Forgot your password?
typodupeerror
Intel

Intel PSN Boycott Planned 129

Posted by CmdrTaco
from the that-didn't-take-long dept.
James Morris writes "Junkbusters in assocication with EPIC are planning a boycott in response to the proposed Intel Processor Serial Number (PSN). Junkbusters' assessment of the PSN scheme and a FAQ about the Boycott may be found here. "
This discussion has been archived. No new comments can be posted.

Intel PSN Boycott Planned

Comments Filter:
  • Don't forget, just like software companies tried to use hard drive serial numbers, volume numbers, ethernet card MAC's they will probably try to use CPU serial numbers - see http://www.cpureview.com/art_is.html for an article [cpureview.com] on how it could be used for copy protection.

    All I can say it they do this, AMD & Cyrix & IDT & Rise stock (and later Transmeta) will be good buys :-)
  • It's about authentication. Intel doesn't give a damn where you've been so long as they can set up a tollbooth which only Intel Pentium IIIs (not Cyrix, not AMD, not even Celerons!) can pass.
    If you _have_ to have a PIII to get in, maybe they will sell them.
    A later story seems to be saying they're backing down- fair enough, but this was never about privacy, it is about setting up an Intel Tollbooth. And why would people go along with that? Ask why the Dilbert website has a 'PII-required' Comic Explorer. Intel are quite ready to pay off people to do this sort of thing, and with a chip ID (it's really only saying 'this is a PIII!') they had a plan that would actually have forced people to not buy celerons and PPCs and what have you.
  • Posted by lnc:

    Since you are all on the net, you are already trackable via the MAC address on your etherenet card. A number that is guaranteed unique anywhere. Are you going to boycott 3COM too?
  • Posted by Lord Kano-The Gangster Of Love:

    Intel Processors already have serial numbers etched into them. This is something completely different. It would be like GM putting a transponder into every car that they make so that they can track every place that you drive.

    It's my own damned business where I drive.

    It's my own damned business which web sites I go to. What happenes if I buy a used machine and it's former own used to DL kiddie porn or pirate software, or sent a death threat to the president? I'll have the same processor, will that get me a visit from my local feds? (not a pleasant experience, trust me)

    Does GE put a little camera & transmitter into my refrigerator so that they can tell how much food I have, how often I eat, or if I posess more beer than they think is necessary?

    It's my own damned business how much beer I have.

    Our privacy is too important to just lie down and hand it over to anyone. Every day I become more and more happy that I use Macs as well as Wintel.

    While we're at it, let's have all newborns implanted with camera's & microphones. After all it's no big deal. If they're not doing anything wrong what difference will it make? It'll allow us to find out who is committing all of the unsolved crimes. In a generation we will be able to weed out ALL of the criminals. So that the peaceable will be safer from them.

    This is where this type of thinking is headed. If you give an inch, they take a light year.

    LK
  • Posted by Lord Kano-The Gangster Of Love:

    So what if they're rounding up the Jews? Of course they're just expatrioting them. What do you mean death camp? You're paranoid.

    It's this type of apathy that has lead to every great transgression of human rights, in this case however it's privacy.

    With this technology as a viable option how long do you think it'll be until web sites of ALL types require the ID mechanism to be turned on before you can access them? How many web sites require you to enable cookies?

    How long before computers come qith thumb print scanners or retinal scanners just to make sure you are who you say you are.

    What do you mean you don't want one? You must be planning to do something illegal then.

    Wake up.

    LK
  • Posted by Lord Kano-The Gangster Of Love:

    You mean the way that sites *have to ask* if they can set cookies on your machine? 90% of people buying new computers are morons who are just keeping up with the Jones'.

    These people don't know what an "autoexec.bat" or an "INIT" is. You really expect these people to be able to enable or disable PSN checks?

    We're talking about assholes who send in checks to ISPs payable to "the internet".

    LK
  • Posted by Lord Kano-The Gangster Of Love:

    Have you ever tried to use Yahoo Mail, or any M$ site without cookies enabled?

    It's not possible. When it's possible to collect HUGE amounts of marketting date and SELL IT how long do you think it'll be until you can't use the internet without it.

    AST has been building a unique code into the BIOS of their machines and a way to monitor their connections to the internet for over a year. Image what will happen when every PC has that capability.

    LK
  • This whole idea promotes the myth that there is one user per PC. A true multi-user computer would confound the assumptions in their tracking databases. Just because somebody used my computer a few seconds ago to vist a site doesn't mean that that someone was me. It could have been the person down the hall running netscape on my machine through a remote X11 session. This idea is a slap in the face to users of real OS's that can do this. It's like they are saying we don't exist.

    This one-user-per-PC myth is the sort of thing MS's networking 'solutions' have been promoting for ages. (Anyone who has tried to set up Samba in a secure fashion knows what I mean.)

