Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Intel

Intel to embed ID numbers in chips? 207

DaBuzz wrote in to send us one for the conspiracy nuts out there. Apparently Intel is gonna be embedding IDs in future processors so that we they can be tracked. This probably gives the paranoid something a bit more worrisome to be concerned about.
This discussion has been archived. No new comments can be posted.

Intel to embed ID numbers in chips?

Comments Filter:
  • Really. Why will I use software that reads this ID in the first place? If I'm law-abiding citizen, I will just use software that doesn't, and will make sure that it doesn't by compiling it myself. If I'm not, I will use some proprietary thing that reads it, run it under debugger (oh, debuggers vs. undebugable code wars again, but this time with complete hardware emulators available to general public) and fake ID, just like people fake credit card numbers. And since Intel chip becomes a "credit card" that costs >$100 to replace, things will be very interesting.

  • by J4 ( 449 )
    irish toast? is that like french toast?
  • If you suspect that the hardware RNG produces a bitstream with known correlations that an attacker could exploit, then scramble the bits further in software. For instance, instead of using the raw bitstream, pass it through your favorite stream cipher seeded with a key composed from a trusted random source like /dev/random. Or, for a lower-bandwidth application, read a random number of bits into a buffer, then compute the buffer's SHA-1 hash and use that as the next few bits of your stream.

    Someone who knows more about crypto than I do can probably suggest a stronger scheme than the above. The goal is to make it computationally infeasible for an attacker to exploit his knowledge of the RNG's hidden weaknesses, while requiring many fewer trusted random bits than would be needed if the hardware RNG were not used at all.

  • Posted by Abner Doon:

    Capatalism is gasping it's last as history will later see it. Ironically many of it's last ditch survival efforts will be the keys to a new age that many don't see coming. The solutions to perfect privacy and security lie around the corner in disguises like this one. Don't be fooled, this particular effort (or rumor) won't work:

    What I believe will work (I could prove it out for you, but that would be a book):

    ID=Position in space time. Possibly averaged from a large number of particles (microscopic). Hopefully accounting for all functional particles in the object. (Item's ID would change if it broke or was tampered with for instance)

    Everyone is given at birth a little black box(perhaps implanted) which provides identity.

    Every posession (while they still exist) also has it's identity and permissions, like files in a unix file system, it will react to people and other objects appropriately. This most notable includes communication devices. Communcation devices at large are the most important of these, computers being a part of everything. The routing protocols will be fantastic feats of physics:)

    Mundane things such as email are representative of the type of objects we will send. They could carry an id and therefore maintain your permissions across every system in the world. Of course on the flip side a system owner can filter email based on permissions as well as the obvious things making it possible to create "email contracts" meaning basically that "root" on said accepting system maintains root-like permissions while granting reliable feedback (such as when it was read) and allowing deletion or modification by the sender (before it is read).

    Free software advocates rejoice. You may think this bodes ill for using "other people's information" without paying for it. But it also means that if we don't accept the invasion of privacy necessary to provide uncrackable licensing (and we won't) the capitolists will sell their programs to an increasingly smaller customer base until all information is open source as a matter of common law.

    This is the direction we are headed. I have my timelines, but they are too sketchy to share yet. It will not be a violent revolution, but a light speed-technology driven evolution. Reader's of slashdot more than any other group so large and mainstream (relatively) should be aware of this due to the great content posted on nanotechnology and quantum computers.
    As I write this I chuckle inside because from this perspective (and I am VERY confident in it) the founding fathers of our next age are you and I. In a world driven by information, we are they who fight for freedom.

  • Posted by supercouillon:

    as any company using hardware dongles knows too well, any hardware is fooled too easily by software...
    I assume that immediately after the specs are released, kracks to change your ID will spread out everywhere...

    btw: what about users of AMD, Cyrix, PowerPC and else ???
  • dumb enough to run a closed-source os, that is. if they do it, I bet it'll be about 4 hrs. before a kernel-patch that shows arbitrary (and/or random) id's is available.
    of course, closed-source os'es will probably ride right along, happy to increase their "licensing" robbery.
  • there are other chips on this planet, so all
    that crap about sites requiring this id thing
    would alienate non intel users. looks like thats
    what intel wants. MS probably too. fuck em!
    besides, as mentioned in earlier posts an OS can
    overide anything that gets
    sent out over the network. sure you can encrypt
    something. and sure you can just take the encrypted version from another chip anyway.

    processor upgrades would now be a real hassle for
    commercial software if it used the IDs. more reason to us free software.
  • I fail to see what the CPUID has to do with anything. It's not as if the vendor can press the magic button and your cpu transmits it's ID. Software has to do that, and software, source or binary can be modified.

