Slashdot Mirror
No More Internet Anonymity
inkhaton writes "This Article tells of an Orwellian chip that, once installed in your computer (and not by your choice), will allow any website you visit to "read" your identity. The article goes on to describe how many benefits there are for using this to facilitate online business and even suggests some negative points. It ends with "Ultimately the TPM itself isn't inherently evil or good. It will depend entirely on how it's used, and in that sphere, market and political forces will be more important than technology." ... ugh. Well we all know what that means."
Your real identity or someone who used your computer while they were over your house, or someone that borrowed your laptop?
Bradley Holt
Is any technology inherently good or evil?
This is a lot like the MP3 market -
We already have systems that work fine without this invasive technology - just like we already have MP3 technology for making nice MP3 files to listen to and download.
Why then would we pony up more cash or change the way we connect to the internet just for the sake of adopting this new technology?
These approaches for more DRM and more end-user-ownership by the corps is almost always stick and almost never carrot.
I am government man, come from the government. The government has sent me. -- G.I.R.
Ultimately the TPM itself isn't inherently evil or good.
I'd like to hear of any inanimate object that is inherently evil or good. Nuclear bombs aren't inherently evil or good, it's just how you use them. Otherwise they just sit there.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Anyway, I'm not sure there will be any such thing as privacy in the near future. Right now it's already becoming a luxury good, and pretty soon only millionaires will be able to afford it.
There is a solution, but no guarantee we'll reach it. We need to define an individual's personal information as belonging to that individual, and any use or reference to that information should only be with permission, and based on some good reason. To put actual teeth in such a legal principle, I think it needs to be coupled with a right to store your own information (presumably on your own computer). Without such a basis for protecting privacy... Well, you'd better get use to appearing all over the Internet when you least expect it.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
This will never fly, and not for the reasons we would hope for.
Here are the scenarios:
1) Chip reports stuff, but data stream is wide open, so middlemen can change whatever they want.
2) Chip reports stuff, but with shitty encryption so the gov't can still do its wiretaps and echelon won't break. System is hacked within a couple days and the whole 'chip' idea becomes worthless.
3) Chip reports stuff, but with robust encryption. The site you are talking to knows who you are, but people between you and them can't sniff your actions other than knowing that 'some sort of communication took place'.
Plus variations. This could actually make webs of trust (a la the direction that Freenet appears to be going) more secure, since you know that your neighbors haven't been man-in-the-middled.
Where there is a will there is an option.
If you don't like it then don't buy it.
1) People likely won't know about it, and Joe Average will just buy it with his computer not realizing the problem and risks.
2) There are only so many hardware providers. What happens when they all carry it? Unless you like build your computers from scrap, you'd be stuck with it. And at some point, they'll just start carrying them on all processors or something. This was made by an alliance of AMD, Hewlett-Packard, IBM, Microsoft and Sun after all. If Intel joined the fray, the computing world would be sunk.
I've been thinking about this; the problem is the legal route to this is pretty much a nonstarter already. But maybe there is a loophole; I think we should all start a church. The Church of the Super Paranoid, or something like that. That way we could cry religious persecution if intrusive privacy-stealing measures are used against us. I'm certain I would have no problem convincing a sizeable chunk of the Slashdot population to swear and affirm (on a stack of punched cards) that their right to crypto and absolute mastery over who sees their porn stash is both vital and indispensable to the very core of their identity. I think it could work.
At the very least, the crazy fundies will lobby for laws that would help us... :0
If Jesus wants me it knows where to find me.
I fail to see how this is like Communism.
This relates to Fascism much more than Communism.
What about the plathora of secuirty issues we are faced with today, combine that with a preempted identity management system and you spell disaster.
It would bring on a new level of phishing one that would be alot more difficult circumvent and alot easier to exploit once the phiser has what he needs from their victims.
Engineers and techs are very smart people but sometimes they lack the day-to-day vision around the issue.
Plus, im sure there'll be a bunch of eager hackers waiting patiently for this to come along, if they are able to stick linux on an ipod i'm sure they'll be able to get around this.
The Evil Bit is inherently evil! :-)
>ugh. Well we all know what that means.
Sigh. Yes. Everyone will just sit around slashdot whining about it, and not lift one finger to get control of it via their elected officials.
-- "In order to have power, I must be taken seriously." -Mojo Jojo
BWAHAHA! Dude, have you compiled a kernel recently? It does have support for this - only the kernel states it as a module that can be used in conjunction with the chip, to store "key data" seperate from the system, to increase security, or something. Mayby it will allow Linux to selectively use the TPM chip where required for authentication (i do my banking etc across 3 computers, identifying anything on a per-computer basis can be stupid). The TPM chip is far from just an identifier, its got memory and can be used for other general things.
Its more that, in Linux, the TPM chip will be used for security (good), and in winblows it will be used for ease-of-use/profit (evil). So, im guessing in Linux you'll be able to spoof ID's
Just as soon as I can kill or maim someone by operating my computer recklessly, we can talk about mandating publicly visible identifiers for them.
I too have felt the cold finger of injustice.
Well I never really considered little yellow cloth stars or number tattoos "good" or "evil" in and of themselves... but you know while we are at it lets brand everyone's social security number on their arm... you know so you can't lie to women at bars about being Leonardo DiCaprio.
" Intel quickly made the serial number disabled by default, and few web sites ever started using it."
It is not like the CPUID is the only part of your system that has a unique ID. Just think about the hardware address of your networkcard. Sure some people change them but very very few change them periodically and with the introduction of IPv6 and its automatic address discovery soon everybody will know your MAC.
You went to McDonald's for lunch...did they record your license plate and/or VIN? Did you drive up to your bank to make a deposit, and if so, did they check your license plate and/or VIN before letting you access your account? Did the city government make record of your license plate and VIN as you traveled through various intersections? Did the park and recreation department take a record of your entrance and exit times when you visited city park?
Basically, just go back and look at all of the arguments that were made when Intel proposed the Processor Serial Number as a GUID. The arguments remain, and will always be, completely valid.
Jim
What I won't do is install software that turns over the 'trust' it creates to an outside entity.
Unless all broadband Internet access providers that serve residences in your area start to require that you use a kernel and apps with a specific signature dictated by the ISP.
Unfortunately the Universe may grow old and die before you manage to compute a valid data packet without having access to the private key (which is burned into the chip and can't be read back, ever.)
For example:
If you break this sequence then the authentication fails.
This chip is about the easiest security measure to work around of all time: Use a PC emulator which also emulates the TPM hardware.
It might not make for a very fast computer, but it'll be fast and cheap enough for the average nigerian scammer to invalidate the entire case for the TPM chip.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Imagine if you could create as many identities for yourself as you wanted. You could go so far as to create a separate identity for every single site you visit, even. Imagine that you can program your web browser to invent dummy identities automatically in order to accomplish this. There; privacy issues solved.
The nice part about this system is that you'd never have to enter a password or a credit card number again, and no one would be able to steal your identity without stealing your physical computer.
Digital rights, Patriot act, loss of privacy...screw it, I'm moving to Alaska and building a cabin.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning