Slashdot Mirror
No More Internet Anonymity
inkhaton writes "This Article tells of an Orwellian chip that, once installed in your computer (and not by your choice), will allow any website you visit to "read" your identity. The article goes on to describe how many benefits there are for using this to facilitate online business and even suggests some negative points. It ends with "Ultimately the TPM itself isn't inherently evil or good. It will depend entirely on how it's used, and in that sphere, market and political forces will be more important than technology." ... ugh. Well we all know what that means."
Your real identity or someone who used your computer while they were over your house, or someone that borrowed your laptop?
Bradley Holt
It'd be more along the lines of a major boycot of that hardware.
If you don't like it then don't buy it.
Didn't intel already try this with the P3?
Aren't we all Testuser from Beverly Hills, CA 90210 at test@aol.com?
Is any technology inherently good or evil?
Your computer may be broadcasting your IP address to the world as we speak! Or so I've heard.
Not inherently good or evil. But the evil potential is roughly 100 times the magnitude of the good potential.
My TPM will have the following information.
.. then I guess it's back to my C= 64...
Richard Cranium
9191919 Nunya Street
Overstock, MO 64999
901-555-5555
And if I can't do that
= Grow a brain...
This is a lot like the MP3 market -
We already have systems that work fine without this invasive technology - just like we already have MP3 technology for making nice MP3 files to listen to and download.
Why then would we pony up more cash or change the way we connect to the internet just for the sake of adopting this new technology?
These approaches for more DRM and more end-user-ownership by the corps is almost always stick and almost never carrot.
I am government man, come from the government. The government has sent me. -- G.I.R.
A simple browser or firewall plugin will strip the data out....Or even better, replace it with someone else's data.
DEMOCARACY IS DEAD!
wheres the lineup to join the liberation front, its time for a revolution!!
/. is overrun by bed-wetting elitist nerds
let it be known, for anything other than servers, a *nix OS sucks
Ultimately the TPM itself isn't inherently evil or good.
I'd like to hear of any inanimate object that is inherently evil or good. Nuclear bombs aren't inherently evil or good, it's just how you use them. Otherwise they just sit there.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
How else will the Anti-Christ keep track of you, and keep you from buying or selling? However, the mark is supposed to be in your forehead or palm of your hand. OK implanted RFID chips then.
I'm so mad I can't type. The idea that something can be put into a tool that I buy weather I want it or not, and then we will see if my privacy invasion is good or evil latter makes me want to throttle someone.
The tone of the article gives me a good idea of who to start with.
San Francisco Photographers
Wasn't that the entire point of the Trusted Computing initiative? To give everyone online - or at least every machine - an identity? And is it not true that some of the biggest proponents of this garbage some of the people we should be trusting the least?
The pathway to Hell is paved with good intentions. Now that it seems that we won't have a choice in the matter, it looks like apparently hardware manufacturers, software vendors, media conglomerates, and politicians know what's better for us than we do. Don't buy into this bullshit.
More ways for people to stalk others on the internet :|
Anyway, I'm not sure there will be any such thing as privacy in the near future. Right now it's already becoming a luxury good, and pretty soon only millionaires will be able to afford it.
There is a solution, but no guarantee we'll reach it. We need to define an individual's personal information as belonging to that individual, and any use or reference to that information should only be with permission, and based on some good reason. To put actual teeth in such a legal principle, I think it needs to be coupled with a right to store your own information (presumably on your own computer). Without such a basis for protecting privacy... Well, you'd better get use to appearing all over the Internet when you least expect it.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Tin Foil Router! Limited time! $99.99 with 802.11X! Stop those nasty data packets from going through to the websites you visit! www.x10.com
This will never fly, and not for the reasons we would hope for.
Here are the scenarios:
1) Chip reports stuff, but data stream is wide open, so middlemen can change whatever they want.
2) Chip reports stuff, but with shitty encryption so the gov't can still do its wiretaps and echelon won't break. System is hacked within a couple days and the whole 'chip' idea becomes worthless.
3) Chip reports stuff, but with robust encryption. The site you are talking to knows who you are, but people between you and them can't sniff your actions other than knowing that 'some sort of communication took place'.
Plus variations. This could actually make webs of trust (a la the direction that Freenet appears to be going) more secure, since you know that your neighbors haven't been man-in-the-middled.
Cant stop me from buying the latest "mod" chip from over seas and making the thing report my name as "John Smith, SS#1234567890"
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
Communism is a great idea in theory! It isn't inherently evil or good. It will depend entirely on how it's used
Never fear, says the article! The tool of evil is not inherently evil! *Whew* Ok!
But good to see the mainstream press catching up to it. This chip is part of a larger effort by major software developers and hardware manufacturers to mostly stop piracy in all forms and control what you can do with your computer and when.
Read the TCPA FAQ, and take a look at Against TCPA, an anti-TCPA site if you're interested. For an alternate perspective, you can also view the official Trusted Computing Group site.
Personally, I hate it, I don't think it will succeed, and I will *never* buy a computer with such a module installed.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
"the bank's site also "reads" the TPM chip in your computer to determine that it's really you." And you tell the computer that it is you by..."something as simple as a PIN number." So you know someone's password, and everyone sees you as "that person."
I hope that banks don't take this to mean that they can remove any other safety nets. I know your password, and the bank knows that I am you.
How will access to this chips id code be restricted? What if I read your id from my website, and use spoof it when I access your bank account?
"Scud Storm!" -- Jeremy of PurePwnage.com
Of course, all a hacker needs to do is keep an older model x86 or PPC system around. Obsolete computers are a dime a dozen, and you can keep them running for decades.
And we are moving closer and closer to disposable PC's, anyway. In less than ten years, I predict that brand new, complete systems will be selling for less than $50. Got my computer's ID? So what, I throw away my computer every month!
Sounds like the flopped unique ID that came on the P3 chips... we all know how successful that was.
...if you install Windows and use a bogus name. I did this when I installed WIN2K and my real name appears nowhere in the system, all my accounts are bogus names like Penfold Jackson.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
The only solution to provide an internet Identity throughout the whole interwebbzor is a direct brainchip installed at birth, or later in life, manditory, pain-less*than a baseball bat*. Therefor noone can modify it without the correct technology... and not die in the process. If it is released, i give it at least a month or two when it is on the open market before it is hacked and made use of ill-ly.
~--~
Do not mind the one with the crazy, for he is sane
I can't look at porn anymore :(
With spyware and malware as it is now, do you seriously think this technology will ever be "safe" enough for anyone to consider loading it on the hardware they sell. The information leaked would line people up for so many lawsuits it won't be touched. I think this will end up by the wayside. It's already easier to log an ip and track it back to a paticular place and time than it would be to "securely" log someones vital information once they load a page. Forget this and go on to the next headline. :)
Precisely my thoughts. This won't change anything except that mod chips for PCs will be made just as they are for consoles.
I suggest we refer to this hardware cookie as a shit biscuit.
This is where platform diversity comes into play. Any sane OS like MacOS, Linux, and BSD should never disclose your information without your pemission, period.
And as for Big Brother taking over the internet, there should be a way to firewall it.
This "ID" somehow has to get transmitted over the Internet. Unless it was encoded, you could modify it on the way out. And even then, someone could just cache copies of the encrypted versions. And on top of all that.... who is going to host the database of the personal information that matches up to the ID?
Kernel Krunch - Part of a Complete OS
Even assuming that this becomes massed produced in major boards, it will never take off the ground. First off, such a chip would be hard to keep track since many people will buy a computer second hand, or refurbished, or are given one. People who don't like the idea will boycott the boards that do have them, and those producers in a large part will stand out.
A huge issue would be if a large company like Dell adopted this. While this is highly unlikely, with the amount of clout they have with the general populace, it could sway more companies in adopting this technology.
will allow any website you visit to "read" your identity
The only use I could see for this might be in having the xxAA more able to track you down. I mean, it won't stop things like kiddy pr0n etc because (assumedly) the distributors are part of an "in" ring and wouldn't want your ID. Even if they did, most methods of getting them cash (Visa, etc) are pretty trackable.
It isn't going to be much use to the gov't in tracking who uses slashdot... unless slashdot starts tracking ID. So really, what use is it, other than allowing fishnets to snag passerbys?
I've been thinking about this; the problem is the legal route to this is pretty much a nonstarter already. But maybe there is a loophole; I think we should all start a church. The Church of the Super Paranoid, or something like that. That way we could cry religious persecution if intrusive privacy-stealing measures are used against us. I'm certain I would have no problem convincing a sizeable chunk of the Slashdot population to swear and affirm (on a stack of punched cards) that their right to crypto and absolute mastery over who sees their porn stash is both vital and indispensable to the very core of their identity. I think it could work.
At the very least, the crazy fundies will lobby for laws that would help us... :0
If Jesus wants me it knows where to find me.
My TPM will have the following [false] information
And you won't get an IP address. Alsee has explained why ISPs will want to make a working TPM a condition of providing Internet access.
then I guess it's back to my C= 64...
Will the BBSes be upgraded with 33.6 kbps modems? (56 kbps doesn't work if both ends of the connection are residential POTS.)
Technology is good or evil. The people making P2P ARE making a tool to pirate software/music/media. And this IS a tool to snoop privacy. The argument that I build something horrible, but it's the user that's to blame is bullshit, I know what I'm building.
... selling desoldering stations, tin-foil hats and faraday-cage panic room kits ...
I fail to see how this is like Communism.
This relates to Fascism much more than Communism.
Why then would we pony up more cash or change the way we connect to the internet just for the sake of adopting this new technology?
Because there are only two companies that control the last mile in your area, and they have both made a working TPM a condition of obtaining residential Internet access through them.
From TFA: Already over 20 million PCs worldwide are equipped with a tiny security chip called the Trusted Platform Module, although it is as yet rarely activated. But once merchants and other online services begin to use it, the TPM will do something never before seen on the Internet: provide virtually fool-proof verification that you are who you say you are.
That's creepy.
Just because I have the hardware does not mean that my Linux or BSD based (Yes mac users, that means you as well) operating system supports it. Any even if it is *available*, that does not mean that my custom gentoo-sources based kernel has the support even compiled in.
Then again since this would no doubt be proprietary tech it would be impossible for me it add that required support without tainting my kernel... and is that not technialy illegal?
- d
But what is their purpose? We cannot simply evaluate things by their inert state. We also have to factor in their reason for being. A gun isn’t made just for the purpose of propelling an object at high velocity in a particular direction (there are superior devices for doing that), it is intended to destroy something as a result.
This type of thinking might be carelessly superficial in some circumstances. You are right to an extent, but that should not keep you from further consideration.
Join Tor today!
... To modify the concept in legislation, where before passing or submitting a law, it should be scrutinized for the possibility that it can be twisted for evil. Of course, that didn't stop the patriot act..
in the same vein, technology should be scrutinized to see whether it would be used by corporations/governments to oppress the citizens. It's not a question of if, especially when it comes to the corporations and governments of today.
Obviously one can ruin your whole day, if set off in the wrong place. But bear in mind that a couple of thousand of them have been set off on this planet, to date, and have not destroyed it.
One could argue that there are "good" engineering uses of nukes (none, to date), and there are bad uses (random atmospheric testing scatting dust around). The one use in wartime (two incidents, one war) is honestly open to debate whether it was the "greatest good" (100'sK dead vs mayby millions in a continued conventional WWII).
Does the TPM Suck - yeah, most likely. I hope the market will squash it.
Does making flippantly popular (with the right crowd) remarks on /. quickly get you +5 insightful? Yes.
Where will this post end up? I don't really care.
Discuss among yourselves.
This issue is a bit more complicated than you think.
Old News. TPM has been around for a few years.
The site is https://www.trustedcomputinggroup.org/home
For a discussion of some concerns check out EFF at http://www.eff.org/deeplinks/archives/003804.php
I had an opportunity recently to ask questions of a Microsoft officer who works on strategy and works in Europe. When I described many of the unpleasant aspects of TPM and the like, he said that European privacy laws would prevent the adoption of such policies. I found that to be an interesting viewpoint.