    It's just another trivial security scheme that will prevent casual fraud. A determined hacker will just disassemble the code, and change the instruction that fetches the cpuid to a literal load instruction, and viola, a fake ID. It's basically the same procedure that game crackers have used for years to patch binary games so they don't ask for the secret code from the cheap cardboard decoder wheel.

    Given that, the real worry is that casual fraud goes away, but determined systematic fraud becomes easier.

  • I thought they already had a unique number on the chip in the serial number. I heard they had serial numbers in the chips since the pentium was released.

    One thing I can see this being used for, though, is license schemes like current Unix platforms using flesLM. Not that that's good or bad, IMHO, just feasable.
  • I'm sure we will be seeing per-machine licencing of digital content happen using these IDs. For example, the mangled RIAA MP3 format...

    Probably fairly trivial to crack, but still, enough to get the clueless 90% of users to pay.
  • most computers come with some sort of serial numbers, often readable to the bios.
    Your ethernet card has a unique id.
    If you've got a static IP you've got a unique id.
    etc.. What sucks is it will probably raise the price of their hardware.
  • I would think that software that has been patched to add the functionality of reading the number from the chip and sending it over the Net would also be patched to disable such functionality at the same time. If not, then just don't upgrade your software until it is. It's not as if existing software will automagically do this stuff.

    Plus, I'm guessing that the software to be modified is the apps, not the OS, as it's the apps which talk over the network. (At least, I hope they don't plan on embedding this thing into TCP/IP itself...)

  • no, but any day, "they" could make a law that makes what you do illegal. maybe it's currently legal, but won't be in the future because some high-priced corporate lobbyist greased some congressional palms.

    It happens all the time.
  • hm. NOW Intel's investment in Linux is starting to make more sense. . .
  • one other point -
    What about emulators?
    On a Macintosh running VirtualPC, couldn't one, in theory, tamper with the code, and forge a CPU ID since it's not tied to hardware?
  • ... ability to block that ID from getting out. Windoze users ma have a problem getting the software to do this, but Linux users are almost guarenteed that there will be some parinoid little hacker that will program a patch for the kernal.

    This is a great thing for anti software piracy people.. I can see its use.. I just don't like it though.. :)

    !Xabbu has spoken
    (and chances are no-one) will hear.
  • Take a look at the comments in /usr/src/linux/drivers/char/random.c. We already have a properly nondeterministic random number generator in the Linux kernel, so we don't need this new feature.
  • You should be the first one to get in line for ear tagging.
  • ... it probably doesn't help any when you type the article up with "so that we they can be tracked."
  • Don't panic. Ethernet Cards and SCSI disk drives already have embedded ID or serial numbers for a long time now with little impact on privacy.

  • Ok, I think either I'm just a naive geek, or just one who doesn't care, but why would anybody care whether there's a id on a chip? Software, I can understand (especially if you're a pirater) but hardware? Same as for all the other privacy stuff...i couldn't care less about being tracked all over the place. As long as some guys in black suits don't cuff me while I'm standing in line at a supermarket, then I'm not worried. In most cases, it's those that either
    1) have a lot of things to lose (like money, or possessions) that criminals can track and hunt down the rich. I don't think I have this, and the average person doesn't either.

    2) have criminal activity to hide

    Please enlighten me, b/c the pros (as described on the web page) seem to outweigh the cons.

    lt;tim><
  • Like I said, what most people consider private are not things that I consider to be private. It's only when people start hiding things, that's when curiousity sets in and others will try to look for it.

    Also, if everybody shares information, it's suddenly not a big deal anymore. Think of your phone number. If you're like most people in urban centres, you're one of millions of names in the phone book. And hardly anyone cares about that. And now because there's some method of identifying who you are on the internet, you're worried?

    As for tracking--could you fill in the rest of your sentence (as evidence of_______)? I can't think of anything that I personally do that can be used against me in some way. That's not to say that everybody has nothing to hide, just that most people don't, and the proponents of this kind of privacy is assuming that EVERYBODY should be appalled at these actions against privacy.

    <tim><
  • Ok, so it's about software and music piracy. Which is, in most circles, illegal. Unless you can admit that most of your MP3's are legal (hey, if you can, great. But don't speak for the majority of the population.)

    <tim><
  • I have heard that there are some ethernet cards with a programable mac address. Does anyone know which cards allow this? Also, I know nothing about writing drivers for ethernet cards, but if you have the source for your driver, could you make it send out a different address than the one that's in your card? The resnet at my school uses this for dhcp, but it also uses it for security, dropping the packets of anyone who's ethernet address is not registered in their database.
    --
  • Hey, thanks alot :) After looking through the redhat network scripts, I found that if you put the line "MACADDR=00:12:34:56:78:9A" in the ifcfg-eth0 file you can configure it for a particular adapter. How convenient :)

    --
  • Well, to a degree.

    If there's a person available, random number generation is easy. Attach microsecond timers to keyboard inputs and your distribution curve for interkey press rates will be *completely* random.

