Bitcoin Forum
March 29, 2024, 03:50:36 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: What if the devs are ordered by a US judge to include a government backdoor?  (Read 2989 times)
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1024



View Profile
June 06, 2013, 12:05:29 PM
 #21

Getting the gitian build system working is not a trivial task.  New releases are typically delayed for several hours while the dev team waits for more people with working systems to show up to verify the hash of the resulting binary.

If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
1711727436
Hero Member
*
Offline Offline

Posts: 1711727436

View Profile Personal Message (Offline)

Ignore
1711727436
Reply with quote  #2

1711727436
Report to moderator
TalkImg was created especially for hosting images on bitcointalk.org: try it next time you want to post an image
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711727436
Hero Member
*
Offline Offline

Posts: 1711727436

View Profile Personal Message (Offline)

Ignore
1711727436
Reply with quote  #2

1711727436
Report to moderator
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
June 06, 2013, 12:15:53 PM
 #22

Also, all the alternative clients developers will have to understand the Bitcoin-qt code, some of them will notice it if there is anything wrong.

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
jgarzik
Legendary
*
qt
Offline Offline

Activity: 1596
Merit: 1091


View Profile
June 06, 2013, 02:20:02 PM
 #23

Getting the gitian build system working is not a trivial task.  New releases are typically delayed for several hours while the dev team waits for more people with working systems to show up to verify the hash of the resulting binary.

If anyone is looking for a way to get involved and help the project, setting up another build environment and hanging out in the dev channel on release days would be a good way to do it.

+1


Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
June 06, 2013, 02:46:35 PM
 #24

Check out gitian and build your own binaries.

But how would I confirm that the official binary is compiled from the source on Github? Little point in running my own binary if 95% of all the nodes are from the official website and have a backdoor.

 - http://en.bitcoin.it/wiki/Release_process#Bitcoin_Open_Source_Release_Process
 - https://github.com/bitcoin/gitian.sigs

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


grau
Hero Member
*****
Offline Offline

Activity: 836
Merit: 1021


bits of proof


View Profile WWW
June 06, 2013, 02:53:10 PM
 #25

Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.

The devs would be forced to comply right?

Very unlikely scenario, but in that case I would be happy serving you an alternate implementation.

Bitcoin is a protocol, not an implementation and even less a binary.

Edit: Thinking through the technical implications, this would end up in a fork since older or alternate clients would not accept the transactions confiscating funds. The resolution of the fork would unlikely be a vote for a version that has these features.
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652
Merit: 2164


Chief Scientist


View Profile WWW
June 06, 2013, 05:16:03 PM
 #26

Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.

The devs would be forced to comply right?

Pieter and Wladimir are not US citizens, so a US judge can't order them to do anything.

If I was ordered to insert a backdoor, I'd just resign as lead developer and find something else to work on.

But this whole scenario sounds like a paranoid delusion; has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?

How often do you get the chance to work on a potentially world-changing project?
jgarzik
Legendary
*
qt
Offline Offline

Activity: 1596
Merit: 1091


View Profile
June 06, 2013, 07:33:52 PM
 #27

has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?

Not AFAIK.

Usually it is tried at least somewhat surreptitiously, e.g.

     Report of FBI back door roils OpenBSD community
     http://news.cnet.com/8301-31921_3-20025767-281.html


Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1005


Bringing Legendary Har® to you since 1952


View Profile
June 06, 2013, 09:04:59 PM
 #28

     Report of FBI back door roils OpenBSD community
     http://news.cnet.com/8301-31921_3-20025767-281.html

This one has not been confirmed.

And thousands people probably already looked at the code, because the case is like what 5 ? 10 ? years old ?

cr1776
Legendary
*
Offline Offline

Activity: 3990
Merit: 1295


View Profile
June 06, 2013, 11:35:23 PM
 #29

But this whole scenario sounds like a paranoid delusion; has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?

Not exactly on point, but this was just out this afternoon from the Washington Post:

http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_print.html


The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time. ...
ninjarobot
Hero Member
*****
Offline Offline

Activity: 761
Merit: 500


Mine Silent, Mine Deep


View Profile
June 06, 2013, 11:51:59 PM
 #30

I would worry more about backdoors in ASIC mining hardware.

If we end up in a situation where most of the ASIC miners needed to be competitive in the mining business come from a few suppliers in China that might reason to worry. Especially in the light of the recent allegations of government installed backdoors in telecoms equipment from Huawei and ZTE.