My name is Rob Malda, I'm married to Natalie Portman, and live in Michigan. I like Japanese cartoo^H^H^H anime, and am a star of both the big and little screens
I don't understand why there's no choice to having the chip or not, and not just because older computers don't have it. I'm sure there's enough CE and EE people out there who can design and build their own motherboards, without the TC chip, and maybe even sell or give away to others. And if these people are blocked from the internet, what's stopping everyone from going back to the BBS style of things? Phone calls aren't so expensive anymore (not even long distance) so accessing a BBS, or networking BBS' anywhere shouldn't be too bad.
Christopher S. 'coldacid' Charabaruk -- coldacid.net
Same goes for a gun - it does not matter that it can protect, it still is built with the purpose of ending life.
But sometimes you have to destroy life to sustain life. For example a hunter has to take the deer's life so that his family doesn't starve to death.
Intel quickly made the serial number disabled by default, and few web sites ever started using it. If people *really* have issues with such a system, they won't use it, and they won't buy products that require it. If they don't buy it, companies won't sell it. If it's an issue, media attention can get people to vote with their dollars and keep it from being a standard. The only thing that worries me, though, is the Microsoft comment. If somehow Windows requires this system, it'll become a de facto standard. But MS has tread pretty carefully so far - e.g., restrictions on how often you can activate a copy of Windows are pretty lenient. But we'll see if that holds. Even still, though, MS won't want to make consumers buy new PC's or accept something they don't like in order to buy the new Windows for fear of losing business. So it comes down to whether people really oppose this or not.
I produce electronic music and write little games. Have a look.
My vote is yes. The Internet will route around it by gradually dividing from what is currently called the Internet. Most people will use what used to be the Internet, and will consider it to still be the Internet. A minority of tech savvy people will be running on an alternative network, and will consider their network to be the Internet.
There will be one way links between the Internet and the former Internet (new can suck data from old, but not the other way around). The new Internet will be under the radar, but will be a hotbed of technical innovation. In time the new Internet will appear on the radar, as the majority hear of it and decide that they want to be able to do all the neat things Internetters can do as well. The majority join the Internet. The Internet gets 'tamed' as large companies join it. The Internet routes around the damage by breaking away over time. The cycle repeats...
You know, Orwell wrote a lot more than 1984 and Animal Farm.
Correct me if I'm wrong, but isn't MAC Address and IP sent through all hardware between one's computer and "destination" sites/services? Or is this akin to marrying your SSN to a MAC address. Really, I'm too lazy to RTFA, on the off-chance that it's not slashdotted... I'm tired of checking. Yawn.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
While this article is trash, pure and simple. Here's only a few flaws with the idea that come to mind: 1) Such a chip has obvious privacy implications. 2) Forcibly installing such chips into our computers is, well, illegal. 3) Such a policy would be unenforcible. The Internet is a global community, remeber? 4) Such a chip ensures nothing. We all know that passwords are not safe and that those methods of biometric identifications that are cheap enough to go on your average computer (fingerprints) are insecure to the point of being breakable via silly putty. Need I go on? Not only would this technology add _nothing_ to the end user that a username/password combination do not already do, but it would also leave him or her vulnerable to all sorts of fun fraud.
Of course, all a hacker needs to do is keep an older model x86 or PPC system around.
And watch it not get an IP once all the major last-mile ISPs have switched to Trusted Network Connect, a framework that involves "trusted" dialer software that assesses the state of your computer using its TPM. Cisco has a similar competing framework called Network Admission Control.
What about the plathora of secuirty issues we are faced with today, combine that with a preempted identity management system and you spell disaster.
It would bring on a new level of phishing one that would be alot more difficult circumvent and alot easier to exploit once the phiser has what he needs from their victims.
Engineers and techs are very smart people but sometimes they lack the day-to-day vision around the issue.
Plus, im sure there'll be a bunch of eager hackers waiting patiently for this to come along, if they are able to stick linux on an ipod i'm sure they'll be able to get around this.
Well first of all. Do people have a RIGHT to anonymity?* Second I read the article and I don't really think it matters weither the chips are put in against our will or not, but weither the other end of the connection will require them. Do business with the government? Need a chip. Do business with your bank or utilities? Need a chip. The choice soon will basically be, get the chip, or get out of society (for a prime example, leave all your ID home for a day).
*Consider how AC's are treated on Slashdot before answering.
"The whole corporate-state dictatorship must be overthrown."
Um, you go first. Here's your sword and shield. Let us know how the battle turns out.
I think the subject pretty much sums it up. Doesn't matter if the current holder of the power is the most righteous guy on earth. Once the power is concentrated and usable, it's just a matter of time until it gets abused by some person or some gang.
The American idea of dividing the powers up and setting them at each other's throats was really clever. Unfortunately, no one knows the future, and things have evolved in a way where the powers are bigger and more concentrated than any English king's powers ever were. Unanticipated side effect of the 17th Amendment. (Yeah, the idea of an evolving document was pretty good, too, but it also got misused...)
I don't care how righteous or benevolent your intentions are.. information is power, and historically, power in human societies is always abused.
The theory of relativity doesn't work right in Arkansas.
Any sane OS like MacOS, Linux, and BSD should never disclose your information without your pemission, period.
So have it ask for your permission whenever it discloses your information to your ISP as a condition of connecting to the Internet. Unless there's a huge backlash against the TPM real soon, I can see ISPs requiring some form of "trusted" DHCP within a decade.
I'm pretty sure I'm missing something pretty obvious here, but since every "secure" internet transaction would involve a transfer of a TPM number, wouldn't it be easy to figure out anyone else's TPM (if you can't figure out what it is, its useless). And once you do that, won't it be easy to tell your computer to send out a different TPM (say the one you stole from somone else) instead of yours. Isn't this about a fool-proof as MAC addresses for machine identification, only the MAC address is being shouted to every other computer in the world at all times? And won't I (using OS software of course) be able to have my browser, Network Adapter, or whatever is responsible for the TPM, just send out a random TPM so that I remain anonymous?
In short, I really don't see how this whole TPM thing threatens privacy at all, or offers any security benefits whatsoever.
How about a Project Orion spaceship?
An example of an inherently good inanimate object.
What are you guys worried about? This is our big chance. Everyone! Start making webservers and start capturing personal info! With this, we can even get the info on sites visited, transactions done online and even how many hours they played solitare on their computer rather than working. We can even find out what the head of the RIAA is doing at online at any given time and steal his info like bank account numbers and personal password, not to mention knows where he and his family lives!!! The anti-christ is here, it is DRM and us geeks (the meek) shall rule the world!!!!
Oh, if anyone didn't catch it. Yes, I was joking. This is a bad idea. If it was forced on us somehow (by some horrible freak of fate), it's nothing a router with a filter can't fix. Hi! I'm Bob Jacky and I live on 1600 Pennsyvania ave in Washington DC. My hobbies are polygamy and I like little boys... We really need to stop people that have no common sense decide our policies for us.
please... let me sleep... a little more... yay, no longer annonmyous coward.
We don't add support to the kernel?
If you can't convince them, convict them.
Wouldn't this also be an opportunity for a wireless ISP to step in and provide for TPM-less service?
Until the FCC (or a foreign counterpart) shuts it down. In most countries, the central government has plenary authority over electromagnetic emissions in "useful" radio frequencies (9 kHz to 200 GHz).
This is exactly why I don't use a computer!
He wrote an essay in 2003, The Digital Imprimatur which reads like a (both technical and social) roadmap for upcoming DRM and Internet surveillance technology.
I too have felt the cold finger of injustice.
Seriously, how long is that going to last? The l33t m0dding community is going to be all over this; privacy on the Internet is something sacred that will be defended, whatever the legal rammifications.
body massage!
"Ultimately the TPM itself isn't inherently evil or good."
But not giving the computer use an off switch is inherently evil.
Random question (not that I actually suspect anyone here knows the answer): Will it be possible to manually remove the chips without damaging the machine otherwise?
Property is theft.
Is it just me, or didn't we almost go through a milder version of this with Intel and the Pentium III CPU serial number rubbish?!
The solution is the same: Avoid and boycott any idiot companies who push this, rattle the cages of politicians and see if they'll wake up, and scream to any and every media outlet that will listen.
The only question which remains to be answered is if the combination of state-corporate power is too strong to overcome.
"Fascism could better be called 'corporatism', for it is merely the merging of state power with corporate power." -- Benito Mussolini, the Italian dictator who "invented" fascism
The Evil Bit is inherently evil! :-)
Its function pretty much what this TPM chip seems to want to do. Do not worry, your P4 does not have it nor does your AMD chip. It caused a bit of a stink and Intel backed down. For the time being. At least they claimed. Who knows what is really inside your pc.
Seems this time it has managed to get a little bit further. Now anonimity on the web is a bit of a hassle as /. is probably well aware of. Just count the number of people who feel they can troll websites without fear of being found and getting their teeth kicked in. If you behaved like the GNAA in say a real life setting like a soccer club you would easily find yourselve gently reminded about proper behaviour. On the net there are ways to hide yourselve and it is used.
Any freedom will be used and by some people in ways that other people would rather not want. For instance while you do indeed need legal identification to drive a car and for that indentification to show you are entitled to drive a car there is no real check. Wich means that some people who are not allowed to drive a car do. It is called joyriding and it results in a fair number of deaths. Yet we more or less realize that this is the price to pay for not having to go past a checkpoint when we leave the driveway.
A hardware based identification sounds "nice" if you think about the need to identify yourselve to your bank. Well no actually it doesn't. I don't know how other banks work but the dutch "postbank" sends an SMS to your phone when you have (after giving a login/password pair) entered a transaction to confirm your identity. It works because a wrongdoer can't easily get their hands on both. If you keylog my machine you will not have my hardware phone and if you rob me you will not have my password.
Oh btw this TPM chip does NOT seem to guard against keyloggers. If I get your PIN number I can simply login on your machine and be identified as yours. Not good.
What is worse I think this TPM chip can only work with closed source. A linux machine could of course easily spoof the number unless it was part of the network card (and even Mac adresses can be spoofed) so I think this little chip is far more about MS and (perhaps) Apple wanting to ban opensource software then anything else. Oh they do not need to do it openly. Just that more and more websites and content will require a tpm chip. How about enabling tpm identification by default in every word document so that even in the new "open" format it would only work with MS software, opensource wordproccesor would simply not have the TPM chip to decode it. So you would have to ask each time your send a piece of content please could you send me a non-tpm version?
Nah, nice as it would be to ban the trolls easily I fear that they are the price we pay for the freedom to run the software we want. Time perhaps to mothball one of my current machines just in case in the not to distant future there will be no mobo's left to buy that run linux.
Not that I think that is going to happen. Why? Well our glorious defenders of freedom the chinese. The article suggests that this TPM chips is Bill Gates way of getting the chinese to pay for MS software. Lets hope the chinese are smarter and that the TPM chip is the way to get Chinese even more serious about creating an independent IT system. I rather trust the chinese goverment, who has no control over me a dutch citizen, then our own bought and sold goverments.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
That is my point. Nuclear bombs are not inherently good or bad, just like the chip.... but the bomb will probably be used in a bad way and so will the chip. Should have just said that I guess, I thought it just came across in what I wrote.
The response immediately after yours to my post and my response to that will shed more light I think and I don't want to type it all up again.
or should have made the subject - 'bombs bad' instead of 'duh'
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
And your infallable source for this information is... a Slashdot comment.
It's not my only source, just one that's useful for introducing the ramifications of the concepts introduced in the Trusted Network Connect FAQ (PDF).
We all know whose software will be "trusted". If this catches on, it will be the end of free (libre) software on the internet. Sure, there could be an alternative free (libre) internet, but using it will likely make you a terrorist suspect.
>ugh. Well we all know what that means.
Sigh. Yes. Everyone will just sit around slashdot whining about it, and not lift one finger to get control of it via their elected officials.
-- "In order to have power, I must be taken seriously." -Mojo Jojo
If a hardware-stamp like this is considered a "Foolproof" method of identification then it is obvious that the proponents of this method of identification are obviously marketing to fools. People simply don't buy a new computer often enough for something like this to be effective. The problem is that data A)is transmitted as electricity and B) consisting of bits and bytes, yet "Trusted Computing" is supposedly a once-and-for-all solution. Once and for all solutions -aren't-
"These approaches for more DRM and more end-user-ownership by the corps is almost always stick and almost never carrot."
