Windows 8, DRM plus TPM 2.0 can pose a serious threat to Bitcoin.

[ArticMine]

The following article shows the Big Brother potential of propriety software married with DRM and "Trusted" Computing. German Government Warns Key Entities Not To Use Windows 8 – Links The NSA. http://www.businessinsider.com/leaked-german-government-warns-key-entities-not-to-use-windows-8--links-the-nsa-2013-8 and also
http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfIWGUt1

To quote the first article:

Now there is a new set of specifications out, creatively dubbed TPM 2.0. While TPM allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way. Windows governs TPM 2.0. And what Microsoft does remotely is not visible to the user. In short, users of Windows 8 with TPM 2.0 surrender control over their machines the moment they turn it on for the first time.

It would be easy for Microsoft or chip manufacturers to pass the backdoor keys to the NSA and allow it to control those computers. NO, Microsoft would never do that, we protest. Alas, Microsoft, as we have learned from the constant flow of revelations, informs the US government of security holes in its products well before it issues fixes so that government agencies take advantage of the holes and get what they’re looking for.

Read more: http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfJY6toM

This kind of centralized control by Microsoft and by extension certain governments can pose a very serious threat to the security and integrity of the Bitcoin network. Any thoughts on defensive strategies to counteract this threat?

[ArticMine]

Of course GNU / Linux and Free Software is the antidote, but given the market share of Windows the danger here is that a majority of the nodes or even the hash power are controlled by Windows computers and effectively by Microsoft and what ever state they chose to give control to. In the case of mining an ASIC controlled via USB by a Windows 8 machine would effectively give control to Microsoft. 

[tvbcof]

...
This kind of centralized control by Microsoft and by extension certain governments can pose a very serious threat to the security and integrity of the Bitcoin network. Any thoughts on defensive strategies to counteract this threat?

Sure.  We can tear a page from Gavin's book;  Call it a paranoid fantasy on par with those who believe that the moon landing are fake, then go back to sleep and not worry about it.

Seriously, I project that in a matter of time, and possibly not that much time, one will need to positively identify themselves before accessing the global internet at all.  Possibly via a mass produced bio-metric sensing device.  That's what I would implement if I both had the reigns of power and propensity to be a totalitarian (and a large fraction of our respective leaderships seem to fit that description well.)  I'd also extend the some protocols to encapsulate transmitted data in an identifying wrapper.  This would make it pretty straightforward to filter.

For your viewing pleasure, here's a step along that path:

  http://www.forbes.com/sites/tomgroenfeldt/2013/08/21/ditch-your-passwords-us-gov-to-issue-secure-online-ids/

[freedomno1]

Its called find the BIOS file delete it
If it's designed like Internet Explorer
Set out a lawsuit

[ShadowOfHarbringer]

The following article shows the Big Brother potential of propriety software married with DRM and "Trusted" Computing. German Government Warns Key Entities Not To Use Windows 8 – Links The NSA. http://www.businessinsider.com/leaked-german-government-warns-key-entities-not-to-use-windows-8--links-the-nsa-2013-8 and also
http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfIWGUt1

If you treat your security seriously, you simply don't use windows for important tasks.

Windows is useful for me as a gaming machine, but i wouldn't dare run Bitcoin on it...

[domob]

The following article shows the Big Brother potential of propriety software married with DRM and "Trusted" Computing. German Government Warns Key Entities Not To Use Windows 8 – Links The NSA. http://www.businessinsider.com/leaked-german-government-warns-key-entities-not-to-use-windows-8--links-the-nsa-2013-8 and also
http://www.testosteronepit.com/home/2013/8/21/leaked-german-government-warns-key-entities-not-to-use-windo.html#ixzz2cfIWGUt1

If you treat your security seriously, you simply don't use windows for important tasks.

Windows is useful for me as a gaming machine, but i wouldn't dare run Bitcoin on it...

Yes.  But I think the problem with "Trusted Computing" is that it will allow hardware manufacturers (with the influence the US or Chinese have over them) to control what OS you actually can install on your hardware, thus preventing you in the first place from using anything but Windows, so you can't escape possible back doors.  (Or the chip itself has a backdoor which also GNU/Linux can't "disable".)

[MagicBit15]

DRM is a joke in itself, all it has done is caused trouble and done more harm than good ever.

[MGUK]

TPM and such has been around for so incredibly long (edit: 10 years.) I remember many years ago reading about this and the potential damage it could do and there were plenty of e-petitions that could be signed to stop it.

http://en.wikipedia.org/wiki/Trusted_Computing_Group

IIRC, my uni issued laptop has a TPM module in it. It encrypted the drive and prevented bios access. It's circumventable. I imagine most business issued devices probably have this or similar protections.

Users will always have the choice whether to use this platform, and there will pretty much always be a more open alternative.

The underlying thing in this story is that there's a platform which some companies have control over what runs on it. This isn't really that much difference from the Apple ecosystem - they could easily remove bitcoin apps from their store (if there are any that is.)

If someone creates something, and they want control over it, they should be allowed that control. It's only a really big issue when there are no alternatives.


Unless you're willing to build, from raw materials, your own computing device, or scan and understand every single little circuit in your device, then you must place trust somewhere (you can always say "well maybe there's a backdoor in this little chip")

[Mooshire]

Since I'm using windows 8, this concerns me. I'll be storing a lot more in paper wallets now.

[MGUK]

Since I'm using windows 8, this concerns me. I'll be storing a lot more in paper wallets now.

http://en.wikipedia.org/wiki/Trusted_Platform_Module

Microsoft's operating systems Windows Vista, Windows 7 and Windows 8 as well as Microsoft Windows Server starting from Windows Server 2008, use the chip in conjunction with the included disk encryption software named BitLocker.

If people share your logic for concern, so should Windows 7 and Vista users.


How do you generate your paper wallets? How can you be sure there isn't a back door in the website you use to generate it, or your connection, or the software you use to generate it, or the printer you use to print it out, or the paper/pen you use to write it down?

Out of interest, Moonshire, where do you draw the line?

[Mike Hearn]

This crap came up with TC was first designed. It was FUD with no connection to reality then, and I don't know of anything that's changed to make it suddenly accurate. I follow developments in TC pretty closely.

The idea that you have to remotely attest to get onto the internet was a doomsday scenario back then that never came true and we've had over a decade to get there. Remote attestation doesn't even work on most computers. I'm hoping it'll get better with the introduction of Intel SGX because it's tremendously useful for Bitcoiners and the bitcoin community. See bcflick for an example of what it can do.

[johnblaze]

this thread is FUD

[jdbtracker]

Yup they have had this stuff for years, peripherals like printers have back doors programmed into them by law.

But the movement is already beginning with the opensource/openhardware movement. We'll be securing our own chip designs pretty soon. and fortunately the smartest members of the population which this community is composed of probably know how to protect themselves if cautioned about this.

an active, intelligent, informed, educated, highly interconnected community can counter any threat as long as it is identified.

I figure we better continue with the FPGA chips, build custom rigs secure from outside interference with custom opensource operating systems and the foundries can churn out backdoor free chips, couple that with advances in secure meshnetworks and we are homefree.

If it is in our collective best interest, we will solve it sooner or later, every thing is discovered sooner or later; we can learn from History and adapt to new conditions as long as we clearly communicate our ideas to each other sharing what we know to be true.

[tvbcof]

Yup they have had this stuff for years, peripherals like printers have back doors programmed into them by law.

But the movement is already beginning with the opensource/openhardware movement. We'll be securing our own chip designs pretty soon. and fortunately the smartest members of the population which this community is composed of probably know how to protect themselves if cautioned about this.

an active, intelligent, informed, educated, highly interconnected community can counter any threat as long as it is identified.

I figure we better continue with the FPGA chips, build custom rigs secure from outside interference with custom opensource operating systems and the foundries can churn out backdoor free chips, couple that with advances in secure meshnetworks and we are homefree.

If it is in our collective best interest, we will solve it sooner or later, every thing is discovered sooner or later; we can learn from History and adapt to new conditions as long as we clearly communicate our ideas to each other sharing what we know to be true.

+1

Let me make another bold 'tinfoil hat' prediction here.  I bet that we will find that TEMPEST and related side-channel attacks are more possible and more widely used than currently recognized.  Also that in some cases certain chips are even more noisy then they actually need to be and that intelligence agencies possess 'descriptions' of the emanation which make them more useful.

Unfortunately I fear that an 'active, intelligent, informed, educated, highly interconnected community' is not very likely in the volumes needed to be effective and defensible.  If it does develop, and I think it is a goal worth working towards, then they will be called by a different name.  Probably something like 'techno-terrorists' or whatever the scariest name that the marketing folks can come up with happens to be.  I do hope I am wrong about this.  Such a thing might develop, but probably only as a backlash resulting from a protracted episode of blatant abuse under a tyrannical totalitarian form of government.

[Valle]

They must be kidding. TPM is the key storage for BitLocker and similar applications to encrypt drive. It is kind of strange to keep bitcoin wallet and other valuable information on a laptop with non-encrypted drive.

[tvbcof]

...
The idea that you have to remotely attest to get onto the internet was a doomsday scenario back then that never came true and we've had over a decade to get there. Remote attestation doesn't even work on most computers.
...

I sure am glad to hear that predictions made about the internet expire if they go 10 years without realization.  I'll surely sleep much better at night now that I know that.

[Carlton Banks]

Seriously, I project that in a matter of time, and possibly not that much time, one will need to positively identify themselves before accessing the global internet at all.  Possibly via a mass produced bio-metric sensing device.  

Don't get me wrong, I'm as suspicious of Microsoft gaining any extra control as the next person, but that's impractical without all encompassing surveillance in ANY and ALL places that an internet access device is used. Scenario: someone in the middle of nowhere logs into their internet access with their biometrics, then a hostile actor commandeers their device and uses it to commit a criminal act. It could be leveraged as an excellent form of protest actually, doing something incredibly minor, then saying "prove it". Linux user here incidentally, Microsoft went out the window (no pun) a while ago for me.

