No More Internet Anonymity

inkhaton writes "This Article tells of an Orwellian chip that, once installed in your computer (and not by your choice), will allow any website you visit to "read" your identity. The article goes on to describe how many benefits there are for using this to facilitate online business and even suggests some negative points. It ends with "Ultimately the TPM itself isn't inherently evil or good. It will depend entirely on how it's used, and in that sphere, market and political forces will be more important than technology." ... ugh. Well we all know what that means."

My ID

[superpulpsicle (533373)]

Aren't we all Testuser from Beverly Hills, CA 90210 at test@aol.com?

It's even worse!

[by Anonymous Coward]

Your computer may be broadcasting your IP address to the world as we speak! Or so I've heard.

really

[robpoe (578975)]

My TPM will have the following information.

Richard Cranium
9191919 Nunya Street
Overstock, MO 64999
901-555-5555

And if I can't do that .. then I guess it's back to my C= 64...

Re:really

[Lehk228 (705449)]

And if I can't do that .. then I guess it's back to my C= 64...

i think the C - 4 will work better.

Question is

[obeythefist (719316)]

This is a lot like the MP3 market -

We already have systems that work fine without this invasive technology - just like we already have MP3 technology for making nice MP3 files to listen to and download.

Why then would we pony up more cash or change the way we connect to the internet just for the sake of adopting this new technology?

These approaches for more DRM and more end-user-ownership by the corps is almost always stick and almost never carrot.

duh

[stoolpigeon (454276)]

Ultimately the TPM itself isn't inherently evil or good.
 
I'd like to hear of any inanimate object that is inherently evil or good. Nuclear bombs aren't inherently evil or good, it's just how you use them. Otherwise they just sit there.

i like it

[antiaktiv (848995)]

(In fact, with TPM, your bank wouldn't even need to ask for your username and password -- it would know you simply by the identification on your machine.)

Now the people who break into homes don't have to sift through dirty underwear to maybe find a few crumpled up dollar bills, they can just turn on the pc and transfera couple of bucks into their bank account. Aaah, the modern age.

Any power will be abused. Mod redundant.

[shanen (462549)]

Not just this post, but the thread. Actually, I think this is already a 'design feature' of IPv6, and that's coming, too.

Anyway, I'm not sure there will be any such thing as privacy in the near future. Right now it's already becoming a luxury good, and pretty soon only millionaires will be able to afford it.

There is a solution, but no guarantee we'll reach it. We need to define an individual's personal information as belonging to that individual, and any use or reference to that information should only be with permission, and based on some good reason. To put actual teeth in such a legal principle, I think it needs to be coupled with a right to store your own information (presumably on your own computer). Without such a basis for protecting privacy... Well, you'd better get use to appearing all over the Internet when you least expect it.

latter-day cryptanalysts?

[thatguywhoiam (524290)]

There is a solution, but no guarantee we'll reach it. We need to define an individual's personal information as belonging to that individual, and any use or reference to that information should only be with permission, and based on some good reason. To put actual teeth in such a legal principle, I think it needs to be coupled with a right to store your own information (presumably on your own computer). Without such a basis for protecting privacy... Well, you'd better get use to appearing all over the Internet when you least expect it.

I've been thinking about this; the problem is the legal route to this is pretty much a nonstarter already. But maybe there is a loophole; I think we should all start a church. The Church of the Super Paranoid, or something like that. That way we could cry religious persecution if intrusive privacy-stealing measures are used against us. I'm certain I would have no problem convincing a sizeable chunk of the Slashdot population to swear and affirm (on a stack of punched cards) that their right to crypto and absolute mastery over who sees their porn stash is both vital and indispensable to the very core of their identity. I think it could work.

At the very least, the crazy fundies will lobby for laws that would help us... :0

This would make encryption mandatory

[republican gourd (879711)]

This will never fly, and not for the reasons we would hope for.

Here are the scenarios:

1) Chip reports stuff, but data stream is wide open, so middlemen can change whatever they want.

2) Chip reports stuff, but with shitty encryption so the gov't can still do its wiretaps and echelon won't break. System is hacked within a couple days and the whole 'chip' idea becomes worthless.

3) Chip reports stuff, but with robust encryption. The site you are talking to knows who you are, but people between you and them can't sniff your actions other than knowing that 'some sort of communication took place'.

Plus variations. This could actually make webs of trust (a la the direction that Freenet appears to be going) more secure, since you know that your neighbors haven't been man-in-the-middled.

Old News

[TheSpoom (715771)]

But good to see the mainstream press catching up to it. This chip is part of a larger effort by major software developers and hardware manufacturers to mostly stop piracy in all forms and control what you can do with your computer and when.

Read the TCPA FAQ [cam.ac.uk], and take a look at Against TCPA [againsttcpa.com], an anti-TCPA site if you're interested. For an alternate perspective, you can also view the official Trusted Computing Group site [trustedcom...ggroup.org].

Personally, I hate it, I don't think it will succeed, and I will *never* buy a computer with such a module installed.

This only works if hackers play by the rules

[artemis67 (93453)]

Of course, all a hacker needs to do is keep an older model x86 or PPC system around. Obsolete computers are a dime a dozen, and you can keep them running for decades.

And we are moving closer and closer to disposable PC's, anyway. In less than ten years, I predict that brand new, complete systems will be selling for less than $50. Got my computer's ID? So what, I throw away my computer every month!

Re:This only works if hackers play by the rules

[Skreems (598317)]

You could basically even do this today. Most pieces of your system will not be labeled. Presumably it's just the CPU and/or Motherboard that have this ID crap in them. If it's just the motherboard, you can swap that out for $70 every couple months, and anything but top-shelf CPUs aren't that much more expensive.

The truly ridiculous thing about this is, it doesn't even put a dent in the cybercrime it's supposed to prevent. If you can get your system without giving up your identity (steal it or buy it through someone who "loses" records), and don't report your identity truthfully to anybody while using it, you're still just as anonymous as now. And if they come to get you, you just have to thermite one specific spot on the mainboard as well as the hard drive like you would today. Bam, all evidence gone. And until that day, you're free to molest six year olds and use stolen credit cards to your heart's content.

There are so many easier ways of preventing these problems than to try to force an ID on everybody. Make one-time disposable credit card numbers a mandatory feature. Consumers will use it because it saves them the hassle of cleaning their credit report after fraud. Hey, look! We can cut down on fraud by creating MORE anonymity, rather than less. Or how about the banks making websites that enforce strong password standards? How about ANYthing except a system that's even MORE transparent to the end user, and thus easier to crack?

Hardware Cookie?

[Groucho (1038)]

I suggest we refer to this hardware cookie as a shit biscuit.

Routing Around the Damage?

[femto (459605)]

So, does the TPM constitute damage, and will the Internet route around it?

My vote is yes. The Internet will route around it by gradually dividing from what is currently called the Internet. Most people will use what used to be the Internet, and will consider it to still be the Internet. A minority of tech savvy people will be running on an alternative network, and will consider their network to be the Internet.

There will be one way links between the Internet and the former Internet (new can suck data from old, but not the other way around). The new Internet will be under the radar, but will be a hotbed of technical innovation. In time the new Internet will appear on the radar, as the majority hear of it and decide that they want to be able to do all the neat things Internetters can do as well. The majority join the Internet. The Internet gets 'tamed' as large companies join it. The Internet routes around the damage by breaking away over time. The cycle repeats...

We all know what that means...

[humphrm (18130)]

>ugh. Well we all know what that means.

Sigh. Yes. Everyone will just sit around slashdot whining about it, and not lift one finger to get control of it via their elected officials.

AMD64 cpu UUID?

[cortana (588495)]

I was poking around on my new AMD64 machine the other day, and I ran dmidecode [nongnu.org]. Can anyone explain this?