See: http://www.zdnet.com/former-pentagon-analyst-china-has-backdoors-to-80-of-telecoms-7000000908/

The bitcoin software is easy to audit. The mining hardware? not so much.
evilpete
Member
**
Offline Offline

Activity: 77
Merit: 10



View Profile
June 07, 2013, 12:54:51 AM
 #31

Folks are asking the wrong questions.  The more interesting questions are:

If it were so ordered, how might it be done?

If it were done, how could it be kept hidden to stop it being circumvented?  (given that the point of bitcoin is that people are supposed to be a validating node.. right?)

What would they really want, anyway?  A copy of transactions? (like the public block chain? oh wait..)  Map addresses to people?  (That's what the FinCEN MSB/etc stuff is for)


Backdoors like registering private keys or even public addresses would never work (too many alternative clients, a huge can of worms - people would remember Clipper quickly)

Backdooring miners is academic - all they're doing is gathering signature transactions into a blockchain.  You need to private keys (see above) to take somebody's BTC.  They can't tamper with the blockchain, it would be rejected by the rest of the network.  The block chain is to provide consensus of which version of transaction is the right one, it doesn't make actual transactions.


No, its far easier and more practical to raid your home at first light, seize everything you have, and present you with alternatives so horrible that you'll cave.  A bit of shock and awe goes a long way to keep people in line.

There's no gain for "the government" to backdoor the bitcoin code when there's far more effective tactics.  Be more worried about the highly effective, low tech attacks.  Its hard to spend your bitcoins if you're in prison.

First they ignore you, then they laugh at you, then they fight you, then you win.
- Mahatma Gandhi
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
June 07, 2013, 07:08:53 AM
 #32

Rubber Hose!

If your wallet is protected by a 64 character alphanumeric pass phrase, they will use a $5 wrench to extract it from you.

TierNolan
Legendary
*
Offline Offline

Activity: 1232
Merit: 1077


View Profile
June 07, 2013, 10:52:19 AM
 #33

I would worry more about backdoors in ASIC mining hardware.

If the hardware just does hashing then you can't really have a backdoor.  You tell the hardware what header you want it to hash and what nonce range to use.

A miner that is more complex and builds up its own blocks would be different.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
Sukrim
Legendary
*
Offline Offline

Activity: 2618
Merit: 1006


View Profile
June 07, 2013, 12:15:41 PM
 #34

Well, you could easily append stuff to the merkle root I guess... The problem is that the coinbase transaction is unknown to the miner itself and that is the one and nearly only one that matters to miners.

You could make them "break" at a certain point of time though for example.

An interesting concept would be an ASIC that spends e.g. 1 BTC for each block it produces from a known address to the ASIC developers and that gets distributed for free. One that address runs dry (hacked or simply enough blocks mined), the ASICs stop working. It is in the best interest of miners then to transfer some BTC to this address again to pay for their ASICs that way. It's not 100% possible right now (as the ASIC would need to know about a new unspent output in that address) but it might be a possibility at least maybe in the future.

By the way:
What about a guide/script to do the following:
Get a vanilla LTS Linux distro (e.g. Ubuntu)
Install something like Jenkins or buildbot
Install gitian
Configure Jenkins or buildbot to build every commit in the bitcoin github repo via gitian
Provide a way to sign and publish the output of these builds

I would love to help verify builds for various platforms but setting all these things up is a bit much to ask and surely has already been done by some people. If there is a guide (or even better: a simple commented shellscript that already installs all required dependencies etc. from a vanilla installation/liveDVD) somewhere then I'd be happy to donate my CPU time + HDD space towards this. I don't really want to "donate" hours of my time though to make gitian, buildbot and whatever you use for signing this (maybe Bitcoin and/or Bitmessage private keys? Smiley) run if there could be already a standard platform for doing so.

TL;DR: Give me a shellscript that "just works"(TM) with a specific liveDVD of some Linux distro that builds Bitcoin binaries and I would love to verify signatures.

https://www.coinlend.org <-- automated lending at various exchanges.
https://www.bitfinex.com <-- Trade BTC for other currencies and vice versa.
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1005


Bringing Legendary Har® to you since 1952


View Profile
June 07, 2013, 01:37:01 PM
 #35

Rubber Hose!

If your wallet is protected by a 64 character alphanumeric pass phrase, they will use a $5 wrench to extract it from you.
Rubber hose is useless if they cannot prove that the data is there.

http://en.wikipedia.org/wiki/Plausible_deniability
http://www.truecrypt.org/
http://www.truecrypt.org/docs/?s=plausible-deniability

bitzox
Full Member
***
Offline Offline

Activity: 172
Merit: 100



View Profile
June 07, 2013, 05:06:24 PM
 #36

No, its far easier and more practical to raid your home at first light, seize everything you have, and present you with alternatives so horrible that you'll cave.  A bit of shock and awe goes a long way to keep people in line.