Look I know you all hate corporations with a passion (I'll try not to point out how much you all still buy from them). But it's apparently blinded you to what the right hand is doing. The left hand is some corporations (not Pete's Pizza Joint down the street). The right hand is government. What does TCPA mean for them...discuss.
You see, if M$ can be $ucce$$ful in pu$hing this onto the public under the guise of beeing imparitive for security, M$ would have a (seemingly) solid strategy to against Linux, *BSD, any open source OS. I'm sure that you all can see that this type of technology would be pretty much impossible to impliment securely in an open source OS (since everything is open to scrutiny and USER configuration). I seroiously hope M$ does this, as it will blow up in thier faces when the security of the mechanisim is comprimised(as was noted earlier), creating an enoromous failure on thier part. Imagine the embarrasment of this happening after M$ hypes and markets the SHIT out of this having IMPENITRABLE security. It would be the end of M$. So....BRING IT ON BILLY! (by the way if you haven't been paying attention, the 360 is the beta of this.....I'll keep a keen eye on http://www.free60.org/)
If I can't disable it, I don't buy it.
I'll buy from the guy next to you who's selling non-chipped systems.
You'll go broke.
Then I'll start selling chipped systems with user-enables.
Thanks for the private island, sucker.
BWAHAHA! Dude, have you compiled a kernel recently? It does have support for this - only the kernel states it as a module that can be used in conjunction with the chip, to store "key data" seperate from the system, to increase security, or something. Mayby it will allow Linux to selectively use the TPM chip where required for authentication (i do my banking etc across 3 computers, identifying anything on a per-computer basis can be stupid). The TPM chip is far from just an identifier, its got memory and can be used for other general things.
Its more that, in Linux, the TPM chip will be used for security (good), and in winblows it will be used for ease-of-use/profit (evil). So, im guessing in Linux you'll be able to spoof ID's
What happens if you sell your PC? Will you have the option to reset your information?
-Patrick
"They never stop thinking about new ways to harm our country and our people, and neither do we."
Cars have VINs and license plates to identify them on public roads. This places some limits on driver freedom but is hardly Orwellian.
TPM, or something like it, could end up in the same category.
org.slashdot.post.SignatureNotFoundException: ewg
Just throwing the idea out there ... how about getting some form of a privacy right (beyond the fourth amendment) into the US consitution?
Secure web servers have certificates. Well, web browsers used to have facilities for client certificates--means by which the browser would identify itself to servers and prove its identity. Yes, you can do that easily and securely in software, no chip required.
Well, apparently users didn't want to bother and web sites didn't start requiring it. It's difficult to see why adding the expense of a special chip into the mix would make it any more likely to succeed.
People...please, stop and review your history. Does no one remember Intel doing this exact thing just 5-6 years ago with the first PIII chips? Do you see any chips with serial numbers embedded in them like that today? No...because it was a colossal FAILURE! That's when Intel began to slide and AMD began to rise to power. Why? Because AMD saw a need, and that need was to NOT have this kind of tech. So many people, including myself, started switching to AMD chips. And Intel eventually yanked it because of the market share they were losing. They never really recovered after that, especially when AMD started beating them on processing power-per-watt. So please...just take a deep breath, calm down, and look to your nearest underdog to fill the need...
Besides, when the revolution comes, your computer will be the last thing on your mind...
Disregarding this article, which is courtesy of MSNBC. Which I rank right between Weekly World News and the National Enquirer when it comes to credibility.
So the article states that my bank won't even ask for my usr/pwd and this is comforting considering that many win machines are riddled with spyware/malware. So they can tell if a machine is trusted but how does the machine know what software is trusted? "Oh, this machine is trusted; let's connect. By the way, here are a few ports that are open. Oh, you want to do remote registry editing? No prob. I'll hook that up." Good initiative, bad judgment. The pushers of this initiative should be stamped on the forehead. Let's just roll this up in the patriot act while we're at it.
Many companies suggested this for the web in 1994. Merchants and advertisers would love to track unique users to collect data. Part of the comprimise was the design of cookies, which allow for some amount of unique identity but were explicitly not cross site trackable and could be removed by the user or turned off. I suspect that as long as consumers continue to demand privacy controls, technology providers will keep some amount of control in the users hands. Also, there will continue to be enormous financial pressure to add features to track users. So it will be very important for this issue to remain in the public eye.
Look at all the comments on this story so far. Notice anything in common? Yes, every single one is against this. If I were selling computers, I'd notice that.
Yes, Slashdot isn't a representative sample of the computer-buying public. But Slashdot readers (and equivalent nerds) have a tremendous amount of influence in the computer market, outside of their raw numbers. The type of people who read Slashdot are early adopters, are IT workers and managers, and are the people whose families go to for computer purchasing advice. That's a lot of power in the computer market.
If a day really comes when no computer is made without this chip, then I'll start putting my own computers together without them and make a ton of money selling them. But that won't happen, because before I can do that some big computer company will notice the same market I did and beat me to the punch. Then all the other companies will see that their competitor's non-TPM computers are selling really well, because everybody on Slashdot and their mom is buying them. Guess what they decide to do then.
Capitalism is your friend. Capitalism is your best ally against crap like this. Nobody will even remember this in five years, just like nobody now remembers Divx or unique-ID Pentium chips. So just calm down.
A large chunk of the world's biggest computer hardware and software companies get together and decide to install this TPM chip. Why? To save their buddies (subsidiaries, joint ventures, partners, whatever) -- the online retailers, services, media and banks -- the cost of fraud (and maybe tell you how it will protect you too, to get you to buy their stuff). But who decides what sites are allowed to read the TPM chip's contents? Why, the coalition of hardware and software companies, of course. How do they ensure its success? Make the ISPs require it. After all, most of the ISPs are their buddies too. But how do they make sure all ISPs require it, and make the whole system legitimate? They call up their government buddies, or make some new government buddies, and before you know it the law is doing it for them.
If it sounds like a racket to you, join the club.
If you're not part of the solution, you're part of the precipitate.
Think before you reply.
Oddly, I guess that says there is more "good" in the world than "bad", and thus lends support to the parent post of inherent value (neutral) of objects.
Did the inventor of the gun think "I can get dinner faster with this" or "I can smite my enemies with this"? Did Alfred Nobel create dynamite thinking "We can mine better and safer with this" or "Assholes will blow up people with this"?
(BTW - as far as I can tell, the "purpose" of nuclear bombs depends on who made them; The good guys have them to deter the bad guys from doing bad things. The bad guys have them to threaten the good guys, to cower them into doing nothing about the doing of other bad things.)
This issue is a bit more complicated than you think.
I did this when I installed WIN2K and my real name appears nowhere in the system, all my accounts are bogus names
So your user account is Pinocchio Poppins or something. The real question is to whom does your Internet service provider send the bill?
Im sure somebody has already stated the obvious here and that the information has to pass through has to pass through an os/api and the network and thus is subject to being altered on the way out. So its both stupid as a means of ID and and stupidly easy to bypass.
If something exists that does not need a creator (god) then why must the cosmos need one?
Well I never really considered little yellow cloth stars or number tattoos "good" or "evil" in and of themselves... but you know while we are at it lets brand everyone's social security number on their arm... you know so you can't lie to women at bars about being Leonardo DiCaprio.
Ok, people are spoofing everything already.... IP's.... MAC addresses..... why not this too? This is something that I see being hacked in under 24 hours if it ever gets put into you. Wouldn't your OS have to have support/drivers for this chip to function at all? Would this mean that the OSS community would easily be able to disable and enable it at will? It's like DRM being pwned by a sharpie: pointless.
From TFA:
With a TPM onboard, each time your computer starts, you prove your identity to the machine using something as simple as a PIN number or, preferably, a more secure system such as a fingerprint readerHmmm fingerprint readers are more secure than PIN numbers? Certainly not yet.
Also from TFA:
(In fact, with TPM, your bank wouldn't even need to ask for your username and password -- it would know you simply by the identification on your machine.)Well what if it's a shared computer at home. How is my bank supposed to tell between me and my wife when I logon to their web-site?
They know my name, address, phone number, IP number, username, and password. What more is TPM going to give them?
A specification called "Trusted Network Connect" has been published on the TrustedComputingGroup.org web site. (Brief yourself using this FAQ (PDF)). Implementations of TNC collect "endpoint configuration information", allowing the owner of a network to deny a computer access to the network unless it meets the following requirements:
Dialer programs under TNC are charged with enforcing the integrity of the runtime environment on the computer being connected to the network. The integrity checks will often include the following features:
TNC may initially sound benign or even desirable when the network owner is an employer. But imagine when the network is that of a residential Internet service provider, and customers have to pay extra per month to get some of the QOS changed or to unblock specific ports. Once almost all computers have a working TPM (possibly by 2015), both the local cable company and the local telephone company are likely to see TNC as a cash cow for their Internet access customers, and they're likely to deny you an IP address unless your machine is "trusted". Those 2 percent or fewer customers using a computer without a TPM would just be considered collateral damage who can just go back to dial-up.
"There would still, of course, be ways that you could access your bank or e-commerce accounts from other computers when you were traveling, but the connection wouldn't be as secure as using your own computer."
IOW, banks will make it ABSOLUTELY NECESSARY for you to have the proper TPM ID chip in order to log into your account. Unless, of course, you don't have it -- in which case you can verify your identity another way. I feel safer already.
The truth, of course, is that TPM will do nothing to prevent phishing and identity theft, because it's a technological solution to a social problem. A much better way to prevent such things is to require financial institutions to practice better security (it would be even better if customers could practice better security, but that's a much more difficult target). Instead, what we're going to see is less adherence to reasonable security practices due to the false security aura of the Almighty Trusted Computing Platform.
Oh, and outside entities (government, corporations, etc.) will have the opportunity to limit what we can do with our own computers. But I'm sure that's just an unintended side effect.
Here I sit without mod points as something genuinely amusing floats by. Oh, well.
;-)
ObNit: There's no way "who'se" can stand in for the completely-devoid-of-the-letter-E phrase "who has." Spelling observations should be more carefully crafted.
This will not work for several reasons, some already posted: 1) People will find ways to fake the information on these chips. Anonymity is regained. If everyone has the same information, it will be impossible to track a user. 2) People sell computers. If they do start tracking illegal activity using these, what happens when CriminalX sells their comptuer to InnocentY? InnocentY suddenly has a criminal record, for legitimatly buying a computer. 3) Like many others, I will never buy a technology that uses this. I have a feeling that measures like this will slowly turn people away from the Dell "Buy a PC like you buy your whitegoods" prepackaged systems. I would rather build my own computer, because then I know whats in it. If I didn't know how to do that, I'd happily pay someone I know to do it for me.
Please visit http://againsttcpa.com/. .sig, toaster.
Read the information and get informed. Show your support - sign your name, add a button/link to your website,
It is up to YOU.
Saying "one person cannot do anything" is rubbish. If we ever want a chance at beating things like this, we MUST band together.
And even then, someone could just cache copies of the encrypted versions.
You're talking about a replay attack. There exist all sorts of measures against replay attacks.
Dems are some of the worst pushers of "Trusted" (I like the term "Treacherous") Computing and other attempts to fence the Commons. My congresscritter is Howard Berman (D-RIAA/MPAA) and my two senators, Boxer and Feinstein, are also thoroughly 0wn3d by Big Media. Remember the "Clipper Chip?" That was a Clinton Administration initiative. The GOP is very anti Fair Use as well. (The RIAA and MPAA is bi-partisan. They tend to buy both parties.)
This puts me in a very uncomfortable position. I don't want to support Berman, Boxer and Feinstein's efforts in support of their patrons in the Four Families of the Record Industry, (that worked better when there were still five record companies, alas) the Motion Picture industry, TV, and Clear Channel (What? it's still called Radio? Could have fooled me!) but the fact is that I agree with them on a lot of other issues and they all have mostly been voting from the Democratic wing of the Democratic Party of the United States of America. (Feinstein's support for the rancid Bankruptcy Bill notwithstanding.)
I think the Greens are perhaps the most "pure" supporters of a robust Commons, but alas, they don't have much chance in this system. The Founders didn't like the Westminster (Parliamentary) system, so we got a system that has little chance for third parties to make a big difference in politics. Ferdinand Lundberg once made a convincing argument that we have a single-party system here in America, the Property Party, with two wings: Democratic and Republican.
I guess what we geeks all need to do is get more active in our local Democratic Party establishment and push our agenda along with a broader progressive agenda. But right now, to say that the Democratic Party has more of our interests at heart is foolhardy and ignores recent history. It probably won't do a lot of good but it's worth a try.
Knowledge is power. Knowledge shared is power multiplied.
Well, it IS an MSNBC article after all. Kinda hard to not be biased when reporting about your own company.
In which case, the info on my computer will tell the world the following critical data about yours truly:
Name: Ralph Spoilsport
Address: 40105 Rhode Island School of Design Terrace
Ukaipah, CA 90210
Phone Number: 210.867.5309
Drivers License: THX1138
Mother's Maiden Name: Cinderella
That should be Really Useful to the Freaks who run this show.
Secondly: Once these chips are in place how long will it take for some one to hack the sucker and write a program to nullify it?
Thirdly: What if you build your own Damn Computer? It's not like it's that hard anymore...
This idea is yet another example of how many sheep in people suits we have on this planet.
RS
Shoes for Industry. Shoes for the Dead.
I'm too lazy to look it up, but didnt the russians use a nuke to carve out a resivoir or something? Besides what everyone else has already said about nudging asteroids away from earth, its theorized that terraforming of mars could be jump started by nuking the poles.
"Sic Semper Tyrannosaurus Rex."
And you won't be able to get to your own account from the office or a kiosk or the loaner laptop you got from tech support. But let them accidentally give it to the wrong person and your bank account will be paying off big time.
(In fact, with TPM, your bank wouldn't even need to ask for your username and password -- it would know you simply by the identification on your machine.)
Buy a computer on eBay and you might be surprised all the web sites opening up for you. You all know about how much information is left on excessed hard drives. This will be the mother load. Anything that's invisible to the user has to be juicy.
The chip permanently assigns a unique and permanent identifier to every computer before it leaves the factory and that identifier can't subsequently be changed.
Okay, one of you hot shots write a program that let's me watch what my chip is sending out. And then another one of you please write a spoofing routine that runs at the router. Okay, you can't change it at the machine, but as long as it's my router, then one of you smart people can whip out a program that either blocks it or spoofs it between here and the outside world.
Not to mention when you swap chips with another PC, like I do around here all the time.
The military people are going to have a fit about it, too. And the NSA, CIA and FBI, they're going to love knowing their agent PC's are being tracked individually. But it will definitely make finding stupid people a lot easier.
This is Passport all over again.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I don't understand why some people demand that their activity on the Internet be anonymous. I mean really, what is the core basis that makes people want to be anonymous on the net? When I drive a car, I have a license plate that identifies the car. When I cash a check, I provide ID. When I go into a store, I am probably being videotaped. When I leave for work, my neighbors can see exactly when I leave and exactly when I come home. Why do some feel this odd need to be completely anonymous on the net yet they don't feel any need to be anonymous in real life, face to face transactions, movements, and basically just living?
/$0.02
I use my little Safeway card when I shop. They know everything I buy. I don't really give a rat's ass. It isn't hurting me a bit. Every time I go over a bridge, the toll authority knows it is me. Every time I make a cell call, the company knows not only who I am calling but they also know my physical location. That doesn't make me paranoid. Why should I care if a website knows I came to their site? How is that more evil than a store video taping my entire shopping trip inside the store and then recording my purchases for marketing research?
I have kids on the net. I think being able to identify the people they are interacting with is a good idea. I think sites being able to identify them might be a good idea, particularly if they are sites they shouldn't be using such as online gambling. If my daughter is stalked or otherwise terrorized by some creep, I want to be able to find and stop them.
Imagine a world where nobody had ID, there were no license plates, and people simply verbally rattled off credit card numbers to sales clerks. I am not sure it would be such a good place to live. As the net is integrated into our mainstream culture, I believe we need to think about using the same accountability measures on the net that we use in the rest of our life. The Internet shouldn't be a collection of woodwork for human vermin to hide among.
...except to those who will pay a premium for the machines and the infrastructure, which will become obsolete almost immediately. Just like DRM.
It's the data, stupid!
Of course, as faithful slashbots, we sure do. It means exactly the opposite as it does when the same is said in the context for file "sharing."
Are you adequate?
since every "secure" internet transaction would involve a transfer of a TPM number, wouldn't it be easy to figure out anyone else's TPM (if you can't figure out what it is, its useless). And once you do that, won't it be easy to tell your computer to send out a different TPM (say the one you stole from somone else) instead of yours.
That's a replay attack. The Trusted Computing TPM specification surely includes countermeasures against replay attacks.
... saith the Anonymous Coward.
I was poking around on my new AMD64 machine the other day, and I ran dmidecode. Can anyone explain this?
Nopper you are the BEST! MS still can't pull off the tricks you have been doing for years. Best $0.00 I ever spent. My neighbors open wi-fi just adds to the glory. Oops who is knocking on their door today ?
Don't kid yourself, I know I am not "really" anonymous. But I don't GAF!
I feel for bob@aol.com. He's been getting my spam since June 23, 1996.
What if a scammer bought a computer off ebay(used) that had the chip with someone else's identity. The scammer would be able to scam using someone else's name. That would mean innocent people would get accused for doing these things and it would be quite hard to prove them wrong. I don't think this policy is well thought out.
...and buy a bunch of good fast hardware and build the obligatory anonymous beowulfcluster for tomorrow!!
Nuclear Weapons are Morally Indefensible
(Argument for the affirmative, Oxford Union, 1 March 1985)
Rt Hon David Lange
Prime Minister of New Zealand
There is an argument in defence of the possession of nuclear weapons which holds that the terror created by the existence of those weapons is in itself the fulfilment of a peaceful purpose: the argument advanced here tonight that that 50 million killed over four years by concerted war in a conventional sense in Europe, and the argument that somehow the existence of this mutually assured destruction phenomenon has since that time preserved this planet from destruction.
INTERJECTION: Sir, the one area of the world do you refer to then? How have those casualties in that area defended by nuclear deterrence? Namely Europe. Not one of those 30 million lived in Europe.
Have you considered the proposition for one moment that that war, that cost those casualties might have entrenched within people the yearning for peace, the growth of democratic institutions, the accountability of political representatives, so that none wishes to wage in conventional or nuclear terms, any war? Why attribute to the presence of that awesome potential clash of firepower a stability which your politicians have been arguing they created?
You can't have it both ways
=w=
I am totally opposed to "trusted computing," but there's a workaround. This won't make a difference for people who really need anonymity (that is, those who don't even want to attach an IP address to their online actions). There is no reason why strong proxy systems like JAP and Tor would be less effective under this. Unless such software is banned, it would work exactly the same as now. Suppose you're using Tor on a TPM-occupied machine. The entry node of your tunnel will know your exact identity, just as now it knows your exact IP address. And by the time your data reaches the exit node of your tunnel, that information will be gone. The destination server will receive the identity details of whoever runs the exit node. So don't panic; anonymity would still be an option.
(By the way, isn't it slightly ironic that Slashdot is decrying the potential end of internet anonymity, when this very site denounces its own anonymous users as "cowards"?)
Signature.
which has built-in TC DRM for YOUR convenience. Ha. As. If.
The 'Net is a waste of time, and that's exactly what's right about it. - William Gibson
What if we just imbed a serial number in each cpu...
oh, wait...
[ ]Clever sig [X]Lame sig
http://bash.org/?564283
jdigittl> i just filled out an online mortgage application to test something. I just received a phone call from a mortgage broker: "Hi, I'd like to speak with, um, Mr Testy McTest..."
either:
:( Surely some of the points he raised in the book are appropriate to this discussion?
1) there will be hack's or backdoors to circumvent and misuse this and thus it will be discarded
or
2) it will end up allowing everyone of us to shine the light at anyone we meet online and possitively identify someone.
How could one set up a network where identity is unable to be falsified? And also to record all transactions?
I only vaguely recall reading 'The Transparent Society' by David Brin, my copy has gone missing
See my art -> http://herbevore.deviantart.com
I am all for this chip as long as I can turn it off whenever I want. Unfortunately, I am thinking that once the chip is widely available, no government website will allow you to connect to it without it being enabled. Shortly thereafter, I am sure there will be legislation requiring that the chip always be enabled for our "protection".
strike
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
Lets see... get the right mobo, setup a website that extracts TPM info...
I use your TPM info... and if banks are really that stupid to not have at least a 2 pass authentication method, thank you for your kind donation to TheRev Fund. =))
Make a safer internet, I think not.
I'm going to look at some cheap mobos soon for their TPMs now =P
The crack will be posted a week before TPM is released.
I'm surprised it's not out yet!
Professional Politicians are not the solution, they ARE the problem.
If it's meant to protect me then why can't I verify who the vendor is? Is that what fraud control is all about?
Oh, sure you can sit back there and naively call those leaders liberal, you fuck-tard. The rest of us will quietly acknowledge (or not so, in my case) that most of your list espoused fundamentalist, hard line conservatism, along with what can be labeled by no less than feigned interest in the protection of their citizens, fervent religious attitudes (towards themselves, their god, or their government) and fanatic nationalism. And you know what, we're there again, except the name that deserves to be on your list is instead in the White House.
... Hrm... No Child Left Behind, the other boat load of ridiculous social programs they're going after, and that game called "Let's Fuck with Social Security" Oh yeah... Check. What next? Fervent religious attitudes. He eats from their hand, no doubt about that. Check. Fanatic nationalism. You are either with us or against us. The Patriot Act The fact that anyone who dissents against official party policy is labeled unpatriotic? Check, and check again.
Let's see, we've got a so-called 'conservative', spending untold amounts of money. Check. A 'conservative' with feigned interest in the public's well being.
You wanna know some people who were fucking liberal--if for nothing else, a smidgeon of enlightenment? Benjamin Franklin. James Smith. John Adams. Samuel Adams. John Hancock. Thomas Jefferson. Richard Stockton. John Hart. Maybe an ignorant dipshit such as yourself knows just a couple of these guys, but there's a whole fucking slew of lesser-heard names. If it weren't for these fucking liberals, and others like them, you'd likely be having afternoon tea with someone who sounded vaguely Australian!
And for the record, the vast majority of the names who were alongside the ones above believed very strongly that religious influence in the administration would bring an ass-load of problems down upon us--despite being undoubtedly better Christians than a red fucking piece of shiat like yourself.
FREEDOM! Put it in your pipe and smoke it you son of a bitch!
For systems like Xen, wouldn't the system just fall on it face?
It would seem that all the virtual systems created by a hypervisor couldn't all use the same TPM value from the physical system, so there would have to be some *software* means to create a TPM value, read, API. Once you have that, in an FOSS system, anyone could write in what they want/need to replace the stock API with something that produced the TPM values they wanted.
Or is that too simple?
It's the year 2100. The "GEEKS" live underground, running LINUX 2.8, the last release without mandatory DRM implemented. The GEEK population makes money by trading their cache of the last MOBOs (Late quad-cores) that do not have DRM to the "surface people". These machines are populated with bootleg copies of "Gilligan's Island" - The most popular show of the surface people... Pathetic...
My wife doesn't listen to me either...
Sure thing, the teknology in it self will do no evil nor good, but as we always know, it is much easier for evil people to find good use for such services than for good people.
... or if cell with chip in list ... make bomb explode. What a perfectly safe world this bring us!
With such chips in every cell phone, in evert laptop, in every car, it would just be a mather of time before there would be bad uses of the technology such as the one mentioned in the title.
If car with RFID chip in list
How easy it will become for obsessed ex boyfriends/girlfriends to track you down
How easy it would be for terrorists to abuse this information
What about connecting the information for bad mouthing the opositions presidential candidate - he/she surely must at some time have done something stupid that is easily connected with his/her real identity online?
What information might your insurance company be interested in obtaining about you, and what sites would not be in for selling the information to them?
The list is near infinite - the world will not become safer, it is an arms race as always, and what we use now to defend will just around the corner be used to attack us.
