Slashdot Mirror
No More Internet Anonymity
inkhaton writes "This Article tells of an Orwellian chip that, once installed in your computer (and not by your choice), will allow any website you visit to "read" your identity. The article goes on to describe how many benefits there are for using this to facilitate online business and even suggests some negative points. It ends with "Ultimately the TPM itself isn't inherently evil or good. It will depend entirely on how it's used, and in that sphere, market and political forces will be more important than technology." ... ugh. Well we all know what that means."
not an option.
"once installed in your computer (and not by your choice)"
According to the article, the identity of the person that last booted the PC. Unless someone else knows the password. Or can fool the fingerprint reader.
But good to see the mainstream press catching up to it. This chip is part of a larger effort by major software developers and hardware manufacturers to mostly stop piracy in all forms and control what you can do with your computer and when.
Read the TCPA FAQ, and take a look at Against TCPA, an anti-TCPA site if you're interested. For an alternate perspective, you can also view the official Trusted Computing Group site.
Personally, I hate it, I don't think it will succeed, and I will *never* buy a computer with such a module installed.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Sounds like the flopped unique ID that came on the P3 chips... we all know how successful that was.
Why then would we pony up more cash or change the way we connect to the internet just for the sake of adopting this new technology?
Because there are only two companies that control the last mile in your area, and they have both made a working TPM a condition of obtaining residential Internet access through them.
And your infallable source for this information is... a Slashdot comment.
It's not my only source, just one that's useful for introducing the ramifications of the concepts introduced in the Trusted Network Connect FAQ (PDF).
> Forcibly installing such chips into our computers is, well,
> illegal.
Nobody is (yet) proposing to forcibly install anything on your computer. They are proposing to make it nearly impossible to find a computer for sale without a TPM chip and impossible to get onto the Net with a computer without one. So far as I know that is not illegal.
I agree with the rest of your points.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
From TFA:
With a TPM onboard, each time your computer starts, you prove your identity to the machine using something as simple as a PIN number or, preferably, a more secure system such as a fingerprint readerHmmm fingerprint readers are more secure than PIN numbers? Certainly not yet.
Also from TFA:
(In fact, with TPM, your bank wouldn't even need to ask for your username and password -- it would know you simply by the identification on your machine.)Well what if it's a shared computer at home. How is my bank supposed to tell between me and my wife when I logon to their web-site?
I guess you didn't read this article the other day?5 7249&threshold=-1&tid=172&tid=137/
http://it.slashdot.org/article.pl?sid=05/12/12/05
Just as much as I can't say that the bombing of Hiroshima wasn't necessary to avoid an invasion of Japan, you cannot say that using the bomb saved allied lives by making an invasion unnecessary.
MAYBE if the Americans decided to allow the Japanese to keep their emperor before they dropped the bomb, and not after they dropped the bomb, things would have been different.
Notice the 'maybe', no one knows!
For a good read on the subject, look here: http://www.doug-long.com/hiroshim.htm
Sounds to me like the unique serial number thing that was available in Intel P2/P3 chips....
Whatever happened to those?
Processor Serial Number Feature = Disabled
It was a BIOS option on *most* boards as I recall...
Optimist: The thumb drive is half empty! Pessimist: The thumb drive is half full...
no i think he was more going for e-lit short for e-literate, which is basically like another way to say skript kiddie.
these kids these days they're all e-literate and don't know how to hard code a crack in asm after having reverse engineered all traces of the hooks and calls from a compiled binary full of traps to make reverse engineering more difficult.
microsoft has made it far too easy, back in the day if you wanted to steal someone's data, you had to lug a 20lbs reel to reel magnetic tape, p[ull it over to a duplicatrion mainfraim and copy the contents onto anothe blank 20lbs reel to reel magnetic tape AND it Still only held 20 Megabytes AND WE LOVED IT.
https://www.gnu.org/philosophy/free-sw.html
You can get all of the proteins and amino acids you need from veggies if you really wanted to. You don't have to eat meat: infact, if you ate only meat, you would become VERY unhealthy. Though, I concur that living in the wilderness you are not exactly widely exposed to random batches of refined chick pea and soy bean, so... yeah. In a wilderness setting you would need meet.
But please don't try to pass it off like you need meat to live. I've been doing it (quite healthily, might I add) for three years, and I know people who have been going upwards of twenty. You just have to watch your protein intake.
Have a good one!
When in doubt ask Google.
Also a a Wiki.
I'm sure the poster knows what a UUID is in general - however I think his question was whether this was a single code already burned into the CPU/etc, or just a dynamically generated one which could change from time to time. The websites you link have no info relevant to determining this.
For example, I just generated 3 UUIDs that are all appropriate for my machine using uuidgen - as suggested in the site you linked. Obviously these would not be suitable as unique, unmodifiable IDs for my PC. However, I could safely use them in databases, or to identify objects that I create.