  • Many people have pointed out that the idea of a CPU id is not new, and has been around before. That's true. But you aren't paying attention to what makes this situation different. Look at how they intend to use the ID, and the reason for concern is obvious. They want to use it to track who is being 'naughty' and disallow them from places. For example, imagine a next-generation IRC-like chat room system that would be able to kick people off on the basis of their CPU ID and not let them back even if they choose a different name (which was one of the examples given). Does this mean that anyone who chooses to mask off the ID at boot-up would never be allowed in, under the presumption that they must be doing it for illicit purposes?

    What about people who don't use an Intel PC? Will they be shunned for not submitting to the monopoly, because they lack the ID? Will cloners like AMD end up being forced to implement the IDs as well so as to not cut off their users from those sites? Will there be ID clashes between AMD, Cyrix, and Intel using the same ID numbers? (Intel certainly wouldn't want to divvy up the numberspace for the benefit of their competitors.)

    How will software transmit this ID information to other sites? Can you be easily defamed by someone else spoofing your ID and engaging in illicit activity?

    The problem here is not that the ID exists, but that it is intended to be used in an insecure, unreliable way by people who are going to falsely assume it is accurate and reliable. Good people will be hurt by this, and anyone not using an Intel-branded CPU will be assumed to be an evil little criminal by the software because they won't have the proper ID.

  • It sends a more powerful message that way.

    I can tell you this: I will not buy a Pentium III if it has this crap.

    Hey, Intel: You want a serial number? Stamp it on the outside.

  • It sends a more powerful message that way.

    I can tell you this: I will not buy a Pentium III if it has this crap.

    Hey, Intel: You want a serial number? Stamp it on the outside.

    And this is nothing whatsoever like cookies.

  • I made a banner at DaBuzz.net [dabuzz.net] that anyone can use (steal) if they want.

    Enjoy.
  • 1. Who are you trying to kid? It's turned on by default and even though you can turn it off, it gets turned back on every time you reboot.

    2. Yeah, they probably worked that stuff out well in advance.

    3. Not necessarily, but it is definitely possible. Intel may even push for this because it might require you to leave the PSN feature turned on in order to use software that requires it. Nobody cares about high end Unix stuff because it's not mass-market.

    4. Shrug. They'll work this out too.

    5. It's more than a few thousand geeks that are overclocking. Even mainstream PC magazines tell you how to overclock in 3 easy steps. I don't think tracking it would help Intel much except to let them know how widespread it is and decide if it's worth it to them to devote resources to making the chips un-overclockable.

    It's not FUD. There are legitimate concerns here. You are ignorant if you think something like this won't be abused to the fullest extent possible by people seeking money. It won't just be e-commerce sites tracking you. It will be every idiot and company with a web site who hope to earn some cash by selling your browsing habits to anyone who will pay.

  • This struck me as paranoid conspiracy theory at first, but it looks like it's true. Seems though that it's just being proposed in California however. I have a feeling that if something like this actually gets implemented someone is going to make a lot of money selling devices that transmit static at whatever frequency these things use.
  • by mholve (1101)
    Um, DEC VAX and PDP machines, SGI and Sun have been doing this since day one, back in like, the 70's and 80's. Ever heard of the FlexLM license on SGIs by chance? Ever install vertical market software on a VAX?

    This shit is so old it stinks. Another example of Intel finally catching up to what's been out for YEARS (er, decades).

  • I was going to setup a new Intel box, but the hell with 'em. I bought an SGI instaed, and my next computer will be a Sun or Sparc based...
  • LOL...

    As for the SGI I bought, it's MIPS powered, thank you... :)

  • My next computer is probably going to be a G3 for other reasons, but this pretty much seals it shut.

    I realised that the only things keeping me from doing it sooner was my own hardware bias which I have no excuse for (as a former Amiga owner) and worrying where LinuxPPC would go. At this point I'm looking at my options and I've pre-ordered LinuxPPC 5.0 with a T-Shirt ;)

    Honestly I have no good reason to fund the Intel/Microsoft crap-factory anymore... Anything I can or want to do on any platform I can pretty much do in Linux, on a PPC, and if not on the tiny MacOS partition I have planned.

    If anyone has any valid arguments against this plan that DON'T have to do with the ammount of software available for PPC, please pass them along as I'd like to hear them.
  • Actually most disk drives have had a software viewable serial number for over 8 years. Both of my seagate IDE disk drives have a serial number that hdparm can view. One disk is from 1991, and the other one is from 1994.

    Hal Duston
  • Perhaps, but I cannot see how the CPU is going to broadcast the serial number all over the place ALL BY ITSELF. My CPU doesn't even know if I have a modem, NIC or anything else, it only knows about memory and interrupt controllers. In otherwords, it will need help from the software. Even if some sites will not let you in without a serial number, if you are using linux or probably even free mozilla, you cannot be prevented from LYING about the number and the CPU will not have to be altered. The only way this would ever work, would be for the DOJ to mandate the use of Windows, AND forbid the use of free mozilla. I don't see that happening.
  • It seems to me that this thing is super unreliable. What happens if someone makes a little app that gives out the wrong number over the web? With Mozilla being free now, I'm sure someone could alter it quite easily to give out a fake number.

    The fact that it is unreliable is a cause for serious concern even among those who are not concerned about their actions being tracked. If some unscrupulious type running a website gets hold of your number, he could use it for some real bad stuff.

    Putting a unique ID in each chip is not such a bad idea, but I don't think Intel should be pushing this as some form of identification. It should only be used as a means of identifying the authenticity of your chip as well as finding stolen/remarked chips.

    If i want to verify my ID, I'll use a PGP.
    --
  • Harken back before the days of the Celeron 300A, and send ye mind to the age of the first of the Celeron Fiefs. It was an age of darkness for Ye Olde Processor Lords, for one need search far and wide for a townsfolk that had not heard from the Town Berst about the Daemon of L2 Castration that had possessed the Meadows of Celeron. YEOM(Ye Olde, etceterth) tapped its vast reserves of marketing and engineering black magicks, and slayed the Daemon mightily, but prophecy would fortell of another, more sinister creature, summoned once again by the misguided lords...a creature so hideous that even one of Kings Men would demand on behalf of the lowly serfs that this creature be sent to the silicon bit bucket from whence it came. The time hath come once again, Fellow Slashers of the Order Dot, for us to stand as an army of Knightly Geeks against those Daemons that would possess the identities of all it touched. Tis the Celeron Effect that has once again plagued the conjurers of Intel, and as we have done once, we must again do battle to save the land.

    [I need to sleep more. I need to sleep more. I need to sleep more.]

    Once you pull the pin, Mr. Grenade is no longer your friend.
  • Your analogy is flawed. The hardware address of your ethernet card is not ever broadcast over the internet. It is only broadcast over your local subnet. So it is impossible to track people by their ethernet card. Intel, on the other hand, has stated very clearly that the CPU ID will be broadcast over the internet.

    Besides, many people on the internet don't even have ethernet cards. Ever heard of modems?

    I don't need to comment on why Intel CPU ID is bad--see Anne Observer's comments below

  • I cannot see the impact other people do. A PSN is not worse than the 48 Bit Ethernet adresses that every network cards has. When you are using HTTP, no one can read your PSN (or Ethernet address) unless you allow him to execute native code on your computer. Before a browser sends your PSN to a server, it has to ask you. It's the same thing like sending your email address.
    What's so great about PSN is that is prohibits software theft. I don't like closed-source software, but I also hate pirated software, because it really hurts software developers (and I am one of them). And when people suddenly really have to pay for their software, they will start to use more free software.
  • So we would have the option of disabling it. But, how would I know there is not some kind of hidden back door to reactivate it? Should I take Intel's word on privacy? Didn't Microsoft do something like this to Ceaser's Palace with an SPA raid a few years back?

    I can just picture some warez user or some executive opening an trojaned email. An exploit written by insiders to bypass the chip's protection and sneak the ID out onto the ethernet.
  • People are complaining that their software may "secretly use" this code to track them. Not if you are using free software! That's part of the reason you use and promote free software.

    Those who say that the Pentium III will catch on anyway are correct. Just wait until the first big privacy screw-up and people find out that the only way to be safe is to use code you can inspect yourself...

    • The problem is that Intel plans to make the computer broadcast these serial numbers over the internet.
    It's comments like this that are making me start to wonder how much a lot of people who read slashdot really know about computers!

    Intel makes CPUs. They don't make a single operating system or any network software that I'm aware of. How, exactly, is Intel going to "broadcast" my serial number over the Internet without any assitance from Linux, my software, or my corporate firewall, for that matter?

  • When you get a new computer to replace the one that was stolen, you are going to find your software or your ISP does not work unless you mail the police report about your stolen computer (including it's ID) and your new computers ID to the software company. Then it is rather trivial for the databases to move the information from the old ID to the new one.

    I believe the PID will be far more reliable than the SSN. Sometimes people mistype the SSN...
  • No, it's immensly trivial. To run your new copy of MSQuicken you have to register at the MS web site. This will pop up a form for your name, address, phone number, where you bought the software, who recommended it, your hobbies, and all that. Most likely you dont *have* to fill it in but I figure a lot of people will. Submitting of the form will also transmit your CPU ID, and it will send back a cookie with a encrypted version of your cpu id (and perhaps everything you typed into the form encrypted as well).

    MSQuicken will read the cookie file (I don't think they will even bother to put it somewhere else!) and decrypt it and refuse to run unless it results in the same CPU ID as the machine.

    And the end user will be happy because their 1040 form comes up already filled in with their name and SSN and perhaps even their income...
  • Hmmm, I think I'll install *insert product here* on my machine. Oh, it needs the latest HTML engine from Microsoft (IE version Y), okay I guess I better install that. Hmmm, IE version Y won't install with the error message: "IE Setup detected that you have a Pentium III processor but the PSN has been deactivated. Please reboot your machine and re-activate tht PSN for Setup to continue."

    Oh, so this is just like my refirgerator: I can't use it unless I send the serial number to Kenmore and keep them updated on what food I have 'installed'.

    The wheel is turning but the hamster is dead.

  • ok - so now are computers have an extra id tag..
    all dells and compaqs come with S/N - this is no different..

    What I don't understand is, why are so many linux users complaining? If the kernel adds an API function for it, then we can use it for our own systems management - at the same time it could be a kernel config option. If a rogue program trys to access it through i/o means - oh well - thats what you get for running pre-compiled bins.

    even in the event that microsoft and linux both give full access to this number, if the browser doesn't allow it to be transfered - you are still safe.. again the only problem being that some rogue program may transfer the number to some site without consent - but again, thats what you get...
  • That's fine if you never buy anything over the internet. Make just one purchase and your CPU ID will be tied to your credit card number which is tied to your name, SSN, etc. Companies buy marketing lists all the time. It's very easy to buy a bunch of lists with CPU IDs, names, and SSNs in them and match up lists from various sources to build a comprehensive picture of your activities. If you don't mind that any minimum wage clerk in any marketing company can pull up a list of all your web interests and activities then go ahead an broadcast. I'd also suggest you stop wasting money on envelopes for snail mail and cc your email to a few global mailing lists.
  • As the article referenced details quite well, Intel is not necessarily the problem. Their intentions are (IMHO) most likely harmless at the least, pro-security at the most. The point is, according to Intel's own information, virtually anyone else will be able to access the PSN as well, and use it for tracking whatever they wish. What distinguishes this form of tracking is its immutability.

    Data warehousing is not a small privacy problem. Economic incentives for commercial entities to know every aspect of consumers, and share that information with other commercial entities, are strong. The problem this "feature" creates is that it provides an easily-used, hard to avoid means of identifying individuals over the 'net.

    I think the thermal random number generator is a neat idea. The processor serial number is a disaster, by contrast.

    Kythe
    (Remove "x"'s from

  • As people don't tend to buy new computers daily (or even monthly), the PSN will effectively be tied to you, the person, as well.

    Kythe
    (Remove "x"'s from
  • No, the PSN won't be "officially" tied to a person. The point is, due to the fact that people tend to keep the same processor for a least a little while, commercial entities using the Internet will be able to effectively tie given PSN's to individuals, enabling people-tracking (along with associated gathered data) on a scale not even approached by SSN's.

    Why do I believe this? Simple -- companies are motivated by economic incentives. The incentives of massive "know your customer" programs are too good to pass up.

    Kythe
    (Remove "x"'s from

  • How often do you buy a new processor?

    Kythe
    (Remove "x"'s from
  • Let me give you a hint: you can turn it off.

    But unless the OS or some boot program does it automatically, most people probably won't.

    Why do you think Internet Explorer has gained so much market share? Because of high program quality? I'd submit it's because most people running Windows don't bother to install anything else. Same situation, IMHO. Noone forces you to use it. But the average soul either doesn't know enough not to, or simply doesn't want to be troubled to make the change.

    Kythe
    (Remove "x"'s from

  • this is insane. at best, it's a copy protection device (good). people who support free software should loudly praise, promote, and support intel's psn. why? simple:

    1. it really doesn't affect free software, it's not useful since free software doesn't need a per-processor license.

    2. it does affect closed software. it helps enforce their licensing schemes. If companies had to pay the full amount for their Microsoft Office software, maybe they'd look around for alternatives.

    look kids, i really doubt the free version of mozilla will spew PSN's to every web site that requests it. i suspect the Linux kernel will either have a way to disable it, munge it, or warn that it exists. the new /dev/cmos may be a step towards solving it. at the very least it should be simple enough to write a util to skim executables that have a PSN extraction code (unless it's cleverly hidden in data segments of the like).

    PSN's help free software in my mind. it's just one more bit of advocacy for linux and the *bsd's. free software offers platform independence, and it offers the ability to not let companies leak info about you.

    so go intel. implement a psn just like sparc's and other workstation class cpu's have done before you. make deals with companies who think they'll get more demographic info. and then let eric raymond, robert young, netscape/mozilla, and all the others involved in free (and open) software explain to the people that their privacy is still quite safe. with linux/*bsd.

  • Since when did your disk drive serial numbers get broadcast over the net, eh?
  • Getting some national exposure already - whatever the outcome, I'm glad to see that the issue has been raised in the traditional press as well...
  • How do you know that some Java applet wont be able to grab the CPU id from your computer? Im not sure how insulated Java is from the hardware, but maybe someone will be able to do that.

    just a thought.
  • And I don't care too much about Winblows lusers.

