[normalnorm]

To me, your offer of "help" reads like a thinly disguised attack / insult. I guess we all know about the "humblebrag", this is "backhanded empathy". Or something.

The author is not saying anything that is not true. Given everything that happened and was disclosed in the past decade, I don't think one has to be paranoid to be deeply suspicious of black box software controlled by big tech.

[Nitramevfank]

I never touched Bitcoin so maybe you can clarify how this makes sense:

> If Microsoft decides to terminate your license, what happens to your Bitcoin?

Your Bitcoin is represented by some kind of data stored on your computer I assume. So this data should be backed up, right? So the anwser is that you would access the bit coins from some device which you have a license to use?

If my understanding is right then I would consider the quoted statement to be a bit FUD:y.

[grifball]

if you're using security methods like bitlocker (an MS product that encrypts your disk), it's possible that, after losing your license to use that program, your data would become unrecoverable without some serious reverse engineering efforts.

I'm probably just adding to the paranoia though. In reality, this whole thing is a very unrealistic attack. What hluska has stated is mostly true, but I'd like to add that an employee that could write code into an OS that would steal bitcoin and stay undetected would have to have a lot of skill. More than that random engineer that they just hired, think a guy with a PhD. Those types of people generally don't risk their jobs to steal because they're usually committed to their work and make a lot of money.

[Nitramevfank]

Sorry, but I'm not sure what point you are trying to make here. Is your scenario that the users license to use the OS is revoked combined with there not being any backups?

If you store data on a computer without backups you can expect to lose that data. Disks breaks, files are corrupted, computers are stolen, node.js deletes your crap. Or whatever.

As for employees embedding stuff in OS code. Sure, that can happen. Open source developers can also embed such code into any code they write, which has happened many times already. Unless you are writing your OS yourself from scratch or manually reviewed all source code for all code running on your machine (which I suspect no one has done the last decades), this is a risk. Open source or not.

[hluska]

I’m not the person you’re replying to, but Grifball is talking about BitLocker. BitLocker is a device encryption tool that ships with certain versions of Windows (I think only Pro, but don’t trust that.)

I believe that what Grifball is saying is that if your disc was fully encrypted and you lost the ability to decrypt, you’d be in a lot of trouble. In the BitLocker case, if you had a valid Windows license, encrypted your disc and lost your license, it would be a very bad day.

As for your comments about backups, you’re correct though in this case, a backup wouldn’t be much use if you lost access to BitLocker. That would take a really serious ops failure, but far stranger things have happened.

[bathtub365]

If your backup requires the original machine to be fully functioning, it's a bad backup. If it requires complete reliance on a third party holding a key, that they have the right and ability to revoke, it's also a bad backup. You're giving them the ability to cryptolock you at a whim.

[Nitramevfank]

I know what bitlocker is, I've been using it for years.

> backup wouldn’t be much use if you lost access to BitLocker

Why? What kind of backup are you talking about? This statement makes no sense to me.

[turc1656]

Being suspicious of activity monitoring is one thing. Being suspicious that one of the largest companies in the world is actually keylogging your passwords so that they can steal bitcoins is another. Or that a few rogue employees at said company would be able to commit code that makes it all the way to end user machines to achieve that, bypassing all code reviews, testing, etc. is sort of insane.

[hluska]

First, you’re very wrong about my motives. At various points in my life, I have struggled with paranoid thoughts like that. When it happens, it’s lonely but I’ve learned to open up and talk about what’s worrying me. Sometimes there’s something there and I’ve actually started a few companies based on those ideas. Other times, perspective really helps.

In this case, let’s step back and add some perspective. Microsoft is one of the biggest companies in the world. Their valuation is buoyed by Microsoft’s role in the enterprise. Do you actually believe that Microsoft would want to sacrifice that position for some bitcoin?

Or, there’s the rogue employee hypothesis. Realistically, how many people at Microsoft could directly commit code into Windows without it going through a review? Do you think any of those people are interested in stealing bitcoin? Now, look at all the other employees who have to go through some sort of review before their code ships. Do you think one of them has teamed up with their entire review chain to steal bitcoin?

How probable is any of that? And if any of that was going on, how easy would it be to catch the offenders?

There is a massive gap between analyzing what I do for marketing purposes and stealing my keys.

Edit - We live in a very sad world where you can’t reach out and offer someone an ear without being accused of ‘humblebragging’. I can’t believe what the internet has become in the last 25 years. This is quite upsetting.