How governments could destroy bitcoin (for most) in one day

[bytemaster]

If you use OSX, Windows, or any Linux with 'auto-update' then the government has a ready-made backdoor through which they could delete all traces of Bitcoin and their wallets from most computers.

They could send a 'stealth' update through normal channels, most computers would install it.  Then on some specified date all bitcoin related files would be deleted including the client.  

It would probably be an 'unpopular' move, but the government would probably find a way to make it look like a security breach by hackers rather than an intentional attack by government.    They may even 'frame' someone and lock them up so people don't keep looking for the real attacker.

Even if you were smart enough to have an off-line backup the vast majority would not.   All 'trust' in the safety of bitcoin wallets would be destroyed taking the value of bitcoin with it.

What we need is an innovative and effective means at protecting our computers from backdoors through 'official' and 'trusted' channels and to make sure that everyone is aware of this backdoor through which the government can 'tap' all of our computers.

Sure the blockchain would survive, and many users would still have their wallets.   But if the true 'source' of the hack was not revealed then it could occur over and over again and each time the government would blame some anonymous hacker that exploited a buffer overflow to spread the virus far and wide and completely ignore the fact that the 'buffer overflow' as intentionally put in place to allow such an attack.

I am not sure how we solve this except by making paper wallet backups 'mandatory' best practices and really bring to light the nature of this threat so that people take it seriously.  

When you consider the shear number of vendors we trust with 'auto-updates', each and every one of these vendors could be coerced into providing a backdoor. (MS, Apple, Adobe,Office,Parallels,Skype,...) Only one needs to be compromised.    

Conclusion:  we need a system for vetting software updates from any source and a means to protect our wallets from malicious deletion.  

Protecting wallets from malicious deletion could be achieved by 'storing' the private keys encrypted in the blockchain or some DHT.   Alternatively we could make 'brain walets' the norm.   The other strategy is to 'hide' the wallet data in some manner than a virus could not readily identify the wallet files.  

Note this attack vector need not be 'global' but instead could be targeted toward individuals known to have large balances or anti-government.

Even brain wallets can be attacked if the virus simply patches the bitcoin software to redirect funds the next time the password is entered.  Is there anything we can do to protect ourselves from this without making the software 'unusable'?

[PrintMule]

I imagined it in more straightforward way - grab some pool owners by the balls, find where majority of asics are located, seize them and make 51% attack.

[bytemaster]

51% attack would be far less damaging and I do not believe is a real threat.

[Killdozer]

If you use OSX, Windows, or any Linux with 'auto-update' then the government has a ready-made backdoor through which they could delete all traces of Bitcoin and their wallets from most computers.

So yeah, different linux distributions are located in different countries. Which government has the auto update backdoor into them? Maybe all goverments? Or even aliens?

[bytemaster]

Linux is better than most alternatives.  At least it should be possible to audit the source and validate checksums of exe.   Unfortunately, the other 99% of normal everyday users would be in trouble.

I didn't say it would affect all users, I just said 'most users' and few would know how the virus got on their computers.

[pedrog]

That's a good synopsis for a bitcoin scifi novel, are you a writer?

[ktttn]

Would that not make the surviving bitcoins ultravaluable after a decimal shift?
Also,

If you use OSX, Windows, or any Linux with 'auto-update' then the government has a ready-made backdoor through which they could delete all traces of Bitcoin and their wallets from most computers.

So yeah, different linux distributions are located in different countries. Which government has the auto update backdoor into them? Maybe all goverments? Or even aliens?

+1

[knybe]

Oh brother... The mental energy that is exhausted in this forum is astounding. Could power a small nation.

[Killdozer]

Linux is better than most alternatives.  At least it should be possible to audit the source and validate checksums of exe

There are no exe's on linux, it is a windows binary format. It wouldn't bother me much, it's just the way your whole post is: no basis for anything that you write, but you do surround terms like auto-update with apostrophes for some reason, I guess to strengthen your point and make up for claims which have no grounds?

[Kitemike]

Simply deleting the wallet would not be enough.  Most of us figured out pretty quick how to copy or replace the wallet.dat someplace safe.  They can delete my whole hard drive, burn down my house, and lock me up for 20 years and I'm pretty sure I can at least get my wallet back. To really do any damage, the coins have to disappear.  To do that they'd have to get the wallet, decrypt my password, and send the coins to never, never land. Easy enough for a couple of thousand wallets, but to hurt the whole community, doing it millions of times before we caught on would be daunting even for a quantum computer.

[Bogdan]

Although it wouldn't be the direct cause of destroying bitcoin it would make the service less valuable if they did it regularly.

[grue]

If you use OSX, Windows, or any Linux with 'auto-update' then the government has a ready-made backdoor through which they could delete all traces of Bitcoin and their wallets from most computers.

They could send a 'stealth' update through normal channels, most computers would install it.  Then on some specified date all bitcoin related files would be deleted including the client. 

It would probably be an 'unpopular' move, but the government would probably find a way to make it look like a security breach by hackers rather than an intentional attack by government.    They may even 'frame' someone and lock them up so people don't keep looking for the real attacker.

Highly unlikely. All updates by major software vendors are signed, and the signing keys are stored in specially designed hardware. It would be highly unlikely that ALL software vendors had their signing keys compromised.

Even if you were smart enough to have an off-line backup the vast majority would not.

LOL, who doesn't keep backups? It's going to be easier than ever with deterministic wallets.

All 'trust' in the safety of bitcoin wallets would be destroyed taking the value of bitcoin with it.

No, people will just learn to BACKUP THEIR WALLETS.

[bytemaster]

Clearly this would only affect casual users, but I an assure you that most users are not being *that* careful with their wallets.  They may have a backup on multiple different drives but what good is a backup if the auto-update can patch the bitcoin client and transfer your funds the next time you unlock it?

The point of this post was that your wallet and password is only as secure as the software you allow on to your system.  The solution is an open source hardware wallet that is never updated, never has network connectivity, generates all keys, and for which there is no means to get the keys off of the device.  

Then this wallet must be made as easy to use as possible.    Ideally the entire wallet and hardware system is open source.

Users should never have more than the cash they normally carry with them backed by any private key that has ever existed on a networked computer.  

Note when I said exe it was short for executable which linux certainly has.

[bytemaster]

If you use OSX, Windows, or any Linux with 'auto-update' then the government has a ready-made backdoor through which they could delete all traces of Bitcoin and their wallets from most computers.

They could send a 'stealth' update through normal channels, most computers would install it.  Then on some specified date all bitcoin related files would be deleted including the client. 

It would probably be an 'unpopular' move, but the government would probably find a way to make it look like a security breach by hackers rather than an intentional attack by government.    They may even 'frame' someone and lock them up so people don't keep looking for the real attacker.

Highly unlikely. All updates by major software vendors are signed, and the signing keys are stored in specially designed hardware. It would be highly unlikely that ALL software vendors had their signing keys compromised.

Even if you were smart enough to have an off-line backup the vast majority would not.

LOL, who doesn't keep backups? It's going to be easier than ever with deterministic wallets.

All 'trust' in the safety of bitcoin wallets would be destroyed taking the value of bitcoin with it.

No, people will just learn to BACKUP THEIR WALLETS.

Ok, you don't need all vendors to be compromised at once and who said anything about them being 'hacked'.   Governments can easily coerce any large company into signing anything.   

Even with a wallet backup, you can have your client patched to steal your password and coins the next time you make a transaction.

[Kitemike]

...if the auto-update can patch the bitcoin client and transfer your funds the next time you unlock it?

You've added more detail, yet there is still a problem.  Even with auto-updates, not everyone will have the updates at the same time, and if the government has to wait weeks or months for everyone to get the malicious code, they risk getting caught by the source savvy power-users.  And, there are a lot of different clients out there now.  Granted, they mostly use similar code, but each has it's separate routes for updating.  A more plausible attack would be to discredit bitcoins as an evil invention of drug dealers, gamblers, and weapons dealers... oh wait, that is what they are doing! 

[chmod755]

Ever heard about backups? 

[bytemaster]

Ever heard about backups? 

Ever heard of reading the whole post?

[rovchris]

Honestly if they can not stop people using bit torrents or child pornography it is laughable that they could damage the Bitcoin network.

They would just pass legislation saying it is illegal to hold the Private Keys for wallets and then have a smear campaign to claim anyone that uses bitcoins is a paedophile and if found on your hard disk you would be treated as one. Similar to how they are now starting to treat smokers. All of a sudden you are number one threat to children.

They are utter bastards and do not care for you or your well being in the slightest - you are here to fill their pockets so they do not have to work.

Instead of putting so much energy into the impossible - put your energy into a bitcoin based business - you could be the new Amazon and that would really hurt them - who knows???

[Remember remember the 5th of November]

You know, there is software that "encrypts" the binary so that it does a self-check if the binary has been modified. I think it was a Themida based protection.

[linenoise]

Why the conspiracy theories? In the US the gov could do it the same as they did with online poker - make it so it's illegal for banks to send money to bitcoins and to not allow US firms to accept them. If we can't do wires, dwolla, moneygram, etc it becomes exceedingly hard to buy / sell bitcoins. It wouldn't shut it down entirely yet without the convenience of being able to use them the appeal would rapidly bring the value down and no real value as an online exchange medium.