[jdbtracker]

Unfortunately I fear that an 'active, intelligent, informed, educated, highly interconnected community' is not very likely in the volumes needed to be effective and defensible.  If it does develop, and I think it is a goal worth working towards, then they will be called by a different name.  Probably something like 'techno-terrorists' or whatever the scariest name that the marketing folks can come up with happens to be.  I do hope I am wrong about this.  Such a thing might develop, but probably only as a backlash resulting from a protracted episode of blatant abuse under a tyrannical totalitarian form of government.

Not if it is done right, we are a network of humans interacting with computers to access the internet. The core group of any community will have common goals with other societies that will interpret the information in a different way and develop it differently, but they will advance the concept forward. This simply has to be accelerated by attracting the direct attention of the groups that will propagate the ideas most easily.

It is simply logical that all things interact, it's just a matter of putting the dots together where they meet.

[ArticMine]

There needs to be a clear distinction here between FUD and reality here and yes comments that like having to need a government ID to access the Internet (It is more like a Facebook account on many sites but that is another story) or that the mere presence of a TPM means that the some government agency now has access to your computer are simply FUD.

A TPM by itself is not the issue. It is a place to securely store decryption keys and even if the state has a back door to the TPM there are many situations where the state is not the adversary or may not be able to obtain physical access to the computer for legal reasons for example. Furthermore in order to obtain remote access an OS with a back door is necessary the TPM by itself is not enough. Where the TPM can be very dangerous is that it can and is used to ensure that only an Operating System and / or software trusted by a third party who is not the owner of the device runs on the device. Now GNU / Linux supports the TPM and trusted as opposed to treacherous computing. The crucial difference here is that in the GNU / Linux scenario because of the presence of GPL v3 code in the OS the TPM can only be used to ensure that an OS and / or software trusted by the owner the device runs on the device and cannot be use to prevent the end user from running an OS or software that the owner of the device trusts. This is the crucial difference between trusted and treacherous computing and between using a TPM with GNU / Linux vs a TPM with Microsoft Windows.

The following article by Richard Stallman written over a decade ago in 2002 describes treacherous computing. http://www.gnu.org/philosophy/can-you-trust.html. At the time many dismissed it as FUD and the term Palladium was dropped by Microsoft yet almost a decade to the date Microsoft released Windows 8 RT and the surface tablet which does precisely what RMS was warning about a decade earlier. This follows Apple with IOS devices, almost all game consoles on the market, ebook readers such as the Kindle, and many smart phones and tablets including many Android devices that have to be "rooted' in order for the end user to take back control of the device they own and lock out the manufacturer and other not trusted 'big brothers".  The primary motivation for this lockdown of devices was and still is DRM and it comes down to the very simple realization that the only way to prevent the copying of digital information is to take a way control of computing devices from the end owners of the devices. The use by the state for surveillance, censorship or other big brother activities comes later once the centralized infrastructure has been put in place by big copyright in order to prevent of "piracy" of intellectual property. What we have seen over the last decade is the shift of a fair amount of computing activity away from an open device say a computer running Windows 98 SE to a locked down device say an iPad. This by itself is a very troubling development quite independent of Bitcoin.

The implication here for Bitcoin is clear. The entire security model of Bitcoin relies on a distributed network where no one person of entity can get control and only works with a computing model such as Microsoft Windows in the days of Windows 98 SE,  Windows 2000 or earlier or that of GNU / Linux then and today. What is crucial for the security of the Bitcoin network is that the owner of a computing device has complete control over that computing device and no centralized "authority" can take this control away. So where does this place Microsoft Windows as a platform for Bitcoin. What we have seen in an evolution of gradual small steps starting with the the very open Windows 3.xx  of the early 1990's (lets say 20 C in the boiling frog scenario) to the complete lockdown of Windows 8 RT (100 C in the boiling frog scenario).  Where does one draw the line to not trust Microsoft Windows? I drew the line back in 2006 with the move to Windows Vista, others may choose a different point in this gradual evolution towards big brother. The German articles drew the line at Windows 8.

One simple rule of thumb to keep in mind is here that if a device and / or operating system is trusted by the MPAA and other big copyright players for consumption of the their DRM protected content it should be trusted for use with Bitcoin. Trust after all is a two way street.  

[tvbcof]

They must be kidding. TPM is the key storage for BitLocker and similar applications to encrypt drive. It is kind of strange to keep bitcoin wallet and other valuable information on a laptop with non-encrypted drive.

One does not need to use the TPM key to encrypt a HDD, and generally speaking, if one has something on a persistent media worth encrypting at all, it kind of makes sense to do it right.  IIRC, even Microsoft deferred on this for at least one implementation of their disk encryption.  I'm not sure what disk encryption options exist for Windows since I don't use that OS for anything at all valuable, but I have to think that some of them exist.  Whether they are susceptible to side-channel attacks is a question worth exploring.  That goes for FOSS OS's also for that matter.

Anyway, a TPM has a lot of very interesting and useful features, and certain of them could be integrated into the design of a robust P2P framework.  There are a lot of chip-makers doing TPM work.  I hope that one of them will do an implementation which is verifiable open with mechanisms to facilitate high trust levels for certain operations.  Having a group such as the EFF oversee private key emplacement would be one example.