The title of this thread is provocative, but is a bit of nonsense too. I view it more as rhetorical questions being posed.
The majority of users engaged in BTC related activity haven't audited the source code of the programs they rely on to 1) generate 2) store and 3) exchange their BTC with. By audit I mean they have read the source code and understand the implications. Thoroughly. I certainly haven't.
So fundamentally this isn't about a lack of trust, just who/what do you trust? What criteria are we using to determine that something is deserving of our trust? Fanboy forum posts? Paranoiacs with aversions to sunlight, pop music and anything smacking of public policy? We all have our "reasoning" but is it consistent? Why does it work? Given that the technologies we rely on to "guarantee" trust in BTC have been created by competent programmers who understand the minutiae of their work, we are by default already trusting quite a few people before we even get started. Complete strangers in most cases. BTC was "founded" by who exactly? Satoshi Nakamoto? And it doesn't ultimately matter as the process has begun and now we (collectively) are its users, owners, developers, detractors, consumers.
So by participating in BTC you all trust a fictitious character. Didn't your mother ever tell you not to accept candy from strangers? In order for BTC to continue we as participants in this experiment have to trust each other. Otherwise the coin won't flow. However we don't want to give it away for free and have all those hard earned BTC disappear in a poof of misspent kilowatt hours so...
How to prevent digital pickpockets? Networked resources are more vulnerable than non-networked. Keeping that thumb drive off networked resources might be a reasonable start. Is it enough? Probably not. Encryption might be worthwhile too. Ghost partitions seem like a nice touch. These are still susceptible to the original, old school brute force attack: some thug standing over you threatening your life or that of loved ones if you don't provide access to your wealth. Good thing for us, this is highly unlikely as the intellectual/cultural barrier makes the general public fairly ignorant of the ins & outs of this community (and I'm a 1337th level paladin who can see the future). If you really want to establish an index of risk for losing your cryptowealth by threat of violence, perhaps you can start here http://www.fbi.gov/about-us/cjis/ucr/ucr/
. I think healthy paranoia is useful, unqualified paranoia is science fiction. I'm a fan of scifi but there has to be a reasonable limit. I guess the question here is what's reasonable? I think we can park threat of violence and safe deposit box theft in the "low risk" category for the most part.
My guess is that the biggest threat of digital pickpocketing comes from within the BTC community itself. This is the population that actually knows 1) of BTC and 2) more about the tools of the trade and how they work (though perhaps I shouldn't give too much credit on that second point, see comment on auditing above under "Trust". An aside here: aren't we vulnerable to the programmers of these tools we use to the extent that we trust them?). The system at present puts a premium on anonymity. I like that feature, not sure if it helps in terms of knowing who just pilfered my BTC wallet. Also seems easier to prosecute someone with a name instead of a hash string with a series of associated dotted quads. How to audit the system to ensure that the BTC I claim were stolen were actually stolen? How to ensure that they were legitimately released from my wallet? How to determine that I am not lying in order to cheat the system? Even if a copy of my BTC wallet is liberated without my consent, can good encryption buy me enough time to reset all my passwords and recover my dough? Which tools do we trust? Truecrypt? Gnupg? RSA (proprietary I know)?
Seems like a rehash of some points others here have more concisely stated. Am interested in your thoughtful responses.