• Handle 0x0001
  • DMI type 1, 25 bytes.
  • System Information
    • Manufacturer: System manufacturer
    • Product Name: System Product Name
    • Version: System Version
    • Serial Number: System Serial Number
    • UUID: EC491BB3-BE1F-DA11-B1EB-7B871839F7B3
    • Wake-up Type: PCI PME#

Re:Real Identity?

[ArchAngelQ (35053)]

Or the 3117 haxor who used the latest TMP chip crack to change their TMP ID to be the same as yours, which they got from the worm that still can get installed on your machine...

Re:Real Identity?

[shoffsta (905698)]

Or the 3117 [sic] haxor who used the latest TMP chip crack to change their TMP ID to be the same as yours, which they got from the worm that still can get installed on your machine...

Well I've heard of people misspelling words, but who'se heard of somebody misspelling a number? It's called 1337, dude.

Re:Real Identity?

[kesuki (321456)]

no i think he was more going for e-lit short for e-literate, which is basically like another way to say skript kiddie.

these kids these days they're all e-literate and don't know how to hard code a crack in asm after having reverse engineered all traces of the hooks and calls from a compiled binary full of traps to make reverse engineering more difficult.

microsoft has made it far too easy, back in the day if you wanted to steal someone's data, you had to lug a 20lbs reel to reel magnetic tape, p[ull it over to a duplicatrion mainfraim and copy the contents onto anothe blank 20lbs reel to reel magnetic tape AND it Still only held 20 Megabytes AND WE LOVED IT.

Re:Real Identity?

[ArchAngelQ (35053)]

The real point of my above comment was: This system is effectively worthless until the fundimental security issues surrounding general use computers is resolved to a better state. It is likely an unsolveable problem as long as 'computers' remain general use computational tools, as general use includes all of the abilities needed to circomvent even the best security. Perhaps not in a timely fasion, which is what has generally been relied on.

Implimenting this in hardware means that it's inherintly less adaptable than software. Which means software will be able to adapt around it. Perhaps not in the machine itself, but it's just data out. It should be trivially easy to man in the middle your own outgoing datastream to be able to incorporate any TMP data you want, likely possible even without additional hardware.

Re:Real Identity?

[incubusnb (621572)]

thats what the Library is for. Unless, of course, it becomes law that all public terminals require a fingerprint or retina scan before use to garantee that the user is known.

if things keep going this way...

Re:Real Identity?

[Crayon Kid (700279)]

Identity thieves will have a long field day..

I second that. The more perfect you consider an identification method to be, the more perfectly you will be fooled by a fake.

... and look how well that turned out!

[ragingmime (636249)]

Intel quickly made the serial number disabled by default, and few web sites ever started using it. If people *really* have issues with such a system, they won't use it, and they won't buy products that require it. If they don't buy it, companies won't sell it. If it's an issue, media attention can get people to vote with their dollars and keep it from being a standard. The only thing that worries me, though, is the Microsoft comment. If somehow Windows requires this system, it'll become a de facto standard. But MS has tread pretty carefully so far - e.g., restrictions on how often you can activate a copy of Windows are pretty lenient. But we'll see if that holds. Even still, though, MS won't want to make consumers buy new PC's or accept something they don't like in order to buy the new Windows for fear of losing business. So it comes down to whether people really oppose this or not.

Re:Cars have VINs and license plates

[jim_deane (63059)]

Cars have VINs and license plates to identify them on public roads. This places some limits on driver freedom but is hardly Orwellian.

TPM, or something like it, could end up in the same category.

You went to McDonald's for lunch...did they record your license plate and/or VIN? Did you drive up to your bank to make a deposit, and if so, did they check your license plate and/or VIN before letting you access your account? Did the city government make record of your license plate and VIN as you traveled through various intersections? Did the park and recreation department take a record of your entrance and exit times when you visited city park?

Basically, just go back and look at all of the arguments that were made when Intel proposed the Processor Serial Number as a GUID. The arguments remain, and will always be, completely valid.

Jim