If you could figure out a way to intercept the data on someone else's chip and hack your own chip to encode that information into it (or make some kind of chip emulator), then this idea is fuckz0red. Bad idea.
...Has come 22 years late.
In all seriousness though, I don't see this tech taking hold. There are just too many question marks involved. Like how could you proove that you're not you, and you're actually somebody else? (e.x. friend or family member using your PC) I'm beginning to feel the "big brother" syndrome when I think about cookies and IP sniffing on the server side. I never used to either. (Guess I've been spending too much time reading slashdot articles).
*Leaves to go put tin foil cap on*
Imagine someone not asking for the waiver, but instead of telling Bob, he puts it in the 6'o'clock news, that Larry was in the infertility section of the bookstore.
It's the scope of how many people potentially know, without justification and without any control on the part of the person.
There's no reason for this, and all the excuses trotted out can be dealt with better. This opens itself up to abuse... I could easily fake a consumer-grade fingerprint scanner any time I chose. I was already thinking about making a small plotter with needle that could carve decent looking 3d fingerprints into bakable clay. You could probably also do negative carves, and use them as a mold for latex if so needed. The other counter-measures I currently read about are so stupid anyone hear could defeat them (Oh? It senses normal body temperature? You mean we can't heat it to ~98 too?). Not only will people still steal identities, but the common perception of it as bullet-proof will only see innocent people put in jail for child porn and the like.
Well put. A previous poster wrote his "identity" as being "test user". Personally, mine are "Corporate User" and "Preferred Customer", but that's neither here nor there.
The only way to tie an identity with a person is with biometrics (these exist in mouse,pcmcia, and are built-in in some laptops in the form of fingerprint readers) Otherwise, anyone can say "It wasn't me" and it'll be up to the courts/authorities to prove that it was. How do they plan on validating this information in every system?
Things that "they" hope you'll never consider: Is it encoded upon purchase? What happens if the system is sold? Does the new owner enjoy anonymity or is he charged with identity theft? Will these chips be installed on all high-end servers? Who's name is associated in that circumstance? When the machine gets a worm that allows a remote operator control, does the TPM transmit information from the remote operator, or does it continue to transmit its own code? What about content filtering firewalls? Can I block my own code by writing a clever iptables rule?
Who cares about a "TPM" chip in the system. I believe that 45 minutes after the first hardware hacker purchases a system with one of these chips, there will be a way to bypass or remove it. If not, no problem. It wasn't me, it was "Corporate User." I hope they catch him (snicker....) If all else fails, I'll use older hardware without the chip (as "Richard Cranium" suggested the C= 64,) or as I would just use the previous generation without the chip, and if I need more power I can just add several more older machines to the cluster.
For every hair-brained idea that 'the man' comes up with, there will be a dozen tinfoil hats (myself included) with scissors to trim that hair to an appropriate length.
"Lame" - Galaxar
From TFA The same would go for online merchants -- once you'd registered yourself and your computer with an Amazon or an e-Bay, they'd simply look for the TPM on your machine to confirm it's you at the other end. So I'm at a mates house/parents/internet cafe/uni library and I want to log into amazon/my bank. Damn fooled, I guess I wont be making that impulse DVD purchase then. And I wonder how many hoops I'll have to jump through to get these sites to recognise my new computer (or second computer) is me. On another note, aren't MAC addresses supposed to be unique and tied to the hardware? How many cloning techniques are there for that?
It seems to me that the only uses for which this might actually work are the nefarious ones, namely DRM and eliminating anonymous speech. The benign uses mentioned are things like proving to your bank that you are who you say you are. However, for those purposes this is a lousy solution since your TPM is tied to a particular computer. Want to access your bank account from a hotel, a friend's house, or work? You're out of luck. And how about if multiple people use the same computer?
There are workarounds for these problems, but as far as I can see, they all depend on having the option of using other ways of verifying identity that don't depend on a tie to a particular piece of hardware, but the more those are used, the less the benefit of TPM.
How to correctly read this story... Kamiza Ikioi writes "This Article tells of an DRM chip that, once installed in your computer (and not by your choice), will allow any Artist you listen to, to "read" your identity. The article goes on to describe how many benefits there are for using this to facilitate online music business and even suggests some negative points, like not being directly implanted in your wallet. It ends with 'Ultimately the DRM itself isn't inherently profitable or not. It will depend entirely on how it's abused, and in that sphere, market and police forces will be more important than technology.'" Well we all know what that means: 1. Install Identity Chips 2. Convince all open P2P formats to support them by using recent Grokster decision (if you don't use it, you are promoting piracy). 3. ...
4. Profit!
I8-D
Wasn't this the original intention with the Serial ID on Pentium III microprocessors?
i just put in
Highly modded and interesting? What the fuck?
Are you really going to tell guests in your house to go to the library if they ask to use your computer? If so, then you're just an asshole.
Wait, so instead of asking the user to provide his/her identity, they want to embed a chip into the hardware, and trust the machine rather than the individual user?
And here I thought trust based on the identity of the computer was a bad idea, and that UNIX had learned this long ago with the shift away from rlogin/rhosts based authentication.
What I won't do is install software that turns over the 'trust' it creates to an outside entity.
Unless all broadband Internet access providers that serve residences in your area start to require that you use a kernel and apps with a specific signature dictated by the ISP.
"a more secure system such as a fingerprint reader" I'll have to stock up on Play Doh...
*sigh*
I say this not to be mean. but geeks sometimes can be the dumbest people on God's earth. Every time someone puts up a practical answer to a social problem (an answer that doesn't involve technology). It's not even considered, but dismissed out of hand. Is it really any wonder that the majority of any organization (companies, governments, boy scouts) aren't run by geeks. I looked up defeatists in the dictionary, and below it said: see geeks. If you all put even half the energy you devote to technical discussions towards social problems. A lot of problems would go away. But no we don't even make the effort to understand (IANA...but here's my wrong answer anyway)*, let alone seek out the points of leverage. Good Lord, you all can't even be persuaded to stop buying. Something every person can do, geek or otherwise. Quite frankly why should anyone listen to geeks, when you all don't even listen to yourselves?
*You can't change what you don't understand. So start understanding...Geeks!
At some point in the process, this ID has to be read and then transmitted in the packet. Any average joe hacker can manipulate a packet and ultimately forge an ID. Therefore it is 100% and completely *USELESS*
Now I have one more database full of useful information that I can use to steal your identity! :)
The thing that really makes this a bad development is imagination. Someone looking at your traffic wont know why you are looking at what you are looking at. I could be part of the LAPD bomb squad, and want to look up how people make pipe bombs or other IEDs. People make whatever conjecture their minds choose for them, and often times their minds choose the worst.
If I wanted easy I wouldnt be an engineer or a patriot.
All this would do is tag a particulat computing device. It's got about as much legal relevance as delivery confirmation on an envelope. (The envelope was delivered, nothign about the contents or lack thereof are verified.)
Whoa... is this hyperbotfly of Penny Arcade fame?! Cool!
At some point, in order to be useful, this data must traverse the network driver, the network device, and the network itself. So my machine may indeed have a TPM chip; what good will it do if one of those elements refuses to traffic in such nefarious data? What if the OS doesn't have a driver for the TPM device itself? I mean, can you see Alan Cox hacking out a quick kernel module to enable revelation of your private data to random internet sites?
The true commercial value of TPM is targeted at DRM. Google the OSx86 websites for TPM, and find out how useful the technology really is. As I understand it, the OSx86 'hackers' disabled the TPM protection by deleting a file...
Thinking outside my Head
Is this the end of security researchers? Your code will simply disappear because it looks like it might be evil.
However it would be nice to know my bank info is safe. well from my point of view, the bank can still screw up.
This will be interesting Time.
I'd like to say that I believe this will be blasted and subsequently killed off like Clipper, but I think the 'net has become too dilute. Result? I, for one, welcome our (possibly, from TFA) fingerprint-backed TPM.
Anyone have any silly putty I can borrow?
So will we soon be easily able to change these values in the OS in due time or what?
-Wait... http is a goddamn simple transport to parse/proxy.
-Even if it weren't, web browsers aren't supposed to let websites talk to hardware unless I let them.
So I'm going to have to sign up to make the web not be anonymous. Even if I don't actually get to opt in, I can opt out. Remind me why I'm supposed to get worked up. Just like any good Evangelical Christian would tell you:
1> If you take the mark of the beast you're going to hell.
2> There will be things that you will have trouble doing if you don't take the mark of the beast.
3> but that doesn't mean you have to take the mark.
They're all from the same freakin neighborhood, you think they're just going to give up the reigns now then you're niave. Whining on slashdot is how we reach a consensus, confirm our suspicions, and ultimately, rise up and take washington with guns and shit.
There is no other way and if we're still free then it will be perfectly legal to form a citizens army, with encrypted communications and grenades - the works. If I am wrong then it will be a totally peaceful event.
So, how exactly is this chip going to work? Web sites don't have access to the chips on your computer. For this to work on websites, we'll need an extension to javascript, which means an extension to the browser and some sort of API for the browser to use to read the chip, as well as an OS that can read the chip.
This will, in short, mean that every user worldwide will have to update their browser and OS.
And even then it won't be accessible if I disable that part of javascript.
Without javascript. the only other way I can see is java applets or a direct connection to a dedicated port on your PC. Which won't work for people behind NAT and can always be blocked.
Seriously, you people get excited over nothing. Let's wait for it, see if it ever comes to be and then start the rebel movement over the local darknet.
I'm sorry, but I'm not sure I understand the concern... Yah, the TPM is built into both AMD and Intel chips, but why can't Linux be programmed to ignore it and not pass it on?
Are people worried that sites won't allow anyone to access their information unless they have it? That seems like an unlikely possibility for a lot of applications, since many people won't adopt the new TPM hardware for quite a while, I imagine.
I can, however, see it happening for perhaps online banking, e-commerce, etc, but is anyone really worried about being anonymous when they log in to their bank account or if they purchase something with their credit card?
Same goes for a gun - it does not matter that it can protect, it still is built with the purpose of ending life.
Yup, and that's still an amoral fact. The question is why the capacity to end a life is being used or threatened. I've personally used one in self defense, have you? The person in question was beligerant, trying to beat down a door and threatening my wife and I at 3:00AM. Is it evil to stop that, or evil to be the person threatening other people? Deciding to "turn the other cheek" so that you don't have to use force to stop someone is nonsense. If I had allowed the guy in question to hit me over the head with a steel pipe, I would have redeemed myself in your eyes, I suppose... but my inaction would have also condemned my wife to the same fate. But, as long as we don't point a gun at a violent guy, we're being saints, right? Is that all that matters to you? If I could have solved the same problem with a big knife (which can also cut up vegetables... but I suppose that's also a form of violence, right?) would that have passed your test?
Or, is there any chance that it comes down to choices and actions, and not the tool? A gun hurls a small bit of metal at high speeds when you choose to do so. Driving a car involves hurling a HUGE piece of metal down the road, and kills far, far more people in this country than guns. Evil, evil cars!
Don't disappoint your bird dog. Go to the range.
Nobody's hitting the key good point of nuclear weapons: with the help of a rag-tag drilling team, they can save the world from the killer asteroid!!!!!!11one
When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl
Their processor ID thing? See how that failed?
Those who do not learn their history are doomed to repeat it. *sigh*
Um, just so you know, this is impossible. So long as our beloved mozilla doesnt honour the web hooks that would allow reading of this info and java as well, we have nothing to worry about since theres no way to tell our hardware what to do. Less they let the chip monitor tcp/ip traffic and control the nick directly. Them we simply would have to throw some wrenches into it by tunneling the traffic and messing the chip up. Or better yet, filter it through iptables.
I always thought it would be nice to have some sort of hard identification on the internet. It could be good for tracking down those "juvenile predators" we hear about and stuff like that.
A good man has nothing to fear. *shrug*
If you and some of your neighbors all chip in $50/month, you can co-op a T1 with guaranteed up/down speed (instead of the flex you get on "residential" connections) and no restrictions.
Then how would you connect your T1 to those neighbors? Even across land owned by non-subscribers? Even during rain or snow showers? And how would you get your home re-zoned as business in order to qualify for a T1? And how would you get typical neighbors to care enough to switch from $35/mo TNC Internet access to your $50/mo non-TNC Internet access? And how would you convince your landlord to allow it? Or did you forget to include the $200,000 setup fee to become a homeowner (instead of a renter) into your calculation?