    Once you pull the pin, Mr. Grenade is no longer your friend.
  • If software becomes reliant on a single random-number generator, what's to stop the NSA from instructing Intel to modify it so that the numbers have certain characteristics, difficult to detect by the unknowing but useful to those in the know? It's in Intel's best interest to be in the NSA's good books (as with any corporation). And if stuff like PGP depends on the random number generator, all of a sudden the NSA's brute-force crackers can be optimised to more quickly crack it.
  • <DEVIL'S-ADVOCATE>

    It is conceivable that there would be an option to upgrade one's CPU; you'd have to first "de-authorise" your software so that it no longer runs on the old CPU, change CPUs and "re-authorise" it.

    On the Mac there is such a scheme, where authorisation is done on a per-hard-disk basis, using a copy-protected floppy. (Not that I approve of it; I'd rather it wasn't there, but at least it allows customers to upgrade their machines.)

    </DEVIL'S-ADVOCATE>
  • No more illegal overclockers... Finally.
  • Can you read? I said _illegal_ overclockers, as in the kind that take PII 233Mhz CPU's and relabel them as PII 300Mhz CPU's and sell them like PII 300 CPU's.

    If some moron wants to overclock and is willing to suffer the consequences, this ID number will do nothing to stop them. This is in fact much better than forcing the CPU to a specific clock, since it does allow the home user to overclock.

    This is provided that Intel actually registers each ID number with the CPU's speed and provides that information via the web. I don't see any reason why they wouldn't though.
  • OK, alot of people seem to disagree with the idea of having serial numbers on their chips. Running open source software myself, I am not to intimidated by this. I can understand how someone who has to use a closed source OS or application dosn't like this idea.

    If Intel is really serious about this and wanted to get our support and do the right thing they would use all those lobbiests that we all know they have in Washington and get a bill passed. This law should force any program that uses hardware serial numbers to include compilable source code. It should make any other method of serial number access illegal. Then we can choose, without decption and abuse, what level of authentication to run programs encription etc, is acceptable. Accept no less.

    Lets see if they care as much about their customers rights as much as they care about the damage overclocking does to their reputation.
  • Microsoft was supposedly working on this fairly secure "fingerprint" technology, where it stored the IDENTITY of whoever read the document, hidden in the document. Probably spoofable, but it would give clues to who was reading documents, either in Word or in IE.

    This was being designed for the leaders who run the corporation known as CHINA. Ugh.

    And before you think something like that oculd never happen here, two words for you: "piracy" and "anti-terrorism".
    -Scott

    PS - Makes a great companion technology to digital paper too! :D
  • Maybe somebody out there with a Thesis to write will be kind enough to use the occasion to design an ASIC Pentium clone? And then release it under GPL? Something that could execute from a big Xilinx part would be ideal. Then somebody designs a standard open motherboard, and anonymous souls all over the world will make and sell copies.
  • developers of licensed software have been asking for a cpuid/hostid for years. they had them on sparc's and other real computers, now intel finally has them. good. that means more companies will consider writing unix software for intel chips. of course free software won't need such things.

    as for the paranoid bit - oh give it up.

  • ...controlling Intellectual Property and tying it to a particular machine.

    Bit by bit, Richard Stallman's paper The Right to Read [fsf.org] (from the 2/1997 Communications of the ACM) is coming true. Read this paper. It's scary, especially when you realize that he's talking about things that are already happening, or at least being proposed.

    David Gould
  • Just in case that was too subtle for anyone, he's talking about Reflections on Trusting Trust [acm.org], which was posted here the other day.

    Apparently, Ken Thompson added a piece of code to the C compiler that would detect when it was compiling the Unix login command and insert a special password. He then added a piece to detect when it was compiling the C compiler and add both of these routines. He then compiled the standard C compiler on this doctored version: the source is clean but the binary contains his hacks, with the effect that he can rootshell any Unix system that was compiled with any version of the C compiler that was compiled with his C compiler binary. He claims he never actually used this.

    The point is that not only can you not trust binaries that you are given; you can't even trust binaries that you've compiled unless you trust your compiler, i.e., you wrote it yourself in assembly. I guess even then there could be hardware back doors, so you'd better make your own processors too.

    But then, I'm not sure writing it yourself is such a good solution: I know there are no back doors in code I've written from scratch, but how far would I want to trust my own debugging skills? Dunno.

    David Gould
  • Now you can't be tied down to any specific hardware platform! Name it, Linux is on it... and if it ain't there yet, its coming soon.
  • Think about it. It's basically going to be a serial number inside the chip that you can use to check against Intel's product database. They're chucking a random number generator in there for encryption schemes because:

    • Net Commerce
    • They cannot stand to waste space on something that's useful for nothing more than ID's.

    But, as I said, since it's not invading your privacy any, and if overclocking survives as a viable alternative to those who use it, WHO CARES?


    Chas - The one, the only.
    THANK GOD!!!

  • Why need an ID? Just store the chip's official clockspeed in the same way as the ID would have been stored. Then there's no privacy invasion.
  • At first I felt a little sympathy for Intel over the issue of them getting a bad rap from people who got less processor than they paid for due to unscrupulous retailers.
    Then I remembered all those 486 motherboards out there with extra sockets that were supposed to be upgradeable to Pentiums, and then I remembered all those motherboards with a disabled cpu soldered on because the co-processor upgrade included another processor (and a price that reflected it!), and then I thought about all the mothers at Intel.
  • This way I can find out what the real speed of the chip is, rather than what the guy who sold it to me tells me.

    Try looking at the fscking chip! The rated CPU clock speed is printed on it. If it's filed off, don't buy it. Sheesh...

    Schwab

  • Okay, so if they use this for software licensing, it doesn't necessarily tie you to the same CPU for your natural life. Every Sun workstation has a unique hostid that many software manufacturers use for software licensing. Want to upgrade or use the software on a different machine? Just e-mail the info to the license center and they issue a new license. Install the new license, and bang, the software works on the new machine (and not on the old one). It works well. There are obvious problems, one being what happens if you have a machine die and you need to use the software right away? You have to wait for the license center turnaround time to get the new license (in Sun's case, usually an hour or two).

    Some software companies are already using unique IDs on Intel-based machines to license their software - an ethernet card MAC address. I know Pro/ENGINEER's NT version used to do this (and I assume it still does). So it's not such a big deal in the software licensing area. It's actually only a major problem for pirates (besides, who uses proprietary software anyway? The free stuff's much better. *grin*).

    As for E-commerce, I can imagine the only good it would do is if a site required you to give them your CPU ID in order to buy stuff. Well, I wouldn't buy stuff from them. There are plenty of people willing to take your money without violating your privacy, so I don't imagine that scheme would go very far.

    I don't see this as being a big deal, one way or another. It's not a huge privacy problem (the "stolen PC" argument is lame, because as others have pointed out, you still need some software to broadcast this ID), and it's not a very useful feature, either.
  • Hey, I'm not saying it's a good idea, I'm just saying it's not the end of privacy for every human on Earth. For one, Intel doesn't have the market clout to force it on everyone anymore. And for internet sites to require it will be the death of those sites, since old, ID-less CPUs will far outnumber the new ones for a long time (not to mention all the non-Intel computing platforms out there), so I can't imagine an e-commerce site shutting out everyone else.

    Yes, hardware keys suck. But if it's not the CPU ID, they'll find another way (MAC address, dongle, whatever) to lock you down for a license.

    You know, I wonder how much a company like Sun spends dicking around with licensing issues every year. Another good reason for software companies to move to a "free software, pay for support" model.
  • Intel refused to comment for this story.

    I wonder why.

    'As soon as you go on the Internet, you will be detected.' - Cryptographer
    Who said that?

    I gleaned just two pieces of information from this article. Intel will put two new features in its chips, and members of the ACLU are worried about the chip IDs. It's not clear whether all of the doomsday speculation that follows is part of Intel's master plan, or just extrapolated predictions by unknown persons and a journalist with a deadline. Where is the support for all of this? Are Intel's statements confidential? Why do I torture myself by clicking on these zdnet links???
  • Actually, It will help with chip theft...

    Many/most PC thefts these days involve opening the case and swiping the memory and CPU, both of which are difficult to identify, and easy to sell. Most companies could easily add the CPU IDs to their asset database and report them stolen. When the police catch up with someone with a dozen CPUs stashed under the bed, they could actually *prove* that they were the ones that went missing from xyz corp last week. It would also help you get your parts back if they were found, as you would be able to show they were actually yours.

    As for the rest, you are right, and I think the writers should hang their heads in shame for writing such an ill thought out article.
    Adrian
  • Hard drives have had serial numbers in them for years. Just remember, if someone tries to screw the public over something like this, the market will not allow it to happen.
  • IIRC, a reverse-biased zener diode is a particularly noisy beast, used to generate truly random noise.

    I guess if you amplified this noise, then applied the output to a short monostable or something else to produce a spike given a certain input level, you would get a series of spikes separated with truly random intervals

    ... for probably less than a couple of dollars worth of parts. And a few dollars more to connect to perhaps the COM port.
  • I am rather relieved to see Intel proposing an ID number system. Recently, I purchased a "300 MHz" Pentium II system that turned out to be a 233 MHz machine clocked up to 300 MHz on the motherboard. The only way I could know for sure was to visually inspect the chip for non-obvious serial number tampering and to run the ECC checker program. Even then, it was a coincidence that 300 MHz chips always have ECC cache, so you can't check if your 330 or 350 MHz box is really an overclocked 300 MHz machine.

    With chip ID coding, now you can be sure of the chip you're using. I stopped purchasing Intel CPU's for this reason. Cyrix and AMD have extremely stringent, tamper-proof markings. Intel only has silk-screened letters on a soft plastic cartridge. I think Intel is moving in the right direction, even if some people here think it's for the wrong reasons (product tracking, et. al).

    I don't like buying junk.


    Kriston J. Rehberg
    http://kriston.net/ [kriston.net]

  • When my computer boots it says PENTIUM-MMX CPU at 225MHz. Has Intel ever made a 225MHz CPU? No, so where did it come from? My BIOS. My BIOS executes the CPUID instruction, which reports family, model, stepping, but not speed. BIOS then multiplies 75 (bus speed) by 3 (multiplier) to get the CPU speed. I assume that the CPUID (or any other) instruction could be made to read from a little ROM and report the speed, alerting users to potential mischief on the part of their vendors. But why do that? There is already a serial number stamped on P2s, if you are putting a ROM on the CPU, why not put the serial number in there instead of or in addition to other related stuff. That way, Intel can make a big fuss about how they care about this and are doing something about that, while not really doing anything in particular.
    As to licensing for a CPU. Any software that locks to a serial number is as brain-dead as software that locks to a particular family/model/stepping or any other identifier in the system. If they want to enforce licensing well they will use dongals. That way they have control over the identifier, and you have control over which ONE machine you want the dongal plugged into.
    Next up. Unless Microsoft and company want to master a new CD for each CPU, the Windows (or whatever) setup program will negotiate with the CPU's challenge/response serial number thingie. When this happens, a value will be stored somewhere (registry anyone?) which, if not matching the live one it just got from the CPU, the software stops, moans, self-destructs, whatever. Ask yourself, is there really any way to do this? Can we not simulate the process and then put the bogus, but workable key wherever it goes?

    Ways to complicate life for people trying to break this: Pass laws (won't really stop anyone). Require intervention (once or often) with a remote server acting as license master (pointless, doesn't need the CPU serial number, think StarCraft). Well there is an infinite number of ways to make this task more difficult. Each of which has at least one workaround.

    In the end what do we gain? What do we lose? It's debateable either way. If we were required to use our VIN as a password would that be a gain or a loss? I'm tired, I'll sleep now. Hope this makes sense in the morning.
  • I must be missing something here.

    So, the cpus have an ID. How does that make Internet commerce more secure? Can't you make your browser just lie about the number when it sends in your request?

    I see how this identifys computers in case of theft, the police just run a program on your computer that checks the number.

    But I don't see how this makes internet commerce more secure, unless some sort of crypto is built into the chip too.

  • While I acknowledge all the potential good that can come out of chip IDs, there is far more potential for personal injury than personal protection.

    Like any scheme that systematizes, quantifies, and collates identity, it invites mountains of abuse. Identity fraud is already a pervasive problem in our modern society (e.g. credit card fraud, fake IDs, IP swiping, etc.) Intertwining identity with computer hardware, in which there is already too much complacent faith, will bring new efficiency and detriment to misusing identity information.

    On reflection, there are dozens of ways this instantly available personal information can be used to hard. Here's just a few that jump to mind. It invites malicious folks to victimize users by capturing their chip ID and having their CPU 'blacklisted' from the net by falsely reporting it stolen, or very effectively impersonating another user on the net. It won't be long before some hacker develops a hardware or software interception mechanism to fake the ID of the CPU, completely undermining this scheme and opening new opportunities for misrepresentation.
    And because the misused identity is associated with the computer, this form of fraud will be far more nefarious than plain old IP swiping or email faking.

    And while Intel claims they are not keeping a database of users associated with chips, it is inevitable that such a database will easily come into existence. All it takes is for some website to obtain your name and read the chip ID and voila. In the wrong hands, this is a spammer or unscrupulous marketers dream. With a mere visit to a website, without relaying any information, the site automatically has your address, phone number, email, etc. If the information is associated anywhere, it will be available everywhere. That's the nature of the modern age.
    Intel is just making that insult to our privacy one step easier.

  • there's a big difference that xinit is missing. To check the serial number on my tv/vcr/bicycle/processor case/whatnot the police need physical access to my property. That has a nice way of requiring them to do inconvenient, archaic things like *getting a search warrent*. I don't want a unique ID for my CPU accessable to any e-business and two bit script-kid cracker out there! Once I buy a processor, it becomes my physical property. Intel has no right (or need) to know where I put it or what I do with it.
  • they will track lemmings, but not necessarily you. remember, for any track-able ID to get out to the internet, some software has to send it. the CPU isn't going to write to a socket all by itself. don't run OS's and software you don't trust, and you're all set.

    as for tracking, well, they do it now with cookies, so just go ahead an disable them, you can always turn them on for the odd site that you do trust and needs them.

    oh, and if you don't like the idea that the net remembers what you said, make sure you stop posting anywhere! I for one don't mind people finding out what I've posted, since I consider postings to be public, so I think services like dejanews are a good thing.

  • I'm sorry if anyone disagrees with me, but I just plain don't like this idea at all. I'm not some "everything is a conspiricy" looney either.

    I like my privacy. The personal information currently available for identification is plenty.

    What about transfer of ownership and upgrades? Sounds like a pain in the ass to maintain, anyway.
    A much unneeded complication.

    The option to "opt out" doesn't make it any better. It's just too easily abused, and creeps me out.



    "May you spend two hours in heaven before the devil finds out you're dead." --Irish Toast
  • Personally I'd like to see another bios option to prevent software from accessing the cpu's serial number. This way we don't have to wait around for someone to make the software patch available for whatever non-standard OS that one chooses to run.
  • Because when you have a software-accessable serial number on each piece of hardware, it is possible for you to be tracked on a per-cpu basis. This is somewhat similar to being forced to use a standard logon id whenever you use the internet. Imagine the possibilities.
  • Thats still really not good. What if you have a processor failier and have to have a new one next day air mailed to you? So after you get that processor, that machine's software is still until you can do this "de-authorise"-"re-authorise" process. Great, thats another week or so.
    --Dast
  • As seen recently in the French case, restrictions on use of cryptography are lifted, or its use is encouraged, mostly when that is in the interest of the corporate world, even when it is done allegedly in the interest of personal privacy.

    As many have commented already, giving a unique ID to each processor is neither an interesting way to promote secure e-commerce nor required to protect buyers against overclocking. But there may be several unconfessed reasons for promoting such measures.

    In principle we could avoid disclosing CPU ids,
    but imagine that in some way most of the commercial online services start requiring access to our CPU ids for granting access permission. This may be forced by government or become part of "standard" corporate policy in their quest for more and more private consumer information.

    Then either you comply and give away another part of your privacy or you don't comply and, as e-commerce and other online services become more and more predominant, your options become increasingly limited.

    We already have many interesting examples: credit cards and cellular phones are already means to disclose our shopping habits and our location, for instance. Yet it is becoming quite difficult for many of us to avoid using them.

    Electronically identifying and tracking our cars, our phones, our computers, even our pets, is just the beginning. As biometric security systems get cheaper and more effective, we will probably see their usage spreading widely. Soon you may have to show your iris or a fingerprint to access common services which now require a simple password or a PIN. Then YOUR BODY will be electronically identified and tracked, everywhere. Paraphrasing Philip Greenspun (http://photo.net/philg/), this is a future so bright you'll have to wear sun glasses.

  • When I make a purchase, no one writes down my VIN to track my spending habits. The closest tracking any store can do is add a phone number or zip code in the computer (assuming I'm paying cash). But I can refuse these requests (particularly the phone number).

    But it seems to me that with this Intel proposal, one runs the risk of vendors secretly tracking what computers on the Internet are spending the most money on whatever items. And making money off of the data.

    I have no idea how this works with a multiuser system, but I can just see the new flood of junk mail to those computers that actually do commerce on the Internet.

    Comparison to hard drive, computer, broom, or other serial numbers are not valid since they cannot be queried in software and collected by some outside organization. THAT's the problem I have with it.


    ~afniv
    "Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
    "We could be happy if the air was as pure as the beer"
  • If it stops Intel having to put a FSB lock then I am up for it. Maybe they could take the mult lock off as well.

    What I think would be good, is to have a write once bit on the cpu that is set whenever the FSB or Mult lock exceeds the rated speed or setting. This would be good to protect people from buying 2nd gear that has been o/c in the past, also would eliminate Intel's claim that they have to honour the warranty on CPU's that have been O/C. Think, if they do not have to honour, then they have no incentive to prevent the hobbyist pushing thier hardware.

    As a means of identity on the net, well that is not quite true as it just identifies the cpu in current use.

    Ice
  • 2) have criminal activity to hide

    And how do you define criminal activity? What you amy think is leagal might be considered horribly illegal by the controling body. Imagine if your beloved Linux became criminal activity. Not fun (for you).

    - alex
  • Hmm... I'm no cryptoexpert, but isn't it possible to measure randomness by watching the output from the function? So just use your random number function in the processor and put it in a program that measures all the usual things one measures when one tests a random function...

    I'm no cryptoexpert either, but I think there are certain kinds of non-randomness which are hard to test for, if you don't know what you're looking for. On the other hand a nonpseudo random number generator is something I've always thought should be built into chips. But then maybe that's just because I got burned by the terrible PRNG's in Numerical Recipes first edition, which the authors thought that they had tested to ensure they were sufficiently random...

  • This ID is not good for
    a) E-Commerce..many people use one computer at home and one person uses many computers at work. There is no one to one ratio.
    b) And unless there is a compulsive registry of ID to purchaser then knowing a criminal's ID does not help you find them.
    c) If there is a no-ID patch like the article said, then stolen computers will just be patched, therefore no problem. Unless it is only a PARTIAL patch, then it is really not a opt-out patch at all.

    This ID is perfect for one and only one thing. Software companies can sell software licensed only to work on a specific CPU. They could sell software over the internet knowing it can only be run on the target machine. Kind of the ultimate proprietary software. To be any more securely restrictive you would have to sell it as a ROM.....
  • I don't know what Microsoft will do about this, but I can tell you that this never was a problem with software for Sun machines. Every sun has an unique hostid (which can be changed, but if you don't do anything to your machine, it's unique). Now when you buy software that is node locked or otherwise protected, you usually have a license daemon running, that checks the license number against your hostid and gives the OK to run the software.

    Whenever you upgrade your machine, or the CPU or just the NVRAM chip you just submit a change request to customer servervice and you get a new license.

    No problem and usually no big deal to get it done in a timely manner.

    I don't see a problem with this CPU ID thing at all. And BTW if you have a network adapter in your computer, you already have a sort of hardware ID. Every ethernet card has it's very own ethernet address, which is unique and can be used for software licensing as well.
  • No, your coffee machine is probably very quiet as far as internet traffic is concerned, but your network card and your networking software do "broadcast" quite a bit of information with every packet you put out to the internet.

    And you first need software that will take your CPU ID and send it out to the net.
  • hmm... and a random number generator? Must be yet another bug in the manufacturing or design process.

    -t.
  • Apple's proprietary planned-obsolesence hardware.

    Aren't all computers planned to be obselete? And in any case, up until October you could run the latest version of the Mac OS on computers all the way back from the 040 days ('90? I forget). Try running Win98 on a 486. Linux is, of course, a different matter. And if you look closely, the only proprietary things on the new pro G3s is the ADB port (for dongle & ColorSync compatibility) and the Mac OS itself. Think before you speak.

  • What would be a good way to express to Intel one's grave concerns about the proposed? Do people think this can be changed? Based on Intel's pre-emptive briefing to the ACLU, Intel is at least sensitive.

    Also, what's to keep Intel or any other chipmaker from doing this without telling us? How do we know they haven't already?
  • Beware MS and Intel are evil!!!! Bill Gates is Satan himself! Thats why I run Linux, cause its not a evil OS like the MS ones :) BEWARE....my processor will be a K7 when the Mark of the Beast begins....I rather have a 7 mark (K7) than a 6 (intel) and a 7 mark OS (linux) than a 6 (winblows 2000). Don't fall into the Beast plans for the future. Stay unevil
    ...use Linux.....God's weapon against MS!
    NaTaS
    http://natas.startx.org
  • The arguements stated in the article definitly aren't the real reasons behind the proposal. They don't make sense. You can't track a thief if he can disable the ID transmission with a patch.

    You could just as easily embed the clock speed the chip was sold at as you could embed a serial number (much easier actually)

    the e-commerce possibilities could only be realized with a standard that ALL hosts adhered to.

    IMO the whole reason intel is doing this is for Intel. They want to enable node locked software licensing. If they are the only ones that support this "feature" then you will only be able to run PC-nodelocked software on INTEL PCs.

    I am not completely against hardware IDs for systems although it doesn't seem to make sense in the home PC market where a large number of users regularly upgrade CPUs and motherboards. If all your software was node-locked you would need to contact each vendor for new licenses with each CPU upgrade.

    For a commercial UNIX workstation you are usually only running one or two nodelocked apps per machine. With PCs you run many different software packages. What a pain if your machine running turbo tax crashes in the middle of the night on April 15th.

    If Intel succeeds in this, what are the chances that it would slow down the upgrade cycle?

    They could be shooting themselves in the foot.
  • Hey, Intel isn't the only game in town.

    Using the chip id to identify 'hot' PC's should be a resounding failure since 1) not all chips will have the id and therefore cannot be required and 2) a determined theif would use the 'patch' that would be out shortly after the release of the new chips to mask the chip id.
    Since overclocking is more a function of the motherboard/chipset than of the processor, Intel would be reliant on MB manufacturers to enfore the no overclocking mandate, and that should be unlinkely.
    The only possible benefits I would see out of this is from a consumer standpoint of being able to identify that a chip really is rated at the advertised speed, and possibly using the id as an alternative to the hardware keys ("dongle") on expensive software. Again, since it's only on Intel PC's the usefulness is REALLY limited.

    The prng should be interesting, though.

