Bitcoin Forum
October 18, 2017, 07:14:44 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: What if dev-team is compromised?  (Read 5224 times)
Rassah
Legendary
*
Offline Offline

Activity: 1680


Director of Bitcoin100


View Profile
September 10, 2013, 02:18:09 AM
 #41

In all seriousness though, I'd like to have a mechanism whereby if a core developer is approached by any gov't to compromise bitcoin, they have to resign - and announce that publicly, signing the message with the same pgp signature used to commit their changes to the Bitcoin codebase.

I know that the devs wouldn't just sit there if such a situation occurred, but I'd feel better knowing there was some kind of notification process to deal with it.


Good idea, but may be unnecessary, due to so many different devs working on different bitcoin clients. It'll be like someone from the gov asking a dev working on Ubuntu to compromise it. All other Ubuntu devs will notice, all other Linux devs that use Ubuntu code will notice, and all the dozens of other Linux distros will not even notice.

1508354084
Hero Member
*
Offline Offline

Posts: 1508354084

View Profile Personal Message (Offline)

Ignore
1508354084
Reply with quote  #2

1508354084
Report to moderator
1508354084
Hero Member
*
Offline Offline

Posts: 1508354084

View Profile Personal Message (Offline)

Ignore
1508354084
Reply with quote  #2

1508354084
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508354084
Hero Member
*
Offline Offline

Posts: 1508354084

View Profile Personal Message (Offline)

Ignore
1508354084
Reply with quote  #2

1508354084
Report to moderator
1508354084
Hero Member
*
Offline Offline

Posts: 1508354084

View Profile Personal Message (Offline)

Ignore
1508354084
Reply with quote  #2

1508354084
Report to moderator
1508354084
Hero Member
*
Offline Offline

Posts: 1508354084

View Profile Personal Message (Offline)

Ignore
1508354084
Reply with quote  #2

1508354084
Report to moderator
will1982
Full Member
***
Offline Offline

Activity: 120



View Profile
September 10, 2013, 02:21:21 AM
 #42

I imagine that, if malicious, the compromisors (?) would push out an update to QT with a virus or a way to screw up the network
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 2324



View Profile
September 10, 2013, 06:47:41 AM
 #43

In all seriousness though, I'd like to have a mechanism whereby if a core developer is approached by any gov't to compromise bitcoin, they have to resign - and announce that publicly, signing the message with the same pgp signature used to commit their changes to the Bitcoin codebase.
But whats that even mean exactly?

I had some doofbrained researchers contact me to ask about adding tracking code to Bitcoin to help with their research. I told them to buzz off in perhaps excessively rude terms. If it was some law enforcement, some officer Obie from Stockbridge, Nowhere?  I'd have to resign?

Or maybe those researchers were really government shills (how would I know?) does that mean I'm already free?  ?? ?!? FREE?! IT WAS THAT EASY OMG I'M FREE   FREEEE FREEEEEEE!

I imagine that, if malicious, the compromisors (?) would push out an update to QT with a virus or a way to screw up the network
This is why we don't have an auto-updater. We should eventually gain some kind of update tool... Without one a lot of people just keep downloading the software and not checking the PGP signatures, and every time they do it they're exposed to getting an exploited version.

The community should absolutely not accept just some tool that lets a single person or even a small number of people rapidly push out replacement software to all the users.  If you want to give the developers of your node software crazy power just in case of emergencies, give them a key that makes it shut off, but don't let them freely push updates.  If I ever come back asking for the ability to rapidly push updates that means I've be replaced by an alien symbiont. (And really: the same for any developer, you'd have to be evil or crazy to want that ability: It makes you a target)

I'd like to see is someday have a system where developers can push an update out and your computer will download it but not install it. And after a minimum delay of a couple days if it gets enough positive signatures and no (or not too many) negative signatures, it will wait a random amount of time (e.g. up to a week) and then start asking you if you'd like to make the upgrade (this way if it's busted you might hear about it or the update may be withdrawn after other people update but before you install it)... obviously you could go and manually trigger the upgrade at any point.  This would give time for a lot of people to review any updates and sound alarms if they found problems. It could also allow us to be very liberal in granting veto access, since the vetos would just make things fall back to a manually triggered install.