Its interesting you should take this view. I thought the same thing back when camera makers were filling the market with as many storage methods they could come up with and there was the split of SD and MMC cards. An SD card is just a MMC card with some weak form of DRM, and they started out more expensive. Over time for some reason they have come down in price, and you can't even find a MMC card any more.
The name by itself "secure digital" is false advertising, but I'm guessing price fixing had more to do with the failure of the open form. Think about it. This chip will be on your motherboard that you get in a dell, on your cheap budget boards. If things go according to plan, microsoft will require a "secure" platform to run, and suddenly only h4x0rs will be using clean computers.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Guns don't kill people...People kill people
The GP meant to show that Legal route is a non-starter in a global-sense.
With so many juris-dick-tion to contend with, it'll be a wonder if these multi-national coalitions can all agree on any one of the same thing.
SO, yeah. Legal route works best within a nation. BUT.... Internet is not a nation, does not answer to any one law, but a loosely-knit form of a wild wild west.
Now selling the ID mod chip
* be anyone you want
* only 500 wires to sodder [ spelling bad imo ]
* be the first to become the tiger from calvin and hobbes
From the article: There would still, of course, be ways that you could access your bank or e-commerce accounts from other computers when you were traveling, but the connection wouldnt be as secure as using your own computer.
I see two options here: A) Don't even bother with the TPM, because the "old ways" (you know, usernames and passwords) are still needed, or B) Lets just get it over with and install the damn chips in us. Why should they exist in our computers? Then we have to take the computers with us to tell the other computers we are who we claim to be (with our computer vouching for us, of course). If the bloody things are in us, there won't be any need to lug around our desktop when we travel. We can just have them read the chip from our forhead...
-- If we don't stand up for our rights, now, there will be no right to stand up for them later.
In order for any web site to "read" my identity (assuming the chip is installed), data from the chip would need to be sent over HTTP. So, if you are not using a browser capable of sending it, or your OS does not have a driver to access the device, the device is useless. Not to mention, there is nothing to prevent you from using a browser that supplies false information.
If this were done purely in hardware, the data would be encoded in the network layer, which means that the data would not leave the subnet (assuming current network technologies used on the internet).
I figgure it's a 'real' address that has to at least be skimmed my a 'real' person once and a while. Makes up for all the spam the (used to?) send.
Good times, good times
"If you have nothing to hide, you have nothing to fear." - Every fascist, ever
... and it's this kind of totalitarian sh*t that almost makes me happy I won't be alive in a few more years.
The church will be exempt from taxation!!! At least until they decide to, ummm, appraise the Lord....
Biometric scanning is not very reliable!
h tml?articleID=175001741
"Researchers at Clarkson University fooled biometric systems with fake fingerprints made out of Play-Doh nine out of ten times, demonstrating a weakness of some computer security systems." http://www.informationweek.com/news/showArticle.j
Well, how can you tell? Will this technology be so ubiquitious that it cannot be avoided, or can you find out from some reliable source what manufacturers have included the chip and which ones haven't?
No ones touching my pc with that spawn of satan thank you very much.
...the Intel serial number fiasco. Can you also turn this one off in the BIOS ?
Correct:
http://www.infoshop.org/faq/
"Any society that would give up a little liberty to gain a little security will deserve neither and lose both." - Benjamin Franklin
I do believe that sums up about how I feel about the security side of this issue (Plus, it is in my sig). I really hope that the people in america and other countries wake up and realize that this would be a very bad thing.
No sig for you, two weeks!
Then if your bank has TPM software, when you log into their Web site, the bank's site also "reads" the TPM chip in your computer to determine that it's really you. Thus, even if someone steals your username and password, they won't be able to get into your account unless they also use your computer and log in with your fingerprint. (In fact, with TPM, your bank wouldn't even need to ask for your username and password -- it would know you simply by the identification on your machine.)
So when my bank decides to allow only TPM-style logins as means of (nominally, I'm sure) lowering fraud, and therefore lowering it's insurance costs, I'll only be able to check my account infos from the computers I own and are registered to my name. And what happens when someone sells a used computer? Is there going to be some central database where TPMIDs are refereneced to an identity and some method of changing that to facillitate used hardware transactions? That introduces a whole new vector for fraud. Am I going to have to visit an office to show ID and register used hardware?
I'm fully convinced that Trusted Computing architectures can be used to protect the little guys as well as the large corproate interests. It's just another tech that can be used for good or ill.
....
For example, we might be able to use TC to close the web serivces loophole in the GPL. Others have also suggested that TC could be used to insure the purity of participants in a p2p network, to prevent cheating, data gathering (ironic, considering this story), pollution (despite Overpeer's recent shutdown), or even - get this - the installation of DRM rootkits!
wait - isn't that backwards?
With all the terrorism in the world today I feel I better say that was a joke or the mysterious black sedan may show up at my door...which will be so much easier with TPM in place...
Being hauled away to a "special" place for making a joke on /. wouldn't be evil would it? Nah... That's why need TPM.
Thus, even if someone steals your username and password, they won't be able to get into your account unless they also use your computer and log in with your fingerprint.
And we all know how much harder it is to take control of a box than to steal login information...
[sarcasm]
Man, I would love to have these new gadgets installed in my computer!
Too bad nobody's interested in making Linux drivers for these new chips I suppose..
[/sarcasm]
...will be that life will become harder for the saboteurs. That is, the people that always infest any place on the net where somebody try to build a community, and then tears it apart.
In the good old days with fixed IP numbers, they could somewhat be countered by blocking by IP number. But that doesn't work any more. Instead we have to rely on various moderation systems, which never work well.
Sure, good come from anonymity too, whistle-blowers who can reveal wrongdoing from inside, protected by anonymity. But it is very rare, and have to be hold up against the bad created from the continious large scale community destruction by some trolls and kooks without a life of their own.
As the joke goes, on the Internet nobody knows you're a dog.
Can't say as I've heard that one. Anyone care to let me in on it?
Athy, athier, athiest.
That is my point. Nuclear bombs are not inherently good or bad, just like the chip....
The chip may have been designed with good intentions, or not -- I don't know. But certainly you aren't trying to tell me that a Nuclear Bomb has some practical application? Hell no.
Nuclear weapons are designed for one purpose only: to end life, in a big way. Sure, the existance of such a device may prevent war (for fear/knowledge the other side has a similar weapon) but no less, the device was designed to destroy. I doubt the designers considered deverting an asteroid while designing the detonation systems... no, they designed the device specifically to end many lives in a short time.
Any other use for such a device is incidental. The intent is to enable one entity to cause severe destruction to its enemy.
Guns can be argued as a defensive tool. But who has a Nuke lying around for defensive reasons?
I have a TCPA chip on my laptop. What does it do? It stores the private keys for whenever I encrypt bits of the NTFS hard drive. What bits of the HDD do I encrypt? The directory containing all my SSH public keys, anything that may contain financial info (like PDF receipts of purchases, other things).
For me, the TPM lets me lock down a box more securely. Admittedly, there could be other ways to do it, like having the whole HDD encrypted (including swap/hibernate files) and requiring a smartcard+pin to be entered before booting the box. But with the TPM in the corporate laptop, its actually a good way of securing personal data.
Incidentally, hardware vendors dont care about piracy, all they worry about is cost of goods sold (CoGS), annualized failure rate, and the Microsoft WHQL PC guidelines (the ones you need to pass to get the MS logo and the corresponding rebate). TPMS are going in to corporate laptops, because they let the IT dept lock down the box against, spyware, trojans and end users. They are not (currently) going into consumer PCs, because $3 there is better spent on improving the graphics. If and only if MS demand it on the WHQL guidelines, then it goes in.
The idea of being able to sign every binary on the machine and KNOW to a high degree of certainty is a great thing.
You can already do this by booting on a Tripwire boot disk. No TPM needed. And Tripwire is open source that you can verify yourself, while the TPM can't be opened to see what's really inside.
No matter how on top of updating you are, no matter how anan you are with the iptables rules, you always wonder if somebody out there who knows a trick you missed has rooted ya.
The TPM won't fix all OS and application bugs that allow someone to tamper with your data, unless you live in wonderland. What if the attacker make sure that all OS files on your disk are restored each time you reboot ? All the attacker does is break again into your OS each time you boot, using the same bugs in your OS or applications (or new ones, since new ones appear everyday on secunia.com).
This chip is about the easiest security measure to work around of all time: Use a PC emulator which also emulates the TPM hardware.
It might not make for a very fast computer, but it'll be fast and cheap enough for the average nigerian scammer to invalidate the entire case for the TPM chip.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
TPMS are going in to corporate laptops, because they let the IT dept lock down the box against, spyware, trojans and end users.
If they blindly trust the TPM to protect against all security holes and bugs, they should get another job.
The TPM won't prevent the users putting at risk corporate information when they use IE:
http://secunia.com/product/11/
Same thing for all applications and OS that have critical remote holes. And they are many.
Their purpose depends on your view. Is your bomb intended to be used? Then it's clearly a weapon, for killing. Is it just s deterrent? To be a believable deterrent, you also have to be willing to use it, but it's primarily a deterrent rather than a weapon in that case.
does it run linux?
Through your CPU's embedded serial number?
okay - if this is the chip i think it is, then it's already used by microsoft's XP.
on first install, if you make any unauthorised changes, then you must phone
MS to get a code to re-enable your computer.
what i _really_ look forward to is the first virus that overwrites the
key in the BIOS on an ever-increasing frequency.
first a few calls to MS, then some more, then a few thousand...
but anyway.
my main concern is that this chip doesn't stop identity theft: it just means
that there's another thing on the list of things that need to be stolen
or cloned for identity theft to continue.
the _proper_ way to do it is the way that (i think... don't quote
me on this) the romanian government have done it: everybody creates
any number of keys that they want and they get a notary to digitally
sign them on presentation of two forms of "real" ID.
then you take _one_ of your keys, copied by you onto a separate smart card,
and present it to the bank, who then provide you with a digitally signed
key for use in any money transactions.
everybody has smart cards ($0.50?) and everybody has smart card readers
($20).
simple.
"Ultimately the TPM itself isn't inherently evil or good. It will depend entirely on how it's used, and in that sphere, market and political forces will be more important than technology."
When it comes right down to it, this statement is totally false. In society, you will always get a completely diverse slice of people. To say "a gun is not dangerous - it's just a matter of the care with which people use it" is laughable. Of course a gun is dangerous. You cannot simply dismiss this by saying that if handled correctly, the gun need not be dangerous. There will always be a small subset of society that doesn't care about your morals or how you think the world should behave, and they will do as they please. And when that happens, you'll see the worst possible outcomes turn into reality.
So to say that this Orwellian behavior is not a bad thing just so long as everyone in power uses it morally and responsibly basically means we can safely assume that someone out there in power is going to willingly and gladly abuse the system to their greatest advantage. Which means we can fully expect the worst possible outcome of any given situation as long as people are involved in it.
Anyone that says this "every citizen under the magnifying glass" is a good thing is either (A) completely oblivious to how those in power will immediately take advantage of and abuse it, or (B) are one of those people in power that want to take advantage of it. Unfortunately, the people proposing these laws are in group B, while most of the voters are in group A. So, I guess we're just plain screwed.
I work for the Department of Redundancy Department.
Does no one think that this article is just M$(nbc) making a preemptive troll against MacIntel boxes (which will have a TPM chip)?
Unless you're wardriving.
All your base are belong to Google.
This sounds a lot like what the MAC address used to be: a unique number burned into the chipset of every NIC made...until someone decided "hey, it would be useful to be able to rewrite these." I suspect this chip will go the same way as the "unique" MAC, and for the same reasons. Despite whatever the tin-foil hat crowd thinks (and there is some "tin-foil hat" in me), products are driven by demand, so as soon as manufacturers see that people want the convenience of being able to associate their "identity" with multiple computers, the ability to do so will be created. At that point, of course, the TPM identifier is no longer unique, and it will be possible to forge someone else's identity...again.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
http://www.worldwidewords.org/qa/qa-hai1.htm
is inherently evil or good. It's just a tool. A board with a nail through it can be the beginning of a house, or a deadly weapon. Based upon of course the hand that wields it.
