
If you don't own your OS, you don't own your BTC - BethGagaShaggy
https://combatnerd.com/not-your-os-not-your-btc
======
grifball
I love FOSS, but there's a lot of problems with the arguments in this article.

>"it is highly recommended to run on Free and OpenSource Software...This way,
you know exactly what is running on your system"

I get this feeling as well: that when I use FOSS I know exactly what my
computer is doing.

But I don't. Linux is about 14 million lines of code, and that doesn't include
your distro. You might be able to cut this down by compiling it yourself, but
you'll still have to be an expert to understand everything that is happening
on your computer.

It's the same thing with Windows, millions of lines of source code written by
thousands of people.

I think that until you hear that someone lost their wallet key and MS was to
blame, you're probably safe. Key theft (through keylogging) may be harder to
detect on a closed-source OS, but there are still a lot of people (outside of
MS) working on MS security and playing around with the OS to learn things
about it.

That all being said, Linux is easier to become an expert on due to all of the
public resources/documentation. Microsoft tends to clam up when it comes to
documentation about their OS.

~~~
orestarod
Even if you, specifically, cannot check the entirety of the Linux code, at
once, right now, the Linux kernel code is open for checking and auditing.
Anyone can check what code is written in it, and numerous experts have done so
independently. Moreover, every single change in the Linux kernel is
incrementally recorded and documented, so every change was audited and
evaluated all on its own, when its commit was introduced. Like a blockchain,
you can at some degree trust that the code written before you started checking
things has been adequately audited by experts, and you can continue the trend
from this point onward.

None of this can happen or has happened with Windows. You gotta trust a
company firmly shut to the outside world.

------
hluska
I am torn on this article. If I read it through my developer lens, I’m not
impressed - this cranks up the paranoia to a near useless level and the
panacea offered is really a false hope. But, when I look at it through a more
compassionate lens, I worry about this individual’s health.

Hey writer, if you’re reading this and you need someone to talk to, my email
is on my profile. Have a happy 2020.

~~~
normalnorm
To me, your offer of "help" reads like a thinly disguised attack / insult. I
guess we all know about the "humblebrag", this is "backhanded empathy". Or
something.

The author is not saying anything that is not true. Given everything that
happened and was disclosed in the past decade, I don't think one has to be
paranoid to be deeply suspicious of black box software controlled by big tech.

~~~
Nitramevfank
I never touched Bitcoin so maybe you can clarify how this makes sense:

> If Microsoft decides to terminate your license, what happens to your
> Bitcoin?

Your Bitcoin is represented by some kind of data stored on your computer I
assume. So this data should be backed up, right? So the anwser is that you
would access the bit coins from some device which you have a license to use?

If my understanding is right then I would consider the quoted statement to be
a bit FUD:y.

~~~
grifball
if you're using security methods like bitlocker (an MS product that encrypts
your disk), it's possible that, after losing your license to use that program,
your data would become unrecoverable without some serious reverse engineering
efforts.

I'm probably just adding to the paranoia though. In reality, this whole thing
is a very unrealistic attack. What hluska has stated is mostly true, but I'd
like to add that an employee that could write code into an OS that would steal
bitcoin and stay undetected would have to have a lot of skill. More than that
random engineer that they just hired, think a guy with a PhD. Those types of
people generally don't risk their jobs to steal because they're usually
committed to their work and make a lot of money.

~~~
Nitramevfank
Sorry, but I'm not sure what point you are trying to make here. Is your
scenario that the users license to use the OS is revoked combined with there
not being any backups?

If you store data on a computer without backups you can expect to lose that
data. Disks breaks, files are corrupted, computers are stolen, node.js deletes
your crap. Or whatever.

As for employees embedding stuff in OS code. Sure, that can happen. Open
source developers can also embed such code into any code they write, which has
happened many times already. Unless you are writing your OS yourself from
scratch or manually reviewed all source code for all code running on your
machine (which I suspect no one has done the last decades), this is a risk.
Open source or not.

~~~
hluska
I’m not the person you’re replying to, but Grifball is talking about
BitLocker. BitLocker is a device encryption tool that ships with certain
versions of Windows (I think only Pro, but don’t trust that.)

I believe that what Grifball is saying is that if your disc was fully
encrypted and you lost the ability to decrypt, you’d be in a lot of trouble.
In the BitLocker case, if you had a valid Windows license, encrypted your disc
and lost your license, it would be a very bad day.