    People that use OSS, GNU and Linux are in
    complete control of what their system is
    sending over the Internet. Therefore it's not
    a problem for them.

    Linux would actually benefit from such a
    move by Intel, since we can impose FUD tactics
    on Microsoft - anybody can look into Linux
    sources, would Bill Gates allow that for his
    sh*t?

  • No one is doubting that serial number on chips might reduce theft - the transmission of that number on the other hand, is a clear provacy risk.

    This and the various incarnations of the CDA, it appears we are entering a age of surveillance. What isn't clear is who is watching, why they are watching, or how the watchers are governed and held accountable.

    In the past I would have written off privacy advocates and users of PGP as slightly paranoid. I no longer do. The tragedy is that most common users have no idea that this is taking place, and cannot take the appropriate measures to counter the increasing surveillance of their private lives.
  • I hear the Pentium III being mentioned; anyone know about lower-generation chips like the Pentium II? Furthermore, does anyone know whether AMD or IBM will include this "feature" in their chips?

  • as an individual, I don't give a fuck about my processor having an ID number; I know I use Linux which doesn't send numbers around (and given that Linux developpers are a very clueful bunch, I trust that it won't in the future unless I explicitly tell it to), and I know that the Netscape I use can't send these (if only because they don't exist yet). so if/when the P3 comes out and if/when I end up getting one, I can stay out of the ID number craze very easily, and even hack the kernel, or mozilla, or both, to make up random ID's on the fly. any techie can do that by spending enough time on it (and i'm sure it'd take me quite a while to figure out the code involved, but I bet it'd be a fun project).

    now, we also have to understand, that the world is not only made of techies, and that it's a nice thing when the non-nerds can have privacy too... so it's a good thing to oppose things that would make the average user easier to track. the ID won't be magically transmitted, but if some future version of windoze+IE sends it by default, much damage is done.

  • i find /. works just great with lynx... I'm running 2.8.1 with a couple patches that shouldn't make a difference for this. it's so much faster than netscape at displaying the /. pages that it's scary. in fact, I'll read /. with lynx even when I'm running X and already have a netscape running.
  • you don't seem to get the fact that there are different perspectives on these things. cookies, javascript and DHTML are GREAT for the programmer of web-based applications. they let you do many things more easily, more quickly, etc. the problem is that, from the point of view of the consumer who does not trust all the sites he goes to, these things can also be abused, using cookies to track your viewing habits in detail, or javascript to open more browser windows on their site or with ads or whatever, or making it hard to leave their site. this is the basic design problem that these technologies have: they get the trust model completely wrong, by assuming that you trust the content provider to "do the right thing", when in practice you know that many won't. if you need to trust a site just to see it, something is very, very screwed up.
  • 1. Most BigCorps want as much info on you as they can get. I think this'll count. They won't _require_ it but they'll gladly accept it.

    2. My belief is MS already has the hooks for this built in to their bugware.

    3. Yes you are. You already admitted as much by talking about high-end Unix stuff. Oh yeah, high-end - vertical markets tend to support much higher costs since they don't have the volume. And with high-end s/w you have support contracts that require turn-arounds for new licence numbers in real-time (read: a phone call). This can only happen with lower-volume sales.

    4. Who indeed?

    5. When people talk about "catching overclockers" they mean the folks who _sell_ 300Mhz o/c'ed chips running at 400Mhz, at 400Mhz prices. Not Joe Geek sitting in his basement with the fire extinguisher handy.
  • 1. Only an option if you know how. Or even that you can.

    2. So what?

    3. Dongles don't tie to a particular machine, they tie to a particular dongle. Move the dongle to a new machine, hey presto the software still works. Buy a new CPU? Hey presto the software still works. Buy a new dongle = buying a new copy of the software anyway.

    4. Omitted since nothing new has been said.

    5. What you've seen is irrelevant, since who Intel say they want to catch are the unethical resellers. If their intent was to catch overclocking geeks, unless the CPU broadcasts its speed AS WELL AS ITS ID, the scheme is hardly going to work, now is it? However since they have also said they won't be keeping a database of ID vs Speed, this whole point is moot.
  • Once again, someone hits a hot button issue, and everyone gets blinded to the realities of the proposal.

    1. The CPU ID that intel is proposing is effectually no different than that provided by UNIX hardware for aeons. It provides a (supposedly) unique number that identifies that specific machine.
    2. Anything that people want to do with the ID provided in (1) is in SOFTWARE folks. I can write a software module that traps calls for my CPUID (or I can just rewrite the hostid(1) program or gethostid(2) call).
    3. The issue of concern here is whether or not the Intel CPU ID will lead to nodelocked software. We all know what a royal pain in the ass nodelocked software is.
    4. The "broadcast" of your CPUID across the internet is a stupid idea. It's easily worked around (either by writing a small system call trap or with a function that generates a random ID each time it's asked). The ability to tie a CPUID to some discrete person is trivial to defeat. So the data collected is useless.

