No More Internet Anonymity

inkhaton writes "This Article tells of an Orwellian chip that, once installed in your computer (and not by your choice), will allow any website you visit to "read" your identity. The article goes on to describe how many benefits there are for using this to facilitate online business and even suggests some negative points. It ends with "Ultimately the TPM itself isn't inherently evil or good. It will depend entirely on how it's used, and in that sphere, market and political forces will be more important than technology." ... ugh. Well we all know what that means."

So what

[pHatidic]

If you don't like it then don't buy it.

Re:So what

[The+Warlock]

Intel is in on it (and has been for far longer than AMD). As are dozens of other companies. NBC simply didn't have room to list them all.

just about time for revolution, don't ya think?

[incubusnb]

Privacy doesn't exist regardless of what "laws" are in place. the Constitution(U.S.A) and Charter of Rights and Freedoms(Canada) has been violated over and over again with little to no reprecussion. Polititians and other people with power use the most important documents in the "free" world to wipe their collective asses with. people aern't voiceing their rights anymore...

DEMOCARACY IS DEAD!

wheres the lineup to join the liberation front, its time for a revolution!!

Re:just about time for revolution, don't ya think?

DEMOCARACY IS DEAD!

Democracy never lived. The ruling class has always prevailed over the rest of the people, throughout history, without exception. Sometimes the ruling class is generous and tries to be fair, but not often. Currently we're transitioning from somewhat nice to somewhat mean. There is less emphasis on quality manufacturing and the interests of consumers and much more emphasis on profiting both individually and for shareholders. The problem is typically corporations whose investors are too widely diversified to control the ethical behavior of the corporations. I would assume that a large portion of investments are simply mutual funds who clearly cannot impose ethical constraints on businesses when their competitors in the market have no such restraints and can profit from unethical companies. The double (or triple, etc.) layer of ownership completely separates individuals from their ultimate corporate actions. At this point, only laws will help, because it is the only system larger than the economy, but it is difficult to get people to care about how companies treat them until a sufficient number of people are actually harmed by corporations. Until at least 10% of the population is materially harmed, I doubt anything will happen because of the undue pressure legislatures already feel from corporate lobbyists. If 10% of the people care enough about anything, they can vote at closer to 20% or 30% of the overall voting population which is more than enough to swing elections.

So if you want to stop corporate bullies, just hope they increase their tactics. I'm sure they know they can only get away with so much, so it's imperative to make them cause as much harm as possible, or to make normal people perceive it that way. Unfortunately we have to play politics just as dirty as they do, because they already have the resources to control the majority of politicians. Thankfully, the working people have a significant advantage in numbers and internal placement. It only takes a few disgruntled workers to force a company's name into the dirt. I would recommend anyone who hates corporations and works for one to use their job to oppress as many people as they can, secretly. Perhaps that's the true reason for the new "war on terror"? Once it becomes terrorism to obstruct corporations, there will be no way to fight back. Execution for industrial sabotage, boycotts, and strikes, anyone?

Pansy article

[alex_guy_CA]

How blandly can someone describe something evil? Well, lets see!

I'm so mad I can't type. The idea that something can be put into a tool that I buy weather I want it or not, and then we will see if my privacy invasion is good or evil latter makes me want to throttle someone.

The tone of the article gives me a good idea of who to start with.

Re:Real Identity?

[0olong]

Not to mention: stolen hardware, secondhand hardware, rerouting/spoofing techniques, etc.

Identity thieves will have a long field day..

Re:Good or evil?

[incubusnb]

technology is nuetral, its the people controlling the technology that choose a side.

i'll garantee you the biggest backing for this technology comes from the RIAA, MPAA and the CIA

This only works if hackers play by the rules

[artemis67]

Of course, all a hacker needs to do is keep an older model x86 or PPC system around. Obsolete computers are a dime a dozen, and you can keep them running for decades.

And we are moving closer and closer to disposable PC's, anyway. In less than ten years, I predict that brand new, complete systems will be selling for less than $50. Got my computer's ID? So what, I throw away my computer every month!

Re:This only works if hackers play by the rules

[Skreems]

You could basically even do this today. Most pieces of your system will not be labeled. Presumably it's just the CPU and/or Motherboard that have this ID crap in them. If it's just the motherboard, you can swap that out for $70 every couple months, and anything but top-shelf CPUs aren't that much more expensive.

The truly ridiculous thing about this is, it doesn't even put a dent in the cybercrime it's supposed to prevent. If you can get your system without giving up your identity (steal it or buy it through someone who "loses" records), and don't report your identity truthfully to anybody while using it, you're still just as anonymous as now. And if they come to get you, you just have to thermite one specific spot on the mainboard as well as the hard drive like you would today. Bam, all evidence gone. And until that day, you're free to molest six year olds and use stolen credit cards to your heart's content.

There are so many easier ways of preventing these problems than to try to force an ID on everybody. Make one-time disposable credit card numbers a mandatory feature. Consumers will use it because it saves them the hassle of cleaning their credit report after fraud. Hey, look! We can cut down on fraud by creating MORE anonymity, rather than less. Or how about the banks making websites that enforce strong password standards? How about ANYthing except a system that's even MORE transparent to the end user, and thus easier to crack?

Re:This only works if hackers play by the rules

[photon317]

The way they plan to force this issue is that after X% of the market is DRM/TCPA-enabled, content providers will start only serving content to DRM/TCPA customers. The first day it'll be like, "Well, I can still use my old-school machine, just not to view CNN.com", and eventually a year or three down the road you won't be able to view any content from any major corporate providers. At least that's the plan. I suspect if they even get that far down the road, the anti-DRM/TCPA public community will largely replace those resources anyways.

Interesting. Are you sure?

[Jerk+City+Troll]

Nuclear bombs aren't inherently evil or good, it's just how you use them. Otherwise they just sit there.

But what is their purpose? We cannot simply evaluate things by their inert state. We also have to factor in their reason for being. A gun isn’t made just for the purpose of propelling an object at high velocity in a particular direction (there are superior devices for doing that), it is intended to destroy something as a result.

This type of thinking might be carelessly superficial in some circumstances. You are right to an extent, but that should not keep you from further consideration.

... and look how well that turned out!

[ragingmime]

Intel quickly made the serial number disabled by default, and few web sites ever started using it. If people *really* have issues with such a system, they won't use it, and they won't buy products that require it. If they don't buy it, companies won't sell it. If it's an issue, media attention can get people to vote with their dollars and keep it from being a standard. The only thing that worries me, though, is the Microsoft comment. If somehow Windows requires this system, it'll become a de facto standard. But MS has tread pretty carefully so far - e.g., restrictions on how often you can activate a copy of Windows are pretty lenient. But we'll see if that holds. Even still, though, MS won't want to make consumers buy new PC's or accept something they don't like in order to buy the new Windows for fear of losing business. So it comes down to whether people really oppose this or not.

Re:... and look how well that turned out!

[MikeFM]

But changing the MAC address is easy. With what M$ is trying to shove down consumers throats your entire PC will be under the ever watchful eye of Big Bill. Supposedly impossible to bypass for the average joe and a full watch dog from hardware to software to media to network - in theory at least. Probably the last step needed to completely drive me away from Microsoft products but meanwhile the average non-geek will either not know or just bend over and take it.

Routing Around the Damage?

[femto]

So, does the TPM constitute damage, and will the Internet route around it?

My vote is yes. The Internet will route around it by gradually dividing from what is currently called the Internet. Most people will use what used to be the Internet, and will consider it to still be the Internet. A minority of tech savvy people will be running on an alternative network, and will consider their network to be the Internet.

There will be one way links between the Internet and the former Internet (new can suck data from old, but not the other way around). The new Internet will be under the radar, but will be a hotbed of technical innovation. In time the new Internet will appear on the radar, as the majority hear of it and decide that they want to be able to do all the neat things Internetters can do as well. The majority join the Internet. The Internet gets 'tamed' as large companies join it. The Internet routes around the damage by breaking away over time. The cycle repeats...

Re:Routing Around the Damage?

[jim_deane]

I always wanted to run a BBS. Now I have the time, income, and computer power, and look, Fidonet is still around!

Now where's my copy of QBBS...

Or if ISPs make them play by the rules

[tepples]

Of course, all a hacker needs to do is keep an older model x86 or PPC system around.

And watch it not get an IP once all the major last-mile ISPs have switched to Trusted Network Connect, a framework that involves "trusted" dialer software that assesses the state of your computer using its TPM. Cisco has a similar competing framework called Network Admission Control.

Re:Nope.

[sedyn]

Speaking of avoiding hardware that prempts the need for spyware to be implemented in software, Does anyone know of a list of hardware that consumers should avoid?

If not, does anyone want to start a wiki entry or something similar?

(All I've found so far is http://www.againsttcpa.com/tcpa-hardware.html ) But I will be searching more in-depth later

Take a deep breath, and calm down...

[IWorkForMorons]

People...please, stop and review your history. Does no one remember Intel doing this exact thing just 5-6 years ago with the first PIII chips? Do you see any chips with serial numbers embedded in them like that today? No...because it was a colossal FAILURE! That's when Intel began to slide and AMD began to rise to power. Why? Because AMD saw a need, and that need was to NOT have this kind of tech. So many people, including myself, started switching to AMD chips. And Intel eventually yanked it because of the market share they were losing. They never really recovered after that, especially when AMD started beating them on processing power-per-watt. So please...just take a deep breath, calm down, and look to your nearest underdog to fill the need...

Besides, when the revolution comes, your computer will be the last thing on your mind...

AMD64 cpu UUID?

[cortana]

I was poking around on my new AMD64 machine the other day, and I ran dmidecode. Can anyone explain this?

