I love FOSS, but there's a lot of problems with the arguments in this article.
>"it is highly recommended to run on Free and OpenSource Software...This way, you know exactly what is running on your system"
I get this feeling as well: that when I use FOSS I know exactly what my computer is doing.
But I don't. Linux is about 14 million lines of code, and that doesn't include your distro. You might be able to cut this down by compiling it yourself, but you'll still have to be an expert to understand everything that is happening on your computer.
It's the same thing with Windows, millions of lines of source code written by thousands of people.
I think that until you hear that someone lost their wallet key and MS was to blame, you're probably safe. Key theft (through keylogging) may be harder to detect on a closed-source OS, but there are still a lot of people (outside of MS) working on MS security and playing around with the OS to learn things about it.
That all being said, Linux is easier to become an expert on due to all of the public resources/documentation. Microsoft tends to clam up when it comes to documentation about their OS.
Even if you, specifically, cannot check the entirety of the Linux code, at once, right now, the Linux kernel code is open for checking and auditing. Anyone can check what code is written in it, and numerous experts have done so independently. Moreover, every single change in the Linux kernel is incrementally recorded and documented, so every change was audited and evaluated all on its own, when its commit was introduced. Like a blockchain, you can at some degree trust that the code written before you started checking things has been adequately audited by experts, and you can continue the trend from this point onward.
None of this can happen or has happened with Windows. You gotta trust a company firmly shut to the outside world.
I am torn on this article. If I read it through my developer lens, I’m not impressed - this cranks up the paranoia to a near useless level and the panacea offered is really a false hope. But, when I look at it through a more compassionate lens, I worry about this individual’s health.
Hey writer, if you’re reading this and you need someone to talk to, my email is on my profile. Have a happy 2020.
To me, your offer of "help" reads like a thinly disguised attack / insult. I guess we all know about the "humblebrag", this is "backhanded empathy". Or something.
The author is not saying anything that is not true. Given everything that happened and was disclosed in the past decade, I don't think one has to be paranoid to be deeply suspicious of black box software controlled by big tech.
I never touched Bitcoin so maybe you can clarify how this makes sense:
> If Microsoft decides to terminate your license, what happens to your Bitcoin?
Your Bitcoin is represented by some kind of data stored on your computer I assume. So this data should be backed up, right? So the anwser is that you would access the bit coins from some device which you have a license to use?
If my understanding is right then I would consider the quoted statement to be a bit FUD:y.
if you're using security methods like bitlocker (an MS product that encrypts your disk), it's possible that, after losing your license to use that program, your data would become unrecoverable without some serious reverse engineering efforts.
I'm probably just adding to the paranoia though. In reality, this whole thing is a very unrealistic attack. What hluska has stated is mostly true, but I'd like to add that an employee that could write code into an OS that would steal bitcoin and stay undetected would have to have a lot of skill. More than that random engineer that they just hired, think a guy with a PhD. Those types of people generally don't risk their jobs to steal because they're usually committed to their work and make a lot of money.
Sorry, but I'm not sure what point you are trying to make here. Is your scenario that the users license to use the OS is revoked combined with there not being any backups?
If you store data on a computer without backups you can expect to lose that data. Disks breaks, files are corrupted, computers are stolen, node.js deletes your crap. Or whatever.
As for employees embedding stuff in OS code. Sure, that can happen. Open source developers can also embed such code into any code they write, which has happened many times already. Unless you are writing your OS yourself from scratch or manually reviewed all source code for all code running on your machine (which I suspect no one has done the last decades), this is a risk. Open source or not.
I’m not the person you’re replying to, but Grifball is talking about BitLocker. BitLocker is a device encryption tool that ships with certain versions of Windows (I think only Pro, but don’t trust that.)
I believe that what Grifball is saying is that if your disc was fully encrypted and you lost the ability to decrypt, you’d be in a lot of trouble. In the BitLocker case, if you had a valid Windows license, encrypted your disc and lost your license, it would be a very bad day.
As for your comments about backups, you’re correct though in this case, a backup wouldn’t be much use if you lost access to BitLocker. That would take a really serious ops failure, but far stranger things have happened.
Being suspicious of activity monitoring is one thing. Being suspicious that one of the largest companies in the world is actually keylogging your passwords so that they can steal bitcoins is another. Or that a few rogue employees at said company would be able to commit code that makes it all the way to end user machines to achieve that, bypassing all code reviews, testing, etc. is sort of insane.
First, you’re very wrong about my motives. At various points in my life, I have struggled with paranoid thoughts like that. When it happens, it’s lonely but I’ve learned to open up and talk about what’s worrying me. Sometimes there’s something there and I’ve actually started a few companies based on those ideas. Other times, perspective really helps.
In this case, let’s step back and add some perspective. Microsoft is one of the biggest companies in the world. Their valuation is buoyed by Microsoft’s role in the enterprise. Do you actually believe that Microsoft would want to sacrifice that position for some bitcoin?