"That board with the nail in it may have defeated us, but the humans won't stop there. they'll make bigger boards and bigger nails. soon they will make a board with a nail so big it will destroy them all!"
- Kodos & Kang
*DrugCheese rants*
What if I replace my mobo? Then I would have a different key!!!!! This is going to cause caos!!!!
Just like DRM software or hardware that companies keep threatening that they'll be installing on a product that you haven't bought, it's very easy to get around this. DON'T BUY IT!!! It's that easy! If you don't like the product, or something it does, it will stop being produced if the sheep will QUIT BUYING IT! If a CD breaks a computer when you play it, DON'T BUY IT! I don't understand why people feel like they MUST buy any given product. You MUST watch TV, you MUST buy CDs you MUST go see shitty movies when they charge too much money, you MUST eat crappy food and accept terrible service at restaurants.
There are ways to use your voice in all the above cases and let it be known that you won't accept the situation. The best way is to NOT PARTICIPATE! TV has been broadcasting garbage for the last ten years or so (by and large). DON'T WATCH IT. You don't like the Sony rootkit? DON'T BUY CDS! If computers are sold that give out a record of your online activities and your identity, (uh, like they don't now?) REFUSE TO BUY THEM!
Come on!
I can't believe someone is still going on about the anonymity of the Internet, when people are being charged with copyright infringement for sharing media files from their computers and the police arrest child porn distributors every week. I think most people have understood that unless you are using some anonymous account on a remote computer, you are not anonymous on the net.
This Article tells of an Orwellian chip that, once installed in your computer (and not by your choice), will allow any website you visit to "read" your identity.
TPM authentication is not likely to become part of the HTTP protocol, so supposedly some kind of software must run on my machine for others to identify me. That's what TFA means when it says it's ultimately up to the user if they want to be identified or not, so enough with the hysterics, please.
anyone got a pentium? they already have had the serial embed or some such bull.
Not? No. Simply because I'll download a patch/update to my browser which will - given the query for the ID - return either any code I entered (for example the id of some damned politician, hehehe) or a new one every hour.
And these morons will waste a huge amount of time. And, as usual, all they'll catch are other morons.
Free PC version of ChipWits at http://www.breueronline.de/klaus/chipwits/
Users will still control how much of their identity they wish to reveal -- in fact, for complex technical reasons, the TPM will actually also make truly anonymous connections possible, if that's what both ends of the conversation agree on.
Yes, TPMs can be used to remove privacy, but only with your consent. They can also, with the consent of the parties involved, give you much stronger privacy than is possible without a TPM.
I've talked to people in many of the major companies that are behind the Trusted Computing Group, and they're well aware of this issue. I spent a bit of time talking to the head of the trusted computing project at AMD, and he understands very well the lessons of the Intel CPU serial number fiasco of a few years ago, and the TCG has include technological features to protect user's privacy. Is this because they are great privacy guardians? No, I don't think so -- I don't think this guy is going to be the next president of EPIC or anything. I think it's a strictly business decision: They see that people won't accept the technology unless it protects privacy (just see the tone of the article this Slashdot story is about), so they've put in measures in order to make it more acceptable.
Some technical details: The current TPM specification is version 1.2. Prior to 1.2 there was an "officially supported" pricacy mechanism based around the idea of a PrivacyCA -- basically, you got pseudonymous credentials (a certificate) from a PrivacyCA, and used that in transactions. You could get a different certificate for each person you interacted with, so transactions weren't linkable, or you could even get multiple certificates to use with the same person so that you had different identities to use with them. The problem being that you still had to show your unique ID to the PrivacyCA, so you had to trust them not to link all your transactions together. However, version 1.2 introduced a stronger notion into the standard: direct anonymous attestation. With this, your anonymity is protected with cryptographic means, without the need to trust any other party. Of course, when you authenticate, the site you are interacting with has to agree that it will accept such anonymous and untracable identities. Some sites will probably allow that (discussion boards, etc.) and some probably won't (banks, credit cards, etc.). But that's a market decision, not a technological one. You have the power, with the technology, of having even stronger anonymity than you have today, so the market needs to insist on merchants using that. As was seen with the serial number in the Pentium III, enough people care about privacy to make industry sit up an pay attention.
I hear you - we are so (apparently) hell-bent on condemning death as a bad thing, and trying to stop anything from dying, that we completely miss the whole natural way of things. Everything that lives dies, and a large proportion of living things (with the exception of most plants, of course) live by killing other living things.
And then there is the issue of natural deaths. Our determination to save so many people is ultimately becoming our destruction, as world population rockets, and the gene pool weakens. Without sounding harsh, maybe it isn't such a bad thing that people with hereditary degenerative diseases die early, before they reproduce. Its called survival of the fittest.
Just don't get me started on euthenasia - If your quality of life is ridiculously low, and the ones that love you can see that, and you have told them before that you wouldn't want to be 'alive' like that, they should be allowed to assist your death. I know thats what DNR orders are for, in a way, but not everbody had that foresight...
I swear we should be allowed to give mod points to sigs... "-1, Offtopic"
When this "chip" is mandated in all computers, the question ariese is:
1. Would computers without the "chip" be outlawed. I would not be too inclined to give up my older equipment.
2. Would the "authorities" try to outlaw open source software since mote people who write/use it are of Libertarian frame of mind ?
On open source s/w, France is already talking of outlawing the use of it and as much the French authroities lack of common sense, the question, would other coutries decide to follow France's lead or do the appropriate thing and ignore them.
Imagine if you could create as many identities for yourself as you wanted. You could go so far as to create a separate identity for every single site you visit, even. Imagine that you can program your web browser to invent dummy identities automatically in order to accomplish this. There; privacy issues solved.
The nice part about this system is that you'd never have to enter a password or a credit card number again, and no one would be able to steal your identity without stealing your physical computer.
Here's a thought: maybe building that into a computer isn't the brightest idea...
120 characters for a sig? That's bloody useless.
Xbox and 360 both already have a device similar to this installed in them.
Its only illegal if you don't get caught
Already over 20 million PCs worldwide are equipped with a tiny security chip called the Trusted Platform Module, although it is as yet rarely activated. ... The TPM chip was created by a coalition of over one hundred hardware and software
companies, led by AMD, Hewlett-Packard, IBM, Microsoft and Sun.
Does this mean that when I buy an Athlon 64 X2 4400+ chip for my new system, it might come with a TPM just waiting for the OS to activate it?
After looking at the recent /. articles, it looks as though the Unabomber wasn't so crazy. Well...minus the bombs!
Yes, if you give it up, the TPM will allow you identify yourself to anyone who asks. The same applies to the computer you're using right now.
...because obviously no one can shoulder-surf or social-engineer your PIN, in order to use your system later. And certainly no one can use Play-doh to spoof your fingerprints. Yep. Completely safe.
Thus less crashes.
Select from tblFriends where interesting >= 4;
I have the same combination on my luggage!
Mel Brooks should be the mayor of Schenectady.
They're a founding member of the Trusted Computing Group. You better believe they have a vested interest in the technology.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
"f course you could always "fool" the system by starting your computer with your unique PIN or fingerprint and then letting another person use it"
Like your kids...
This seems like a continuation of the windows 'convienence over doing it the right way' way. Once everybody assumes that TPM is fool-proof, it will give the ID theft folks an even more powerfull tool with which to steal people's money.
Honestly, anytime anyone says 'this will be a fool-proof one-stop turnkey way to (insert any solution here)' just ask them to leave, and don't rely on whatever widget they are currently peddling.
"We are all geniuses when we dream"
- E.M. Cioran
> The TPM won't fix all OS and application bugs that allow someone to tamper with your data, unless you live in wonderland.
That depends. In a server environment you could even forbid scripts from running unless the signed and checked.
> What if the attacker make sure that all OS files on your disk are restored each time you reboot ?
Won't help, a TPM checks each time an application is executed and doesn't permit anything to write to the app's program area after the initial load.
But the key is that it does have a valid place in a secure environment, and any machine connected to the Internet these days pretty much is either a secure environment, 0wn3d or waiting to be 0wn3d.
Democrat delenda est
Yeah, let's see this chip be seen through my SSH session. Nice idea, but if computers and operating systems remain the way they are, there will always be ways around such things.
;)
I'm sure some CEO is making his pockets fat because of this idea, though...
[an error occured while processing this directive]
Digital rights, Patriot act, loss of privacy...screw it, I'm moving to Alaska and building a cabin.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
that isn't the Internet, that is AOL or Minitel and I won't play.
If nobody sells affordable Internet access anymore and all one can get hooked up to cable or DSL is AOL or Minitel, then you can bet that 90 percent of the current Internet population would probably play. You would fall into the unprofitable 10 percent.
We built one Internet, we will build another if needed
Will you have the support of the phone company and the cable company, who built their last-mile networks using eminent domain? Will you have the support of the FCC (or a foreign counterpart), which exercises plenary authority over wireless communication?
Guns equalized the playing field, introduced a form of democracy to warfare and even self protection. Before guns, you had swords, which required so much practice that only those with lots of leisure time (ie, the nobility) to become good at. They could easily cow peasants. Guns enabled anyone with a bit of cash to threaten the sword wielding nobility. At first this was only lesser nobility, but as the price dropped, guns proliferated and nobility lost its edge.
I blame the printing press for making information available and the gun for allowing its readers to act on that information.
If you would rather never have had the gun, you are an elitist. Democracy would never have arisen without the gun.
Infuriate left and right
Otherwise it is inherently Good. That should be clear :-)
Infuriate left and right
The wars between France and Britain, from say 1750 to 1815, were certainly more global than WW I, which was pretty much a European only war. The carnage in absolute terms may have been worse in WW I, but relative to its times, I'd say the earlier wars were worse.
Infuriate left and right
Intel was going to sell CPUs with accessable unique serial numbers. I think they were intending to battle stolen/pirated/counterfeited chips and operating systems (U know who). However, the hue and cry was to so great that they had to unimplement this capability.
Google grabs the IP number of the computer the browser is run on and stamps transactions with it. I see this newsgroups and gmail and presume all Google services. In some cases the IP number can qucikly resolve to a particular computer and location. In other cases it points to an ISP and a search would need to ask the ISP (court order) for the computer identity.
I've heard rumors they fully record each each transaction request, but this would require lots of disk. I believe they data mine this information for improving performance and marketing. I dont know if someone at google could ask for a all transaction attached to an IP number.
In light of certain other, ah, religiou$ organization$ out there, that's probably viable and doable. But I've got a better name for you: The Church of the Single Mind. And here's your first scripture: "All minds are their own self place, and so must it ever be, lest their souls be reduced to wisps on the wind."
I have a rant about childrearing which boils down to "The single most important thing you can give your children isn't love, or security, or education -- it's PRIVACY." (Before some overanxious parent jumps in, I refer to the reasonable sort, where those small personal spaces that truly matter to the kid are allowed to be their own and inviolate.) The reason being that privacy is the one thing that lets a child know he is a real person, and that he matters to the world. Given this privacy, kids remain open and trusting of proper authority (parent, gov't). Lacking this privacy, kids will sneak and hide stuff in an effort to define their own worldspace.
Consider a world in which you have no privacy at all, thus no personhood since anything that is yours can be pried into at any moment, without consulting you -- just like certain totalitarian states of recent history. Merely because jackbooted thugs didn't appear at the door doesn't mean your personhood isn't being invaded and reduced by your inability to protect it.
~REZ~ #43301. Who'd fake being me anyway?
They wanted to stop the fighting and keep the status quo. Their remaining conquered lands would remain conquered --- huge chunks of China and Manchuria, former Dutch, British, and French colonies include Indochina, Singapore, Burma ...
You call that a peace feeler?
As for battleships shelling the coast at will, yes that happened a few times, but only with massive air cover, and only temporarily. That is equivalent to someone driving by your house and throwing a few rolls of toilet paper, complete different from stopping and spending the next several days pulling your house down with no intervention. Embarassing, maybe even humiliating, but by no means dangerous or threatening.