    People, we should really be much more concerned with the SID in NT. Now, there's a unique ID that can get tied to you, and there's no way to change it without mucking up alot of your NT domain stuff. Then again, considering how often I re-install NT, maybe it's not such a problem.

    Wake Up People! The problem isn't the hardware folks, it's the software folks. One of the big advantages of Open Source is that we can see what the programmers are doing - them proprietary folks can pull any high-jinks they want, since we can't see (well, I do hate binary crawling...).

    This whole thing is just an Intel marketing fuckup. they're implimenting a feature that really isn't too useful, and doing a lousy job of thinking up reasons it should be useful. Bad Intel PR, Bad Intel PR, go get yourself another job.

  • Folks,

    I hate to break out the bad news, but Intel's biggest rival--AMD--is also seriously considering implementing serial ID's on their CPU's. Don't be surprised if the upcoming K6-3 and K7 CPU's have a similar coding scheme.

    Now how will the privacy groups react if both Intel and AMD are putting on such serial numbers?
  • 1. Software manafacturers and ECommerce sites will never be able to REQUIRE the use of the ID - there will still be computers around for many years to come that don't have the ID, and also many new CPUs that don't use IDs.

    But some ECommerce sites already make their pages only available if you use cookies, frames, IE4 or netscape. I don't know WHY they close their doors to potential customers, but they DO.

    And what's to keep CDA v.3 of requiring all sites that offer "adult information" (i.e. anything other than Sesame Street) to keep and track CPU ids ("to protect the children").

    3. Licensing software to a particular CPU is just stupid....what happens when you upgrade? You have to get a new licence.... HOW ANNOYING

    Annoying to us, yes. Profitable to them? For sure. MicroSoft will be an early adopter and yes, if you upgrade your CPU, they will want you to buy a new license. From my reading of the EULA in recent days, it seems that MicroSoft already requires that you buy a new "license" if you upgrade your computer. They haven't been able to enforce that yet, but I'm sure they'd love to. They might even make a "cpu-upgrade license" package available for the low-low cost of $50.

  • This is quite correct. The SSN was originally developed for the sole purpose of distributing social security benefits. The Privacy Act of 1974 (a misnomer if I've ever seen one) was designed to govern the use of the SSN by other government agencies as well. Today, it's used by any number of entities as a means of identification, including credit bureaus, insurance companies, hospitals and doctors' offices, schools, etc. If people are skeptical about just what can happen, check out this [informus.com] site, which exists for the sole purpose of providing information about people. Since there doesn't seem to be any laws protecting citizens against the use of their personal information as a commodity, tracking a user's processor ID will add but one more means of invasion.

    There's also an interesting article [sciam.com] in this month's issue of Scientific American that compares the laws passed by European nations (the European privacy directive), with what (little) is in place to protect Americans. Ironically, some very big names (America Online, Bank of America, Bell Atlantic, IBM, EDS, Equifax, and Direct Marketing Association) all oppose specific legislation to protect the use of personal information (and why not - they've got a lot to lose). The whole notion of an embedded processor ID just raises the stakes a little higher.
  • here [informus.com]
  • It seems from reading about PSNs that Intel is marketing this as a security "feature". Ok, maybe it will help with authentication on some level (the masses that never bother with such anal details as this), but the more I think about it the more I realize, there are no security benifits. From what I understand, the CPU will be sending PSNs across the network, but what is there to keep me from spoofing a PSN? There has to be some low level driver that sends the PSN across the databus to the network device (modem, NIC, etc). So couldn't someone write their own driver that creates a false PSN? Or maybe the PSN is only accessed by a special instruction (as if x86 didn't have enough already!) or memory location. If this is the case, then it is even more insecure as the former because any user application could be written to create it's own PSN (ie you could hack mozilla). So really I don't see how this is going to improve anything. If you ask me, the whole thing smells of a copy protection scheme - a company could create an install program that grabbed the PSN, send that PSN to their web server along with the users name and credit info (the product would be purchased over the net), the web server would use the PSN and the users registration info to create a digital sig. and it would send this sig. back to the install script. Then, every time the program starts, it compairs the sig. with the PSN to make sure the program is not pirated. If an illegal copy shows up on the net (allong with the sig that is required to run), its a simple matter of looking that sig. up in the database and pressing charges.


  • It seems to me that you are still requiring the software to report the proper CPU identification number. One thing that people are worried about is the ID number being given out to random pages for tracking purposes. Couldn't you build a page to ask for the ID numbers, then cashe those numbers in a file that can be downloaded and used by modified browsers and such to hand out while browsing the web?

    Once you get a persons ID number, you would technically be that person to all the web pages you visited, and there would be virtually no way to track you down. Any server side software designed to defeat this would have to be made public, or even if it wasn't people would still get ahold of it, and cracked. It seems to me that a software program that can update the key and is specific to each users would be worth alot more security wise then a hard coded number that cannot be changed.

