Slashdot Mirror

← Back to Stories (view on slashdot.org)

No More Internet Anonymity

Posted by samzenpus on from the the-computer-knows dept.

inkhaton writes "This Article tells of an Orwellian chip that, once installed in your computer (and not by your choice), will allow any website you visit to "read" your identity. The article goes on to describe how many benefits there are for using this to facilitate online business and even suggests some negative points. It ends with "Ultimately the TPM itself isn't inherently evil or good. It will depend entirely on how it's used, and in that sphere, market and political forces will be more important than technology." ... ugh. Well we all know what that means."

16 of 740 comments (clear)

  1. Real Identity? by mysqlrocks · · Score: 4, Insightful

    Your real identity or someone who used your computer while they were over your house, or someone that borrowed your laptop?

    --
    Bradley Holt
    1. Re:Real Identity? by ArchAngelQ · · Score: 5, Insightful

      Or the 3117 haxor who used the latest TMP chip crack to change their TMP ID to be the same as yours, which they got from the worm that still can get installed on your machine...

    2. Re:Real Identity? by incubusnb · · Score: 4, Insightful
      thats what the Library is for. Unless, of course, it becomes law that all public terminals require a fingerprint or retina scan before use to garantee that the user is known.

      if things keep going this way...

      --
      /. is overrun by bed-wetting elitist nerds
      let it be known, for anything other than servers, a *nix OS sucks
    3. Re:Real Identity? by ArchAngelQ · · Score: 5, Insightful

      The real point of my above comment was: This system is effectively worthless until the fundimental security issues surrounding general use computers is resolved to a better state. It is likely an unsolveable problem as long as 'computers' remain general use computational tools, as general use includes all of the abilities needed to circomvent even the best security. Perhaps not in a timely fasion, which is what has generally been relied on.

      Implimenting this in hardware means that it's inherintly less adaptable than software. Which means software will be able to adapt around it. Perhaps not in the machine itself, but it's just data out. It should be trivially easy to man in the middle your own outgoing datastream to be able to incorporate any TMP data you want, likely possible even without additional hardware.

    4. Re:Real Identity? by Crayon+Kid · · Score: 4, Insightful

      Identity thieves will have a long field day..

      I second that. The more perfect you consider an identification method to be, the more perfectly you will be fooled by a fake.

      --
      i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
    5. Re:Real Identity? by Your+Anus · · Score: 4, Insightful
      Yeah, that's great except you might use several different machines on a particular day (home computer, work computer, cell phone). You might also have to replace your machine one day.

      Unless you carry around an implanted chip, how is the bank going to know it's the "real you?" Maybe they have a whitelist, or maybe you have to go through some verification process the first time to tie the machine to your account or something, but it sounds a bit hokey.

      One other thing that gets me is how does the bank know your computer has a TPM chip. It can ask, but it has to trust that the computer will answer truthfully. If you set up an intervening program that says, "Sure, I have a TPM chip. You can trust me!" and then emulate the TPM, with a fake ID of course, I don't see how the bank can tell the difference. If I can think of that there's already a bunch of hackers who have, and they are all saying "Excellent" in their best Mr. Burns voices.

      --

      In the USA, we like stuff watered down, like beer, television, and freedom.
  2. Question is by obeythefist · · Score: 4, Insightful

    This is a lot like the MP3 market -

    We already have systems that work fine without this invasive technology - just like we already have MP3 technology for making nice MP3 files to listen to and download.

    Why then would we pony up more cash or change the way we connect to the internet just for the sake of adopting this new technology?

    These approaches for more DRM and more end-user-ownership by the corps is almost always stick and almost never carrot.

    --
    I am government man, come from the government. The government has sent me. -- G.I.R.
  3. duh by stoolpigeon · · Score: 5, Insightful

    Ultimately the TPM itself isn't inherently evil or good.
     
    I'd like to hear of any inanimate object that is inherently evil or good. Nuclear bombs aren't inherently evil or good, it's just how you use them. Otherwise they just sit there.

    --
    It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
    1. Re:duh by intnsred · · Score: 3, Insightful

      I'm glad it was Harry Truman and not you who made that decision in 1945.

      Why? We're not really going to trot out that rubbish about needing to use nukes against Japan, are we? A few points to consider:

      * Before the US dropped nukes, Japan was already sending out requests for peace through several countries. The sticking point was that the Japanese wanted to keep Hirohito as a figurehead emperor -- the exact same deal the US privately agreed to.

      * Before the US dropped nukes, Japan was so defeated that the US could park battleships off the Japanese coast and shell at will -- without response.

      * The much quoted figure of "1 million" US casualties in the event of a Japanese invasion is sheer fiction. The War Department put the figure at two hundred thousand casualties (horrific yes, but certainly not 1 million).

      * General Leslie Groves, military commander of the WWII Manhattan Project to build an atomic bomb, said bluntly, "There was never, from about two weeks from the time I took charge of this Project, any illusion on my part but that Russia was our enemy, and the Project was conducted on that basis."