This right here is 100% on point. Why bother with the hassle of installing a backdoor on the code when they can simply arrest you threaten you and your spouse with 20 years in prison and tell you if you surrender your coins they will let your wife off and knock your sentence down to 10-15. That doesn't work? Ok you're now declared an enemy combatant(who needs justification, that's why we have the patriot act), no legal rights, and deported to guantanamo. Oh Guantanamo is finally closed? You think that means you get a break? Nope, now you get to go rot in some hell hole jail set up in one of our "allied" (ie colony) third world nations. Enjoy rotting in prison in Turkmenistan.

18QpV8ZF3Y4oK8guDQiwTAK73W9r5nvBtm
jaywaka2713
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250


aka 7Strykes


View Profile
June 07, 2013, 05:09:18 PM
 #37

Rubber Hose!

If your wallet is protected by a 64 character alphanumeric pass phrase, they will use a $5 wrench to extract it from you.
Rubber hose is useless if they cannot prove that the data is there.

http://en.wikipedia.org/wiki/Plausible_deniability
http://www.truecrypt.org/
http://www.truecrypt.org/docs/?s=plausible-deniability

Exactly. Or just use a truecrypt hidden container so they think they've retrieved your wallet but just have it empty.

riush
Member
**
Offline Offline

Activity: 73
Merit: 10


View Profile
June 09, 2013, 12:19:06 AM
Last edit: June 09, 2013, 12:34:18 AM by riush
 #38

has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?

It has happened to the JAP project (http://en.wikipedia.org/wiki/Java_Anon_Proxy)

Quote
In 2003, the German BKA[8][9] obtained a warrant to force the Dresden Mix operators to log access to a specific web address and to introduce a crime detection function in the server software making this possible.

AFAIK they handled the situation by putting in the code, openly labeling it as what it is, and when asked about it they just said "we can't talk about that..." and everybody knew what was going on.
It pretty much killed the project, though, which was about to be overtaken by tor at the time anyway (at least from my point of view).

Regarding bitcoin, I don't think it would take more than an hour to be the topic of discussion on IRC if Gavin did actually commit something like that. Let alone release it.
And, as he already said, our developer community is spread over several countries/continents so it's extremely hard to put them all under legal pressure simultaneously.

Maybe it would be nice to better track / display who reviewed what code. I know you can count the ACKs in the github discussions, but maybe it would put some minds at rest if there was a website listing commits/tags/builds along with green badges representing valid signatures from the core devs.

1MKKiJhUJgqKyfCLeo7bB1bvELNEM8wUbz
jubalix
Legendary
*
Offline Offline

Activity: 2618
Merit: 1022


View Profile WWW
June 24, 2013, 01:21:25 PM
 #39

Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.

The devs would be forced to comply right?

Open source software makes it so that every change is visible.  

Currently the Bitcoin-Qt/bitcoind release is signed by the Bitcoin Foundation ... which means the release won't work for Windows 8 and Mac users (as an update) unless Bitconi Foundation signs it.   This makes it difficult for some other dev team members who are not a party to this hypothetical IRS backdoor demand to be able to release updates to the client without this backdoor themselves.   It would probably have to be a fork with a different name (and signed by some other organization).

But the developers don't have final say as to what changes are accepted for the Bitcoin protocol.  It is the economic majority who decides:
 - http://en.bitcoin.it/wiki/Economic_majority

i don't get this why does it need to be signed, just copy the cod, take out signing requirement bit and release....what am I missing

Admitted Practicing Lawyer::BTC/Crypto Specialist. B.Engineering/B.Laws

https://www.binance.com/?ref=10062065
jubalix
Legendary
*
Offline Offline

Activity: 2618
Merit: 1022


View Profile WWW
June 24, 2013, 01:23:38 PM
 #40

you would not necessarily know that there is a backdoor.

For an experienced programmer who reviews Bitcoin code on a daily basis it should be trivial to spot such a backdoor.

Git is such an extremely powerful tool to review exactly who does what and when. It will be almost unfeasible to put a backdoor in Bitcoin, currently.

what if they get to git, to not compare this code, mod git just for BTC, in some update, that would trick you as you had being relying on git to find the difference.

Admitted Practicing Lawyer::BTC/Crypto Specialist. B.Engineering/B.Laws

https://www.binance.com/?ref=10062065
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!