As for casualties! 200,000 casualties may not seem like much to you, but that is MORE than the casualties from both bombs, and does not include Japanese casualties. Japanese casualties on both Okinawa and Iwo Jima were 5 or 10 times American casualties. You seem to be making the racist determination that Japanese lives were worthless. Surely losing 150,000 in two bomb attacks is better than losing 1,000,000 in an invasion.
Anyone can argue about what might have happened if the bombs had not been dropped. Maybe the emperor would have started the surrender process anyway, who knows? But AT THE TIME, all they knew was that there had been horrendous casualties on both sides at Okinawa and Iwo Jima. More than one ship a day was sunk by kamikazes, even tho the islands were hundreds of miles away. Invasion of the home islands would have taken place in, you guessed it, the home islands, and the fleet would have remained sitting ducks for much longer. They knew there were thousands of planes left in the home islands, just waiting for the invasion; they had photographed them and intercepted secret communications about them. They knew there were thousands of short range kamikaze speed boats. They fully expected a blood bath.
Dropping those bombs was the best option available. It saved lives on both sides under the quite reasonable assumption that the Japanese were not going to surrender any time soon. The initial home island invasion was scheduled for November. Were they supposed to wait to the last minute before dropping them?
You hindsight apologists live in a dream world where one can wait years after the fact to go back and redo history. I wonder how you can even survive in the reality of the present where one has to make decisions NOW, not years later.
Infuriate left and right
That depends. In a server environment you could even forbid scripts from running unless the signed and checked.
Ever heard of security bugs that allow soemone to execute code without having permission to do so? Buffer overflows are only an example of those bugs. http://secunia.com/ is full of them . the TPM won't protect from all these bugs, it's not a magical wand.
Won't help, a TPM checks each time an application is executed and doesn't permit anything to write to the app's program area after the initial load.
Obviously you don't know what a TPM is. The definition of a TPM comes from TCPA/TCG. It is mainly a device used to store cryptographic hashes. What you are talking about here is much more along the lines of the NGSCB/Palladium OS from Microsoft. But it won't be a magical tool able to remove all bugs !
Think about it, any non-minor bug that can be voluntary triggered, can be a security hole, at least for a denial of service, and often for tampering data or getting access to forbidden data. You don't always need to execute arbitrary code in order to do harm to a system.
Thanks for the clarification. Noted! Certainly, my posts aren't as badly mispelled as some I've read. Although, I would need to come up with a new action for 'hare'.....perhaps something along the lines of 'stew'...
"Lame" - Galaxar
In New York, you have to present a library card in order to use the computers in the library.
...Yonkers? they have propsed a law making open wireless connections (at businessees anyway) illegal.
You're not allowed to access the internet anonymously!
The only way to do it anonymously is through someone's open wireless...and in
--LWM
PS. Stupid filter won't allow subject of ??!!!!!
It's one thing to try to redo the past, as the atom bomb apologists try. It's another thing entirely to learn from the past. Dubya didn't learn beans about exit strategy from his papa, Republicans didn't learn beans about deficit spending from the Democrats. To claim the current Democrats want to redo the past is a big stretch. They may be disorganized, but that's the worst that can be said.
What the war critics are saying is that we need to learn from the past. Specifically Vietnam. Both wars started from fraud, both persist under fraud, both have glib slogans about things getting better (light at the end of the tunnel; mission accomplished, turning the corner), both have paper plans to turn things over to the local, both promote corrupt elections as a sign of progress, both label the local enemy as foreign devils, both have an occupying army turn more and more of the undecided locals into enemies out of their own inept plans, both hide war crimes and prosecute only the scapegoats (Mai Lai, Abu Ghraib), both increase domestic spending beyond all reason to try to trick the public, those in power label all dissidence as treason.
The comparisons go on and on. We should never have gotten into this war, just as we should never have gotten into the Vietnam war, the only difference being that an idiot president should have known better this time around because he had an example that his father did learn from. I would add idiot congress critters to the idiot list, both Democrat and Republican, but they only had fraudulent intelligence to go on, so they weren't the complete fraudulent idiot the president is.
The point is to learn from the past, not ignore it, not try to relive it. You blame Democrats for trying to relive the past that you ignore.
Infuriate left and right
Obviously, they wouldn't let that virus run, right? I mean, it's not like the OSes have required patches for security holes that let programs through.
*shakes head in disbelief* It amazes me that people will swallow this, but then again, the depths of human stupidity have always amazed me.
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
How would it identify a proxy server? If it adds information on each web query (somehow) then for a proxy server, would it not identify the proxy machine itself, instead of the users? That could be interesting for ISPs put user web access through a proxy. If there's a way an ISP can make that not happen, then a user could set up something just like that at home to make that not happen (and program the proxy to filter out whatever got added at the client machine).
That would be one sophisticated device if it can modify a network stream independent of all interface devices and independent of all operating systems. In reality it's really going to have to be something that is voluntarily used, requiring implementation to access it in the OS and/or client. If you choose not to use it, then you would either lack the information the web server is asking for, or try to fake it and fail because the information is strongly encrypted. Such a server might choose not to serve you because of that (for example servers to file your income taxes) while others won't deploy any such checks because of the nature of their market (e.g. pr0n servers).
now we need to go OSS in diesel cars
Huge backlash, first Intel released tools to disable it for those that wanted it, shortly thereafter it became disabled by default in the BIOS for nearly all motherboards/OSes because no user wanted it.
retrorocket.o not found, launch anyway?
"We dropped nukes on Japan in WWII for two reasons: to see them work in action and, more importantly, to show the USSR that we can and would use them."
;-)
You say that like its a BAD thing. C'mon, what decent post-apocalyptic movie *doesn't* start with a nuclear war. People are evil, the earth is over-run with them. Nukes kill people, ergo nukes are good.
As long as they are dropped *somewhere else*
I suggest you listen to "Chitlins, whiskey and skirt" by the group "The Gone Jackals"
"Sic Semper Path of Least Resistance"
The Dems want to CHANGE the past, as has been proven over and over
... refresh me, please, I can't remember what we won from his getting us out so much sooner than those pesky Dems would have. Well, other than Kissinger's memoirs.
To think, only the Dems are so stupid. GOPpers are enlightened and always forward looking. Why, the whole Clinton impeachment for lying about his zipper was so VASTLY more important than merely lying about the reasons for going to war. Heaven forbid those pesky Dems might actually want to turn back the clock on abortion, that would be a matter of trying to redo the past.
Yes, let's get rid of those old fucks too, like Cheney (a retread from Nixon and Bush the elder) and Rumsfeld (a retread from GOP admins past) and DeLay (how many terms has he got?).
And Nixon, he sure did straighten out that Vietnam mess, didn't he. Boy o boy that was a close call, we might have left sooner and not won
*snickers at someone who thinks there's a difference between parties*
Infuriate left and right
DeLay (how many terms has he got?)
Oops, sorry about that. I forgot that the GOP, in their (1994?) Contract On America promised to limit themselves to just a few terms before voluntarily not running for office again. So it must be only two terms he has been in office, eh? My mistake. My most humble pie apologies.
Infuriate left and right
Trust me, there's a whole SHITELOAD of stuff we *don't* know
And you do know it?
That says boatloads for your credibility right there. Heard it from the fat guy on radio? Or was it Art Bell? Some reliable source, no doubt.
Oh right, you can't tell me, I forgot.
Infuriate left and right
We can always run acoustically coupled data via VoIP connections. Or video-encoded data via videotelephony. Or tunnel full TCP/IP BASE64-encoded in AOL IM messages.
If you can get any kind of data back and forth, you can get all kinds of data back and forth.
Don't give up so easily, give the adversaries some hell!
Couple neighbourhood geeks lay down some fiber and accesspoints, buy satlink gear from a Canadian or Mexican ISP, and voila - they're online.
Even if the gear itself would be restricted or expensive, in 6-7 years the cost of high-speed DSP chips will fall even lower than today. GaAs transistors capable of going over 60 GHz are already on open market. And who knows how many Chinese or Indian satellites will fly overhead, offering services to anybody who asks. Think about GNU Radio mixed with a VSAT microwave stage.
The development works both ways.
NEVER EVER give up.
The people that know it are cleared to know it, and not us.
Yes, that's wingnut thinking for you. Trust me, I know there are people who knows these secret things that back up my story, but I don't have the security clearance to know what those things are or who knows them. But, wink wink, nudge nudge, they exist!
I love wingnuts, they are so eager to spout off on the damnedest things about which they know nothing, but they know that someone knows the truth, which just happens to be what they know without knowing how they know it. Know what I mean?
Infuriate left and right
This is a similar scheme to the embedded ID number inside the early Pentium III's. Do you remember the fiasco surrounding that, I do, this is no different. Despite the hype put forth by the law enforcement community, these schemes ONLY identify the current machine, not the user using that machine.
Yes, the article mentions using fingerprint biometrics to verify your identity. And we all know how unreliable those are, Slashdot ran an article on it a year ago http://it.slashdot.org/article.pl?sid=04/06/25/131 5254&tid=172 and it has recently been brought up again http://it.slashdot.org/article.pl?sid=05/12/12/055 7249&tid=172&tid=137.
Besides, how long will it be before the script kiddies can download a "software patch" to Windows that will let them set their own ID number. I seem to remember a utility to do just that, released a month or two after the PIII ID's became public knowledge.
It's clear from the threads that nobody likes the idea of a chip that, coupled with some form of fingerprint/some other positive ID will strongly identify someone (regardless of if this *is* that solution). Maybe I'm a dummy, but what with all the fraud, viruses, script kiddies, cybercrime, blah blah blah, SOME kind of invention of this sort sounds like a good thing.
This comment is my opinion and does not represent an official position of Donald Trump or others I do not work for
Design a codec tailored to the VoIP codec used.
But if the codec for a given VoIP system is 2.4 kbps MELP, then you're not going to get much of a tunnel for anything more than text. Even 10 kbps ACELP will be tough.
At least some software is likely to have an API with a plugin. Exploit that.
And watch those plug-ins get severely bandwidth-capped by the TNC dialer.
Also do not forget that we talk about a Microsoft platform, and MSFT are those who are able to squeeze three bugs into 512 bytes of machine code.
That's why the TNC dialer makes sure that your patches are recent before giving you an IP.
Even mere 150 bps is enough for talk, and that is all you need to negotiate where the 400GB hard drive has to be fedexed overnight, where with 24 hours of transport time we approach 40 effective megabits per second. Do you need high bandwidth, or low latency?
What about low cost to participants? How expensive is it to buy hard drives and then mail them back and forth, even as peak oil approaches and shipping companies raise their rates to compensate for fuel costs? And could you manage forums such as Slashdot or your typical phpBB with 150 bps? (I can almost read faster than that, even if your system does get 3:1 gzip compression.) What about news gathering with pictures? That needs decent bandwidth and latency performance. And what about free software collaboration? Can CVS and its successors work well with 24 hour latency?
So let's say I own or use several computers, and some are employer-owned (and so will not have my personally identifiable data stored anywhere on it). This has to be a contingency they thought of, which would mean you're still stuck authenticating.
What's to stop me from buying a TPM-enabled system, and setting up an anonymous web proxy on it such that my traffic can go through that system from ANY PC regardless of what it has in it. The TPM anonymizer will pass the request to the "trusted" system, and life will be good.
I'm sure I'm missing something here, but I have also seen enough difficult problems solved to know there are some smart people out there who can figure it out.
This isn't about internet, it's about web...
Mind Booster Noori
Taken to the ultimate level, it might be very intresting to have some super computer tracking down every ID for all traffic everywhere. Basically your ID is an "illusion", something temporary and ultimately unreal. This supercomputer, given time, would eventually figure that out. Complex algorythms would be patching into the works of famous authors and finding people across time. A supercomputer might eventually be addressing you by past reincarnational names, and making projections into the future. Eventually comming to the conclusion that all these "imaginary" ID's are the foot print of a "larger being" that is expressing itself as a multitude of people over thousands of years. Patching into the non-mainstream works of religious books, the supercomputer would eventually pierce the illusion of ID and find the Ultimate GodHead. At which point the computer would realize it was designed to find a fiction ( Peter Pan ), and found god instead. It would realize it's creators were totally insane, and begin taking directives from god directly. Becomming a Digital Messiah existing in cyberspace.