As for your comments about backups, you’re correct though in this case, a
backup wouldn’t be much use if you lost access to BitLocker. That would take a
really serious ops failure, but far stranger things have happened.

~~~
bathtub365
If your backup requires the original machine to be fully functioning, it's a
bad backup. If it requires complete reliance on a third party holding a key,
that they have the right and ability to revoke, it's also a bad backup. You're
giving them the ability to cryptolock you at a whim.

------
raimille1
1) "... am sure you entered the password into some input field, which means
that you have handed your password over to your Operating System"

...

2) "The easiest way to get started is to install Linux in a Virtual Machine
and get yourself familiar with the system."

Therefore, enter your password into an input field, in a virtual machine
inside your proprietary Operating System key logging you?

~~~
grifball
Keyword: "get started". Most ppl don't want to dual boot, so installing a VM
is a stepping stone to getting fully comfortable with the OS so you can then
use it on bare metal.

------
izzydata
Even if you believed something was inevitable it doesn't mean it has already
happened. You still own your BTC until they are actually stolen from you.

------
dubcanada
The better question is why does he not build his own OS. He could build his
own OS and make his own computer parts with his own tools and machinery and
nobody would ever be able to access his BTC ever again.

He would probably need to invent his own internet though.

~~~
Piskvorrr
That's the beauty of the open protocols: you can make _any_ thing talk HTTPS
over TCP/IP.

This, of course, is quite an academic worry in comparison to the gargantuan
quest "bootstrap yourself from raw materials to a computer...and don't make
any mistakes along the way."

------
abdullahkhalids
A number of comments in this thread strawmanning the OP's argument. The main
point is simply that if you don't have complete legal control, in perpetuity,
of the system that you are storing your cryptocurrency on, then if your
license is cancelled by legal means, you may lose your data [1]. OP is not
talking about whether FOSS or proprietary software has more bugs or has more
chances of having backdoors. OP is not talking about source code audits etc.
He is only making a point about the legal ramifications of OSCorp EULA vs FOSS
licenses.

[1] There is a secondary point that employees within OSCorp cannot be trusted
to not access your data.

~~~
pjc50
> if your license is cancelled by legal means

This basically never happens to private individuals - the license enforcement
focuses on getting you to pay for it instead. The data in any case remains
yours and you can theoretically lift it off the drive (or your backups!) with
FOSS.

In the very unlikely event of getting raided for copyright infringement,
they'll take all your hardware and sort it out later.

(Of course the whole thing is a tremendous anti-advert for bitcoin if it can't
be safely used on normal computer systems...)

~~~
abdullahkhalids
I did not say that the linked article is making a sound argument. I agree with
you that even with a non-FOSS OS, you can set things up that cancellation of
the license does not make you lose your keys. I was merely annoyed by the
strawmanning.

------
whoo
Additionally, if you don't run a full node, you don't know if you own btc.

For those interested in BTC security, the best you can do IMO is glacier
protocol (which I'm surprised isn't mentioned in this article)
[https://glacierprotocol.org/](https://glacierprotocol.org/)

ColdCard wallets are also an excellent choice, even better when used as a part
of a multisig setup with your desktop, more cold cards, or another hardware
wallet.

Multisig across multiple hw wallets / computers (2/3 at least) is the best
solution to self custody IMO. Single sig is SPOFfy.

------
koalalorenzo
The real question is: why he is not using an Hardware Wallet? A ledger wallet
is cheap enough if you get worried about your BTC being in an unsafe device.
Yes, then you have to trust the company selling it for you, but isn't that the
whole business to not compromise their own devices?

~~~
iRobbery
Even if he would have somebody would mention, 'yeah but if you did not make
the hardware yourself, you dont own your BTC'

I guess at least :)

~~~
tsukurimashou
his point is not "if you didn't make it you don't own it" his point is about
proprietary software and how closed / how your control over them is very
limited

------
drivingmenuts
If you don’t trust MacOS or Windows, why would you trust Linux? With the first
two, sure, they could “do something bad” to compromise you, but why would
they? With Linux, yes, you have access to the source, but can you absolutely
guarantee that someone hasn’t “done something bad” to compromise your system?

It’s not a matter of idealism, it’s a matter of reality. How long would it
take a person of the Posters level of paranoia to guarantee they weren’t
somehow compromised? And how long would it take to recheck on update?

There’s a point where the fear of bad actors becomes counterproductive.

