...
Yes. But I think the problem with "Trusted Computing" is that it will allow hardware manufacturers (with the influence the US or Chinese have over them) to control what OS you actually can install on your hardware, thus preventing you in the first place from using anything but Windows, so you can't escape possible back doors. (Or the chip itself has a backdoor which also GNU/Linux can't "disable".)
August 22, 2013, 06:43:32 AM
The following article shows the Big Brother potential of propriety software married with DRM and "Trusted" Computing. German Government Warns Key Entities Not To Use Windows 8 – Links The NSA. http://www.businessinsider.com/leaked-german-government-warns-key-entities-not-to-use-windows-8--links-the-nsa-2013-8 and also
http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfIWGUt1
If you treat your security seriously, you simply don't use windows for important tasks.http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfIWGUt1
Windows is useful for me as a gaming machine, but i wouldn't dare run Bitcoin on it...
August 22, 2013, 01:18:51 AM
Its called find the BIOS file delete it
If it's designed like Internet Explorer
Set out a lawsuit
If it's designed like Internet Explorer
Set out a lawsuit
August 22, 2013, 01:02:40 AM
...
This kind of centralized control by Microsoft and by extension certain governments can pose a very serious threat to the security and integrity of the Bitcoin network. Any thoughts on defensive strategies to counteract this threat?
This kind of centralized control by Microsoft and by extension certain governments can pose a very serious threat to the security and integrity of the Bitcoin network. Any thoughts on defensive strategies to counteract this threat?
Sure. We can tear a page from Gavin's book; Call it a paranoid fantasy on par with those who believe that the moon landing are fake, then go back to sleep and not worry about it.
Seriously, I project that in a matter of time, and possibly not that much time, one will need to positively identify themselves before accessing the global internet at all. Possibly via a mass produced bio-metric sensing device. That's what I would implement if I both had the reigns of power and propensity to be a totalitarian (and a large fraction of our respective leaderships seem to fit that description well.) I'd also extend the some protocols to encapsulate transmitted data in an identifying wrapper. This would make it pretty straightforward to filter.
For your viewing pleasure, here's a step along that path:
http://www.forbes.com/sites/tomgroenfeldt/2013/08/21/ditch-your-passwords-us-gov-to-issue-secure-online-ids/
August 21, 2013, 11:25:24 PM
Of course GNU / Linux and Free Software is the antidote, but given the market share of Windows the danger here is that a majority of the nodes or even the hash power are controlled by Windows computers and effectively by Microsoft and what ever state they chose to give control to. In the case of mining an ASIC controlled via USB by a Windows 8 machine would effectively give control to Microsoft.
August 21, 2013, 10:49:45 PM
The following article shows the Big Brother potential of propriety software married with DRM and "Trusted" Computing. German Government Warns Key Entities Not To Use Windows 8 – Links The NSA. http://www.businessinsider.com/leaked-german-government-warns-key-entities-not-to-use-windows-8--links-the-nsa-2013-8 and also
http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfIWGUt1
To quote the first article:
This kind of centralized control by Microsoft and by extension certain governments can pose a very serious threat to the security and integrity of the Bitcoin network. Any thoughts on defensive strategies to counteract this threat?
http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfIWGUt1
To quote the first article:
Quote
Now there is a new set of specifications out, creatively dubbed TPM 2.0. While TPM allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way. Windows governs TPM 2.0. And what Microsoft does remotely is not visible to the user. In short, users of Windows 8 with TPM 2.0 surrender control over their machines the moment they turn it on for the first time.
It would be easy for Microsoft or chip manufacturers to pass the backdoor keys to the NSA and allow it to control those computers. NO, Microsoft would never do that, we protest. Alas, Microsoft, as we have learned from the constant flow of revelations, informs the US government of security holes in its products well before it issues fixes so that government agencies take advantage of the holes and get what they’re looking for.
Read more: http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfJY6toM
It would be easy for Microsoft or chip manufacturers to pass the backdoor keys to the NSA and allow it to control those computers. NO, Microsoft would never do that, we protest. Alas, Microsoft, as we have learned from the constant flow of revelations, informs the US government of security holes in its products well before it issues fixes so that government agencies take advantage of the holes and get what they’re looking for.
Read more: http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfJY6toM
This kind of centralized control by Microsoft and by extension certain governments can pose a very serious threat to the security and integrity of the Bitcoin network. Any thoughts on defensive strategies to counteract this threat?
Jump to: