[HN Gopher] Intel won't back down on chip ID feature (1999)
___________________________________________________________________
Intel won't back down on chip ID feature (1999)
Author : 1970-01-01
Score : 60 points
Date : 2023-04-14 16:17 UTC (1 days ago)
(HTM) web link (www.zdnet.com)
(TXT) w3m dump (www.zdnet.com)
| xony wrote:
| [dead]
| kepler1 wrote:
| Maybe someone remind me, why Intel leadership thought they should
| get into the business of doing this?
| EntrePrescott wrote:
| setMode(CONSPIRACY_THEORY);
|
| maybe because the NSA had enough compromising stuff (aka
| kompromat) on some high-enough Intel bigwig(s) to convince them
| to implement it. As in: "a nice career and family life you got
| there. Would be a pity if that all went down the drain just
| because of some stupid scandal, wouldn't it? Besides, by
| pushing this simple little feature for us, you'll be proving to
| be a real patriot. You wouldn't want to be a non-patriot now,
| would you?"
| provenance wrote:
| Is there any evidence to suggest kompromat has ever been used
| to blackmail American tech executives to backdoor their
| products for NSA or other agency?
| marcosdumay wrote:
| Look for the Trusted Computing Platform and the Consortium.
|
| There is a sibling here talking about it being a conspiracy
| theory, but it was an official organization, with many
| published technical documents, that had the explicit goal of
| removing the user's rights to manage their own computers.
| wmf wrote:
| The feature was basically free so they figured any value they
| could generate from it was free money. That thinking backfired.
| brookst wrote:
| There are lots of totally well meaning reasons to put unique
| ID'S in hardware: asset management and theft mitigation,
| security by locking SW to particular HW, etc. Not saying those
| are good ideas, just that a well meaning person could come up
| with them on service of reasonable customer benefits.
| lend000 wrote:
| I wonder how much Microsoft paid them for this. As I understand
| it, historically, the Windows license for a particular
| installation was tied to the CPU's id.
| jeffbee wrote:
| You do not understand it correctly, then, because very few
| Intel CPUs have ever contained a readable serial number.
| api wrote:
| Back then people took the idea of privacy really seriously. From
| what I saw what mostly killed it was the mobile phone revolution.
|
| The entire mobile ecosystem was basically built to productize the
| user. A few oddballs pointed this out and were ignored because
| phones are shiny. The "mobile mentality" bled back into the
| entire rest of the computing ecosystem and this is where we are
| today.
|
| Ultimately it's rooted in economics. People like free stuff, and
| the only way to give it to them is to monetize it indirectly via
| ads and surveillance.
| jeffbee wrote:
| "Back then" everyone's name, address, and phone number was
| printed in a big book that was distributed for free to everyone
| in town.
| nilespotter wrote:
| [dead]
| api wrote:
| You could opt out of that and many people did. Opting out
| required contacting one entity once. In fact I seem to recall
| that they asked if you wanted your number listed when you got
| a phone line, at least in some places.
|
| It requires a tremendous amount of technical skill and
| diligence to opt out of the everything-is-malware hellscape
| we (our industry) created.
| gramie wrote:
| You had to pay to keep your number/address unlisted. It
| wasn't just a request.
| dustingetz wrote:
| "people like free stuff" is something many/most would agree
| with and yet i wonder if an equally powerful explanation is
| that people weight the concrete thing in hand more than the
| abstract vague fear that they can't tell if it even actually
| threatens them? i.e. when the privacy heist finally turns on
| the everyman rather than outliers, we may get another shot at
| privacy. If it even does!
| bombolo wrote:
| > People like free stuff, and the only way to give it to them
| is to monetize it indirectly via ads and surveillance.
|
| Even if you pay, this still happens anyway.
| Bran_son wrote:
| > Ultimately it's rooted in economics. People like free stuff,
| and the only way to give it to them is to monetize it
| indirectly via ads and surveillance.
|
| It's more than economics - they actively attack privacy and
| user control. E.g. DRM anti-circumvention laws, the
| impossibility of buying a CPU without Intel Management Engine
| (or AMD equivalent) unless you're a government agency [1],
| forcing the Trusted Platform Module on users, the gradual
| vanishing of rootable-phones and proliferation of apps that
| require a non-rooted phone, no more non-smart TVs, etc.
| Countless cases where there are no freedom-respecting options
| available for commoners at _any_ price.
|
| [1]
| https://en.wikipedia.org/wiki/Intel_Management_Engine#Commer...
| csdvrx wrote:
| There's a huge difference between TPM and IME: with TPM, you
| can put your own keys, and use the TPM to refuse payloads not
| signed with your keys (ex: a Windows install thumbdrive)
|
| With AMT/IME or BootGuard, you don't get that control: you
| can't replace the bootguard keys (as it's a way to kill the
| secondary market of CPUs being resold and used in a different
| motherboard) and with AMT you can't fully disable it unless
| you're a government agency as you said.
|
| The technology isn't bad, it's the actual implementation
| that's wrong by avoiding certain features which could give
| the user more freedom.
| wkat4242 wrote:
| Yeah security is good but it needs to serve the user,
| meaning they must be able to have full control over it if
| they so desire.
|
| I also hate Apple's Mac and iOS closedness. Sure, on Mac
| you can disable SIP but you will disable its security
| completely, and you will also lose access to some of the OS
| features.
|
| There should be a way to sign your own code and simply
| allow that to be trusted with full protection, just like it
| is on generic intel systems with secure boot where you can
| easily add your own signing keys.
| bpye wrote:
| > I also hate Apple's Mac and iOS closedness. Sure, on
| Mac you can disable SIP but you will disable its security
| completely, and you will also lose access to some of the
| OS features.
|
| On an Apple Silicon Mac you can have multiple operating
| systems installed, with different security configuration.
| It's totally possible to have both Asahi and macOS
| installed without disabling any security features in
| macOS.
| kube-system wrote:
| All of those issues have economic explanations.
|
| DRM exists to protect the revenue streams of content owners.
| IME exists because Intel's big customers want it and the
| people who don't want it don't have enough money for a custom
| SKU. TPM exists just because it's a good security feature
| that the industry has demanded. Mainstream phones run non-
| privileged because businesses and the general public do not
| need root, and those who do want those features are a niche
| market. TVs mostly have smart features because subsidized TV
| with more features sell better than more expensive TV with
| fewer features.
|
| Corporations optimize for money, they're indifferent to
| privacy, they'll sell whatever people are willing to buy that
| makes them the most money.
| malermeister wrote:
| There's a name for this:
| https://en.wikipedia.org/wiki/Surveillance_capitalism
| Bran_son wrote:
| > IME exists because Intel's big customers want it and the
| people who don't want it don't have enough money for a
| custom SKU
|
| I addressed this - systems without IME exist, but are not
| available for purchase, for _any_ price, except for
| governments. That 's not economics.
|
| > TPM exists just because it's a good security feature that
| the industry has demanded
|
| Industry demands it, and OS and CPU manufacturers collude
| to make sure every user gets it, whether they want it or
| not, so that when they start pushing remote-attestation and
| other user-hostile technologies in the future, they won't
| lose any market.
|
| > Mainstream phones run non-privileged
|
| I specifically said "non-rootable", i.e. non-privileged by
| default, but that can be unlocked. So mainstream phones
| would remain non-privileged except for those motivated
| enough to follow an unlock procedure. But it's a common
| tactic to excuse deliberate lock-down with "few need it, so
| we will invest resources into making sure they _can 't_
| have it, when our previous models allowed it". If MS
| prevented users from running any compiler except Visual
| Studio on Windows, would you excuse it because those that
| need it are a niche market, for whom the more expensive
| Windows Pro licenses are made?
|
| > subsidized TV with more features sell better than more
| expensive TV with fewer features
|
| There are no non-smart TVs on store shelves next to smart
| ones, just for a higher price, despite demand [1]. In fact
| it's a challenge to find one at all.
|
| Saying it's just about money is _technically_ correct in
| most cases, but very misleading. It hides the fact that in
| most cases it 's _not_ just about offering a cheaper
| product, but involves backroom lobbying from other
| interests to restrict consumer options, like forcing them
| to watch ads on DVDs [2]. It 's "about money" in the same
| way that robbery is about money.
|
| [1] "This question of smart-TV data privacy and security is
| by far the most-asked among Ask Wirecutter readers." -
| https://news.ycombinator.com/item?id=35484594
|
| [2]
| https://en.wikipedia.org/wiki/User_operation_prohibition
| kube-system wrote:
| > I addressed this - systems without IME exist, but are
| not available for purchase, for any price, except for
| governments. That's not economics.
|
| As I understand governments just set a bit to disable IME
| on already existing processors. But if you want a feature
| and are willing to give them billions of dollars, Intel
| or anyone else _absolutely_ will add a feature for you.
| You can call up any fab and have them make whatever you
| want. Custom silicon is absolutely a thing, but it
| requires big bucks. Nobody makes bleeding-edge node
| processors for applications with tiny markets _precisely_
| because of economics. They are made for the only market
| with enough revenue to support the R &D cost: the mass
| market.
|
| > I specifically said "non-rootable", i.e. non-privileged
| by default, but that can be unlocked. So mainstream
| phones would remain non-privileged except for those
| motivated enough to follow an unlock procedure.
|
| Mainstream phones don't do this. They still sell.
| Therefore it is proven that the market DGAF. The largest
| customers for a company like Samsung are businesses who
| _don 't_ want the phones to be unlockable. They want that
| shit locked down and surveilled like Fort Knox. Pun
| intended. https://samsungknox.com/en
|
| > If MS prevented users from running any compiler except
| Visual Studio on Windows, would you excuse it because
| those that need it are a niche market, for whom the more
| expensive Windows Pro licenses are made?
|
| I don't think they have a reason to expend resources to
| affirmatively make this change -- but the few products
| they've released for which it was inconvenient to add
| support for things like this, they absolutely have. eg: S
| mode.
|
| > There are no non-smart TVs on store shelves next to
| smart ones, just for a higher price, despite demand [1].
| In fact it's a challenge to find one at all.
|
| You can find sometimes find Spectre dumb TVs at walmart.
| Know why the they're hard to find? Because TVs have large
| fixed costs to produce, and if you don't move enough
| units to cover both the marginal _and fixed costs_ , you
| cannot afford to _offer_ the product at all.
|
| > "This question of smart-TV data privacy and security is
| by far the most-asked among Ask Wirecutter readers."
|
| I don't doubt that Wirecutter has received maybe hundreds
| of questions about this topic. But almost 225 million TVs
| sell annually. People _buy_ smart TVs.
|
| It's just the reality that privacy is not a primary
| purchasing consideration for mass market customers. The
| mass market doesn't care. If you even _read_ a privacy
| policy, people will think you 're weird. I wish it
| weren't the case, but it plainly is. It really won't
| change until people _stop_ buying these products.
| Bran_son wrote:
| > But almost 225 million TVs sell annually. People buy
| smart TVs.
|
| There's literally nothing else on the consumer market.
| Edit: There may be a dumb Sceptre TV hidden in a Walmart
| warehouse somewhere, but I checked and there are none
| available in my entire EU country. Meanwhile the smart
| TVs sure don't advertise their spyware as prominently as
| their price, so we can add fraud in addition to robbery.
|
| > As I understand governments just set a bit to disable
| IME on already existing processors. But if you want a
| feature and are willing to give them billions of dollars,
| Intel or anyone else absolutely will add a feature for
| you. [..] Custom silicon is absolutely a thing
|
| If all it takes is setting a bit, I don't see why you'd
| invoke _custom silicon_ except to muddy the waters.
| kube-system wrote:
| That's not even true, as I mentioned.
|
| Examples:
|
| https://www.sceptre.com/TV/4K-UHD-TV-
| category1category73.htm...
|
| https://www.walmart.com/ip/Sceptre-55-Class-4K-UHD-LED-
| TV-HD...
|
| Also, it's besides my point. The fact that people buy
| smart TVs in large numbers is _proof_ of the fact that
| the privacy concerns are not a factor in the mass market
| 's buying decisions.
|
| Do you own a TV? Did you buy a Sceptre? Why not? Did you
| not care enough about the privacy consideration to do a
| quick search to see that they exist? Most people don't.
|
| > If all it takes is setting a bit, I don't see why you'd
| invoke custom silicon except to muddy the waters.
|
| Because I was responding precisely to your gripe about
| "impossibility of buying a CPU without Intel Management
| Engine (or AMD equivalent)". If you are happy setting
| that bit, then the problem you are complaining about
| doesn't exist:
|
| https://hackaday.com/2020/01/28/factory-laptop-with-ime-
| disa...
|
| https://hackaday.com/2023/04/12/disabling-intels-
| backdoors-o...
| Bran_son wrote:
| > Do you own a TV? Did you buy a Sceptre? Why not?
|
| I do, I did not, because my TV is old enough to not yet
| be "smart", _and_ because Sceptres are literally not
| available anywhere in my country. Am I now virtuous
| enough by your standards to point out how hostile
| manufacturers are to users?
|
| > The fact that people buy smart TVs in large numbers is
| proof
|
| Hey I wonder if you asked ten random people if they knew
| their smart TV was reporting the contents of their USB
| sticks and their viewing habits to 3rd parties, how many
| would answer yes? This is the same revealed preference
| tortured logic that concludes people don't care about
| child labor because they still buy chocolate. Out of
| sight out of mind.
|
| > If you are happy setting that bit, then the problem you
| are complaining about doesn't exist
|
| Then this is a recent development, because in 2017 even
| Google was unable to get rid of IME: _As of 2017, Google
| was attempting to eliminate proprietary firmware from its
| servers and found that the ME was a hurdle to that._ - ht
| tps://en.wikipedia.org/wiki/Intel_Management_Engine#By_Go
| o...
| mindslight wrote:
| IMO the main culprit of the sea change is ubiquitous network
| connectivity, which allowed widespread adoption of centralized
| backhaul/control based software architectures
|
| The secondarily, the workings of software are increasingly
| opaque to most people. This leaves people unaware of what is
| actually being done. It seems that when most people are shown a
| snapshot of surveillance records about themselves they get
| seriously concerned, but otherwise out of sight out of mind.
|
| The solution in the modern day is the same as the solution back
| then - endeavor to run software that is designed to _represent
| your own interests_ rather than those of its authors. It doesn
| 't particularly matter if my CPU, or any other component, has a
| serial number, camera, microphone, GPS receiver, etc, if I'm
| not trusting software that will take sensitive data and send it
| off to hostile parties.
| api wrote:
| That's true from a technical point of view, but I was
| referring to the social and behavioral angle. It seems like
| it was mobile that killed the commitment to privacy in the
| minds of users.
|
| My only real reservation about the EV revolution is that this
| is doing similar things to people with regard to cars. An EV
| is just a car with a battery and a motor instead of a gas
| tank and an ICE, but the "form factor change" seems like it
| can be used as a pretext to introduce a lot of other changes
| like your car no longer being yours. Teslas are too cloud
| connected already, and Ford is talking about a car that can
| repossess itself at their command. When you pay off your car
| does this feature get turned off? I doubt it.
|
| It seems like it's easy to use any change as a pretext to
| smuggle other perhaps less palatable changes in alongside it.
| mindslight wrote:
| I agree that shiny new things are often traps, which then
| normalize bad developments across an industry. But I also
| think a lot of the privacy/autonomy shift was really a
| shift to a wider gamut of non-technical people using
| technology, and would have happened regardless of the new
| form factor. Also the change wasn't led by mobile, but
| rather it was web 2.0 that really kicked off the trend of
| centrally controlled software.
| orangecat wrote:
| _IMO the main culprit of the sea change is Ubiquitous network
| connectivity_
|
| Right. I'm dreading the day when platform vendors decide that
| connectivity is fast and ubiquitous enough so that "your"
| "computer" should become a dumb framebuffer with all
| processing and storage done in their data centers, which will
| eliminate the last vestiges of user privacy and control.
| [deleted]
| dang wrote:
| Url changed from
| https://web.archive.org/web/20010419012218/http://www.zdnet....
| to something more like the original source.
|
| (Archive.org links are fine if there's really nothing else
| available, but please try to find an original source first.)