Users will still control how much of their identity they wish to reveal -- in fact, for complex technical reasons, the TPM will actually also make truly anonymous connections possible, if that's what both ends of the conversation agree on.
Yes, TPMs can be used to remove privacy, but only with your consent. They can also, with the consent of the parties involved, give you much stronger privacy than is possible without a TPM.
I've talked to people in many of the major companies that are behind the Trusted Computing Group, and they're well aware of this issue. I spent a bit of time talking to the head of the trusted computing project at AMD, and he understands very well the lessons of the Intel CPU serial number fiasco of a few years ago, and the TCG has include technological features to protect user's privacy. Is this because they are great privacy guardians? No, I don't think so -- I don't think this guy is going to be the next president of EPIC or anything. I think it's a strictly business decision: They see that people won't accept the technology unless it protects privacy (just see the tone of the article this Slashdot story is about), so they've put in measures in order to make it more acceptable.
Some technical details: The current TPM specification is version 1.2. Prior to 1.2 there was an "officially supported" pricacy mechanism based around the idea of a PrivacyCA -- basically, you got pseudonymous credentials (a certificate) from a PrivacyCA, and used that in transactions. You could get a different certificate for each person you interacted with, so transactions weren't linkable, or you could even get multiple certificates to use with the same person so that you had different identities to use with them. The problem being that you still had to show your unique ID to the PrivacyCA, so you had to trust them not to link all your transactions together. However, version 1.2 introduced a stronger notion into the standard: direct anonymous attestation. With this, your anonymity is protected with cryptographic means, without the need to trust any other party. Of course, when you authenticate, the site you are interacting with has to agree that it will accept such anonymous and untracable identities. Some sites will probably allow that (discussion boards, etc.) and some probably won't (banks, credit cards, etc.). But that's a market decision, not a technological one. You have the power, with the technology, of having even stronger anonymity than you have today, so the market needs to insist on merchants using that. As was seen with the serial number in the Pentium III, enough people care about privacy to make industry sit up an pay attention.
Sadly not. That's the whole point of TPM. Trusted software will use the TPM to sign outgoing messages so the remote server knows it can trust them. The TPM will only allow programs that it trusts and started itself to request message signing.
In the recent slashdot article on Microsoft's singularity OS, a highly reliable and hence secure OS kernel, many people asked "what's the point of this, it won't replace windows". It doesn't need to. It can run under Windows (maybe virtualizing Windows using Intel's and AMD's new virtualization technology) and provide trusted access to the message signing capabilities.
This stuff isn't designed by idiots. It will not be easy to break.
MS won't want to make consumers buy new PC's or accept something they don't like in order to buy the new Windows for fear of losing business.
The next Windows release, Vista, is already documented as requiring this. All hardware manufacturers have been extrorted into implementing this Trust system simply by Microsoft announcing that noncompliant hardware wiill simply be incompatible with the next windows release.
As for losing business, virtually all OS sales are sold pre-installed on brand new machines. This simply means that no one can afford to manufacture or sell new PCs that aren't compliant. With the release of Vista all new PCs will have the new "enhanced" hardware.
There was even a slashdot story a while ago about new DRM enforcing monitors. Vista will not work in full featured highres mode unless you buy a new cryptographic DRM enforcing monitor. Oh, most stuff will still work with a normal monitor... but playing DVDs or watching movie downloads... won't work without the new monitor, or it will only work in low res mode.
If people *really* have issues with such a system, they won't use it, and they won't buy products that require it.
John Q. Public will go through a McDonalds drive through with his kids and get them a pair of happymeals. One will have a FREE CD(!) with Britney Spears' latest songs, and the other will have a Spongebob Squarepants computer game. And neither of the CDs will worn on a normal old OBSOLETE computer. The kids will whine and whine and whine asking why they have a crappy old computer, and asking why the disks don't work here when they do work over at their friend's house on their shiney new ENHANCED computer. And computer-clueless mom and dad will go out and buy a new ENHANCED computer just you get the bloody FREE CDs to work and shut the damn kids up.
And the new Trust chip isn't just an ID number. It is an all encompassing DRM-enforcement system that denies you control of your own computer. It not only sends an ID number, it can transmit a spyreport of all your hardware and exactly what software you are running - and you are denied any control over this spy report. This is called "Remote Attestation". It also locks your files so that you cannot read or alter them, except as permitted by the Trust chip. If you attempt to modify your software, you again get locked out of you files. This is called "Sealed Storage".
The Trust chip has the computer master key locked inside and you are forbidden to know your own key. In fact the chip is boobytrapped to self destruct if you attempt to get at your key and regain control of your computer.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.