      Nutshell summary:

      We dropped nukes on Japan in WWII for two reasons: to see them work in action and, more importantly, to show the USSR that we can and would use them.

  4. i like it by antiaktiv · · Score: 5, Insightful
    (In fact, with TPM, your bank wouldn't even need to ask for your username and password -- it would know you simply by the identification on your machine.)
    Now the people who break into homes don't have to sift through dirty underwear to maybe find a few crumpled up dollar bills, they can just turn on the pc and transfera couple of bucks into their bank account. Aaah, the modern age.
  5. Any power will be abused. Mod redundant. by shanen · · Score: 5, Insightful
    Not just this post, but the thread. Actually, I think this is already a 'design feature' of IPv6, and that's coming, too.

    Anyway, I'm not sure there will be any such thing as privacy in the near future. Right now it's already becoming a luxury good, and pretty soon only millionaires will be able to afford it.

    There is a solution, but no guarantee we'll reach it. We need to define an individual's personal information as belonging to that individual, and any use or reference to that information should only be with permission, and based on some good reason. To put actual teeth in such a legal principle, I think it needs to be coupled with a right to store your own information (presumably on your own computer). Without such a basis for protecting privacy... Well, you'd better get use to appearing all over the Internet when you least expect it.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  6. This would make encryption mandatory by republican+gourd · · Score: 4, Insightful

    This will never fly, and not for the reasons we would hope for.

    Here are the scenarios:

    1) Chip reports stuff, but data stream is wide open, so middlemen can change whatever they want.

    2) Chip reports stuff, but with shitty encryption so the gov't can still do its wiretaps and echelon won't break. System is hacked within a couple days and the whole 'chip' idea becomes worthless.

    3) Chip reports stuff, but with robust encryption. The site you are talking to knows who you are, but people between you and them can't sniff your actions other than knowing that 'some sort of communication took place'.

    Plus variations. This could actually make webs of trust (a la the direction that Freenet appears to be going) more secure, since you know that your neighbors haven't been man-in-the-middled.

  7. latter-day cryptanalysts? by thatguywhoiam · · Score: 4, Insightful
    There is a solution, but no guarantee we'll reach it. We need to define an individual's personal information as belonging to that individual, and any use or reference to that information should only be with permission, and based on some good reason. To put actual teeth in such a legal principle, I think it needs to be coupled with a right to store your own information (presumably on your own computer). Without such a basis for protecting privacy... Well, you'd better get use to appearing all over the Internet when you least expect it.

    I've been thinking about this; the problem is the legal route to this is pretty much a nonstarter already. But maybe there is a loophole; I think we should all start a church. The Church of the Super Paranoid, or something like that. That way we could cry religious persecution if intrusive privacy-stealing measures are used against us. I'm certain I would have no problem convincing a sizeable chunk of the Slashdot population to swear and affirm (on a stack of punched cards) that their right to crypto and absolute mastery over who sees their porn stash is both vital and indispensable to the very core of their identity. I think it could work.

    At the very least, the crazy fundies will lobby for laws that would help us... :0

    --
    If Jesus wants me it knows where to find me.
  8. We all know what that means... by humphrm · · Score: 5, Insightful

    >ugh. Well we all know what that means.

    Sigh. Yes. Everyone will just sit around slashdot whining about it, and not lift one finger to get control of it via their elected officials.

    --
    -- "In order to have power, I must be taken seriously." -Mojo Jojo
  9. Re:Cars have VINs and license plates by jim_deane · · Score: 4, Insightful
    Cars have VINs and license plates to identify them on public roads. This places some limits on driver freedom but is hardly Orwellian.

    TPM, or something like it, could end up in the same category.


    You went to McDonald's for lunch...did they record your license plate and/or VIN? Did you drive up to your bank to make a deposit, and if so, did they check your license plate and/or VIN before letting you access your account? Did the city government make record of your license plate and VIN as you traveled through various intersections? Did the park and recreation department take a record of your entrance and exit times when you visited city park?

    Basically, just go back and look at all of the arguments that were made when Intel proposed the Processor Serial Number as a GUID. The arguments remain, and will always be, completely valid.

    Jim
  10. Re:This is circumventable. by tftp · · Score: 3, Insightful
    Not to mention, there is nothing to prevent you from using a browser that supplies false information.

    Unfortunately the Universe may grow old and die before you manage to compute a valid data packet without having access to the private key (which is burned into the chip and can't be read back, ever.)

    For example:

    1. Computer says: "My public key is 0x1234...89"
    2. Remote site says: "Ok, dude, mine is 0x9876...01. Do XOR on this data that I encrypted just for you: ... ciphertext follows."
    3. Computer says: "Ok, I decoded the ciphertext using my private key. The data is this, encrypted for you: ... ciphertext follows."
    4. Remote site says: "Ok, you got it right, I reckon you do have access to that private key, and so your public key is also yours, and so you are who you say you are. I trust your data now."

    If you break this sequence then the authentication fails.