Bitcoin will not be compromised
TraderTimm
Legendary
*
Offline Offline

Activity: 1974



View Profile
September 10, 2013, 12:59:11 PM
 #44

In all seriousness though, I'd like to have a mechanism whereby if a core developer is approached by any gov't to compromise bitcoin, they have to resign - and announce that publicly, signing the message with the same pgp signature used to commit their changes to the Bitcoin codebase.
But whats that even mean exactly?

I had some doofbrained researchers contact me to ask about adding tracking code to Bitcoin to help with their research. I told them to buzz off in perhaps excessively rude terms. If it was some law enforcement, some officer Obie from Stockbridge, Nowhere?  I'd have to resign?

Or maybe those researchers were really government shills (how would I know?) does that mean I'm already free?  ?? ?!? FREE?! IT WAS THAT EASY OMG I'M FREE   FREEEE FREEEEEEE!

Oh you silly man.

What I mean is the scenario where you're served a FISA order to comply under penalty of (something grave). If you're not in the jurisdiction of the USA, good for you, but if you are, it would mean you couldn't say anything about it directly. You'd have to pull a "Lavabit" and say -- "Well, nice working with you, have a good one." and we'd all know what was up.

I don't want you to, and frankly, I don't see how anyone can prevent you from working on what you want to - but I am more concerned about bullying by assorted "secret court" crap.

That's all.

fortitudinem multis - catenum regit omnia
greyhawk
Hero Member
*****
Offline Offline

Activity: 924


View Profile
September 10, 2013, 01:26:57 PM
 #45

Excellent, so as a government agency all I need to do is approach all developers, who then summarily resign and lookie there, I've just killed off Bitcoin, aren't I neat?
TraderTimm
Legendary
*
Offline Offline

Activity: 1974



View Profile
September 10, 2013, 02:15:27 PM
 #46

Excellent, so as a government agency all I need to do is approach all developers, who then summarily resign and lookie there, I've just killed off Bitcoin, aren't I neat?

So, if one of them does get approached with a gag-order not to discuss it, what would be your brilliant idea?

fortitudinem multis - catenum regit omnia
greyhawk
Hero Member
*****
Offline Offline

Activity: 924


View Profile
September 10, 2013, 02:31:26 PM
 #47

Excellent, so as a government agency all I need to do is approach all developers, who then summarily resign and lookie there, I've just killed off Bitcoin, aren't I neat?

So, if one of them does get approached with a gag-order not to discuss it, what would be your brilliant idea?

I'm not here to promote and/or save bitcoin. I'm here to spread FUD and laugh at people. Why are you asking me?
genjix
Legendary
*
Offline Offline

Activity: 1232


View Profile
September 10, 2013, 02:43:38 PM
 #48

I have been approached by UK cyber-crimes police multiple times to work for them.
greyhawk
Hero Member
*****
Offline Offline

Activity: 924


View Profile
September 10, 2013, 02:56:55 PM
 #49

I have been approached by UK cyber-crimes police multiple times to work for them.

Do they know about your underage porn business?



TraderTimm
Legendary
*
Offline Offline

Activity: 1974



View Profile
September 10, 2013, 03:07:11 PM
 #50

I'm not here to promote and/or save bitcoin. I'm here to spread FUD and laugh at people. Why are you asking me?

Thanks for self-outing yourself. Filter updated.

fortitudinem multis - catenum regit omnia
greyhawk
Hero Member
*****
Offline Offline

Activity: 924


View Profile
September 10, 2013, 03:09:25 PM
 #51

I'm not here to promote and/or save bitcoin. I'm here to spread FUD and laugh at people. Why are you asking me?

Thanks for self-outing yourself. Filter updated.


Enjoy your echo chamber.  Smiley
TippingPoint
Legendary
*
Offline Offline

Activity: 905



View Profile
September 10, 2013, 04:07:59 PM
 #52

If NSA wanted to compromise one or more persons in order to subtly affect decisions, what methods would they use?  Snowden describes a case that he learned about.  

Whistleblower Edward Snowden Describes The Time The CIA Got A Swiss Banker Drunk And Put Him Behind The Wheel
http://www.businessinsider.com/edward-snowden-describes-cia-tricks-2013-6#ixzz2eVQoKJCW

The known methods used to "turn" subjects include sex, financial pressure, and occasionally drug use to blackmail or extort, and force seemingly small changes in behavior.  These changes are then leveraged to force even greater changes in behavior.