    Oh yea, what happens when you sell the machine?
  • I seen a lot of talk and speculation as to whether or not this is a legitimate privacy concern, whether or not it will help the SPA/BSA combat piracy, if it could force identification in e-commerce...

    But when is it ever a direct benefit to the consumer?

    I've come up with no examples of how this would provide a unique benefit to the end user not available via any other (less compromising) means.

    Nor have I seen anyone else cite any examples. Are people skeptical? Hell yes. And why not? "Hi, we're going to track everything you do on the net, and provide no discernable benefit to you for doing so. Have a nice day!"

    Don't tell me about turning it off. Tell me why I, the consumer and end user, would ever want it on. Unless it provides a benefit that can't otherwise be made available, then it will never be seen as anything but a tool of surveillance.

    Guess what, people don't like having anyone, including website operators of every stripe, looking over their shoulders any more than necessary. Without a clear benefit to consumers, it's in their natural interests to resist this.
  • I reject your proposition that the PSN makes a new and previously unattainable level of e-commerce security. There are two main flaws with this reasoning:

    1) This identifies a machine, and not a user.
    2) Superior means already exist, and they are less intrusive. PGP keys are already available and do a better job of identifying a user, as opposed to a machine. In addition, the key is part of a system that protects privacy, rather than skewering it by default.

    >It might not matter to you, or a lot of other
    >consumers, but corporations like security.

    Bogus argument. Read the original message and it's title again. "When is this ever in the consumer's interest?" It is the consumers that are going to be footing the bill for this. How will it help them? What new and previously unavailable benefits will consumers be buying when they pay their own money to give up their privacy?

    Your message has failed to illuminate anything previously unavailable that this sacrifice of privacy would provide to the people paying for it.

    Don't think I'm attacking you. I'm challenging your arguments, not your character. Please take this message in that spirit.
  • by BiGGO (15018)
    I agree with your statement.
    It will help opensource (and|or) free software.

    This will be nice as people will be forced to buy copies for each CPU.

    However I cannot understand how will a company enforce a software on a single CPU-ID only.

    Not all copies of software are sold with the computer and the CD is burnt with the CPUID somewhere.
    (They can't Microsoft refund action are in the way to stop it, hopefully they will)

    If I decided one one day to buy Wincrash and I have used Linux before (unrational, I know),
    then how can M$ make me use it on one CPU?
    they dont know the CPUID and cant burn it on the CDROM after installation!

    So I dont see the real use of it (except for our paranoid nightmares,
    such as internet sites and software that requires you to send your CPUID)

    If thats the case, OSS won't be helpful, because you will have to compile the CPUID modules/functions
    if you want to connect to the internet security sites etc.)
  • 1. Well, when the first 586 introduced, everybody said that it wont catch because an 486 is fast enough for home use. Today most software require 586, games require PII sometimes.

    2. MS will, dont worry, its their cash, you know.

    4. I think I do.
    Microsoft liscence will enable you to use CPUs which you have paid for. that is, if you got 2 CPUs, you need to copies, if you bought only one, you will be able to use one CPU only. (per CPU license, its pretty obvious, no?)

    5. They will make a feature that burns the CPU, sometimes the entire motherboard if you overclock.
    Wait! they already did... :-)
  • (By that I mean the IDing, not the boycot)

    1. Software manafacturers and ECommerce sites will never be able to REQUIRE the use of the ID - there will still be computers around for many years to come that don't have the ID, and also many new CPUs that don't use IDs.

    2. It will be a long time before software support is in place for this, at least for the OS (how long does it take M$ to add a new feature?), and even if it is included in Linux (which I doubt), anyone can modify it to remove/disable it. And for non-open source OSs and applications, I'm sure there will be plenty of hacks written. In the case of FLASH-updatable BIOSes, some may even be able to hack the BIOS to prevent it )(hey, it's been done with Creative DVD drives)

    3. Licensing software to a particular CPU is just stupid....what happens when you upgrade? You have to get a new licence.... HOW ANNOYING

    4. What if you have multiple CPUs? What ID do you use?

    5. Using the ID to find out what your real CPU speed is to detect overclocking? What a poor excuse. Instead of embedding the ID number, they should just embed the correct speed value it's self. And also, maybe new motherboards could then detect the correct speed.
  • Surely if Intel allow people to disable this up until the next reboot then someone will just provide a freeware 'disable-psn-at-boot' utility which would install itself in the AUTOEXEC.BAT for Win/DOS types. Heck you could even put something in the MBR if you really wanted to be sure.

    I guess that some Windoze apps might insist that you have PSN on to work properly but if this happens I'm sure someone will find a way of faking it (have everyone appear to be Bill G. for example :)

    Or am I missing something?

    David.
  • the long term effect of hardcoding chips with so-called security features could reduce our precious anonymity in the future. why? because, each chip now becomes unique; thus, very trackable. imagine the government knowing the "random-noise" profile of each chip, and then, linking that with our email address, so that evey time we fire up ou computer online, they get a hit. eventually, they could figure out where we are at any given time, even on the road, because, the unique chip signature will tattle. this is intel + bigbrother.
  • The ones not requiring an ID may incur greater costs due to fraud (not that that's inhibiting any current e-commerce companies), but the ones that do require it will have to raise prices by a much greater factor because with fewer customers, they have to get more profit per unit.
  • What's wrong with you guys? Intel comes along and offers to shoot themselves in the foot to encourag the rapid adoption of OSS, and you criticize them for it! I say we do everything we can think to encourage Intel to proceed with this self-destructive behaviour! The greatest wound to the Wintel monster could turn out to be this self-inflicted one! This should appeal to all of you with a sense of irony and poetic justice. Beg them to ship processor IDs in ALL their processors, then start a campaign to remind people that "Big Brother Barrett is watching YOU!" Stand back, and watch Wintel sales plummet! Thank you, thank you, thank you, Intel, for sacrificing yourself for the greater good in order to speed Linux on it's way to Total World Domination!

    ;-)
  • hardware random seed

    The random number generator is way cool, however, I doubt that anybody with a clue would use it just as a seed. The problem with software-generated "random" numbers is that they are NOT random, they are pseudo-random, and if you know the algorithm and current number, you can predict future numbers...

    Also, I fail to see how adding a processor ID which can be easily spoofed adds appreciably to the security of my transactions. If this were true, sites would already be using the disk driver serial numbers, etc.

    You've done nothing to demonstrate any real value to consumers of this "feature".
  • by El (94934)
    http://www.techserver.com/story/0,1643,11131-18983 -137390-0,00.html
  • "Why does everyone think Intel is going to get all of our info from this friggin ID?"

    That's easy -- because they can.

    Given this extremely easy way of gathering demographics based on every type of computer usage related to the Internet, Intel folks (and maybe others that license their technology) will quickly jump at the ability to find out just what everyone owns and what they're doing with it, in order to make the Internet a "better place".

    As for being paranoid, well, I for one will admit that I am on the healthy side of paranoia, yes -- but give me a reason why I shouldn't be in this age. :)

    (of course, Intel will quickly find that the only thing their ID is causing is a massive upsurge in AMD chip sales...)
  • Sure, how about this:

    CPU: Intel Pentium III stepping 00
    Kernel panic: unable to find suitable processor

    :)
  • > 2. It will be a long time before software support is in place for this, at least for the OS (how long does it take M$ to add a new feature?), and even if it is included in Linux (which I doubt)

    hmm... this is a dubious assumption. How long do you think it would take to port FlexLM to Linux or NT? And, if a software company that already uses some sort of licensing key to unlock its software on other OS's, how long is it going to take for them to put that code -back in- the code theyve ported to OS's that dont support good ID scheme's?

    > 3. Licensing software to a particular CPU is just stupid....what happens when you upgrade? You have to get a new licence.... HOW ANNOYING

    Im just guessing here, but youved never worked in the world of commercial Unix (or mainframe, even) environments. If you did, youd know this was common practice. Hell, some software packages, such as Oracle, charge you licensing fees based on the NUMBER of CPU's and tie the license to a system ID. Move the aplication, relicense the software. Add or Subtract CPUs, relicense the software.

    > 4. What if you have multiple CPUs? What ID do you use?

    probably, you would use some equivalent of the output of `hostid` or `sysinfo` or `lmhostid` (these are just ones that come to mind).
  • > However I cannot understand how will a company enforce a software on a single CPU-ID only.

    > Not all copies of software are sold with the computer and the CD is burnt with the CPUID somewhere. (They can't Microsoft refund action are in the way to stop it, hopefully they will)

    > If I decided one one day to buy Wincrash and I have used Linux before (unrational, I know), then how can M$ make me use it on one CPU? they dont know the CPUID and cant burn it on the CDROM after installation!

    hmmm... seems that it would be fairly easy to mass produce CDs that werent locked to a specific CPU at the factory, but upon install became so.

    Simply embed some form of license database check function that relies on the presence of two keys/codes: one being the CPU-ID of the chip, the other being some form of mathematical complement of the CPU-ID issued by the software vendor. Upon receipt and installation of the vendor issued complement, an unlocking key is formed and the full featured OS is available. Until the full key is there, only functions minimally necessary to get that key installed are enabled.

    and, as a check against crackers who figure out what the complement generating formula is, release the software in coded lots, such that each lot uses a slightly different algorithm to generate the functionaly license components.

    such a scheme would also allow you to install the same media on multiple machines, and only have the vendor charge you on a 'per key' basis. you want to upgrade or move your instance of the OS, contact the vendor, and they generate you a new key (for a "small" fee, of course).

    then again, im not a licensing expert, so this might be either impossible or impractical to implement.

    -tom

Men love to wonder, and that is the seed of science.

Working...