| jasoneckert wrote:
| Related and noteworthy is the 1999 quote from Scott McNealy (CEO
| of Sun Microsystems): "You have zero privacy anyway. Get over
| it."
| 23B1 wrote:
| Had a doctor say a version of this when we turned down genetic
| testing of our newborn. I was like "That isn't the argument you
| want to make with me." haha.
|
| You see, in our state, it is law to take the blood of the
| newborn to test for disease. Sounds sorta okay until you learn
| that the state has been selling the genetic data of your
| offspring without your consent.
|
| It's a quiet issue that is happening in a few states currently:
| https://newjerseymonitor.com/2022/09/19/parents-score-victor...
| iamnotsure wrote:
| Humans are not cattle.
| eftychis wrote:
| This is so depressing to learn.
| 23B1 wrote:
| I was completely blown away by it because they didn't even
| do informed consent on the public health sites. It's a
| totally rampant violation of your child's 4th amendment
| rights - on the day they are born.
| mepian wrote:
| [flagged]
| dang wrote:
| Please don't take HN threads into flamewar, regardless of how
| nice someone isn't or you feel they aren't. It's not what
| this site is for, and destroys what it is for.
|
| https://news.ycombinator.com/newsguidelines.html
| filoleg wrote:
| That quote was made by a very important (at the time) person
| in the tech industry, about 16 years before Trump had even
| announced his run for presidency.
|
| His present-time support for Trump doesn't have much to tell
| me about the events that happened close to two decades prior,
| in an entirely different context.
|
| P.S. Among many others, one of the reasons I was excited
| about Trump's presidency ending was the hope that I won't
| have to be digging through "orangemanbad" quips in
| conversations about entirely unrelated topics anymore. Oh boy
| how unreasonably optimistic I was about it.
| jeffbee wrote:
| [flagged]
| bboygravity wrote:
| Or you assign and track serial numbers yourself, like people do
| with, say, literally every other object in every large scale
| operation in the history of humanity?
|
| For that reason exist (e)SIMs, bar codes, qr codes, serial
| numbers in general, serial numbers of assemblies, serial
| numbers of sub-assemblies, serial numbers of parts, etc. You
| don't need a manufacturer to give something a serial number?
| yarg wrote:
| Serial numbers are rather useful from a validation
| standpoint, counterfeiting is a real danger.
| super256 wrote:
| There is still a serial number printed on the box, and a
| batch number on the box AND heat spreader.
|
| A part of the serial number (assembly test process order
| number) is also printed on the CPU package (not the box,
| but the actual die carrier). So, even if the counterfeiter
| made the effort to replace the heat spreader, you could
| still find out.
|
| Edit: Talking about Intel CPUs obviously.
| yarg wrote:
| That's fine for a small number of computers, but it
| doesn't scale.
| burnte wrote:
| My life is not for sale just to make yours easier.
| msylvest wrote:
| In those days I worked for Intel in a branch in Copenhagen,
| Denmark. Doing Ethernet stuff, pretty far from the CPU dev and
| fab running the company. Incidentally Phil Zimmermann, maker of
| PGP, was in town, giving a lecture on privacy. I had the chance
| of asking him of his opinion; he reflected and said: "I think
| Intel has made a mistake." I agreed but didn't expect Intel mgmt
| to take action on this. And for a year I was right. In 2000, the
| serial numbers were quietly removed. Just to be re-added some
| years later....
| no_time wrote:
| Outcry over a single non crypto-enforced ID seems almost cute
| with todays treacherous technology like MS Pluton and ARM
| TrustZone.
| crmd wrote:
| A year later:
| https://www.computerworld.com/article/2594698/intel-to-phase...
| jmole wrote:
| aren't all processors serialized these days? the problem here
| seems to be the software exposing private information in
| inappropriate ways...
| no_time wrote:
| No but HDDs are. And GPUs. And NICs.
|
| To get a picture of how much unique information is present on
| every PC these days, look at one of the pasted anticheat HWID
| spoofers on GitHub.
|
| EDIT: found this nifty list
| https://www.unknowncheats.me/forum/anti-cheat-
| bypass/333662-...
| burnte wrote:
| No.
___________________________________________________________________
(page generated 2023-04-15 23:00 UTC)