Or, there’s the rogue employee hypothesis. Realistically, how many people at Microsoft could directly commit code into Windows without it going through a review? Do you think any of those people are interested in stealing bitcoin? Now, look at all the other employees who have to go through some sort of review before their code ships. Do you think one of them has teamed up with their entire review chain to steal bitcoin?
How probable is any of that? And if any of that was going on, how easy would it be to catch the offenders?
There is a massive gap between analyzing what I do for marketing purposes and stealing my keys.
Edit - We live in a very sad world where you can’t reach out and offer someone an ear without being accused of ‘humblebragging’. I can’t believe what the internet has become in the last 25 years. This is quite upsetting.
Keyword: "get started".
Most ppl don't want to dual boot, so installing a VM is a stepping stone to getting fully comfortable with the OS so you can then use it on bare metal.
The better question is why does he not build his own OS. He could build his own OS and make his own computer parts with his own tools and machinery and nobody would ever be able to access his BTC ever again.
He would probably need to invent his own internet though.
That's the beauty of the open protocols: you can make anything talk HTTPS over TCP/IP.
This, of course, is quite an academic worry in comparison to the gargantuan quest "bootstrap yourself from raw materials to a computer...and don't make any mistakes along the way."
A number of comments in this thread strawmanning the OP's argument. The main point is simply that if you don't have complete legal control, in perpetuity, of the system that you are storing your cryptocurrency on, then if your license is cancelled by legal means, you may lose your data [1]. OP is not talking about whether FOSS or proprietary software has more bugs or has more chances of having backdoors. OP is not talking about source code audits etc. He is only making a point about the legal ramifications of OSCorp EULA vs FOSS licenses.
[1] There is a secondary point that employees within OSCorp cannot be trusted to not access your data.
This basically never happens to private individuals - the license enforcement focuses on getting you to pay for it instead. The data in any case remains yours and you can theoretically lift it off the drive (or your backups!) with FOSS.
In the very unlikely event of getting raided for copyright infringement, they'll take all your hardware and sort it out later.
(Of course the whole thing is a tremendous anti-advert for bitcoin if it can't be safely used on normal computer systems...)
I did not say that the linked article is making a sound argument. I agree with you that even with a non-FOSS OS, you can set things up that cancellation of the license does not make you lose your keys. I was merely annoyed by the strawmanning.
> if your license is cancelled by legal means, you may lose your data
Maybe I'm missing some legal nuance. But if the license is revoked, wouldn't you still be able to recover your Bitcoin using a FOSS OS? Especially if it is stored on a separate disk or partition from the OS.
Additionally, if you don't run a full node, you don't know if you own btc.
For those interested in BTC security, the best you can do IMO is glacier protocol (which I'm surprised isn't mentioned in this article) https://glacierprotocol.org/
ColdCard wallets are also an excellent choice, even better when used as a part of a multisig setup with your desktop, more cold cards, or another hardware wallet.
Multisig across multiple hw wallets / computers (2/3 at least) is the best solution to self custody IMO. Single sig is SPOFfy.
The real question is: why he is not using an Hardware Wallet? A ledger wallet is cheap enough if you get worried about your BTC being in an unsafe device. Yes, then you have to trust the company selling it for you, but isn't that the whole business to not compromise their own devices?
his point is not "if you didn't make it you don't own it" his point is about proprietary software and how closed / how your control over them is very limited
Hardware wallets are a good compromise here. Sure, you need to trust the hardware vendor. But the attack surface for a hardware wallet is way smaller than with a big OS.
There are much bigger attack vectors than the operating system vendor. Even using with a FOSS OS, you are susceptible to viruses or other attacks not initiated by the OS vendor.
Use a hardware wallet or cold storage. Use a multi-sig wallet for corporate-sized quantities.
Holding your own BTC is not simple but there are good solutions. Be safe out there.
If you don’t trust MacOS or Windows, why would you trust Linux? With the first two, sure, they could “do something bad” to compromise you, but why would they? With Linux, yes, you have access to the source, but can you absolutely guarantee that someone hasn’t “done something bad” to compromise your system?
It’s not a matter of idealism, it’s a matter of reality. How long would it take a person of the Posters level of paranoia to guarantee they weren’t somehow compromised? And how long would it take to recheck on update?
There’s a point where the fear of bad actors becomes counterproductive.
I get the point the article is making, but as others have pointed out you could extend this logic to the entire stack of your software/hardware and conclude you're not safe unless you audit every bit. At some point you're going to have to trust software you haven't personally reviewed, as the article awkwardly demonstrates.
It's obviously a matter of risk management (a term I was surprised to not see in the article); the more crypto you have the more care you should put into storing the wallet.
This is also an issue for Android and iOS. And some of the newer cryptocurrencies are more or less restricted to those platforms.
And with smartphones, adversaries can access the OS using StingRay etc.
Edit: I should have said "devices like StingRays". Perhaps StingRays can only track, and maybe see traffic. But the baseband is poorly secured, and has privileged access.
I'm not sure about the StingRay brand per se, but it's likely that malicious fake cell towers can pwn the baseband radio. And we know that the baseband radio is privileged over userland.
Also, baseband firmware is totally black box, so we have no clue what its capabilities are. So the safest bet is isolating it in a subsystem, or better in a separate device, which can be firewalled.
This guy is a downright idiot if he thinks that he has any more control over his keys on desktop Linux without actually auditing all the source code himself.
The idea that ElementaryOS is less likely to steal your coins than Windows or OS X is simply laughable.
We already know Windows has some pretty excessive telemetry, it is not unreasonable to assume this or other elements of the OS can be exploited to gain control of a wallet.
At least with Linux we have thousands of open source developers keeping an eye on things, chances are much higher that an issue would be caught with Linux since Windows is closed source.
You're discounting the risk that, because it's open source, everyone assumes that someone else has done the security analysis. That is precisely what happened with OpenSSL--everyone assumed, since it's a big open source package, that somebody was keeping on top of this sort of issue, but nobody was.
That there have been two major OpenSSL security fumbles (first was the Debian OpenSSL fiasco, second Heartbleed) sort of suggests that the value of "many eyes" for ensuring security is vastly overrated.
It was not found by general developers doing security audits, it was found by a security company doing fuzzing attacks against SSL libraries.
And not to mention that Windows - the explicitly called out alternative from this article - makes their source available for security companies (as well as general developers who sign up for their MSDN program).
> At least with Linux we have thousands of open source developers keeping an eye on things, chances are much higher that an issue would be caught with Linux since Windows is closed source.
That’s all utterly irrelevant when ElementaryOS doesn’t even offer reproducible builds.
Besides, source code access doesn’t make finding bugs much easier. Usually you’ll be auditing binaries anyway.
Not to mention, you have to evaluate this in context. What would MS stand to lose if they actually did this? Far far more than whatever Bitcoin they'd be able to steal that much is certain.
But in any case, if you care about security, you have a hardware wallet and store the seed somewhere secure.
It wouldn't have to be Microsoft exploiting this though, a few rogue employees that can modify their telemetry system could do this on their own. There is no external oversight for Windows but on Linux there are thousands of people looking at changes even if you aren't looking yourself.
Linux Desktop isn't just the kernel, there's a lot of stack to exploit between that and the user, and history has shown that "many eyes" doesn't stop security problems from getting through. Hell, sometimes package maintainers introduce problems themselves independent of the developers.
That isn't even counting the hardware stack underneath your kernel. What parts of your machine were manufactured in China? Is Intel IME trustworthy? What about all those firmware blobs?
ElementaryOS's repos were hacked a while back. The trojaned images didn't stay up long, but it illustrates your point. (Not singling out ElementaryOS... any software with a repo or updater could be trojanized, including software from big companies.)
I wonder what percentile of users have suffered financial harm on Windows versus Linux do to system insecurities. I have zero data on this, but history would imply Windows is far less safe.
In practice I would say Apple =~ Linux < Windows, though the latter can certainly be locked down if you know what you're doing.
However I think Linux's security is partly an artifact of a more techie user base. For a non-technical or too busy to be technical user I would say Apple offers the best security out of the box.
A file that sitting on Windows that's been encrypted with a piece of well-audited encryption software is pretty safe. And if you want to be really certain, don't keep the machine connected to the internet except for software updates, and never while you're accessing your encrypted BTC archive.
Windows is targeted more (not exclusively, however), due to its popularity. If everyone moved over to Linux for the "security benefits", Linux would be targeted just as heavily.
Both Linux and Mac users have been hit with ransomware.
The other factor is that the vast majority of Windows security administrators (i.e., random users) are incompetent.
In terms of the security of the operating system itself, Windows may well be more secure than Linux. Many Windows applications, however, are going to be much less secure than the OS--although it's not like Linux applications are stellar in this regard as well (e.g., Docker).
Less likely...perhaps, but for all the wrong reasons ;)
That is, Windows is a target that's an order of magnitude bigger - of course there will be more attacks.
The kernel is auditable...maybe, possibly, theoretically, to a point - but what good is a kernel, when there's unauditable firmware between the OS and the hardware?
>"it is highly recommended to run on Free and OpenSource Software...This way, you know exactly what is running on your system"
I get this feeling as well: that when I use FOSS I know exactly what my computer is doing.
But I don't. Linux is about 14 million lines of code, and that doesn't include your distro. You might be able to cut this down by compiling it yourself, but you'll still have to be an expert to understand everything that is happening on your computer.
It's the same thing with Windows, millions of lines of source code written by thousands of people.
I think that until you hear that someone lost their wallet key and MS was to blame, you're probably safe. Key theft (through keylogging) may be harder to detect on a closed-source OS, but there are still a lot of people (outside of MS) working on MS security and playing around with the OS to learn things about it.
That all being said, Linux is easier to become an expert on due to all of the public resources/documentation. Microsoft tends to clam up when it comes to documentation about their OS.