The attack vectors are typically the spouse, child custody, job security, and criminal prosecution.
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1162


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
September 10, 2013, 04:09:45 PM
 #53

The NSA would just join. They would do that by submitting regularly awesome code updates, doing incredible code work, being helpful, etc... they would sale right on into the team. But the rest of the team would be checking their code, we hope. So what can you do?

FYI: genijx just released a pre-alpha of a totally independent implementation of Bitcoin. This is what we really need to fight this sort of worry. Multiple, entirely different, implementations of the protocol.

more or less retired.
fenican
Hero Member
*****
Offline Offline

Activity: 658


View Profile
September 10, 2013, 08:30:38 PM
 #54

If the dev team was compromised, then Bitcoin-QT would change, but Electrum, Blockchain.info, the wallets on exchanges, all the mobile phone wallets, and all the mining pools, will continue working as usual, and will likely reject Bitcoin-QT transactions and blocks, which would instantly throw really huge red flags that something is up. So, anyone using anything other than QT will be fine, and anyone using QT will just have to either downgrade to an older version, or export their private keys to a non-compromised wallet.

Incorrect.

The dev team can't make any changes to all the Bitcoin-Qt versions already distributed and running on various computers. If you don't want to agree to any changes, simply do not upgrade.

True until an auto-update feature is added
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2814


View Profile
September 11, 2013, 03:17:54 AM
 #55

I am concerned about the security of the development team.  They give out too much personal information and I even saw Gavin's house on one news report.  Not a good idea.

Yeah, some strongly-anonymous person besides Satoshi should really have a copy of the alert key. (I am not very public, but I'm not terribly anonymous.) Control of the bitcoin.org and bitcointalk.org domain names is shared between Sirius and an anonymous person, which is good.

Or maybe we need to establish a "Bitcoin Defense Force" to act as bodyguards for all of the devs. Wink

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1834



View Profile
September 11, 2013, 05:41:42 AM
 #56

Or maybe we need to establish a "Bitcoin Defense Force" to act as bodyguards for all of the devs. Wink

I can help, but I can only offer protection if you are in my country. If you're somewhere else, you'd have to fly me there and issue me a work contract or something so I get a visa if needed.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
TippingPoint
Legendary
*
Offline Offline

Activity: 905



View Profile
September 11, 2013, 05:46:50 AM
 #57

I recommend that the development team have one or more distress codes (inocuous words or phrases).
QuestionAuthority
Legendary
*
Offline Offline

Activity: 1666


You lead and I'll watch you walk away.


View Profile
September 11, 2013, 06:03:13 AM
 #58

I am concerned about the security of the development team.  They give out too much personal information and I even saw Gavin's house on one news report.  Not a good idea.

Yeah, some strongly-anonymous person besides Satoshi should really have a copy of the alert key. (I am not very public, but I'm not terribly anonymous.) Control of the bitcoin.org and bitcointalk.org domain names is shared between Sirius and an anonymous person, which is good.

Or maybe we need to establish a "Bitcoin Defense Force" to act as bodyguards for all of the devs. Wink

Are you saying that you, Sirius and the person calling himself Satoshi are still in communication and all have control? Do you talk to Satoshi often?

Dabs
Staff
Legendary
*
Offline Offline

Activity: 1834



View Profile
September 11, 2013, 06:49:08 AM
 #59

I recommend that the development team have one or more distress codes (inocuous words or phrases).

They just need a dead man's switch. When they are "compromised" they simply don't reset the switch and let it activate. Oh, of course, you'll say, the evil government agencies will instruct them to reset the switch.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 2324



View Profile
September 11, 2013, 07:10:41 AM
 #60

They just need a dead man's switch. When they are "compromised" they simply don't reset the switch and let it activate. Oh, of course, you'll say, the evil government agencies will instruct them to reset the switch.
There is a popular mining pool has a deadmans switch to turn over control of the pool to the backup ops if the main ops go offline...

It has fired accidentally once.  These things are tricky to get right.

Worse, they can create some perverse incentives.  If we had a deadmans switch we might not tell you if we thought it would make attacks more likely.

Bitcoin will not be compromised
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!