For example HSBC (HSBC Mobile Banking), which uses Tealium tracking.
Tealium: All of your data. Fully integrated. Tealium's Universal Data Hub connects your mobile, web, offline, and other data sources together with every vendor integration.
Streaming Data Support to IaaS - Tealium's DataAccess now supports real-time data integrations with the world's three leading IaaS (Infrastructure as a Service) platforms. Through Amazon Kinesis, Google Cloud Pub/Sub, and Microsoft Azure's Stream Analytics, Tealium can now fuel your cloud architecture and analytics efforts. These new integrations are built on Tealium's global Cloud Delivery architecture which enables the collection and delivery of data from any customer experience touchpoint: web, mobile, IoT, wearable, and offline data sources.
Plus the HSBC app uses:
android.permission.READ_CONTACTS
which allows the app to read data about your contacts stored on your phone, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals, and this permission allows apps to save your contact data.
The libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the problems described below, then you should get rid of it as soon as possible.
The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM "features" to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.
In theory any malicious entity with access to the AMD signing key would be able to install persistent malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD firmware in the past, and there is every reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to remotely monitor and control any PSP enabled machine completely outside of the user's knowledge.
In the not-to-distant-future your eyeballs will actually be owned by some google-glass-style faceless corporation, and licenced back to your skull in return for mandated advertising consumption.
Smartphones are no better... but their privacy-undermining technologies are not explained in simple language to consumers.
The 'Smart-Home Gadget' explicitly advertises its privacy invasive status, whereas the camera-and-microphone-equipped smartphone device they carry everywhere they go (and sleep with in their bed) has apps installed with equally privacy invasive permissions and features.
When I read 1984 as a child, Winston had to sit in an alcove, unseen by the telescreen, to write his diary. I was bought up to find the concept of the telescreen abhorrent.
And 60 minutes a year define your usage requirement? I'd outsource that shit.
I recognised the UserID im_thatoneguy from other post-production forums as Gavin Greenwalt, so am guessing '60 minutes' refers to post-production on the television show '60 minutes' rather than a unit of time-usage.
Libreboot is just the name of the project and does not mean it only replaces the UEFI (although it is downstream of Coreboot). The SPI flash chip containined the IME is reprogrammed (in my case I used a Beaglebone Black). When a Thinkpad is flashed with Libreboot, the IME is overwritten and completely neutralised.
There's only about 8 Thinkpad models, all pre-2009, that this can be applied to. The core2duo architecture is the last generation of machine that can have the IME entirely removed.
The only newer IME-free Libreboot option is Chromebook C201 (not suitable for my purposes as it's Rockchip, so won't run TAILS).
Google's engineer's work to remove unwanted firmware from Intel's chips is only one of their directions in this area.
Hopefully Google's interest in the fully open IBM Power architecture will move OpenPower out of the niche market. Google's specifically said that concerns about Intel ME and other related tech is part of their interest in the Power platform.
Since browser-based Monero-mining used to replace adverts will also be carried out on portable lithium-battery devices (phones etc) which drains batteries unnecessarily, there is also an additional wasteful use of battery raw materials in addition to the power usage.
The trustworthyness of Intel or Google is not important. The current Intel firmware code is complex, compiled blobs that are closed-source and unknown. The Google solution is much simpler, open-source GO that can be compiled on the fly. The creator of the replacement code can be untrustworthy, provided that code can be audited.
And... why are Intel unwilling to sell a CPU without the ME, when a client like Google - who build 1 million+ machines running their CPUs - don't want it?
The current system seems built for cheating/gaming the system
The current system is built for cheating/gaming the system. Haim Bodek (ex-Trading Machines whistleblower) already established this, as a matter of fact, way back in 2013. The NYT reported it. For a non-technical breakdown of what is going on, see the vpro docu 'The Wall Street Code'. The larger trading houses can use order types to push their orders to the front of the queue in a way that's invisible to the other, smaller traders. It doesn't matter how many meters of fibre optic there is between your HFT hardware and Paternoster Square in London, or how line-of-sight your microwave link is to the exchange in New Jersey, the actual system favours the larger players. This is almost undetectable front-running. And that's on top of their ridiculous capacity for back-testing algos by purchasing entire data centres to do their testing on tick data, which allows them to virtually reverse engineer the algos of their smaller competitors and play them at their own game.
As a side-note, this cheating is on markets regulated by the SEC/FSA. Imagine the kind of algo market manipulation that's being carried out right now on unregulated cryptocurrency markets, anonymously, by the same organisations.
In the UK (and elsewhere?) Amazon have been installing metal lockers in local supermarkets. The lockers are different sizes to accommodate all packages and are opened with a one-time pin emailed to the parcel recipient.
So instead of everyone needing their own individual 'shed', 'steel toolbox' etc, they can use Amazon's nearby lockable metal-shed for free.
This makes a lot more sense to me than 'smart doorbells'.
Amber Rudd says she wants a law that allows people to visit a website once. The Guardian article says that the links would need to be clicked more than once for the offence to be committed. According to the Home Office:
the updated offence will ensure that only those found to repeatedly view online terrorist material will be guilty of the offence, to safeguard those who click on a link by mistake or who could argue that they did so out of curiosity rather than with criminal intent.
Here's a website that would be illegal to visit more than once under Amber Rudd's proposal. It shows how to make a Frag Grenade using materials from airport terminals.
Here are some other links you might also want to click on.
Yes. I did. So... prepare to put mustard on those words, for you will soon be consuming them along with this slice of humble pie, that comes direct from the oven of shame, set at gas mark 'egg on your face'.
Slashdot Mirror
Tealium: All of your data. Fully integrated. Tealium's Universal Data Hub connects your mobile, web, offline, and other data sources together with every vendor integration.
Streaming Data Support to IaaS - Tealium's DataAccess now supports real-time data integrations with the world's three leading IaaS (Infrastructure as a Service) platforms. Through Amazon Kinesis, Google Cloud Pub/Sub, and Microsoft Azure's Stream Analytics, Tealium can now fuel your cloud architecture and analytics efforts. These new integrations are built on Tealium's global Cloud Delivery architecture which enables the collection and delivery of data from any customer experience touchpoint: web, mobile, IoT, wearable, and offline data sources.
Plus the HSBC app uses:
android.permission.READ_CONTACTS
which allows the app to read data about your contacts stored on your phone, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals, and this permission allows apps to save your contact data.
Or horse's head. But, each to their own.
Have other chipmakers clearly and unambiguously said their chips do not have a back door mechanism?
Yes, IBM's Power series of CPUs are fully open without any equivalent of the Management Engine.
The libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the problems described below, then you should get rid of it as soon as possible.
The PSP is an ARM core with TrustZone technology, built onto the main CPU die. As such, it has the ability to hide its own program code, scratch RAM, and any data it may have taken and stored from the lesser-privileged x86 system RAM (kernel encryption keys, login data, browsing history, keystrokes, who knows!). To make matters worse, the PSP theoretically has access to the entire system memory space (AMD either will not or cannot deny this, and it would seem to be required to allow the DRM "features" to work as intended), which means that it has at minimum MMIO-based access to the network controllers and any other PCI/PCIe peripherals installed on the system.
In theory any malicious entity with access to the AMD signing key would be able to install persistent malware that could not be eradicated without an external flasher and a known good PSP image. Furthermore, multiple security vulnerabilities have been demonstrated in AMD firmware in the past, and there is every reason to assume one or more zero day vulnerabilities are lurking in the PSP firmware. Given the extreme privilege level (ring -2 or ring -3) of the PSP, said vulnerabilities would have the ability to remotely monitor and control any PSP enabled machine completely outside of the user's knowledge.
The Beaglebone Black would be a better platform than the Pi. A Beaglebone can be booted using open-source Secure Boot, as discussed in this thread.
The Core 2 Duo series are the last design that can have the ME entirely removed (see Libreboot project).
the users owning the above-mentioned eyeballs
In the not-to-distant-future your eyeballs will actually be owned by some google-glass-style faceless corporation, and licenced back to your skull in return for mandated advertising consumption.
This is starting to resemble MAD magazine's Spy vs Spy.
Smartphones are no better... but their privacy-undermining technologies are not explained in simple language to consumers.
The 'Smart-Home Gadget' explicitly advertises its privacy invasive status, whereas the camera-and-microphone-equipped smartphone device they carry everywhere they go (and sleep with in their bed) has apps installed with equally privacy invasive permissions and features.
When I read 1984 as a child, Winston had to sit in an alcove, unseen by the telescreen, to write his diary. I was bought up to find the concept of the telescreen abhorrent.
And 60 minutes a year define your usage requirement? I'd outsource that shit.
I recognised the UserID im_thatoneguy from other post-production forums as Gavin Greenwalt, so am guessing '60 minutes' refers to post-production on the television show '60 minutes' rather than a unit of time-usage.
In most countries like Lagos
Lagos is not a country. It's a city (and a state) in Nigeria.
Libreboot is just the name of the project and does not mean it only replaces the UEFI (although it is downstream of Coreboot). The SPI flash chip containined the IME is reprogrammed (in my case I used a Beaglebone Black). When a Thinkpad is flashed with Libreboot, the IME is overwritten and completely neutralised.
There's only about 8 Thinkpad models, all pre-2009, that this can be applied to. The core2duo architecture is the last generation of machine that can have the IME entirely removed.
The only newer IME-free Libreboot option is Chromebook C201 (not suitable for my purposes as it's Rockchip, so won't run TAILS).
Ironically, Google might be the answer to this.
Google's engineer's work to remove unwanted firmware from Intel's chips is only one of their directions in this area.
Hopefully Google's interest in the fully open IBM Power architecture will move OpenPower out of the niche market. Google's specifically said that concerns about Intel ME and other related tech is part of their interest in the Power platform.
There's no IME on my Intel computer.
I write this on a Thinkpad with Libreboot.
Linux and other OSS are near and dear friends.
GNU/Linux and other FOSS are near and dear friends.
Linux and other OSS are only friends.
Since browser-based Monero-mining used to replace adverts will also be carried out on portable lithium-battery devices (phones etc) which drains batteries unnecessarily, there is also an additional wasteful use of battery raw materials in addition to the power usage.
The trustworthyness of Intel or Google is not important. The current Intel firmware code is complex, compiled blobs that are closed-source and unknown. The Google solution is much simpler, open-source GO that can be compiled on the fly. The creator of the replacement code can be untrustworthy, provided that code can be audited.
And... why are Intel unwilling to sell a CPU without the ME, when a client like Google - who build 1 million+ machines running their CPUs - don't want it?
Isn't 'flash' itself an infection? And I am wondering whether it has any purpose now, in 2017.
The current system seems built for cheating/gaming the system
The current system is built for cheating/gaming the system. Haim Bodek (ex-Trading Machines whistleblower) already established this, as a matter of fact, way back in 2013. The NYT reported it. For a non-technical breakdown of what is going on, see the vpro docu 'The Wall Street Code'. The larger trading houses can use order types to push their orders to the front of the queue in a way that's invisible to the other, smaller traders. It doesn't matter how many meters of fibre optic there is between your HFT hardware and Paternoster Square in London, or how line-of-sight your microwave link is to the exchange in New Jersey, the actual system favours the larger players. This is almost undetectable front-running. And that's on top of their ridiculous capacity for back-testing algos by purchasing entire data centres to do their testing on tick data, which allows them to virtually reverse engineer the algos of their smaller competitors and play them at their own game.
As a side-note, this cheating is on markets regulated by the SEC/FSA. Imagine the kind of algo market manipulation that's being carried out right now on unregulated cryptocurrency markets, anonymously, by the same organisations.
In the UK (and elsewhere?) Amazon have been installing metal lockers in local supermarkets. The lockers are different sizes to accommodate all packages and are opened with a one-time pin emailed to the parcel recipient.
So instead of everyone needing their own individual 'shed', 'steel toolbox' etc, they can use Amazon's nearby lockable metal-shed for free.
This makes a lot more sense to me than 'smart doorbells'.
the updated offence will ensure that only those found to repeatedly view online terrorist material will be guilty of the offence, to safeguard those who click on a link by mistake or who could argue that they did so out of curiosity rather than with criminal intent.
Here's a website that would be illegal to visit more than once under Amber Rudd's proposal. It shows how to make a Frag Grenade using materials from airport terminals.
Here are some other links you might also want to click on.
cat videos
more cat videos
cat videos yay!
I am hoping Amber Rudd can explain the dilemma here.
Yes. I did. So... prepare to put mustard on those words, for you will soon be consuming them along with this slice of humble pie, that comes direct from the oven of shame, set at gas mark 'egg on your face'.
If I say "Alexa play some music", she will select something I like
There's no 'she'. It's an 'it'.
No need. The chief fox committee determined that zero foxes sold any dead chickens during the two months following the unpublicised hen-house raid.
US Consumer Groups Warn 'Robot Car Bill' Threatens Safety
Wait 'til it hits my 5-tonne 'robot pedestrian'...