• Handle 0x0001
  • DMI type 1, 25 bytes.
  • System Information
    • Manufacturer: System manufacturer
    • Product Name: System Product Name
    • Version: System Version
    • Serial Number: System Serial Number
    • UUID: EC491BB3-BE1F-DA11-B1EB-7B871839F7B3
    • Wake-up Type: PCI PME#

Re:Real Identity?

[kamondelious]

Or perhaps all the 1337 h4x0rz will just do what they already do, sniff the traffic, steal some ID's and used them. Why does it matter if this is a TPM or your username and password?

SSL is pretty secure method for doing web-transactions. It's not perfect, but a TPM isn't going to make things any better. You can still hack around SSL if know how to use google effectively for research.

Once you know the method for how the server shakes hands with the TPM you can usually spoof it. Not to mention this would be a publicly available process so that all the webmonkeys of the world would know how to build a "secure" site with it. Even if it wasn't readily available to the public, it'd still be like trying to movie or software piracy. Where there's a will there's a way.

And what this guy said too :
http://yro.slashdot.org/comments.pl?sid=171227&thr eshold=1&commentsort=0&tid=95&mode=thread&cid=1426 1329

Re:Real Identity?

[hokeyru]

When all the new computers have TPM chips, and old Dell Optiplex 150s and P2 laptops cost more than a car, my parents are going to eat their words regarding my computer collection in their garage.

Pentium III - the new generation

[schnogg]

Wasn't this the original intention with the Serial ID on Pentium III microprocessors?

This is circumventable.

[Eminor]

In order for any web site to "read" my identity (assuming the chip is installed), data from the chip would need to be sent over HTTP. So, if you are not using a browser capable of sending it, or your OS does not have a driver to access the device, the device is useless. Not to mention, there is nothing to prevent you from using a browser that supplies false information.

If this were done purely in hardware, the data would be encoded in the network layer, which means that the data would not leave the subnet (assuming current network technologies used on the internet).

My PC may as well be my home phone

[jaymz168]

Then if your bank has TPM software, when you log into their Web site, the bank's site also "reads" the TPM chip in your computer to determine that it's really you. Thus, even if someone steals your username and password, they won't be able to get into your account unless they also use your computer and log in with your fingerprint. (In fact, with TPM, your bank wouldn't even need to ask for your username and password -- it would know you simply by the identification on your machine.)

So when my bank decides to allow only TPM-style logins as means of (nominally, I'm sure) lowering fraud, and therefore lowering it's insurance costs, I'll only be able to check my account infos from the computers I own and are registered to my name. And what happens when someone sells a used computer? Is there going to be some central database where TPMIDs are refereneced to an identity and some method of changing that to facillitate used hardware transactions? That introduces a whole new vector for fraud. Am I going to have to visit an office to show ID and register used hardware?

Re:duh

[intnsred]

What was it?

It's the same one I have now, a link to ReOpen911.org.

To your last point, yes, anyone who believes that the US was complicit in 9/11 is an idiot, regardless of how many people share the delusion.

That's illogical. First, calling millions and millions of people "idiots" speaks for itself. But humanity's basis of defining reality is when people accept something as fact. We have no scientific proof of God, but does that make all religious believers "idiots"? Ignoring the philosophical aspects, there are many, many questions about 9/11 that remain unanswered.

Looking at it historically, we know that the US gov't has deliberately lied to the American people to start wars. We also know that the highest echelons of the US military have advocated killing Americans in large numbers in order to whip up popular support for their desired war.

We know that during the 80s, a pseudo-gov'tal group who Bill Moyers -- he himself involved in LBJ's Vietnam-era lies -- called the "secret" or "shadow" gov't did not hesitate to break US and int'l law to wage a war of terror with mostly surrogates. The shadow gov'ts "punishment" was a presidential pardon.

We know from testimony of some of Bush's highest advisors (e.g. Paul O'Neill) that Bush wanted to go to war with Iraq since his first days in office. We also know firsthand (i.e. Richard Clarke) that Bush did not want to go to war against Afghanistan after 9/11, but instead wanted to invade Iraq.

Recent history tells us many things about 9/11: that Bush himself publicly lied about seeing the first plane hit the south tower, that Condi Rice's Sep. 2001 promise to the world to show evidence that Bin Laden committed the attacks is still unfulfilled, and that the WTC leaseholder's claim of accomplishing a demolition of WTC building 7 during a terrorist attack (which is what he claimed in a PBS interview) is highly implausible.

There are dozens and dozens of valid, huge and very important questions which remain about 9/11.

The laughable whitewash of an investigation, the official "9/11 Commission", certainly did not answer any serious questions. That investigation was funded with far less than the gov't spent on Clinton's Whitewater investigation, consisted only of people selected by Bush, and had the scope of their investigation limited to only what Bush wanted investigated.

It's long past time for a fully-funded, independent investigation into 9/11.