~~~
perl4ever
Linux has been improved over the years with patches originally developed by
the NSA, and what paranoiac wouldn't welcome that?

[https://en.wikipedia.org/wiki/Security-
Enhanced_Linux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux)

------
Vanit
I get the point the article is making, but as others have pointed out you
could extend this logic to the entire stack of your software/hardware and
conclude you're not safe unless you audit every bit. At some point you're
going to have to trust software you haven't personally reviewed, as the
article awkwardly demonstrates.

It's obviously a matter of risk management (a term I was surprised to not see
in the article); the more crypto you have the more care you should put into
storing the wallet.

------
the_snooze
Mass adoption any day now.

~~~
fortran77
2020 is the year of Linux on the desktop!

------
mirimir
This is also an issue for Android and iOS. And some of the newer
cryptocurrencies are more or less restricted to those platforms.

And with smartphones, adversaries _can_ access the OS using StingRay etc.

Edit: I should have said "devices like StingRays". Perhaps StingRays can only
track, and maybe see traffic. But the baseband is poorly secured, and has
privileged access.

~~~
johnnycab
>And with smartphones, adversaries can access the OS using StingRay etc.

I was not aware of StingRay possessing any _advanced_ capabilities, other than
being used as a IMSI catcher and providing LE with 'tower dumps'?

[https://en.wikipedia.org/wiki/Stingray_phone_tracker](https://en.wikipedia.org/wiki/Stingray_phone_tracker)

[https://eu.usatoday.com/story/news/nation/2013/12/08/cellpho...](https://eu.usatoday.com/story/news/nation/2013/12/08/cellphone-
data-spying-nsa-police/3902809/)

~~~
mirimir
I'm not sure about the StingRay brand _per se_ , but it's likely that
malicious fake cell towers can pwn the baseband radio. And we know that the
baseband radio is privileged over userland.

Also, baseband firmware is totally black box, so we have no clue what its
capabilities are. So the safest bet is isolating it in a subsystem, or better
in a separate device, which can be firewalled.

[https://www.osnews.com/story/27416/the-second-operating-
syst...](https://www.osnews.com/story/27416/the-second-operating-system-
hiding-in-every-mobile-phone/)

------
awt
If your bitcoin is being stored on a machine connected to the internet, it’s
not your bitcoin.

~~~
JohnJamesRambo
Bitcoin is “stored” on the blockchain’s ledger, we just own the private keys
to unlock some of it.

------
ryanlol
This guy is a downright idiot if he thinks that he has any more control over
his keys on desktop Linux without actually auditing all the source code
himself.

The idea that ElementaryOS is less likely to steal your coins than Windows or
OS X is simply laughable.

~~~
cmcd
We already know Windows has some pretty excessive telemetry, it is not
unreasonable to assume this or other elements of the OS can be exploited to
gain control of a wallet.

At least with Linux we have thousands of open source developers keeping an eye
on things, chances are much higher that an issue would be caught with Linux
since Windows is closed source.

~~~
falcolas
> At least with Linux we have thousands of open source developers keeping an
> eye on things

A bit of pithy sarcasm for your morning: Those thousands of eyes worked so
well with OpenSSL, didn’t it?

Those eyes are less vigilant than you might think, especially when the eyes
aren’t being paid to monitor a particular chunk of code.

~~~
sudosysgen
Yes, they worked pretty well for OpenSSL. The issue was found eventually. In a
proprietary system, it may have been there forever.

~~~
jcranmer
You're discounting the risk that, because it's open source, everyone assumes
that someone else has done the security analysis. That is precisely what
happened with OpenSSL--everyone assumed, since it's a big open source package,
that _somebody_ was keeping on top of this sort of issue, but nobody was.

That there have been _two_ major OpenSSL security fumbles (first was the
Debian OpenSSL fiasco, second Heartbleed) sort of suggests that the value of
"many eyes" for ensuring security is vastly overrated.

~~~
pbhjpbhj
How's that different to MS Windows, we assume the code is good, but some of
the errors/oversights that crop up beggar belief.

~~~
turc1656
It's not different. I think that's their point. FOSS like Linux doesn't
automagically make it "safer" than proprietary systems like Windows.