  • Recently a friend of mine had 5 moderately well equipped servers stolen from him. While his insureance will cover some of the purchase price, he has lost thousands of hours of time and work. If when one purchases a computer, they could register a CPU ID to their name, this would allow for it to be made possible to track if your computer came online, from which host/ip and possibly regain stolen possesions. This would of course have to be overseen with strict security, as we don't want everyone seeing what we're doing, but it would make stealing a computer the same as boosting a cell f0ne, in that after a while, it becomes worthless, and no one will provide service.
  • i didnt think intel could suck more.
    ahh well. Like i want one of those
    energy hoggin overclocked crap a-s chips
    with POS technology anyways.

    intel's fast. thats it.
    put it this way: i could put a Jet engine
    on top of a pinto and it'd go real fast, but
    it'd still be a piece of sh-t
  • If they are to associate an ID embeded in a chip with each person that purchases a chip, then they have their work cut out for them. What happens when a person sell's their computer? Does every computer reseller have to make sure and register the people they are selling processors to? It seems to me that after a few years it would become impossible to keep up with all the ID to Person mappings.
  • With everyone connected it's only a matter of time
    until your IP addy (or other electronic tag) will be as tracable as a telephone number. How can we protect our privacy. One idea might be a chip swap
    in a back alley somewhere... But wait, the chips will have GPS tracking built in.. :p
  • I was making a point. Okay IP ADDRESS It's only a matter of time. Your CPU has an electronic ID. Your OS is running a TCP/IP stack, you are on the net. How many lines of code in your BIOS would it take to report this ID to INTEL over the net? In the future when you buy a new PC you have to fill out a registration card to keep your warranty this CPU ID number is included with other information like your snail address. If the FEDS want to find you they call INTEL and check to see if you purchased a computer. The FEDS then get a log from intel when you have connected from the net and from where.. Do you see a pattern here? a 1984 or something? Does clipper chip ring a bell..?
  • I don't want to start a flame war here. My posts are a hypothetical situation.

    Any hole in a system that is open to private information will be exploited.....
  • I wonder how an ID is going to help e-commerce. How will they keep track of who owns the CPU ID? What if I stole a computer from a store and then I use a carded ISP account to connect to the internet then they would not be able to find me.
    I think this is another piss-poor attempt of Intel trying to provide people with a false sense of security. How will people who do not have Intel chips (or a PC for that matter) be able to buy goods online if such a CPU ID is required to conduct e-commerce. I'm pretty sure no e-vendor would limit their customer base to Intel users only. I think this is a waste of research time and anyone who buys an Intel chip because of this feature is an idiot. I hope Intel chokes on its own poo with this one.

    A summary of Intel's stupidity regarding this issue:

    1) "Stolen PCs cannot get on the internet"
    - I would love to see how they try to implement this.

    2) "The plan calls for Intel to put a machine specific ID and a random number generator in every processor"
    - I doubt that it will be truly random. I bet someone will break the algorithm in less than a year forcing Intel to recall all of their processors. Bwahahahahahahahahahahaha!

    3) "But with an electronic ID attached to each processor, consumers will be able to check their processor against Intel's database of products and find out at what speed the processor was sold."
    - It would be easier if Intel just made software to test this instead.

    4) "Intel says they're not keeping a database matching users to their ID numbers"
    - Then how will they know if it is stolen? I could just call up Intel one day and tell them that was stolen then that will prevent him from getting online

    F0 0F C7 C8
    EOF
  • Uhm, how will this prevent software piracy? I'm pretty sure someone will break this algorithm within a year and publish it all over the WWW. This would also require other processor companies to implement CPU ID on their products.

    I wonder how many H-1 Visa employees at Intel worked on this and how many of them already have given blueprints of the algorithm to their cousins in New Delhi.
  • Well this is just one thing in a line of other..
    Anonymity is getting more and more just a privilege for thouse knowlegeable enough to make themselves anonymous.. If this id is used for tradeing and authentication, I would sure stop to trade. The id has to be implemented with software part on the cpu, since the physicaly cpu has to be alike. It would amaze me if noone found the way to change that around pretty fast.. realy amaze me.. now that would be fun... uhm.. mayby I should get one of thouse alpha's anyway ..
  • As zdnet is going to edit my responce to their article, and I'd like to hear some comments (maybe ;) I thought I'd post it here as well...


    The implications of this action go far beyond what was stated in this article. Chip-based ID numbers give few benefits and alot of responsibility given to those who have proven themselves otherwise time and time again.

    Tying commercial ID to a piece of hardware, especially a piece of hardware replaced as often as a CPU is ludicrous! What if I upgrade? What if I have more than one computer? What if I'm at a public terminal, or a friends computer? What if my computer gets stolen? Will someone be able to transfer funds from my accounts because they stole my laptop? What if someone breaks into my computer and sends death-threats in my name? A piece of code I can carry on a disk (or beter yet, in my memory) is far more portable and universal as a personal ID.

    Second, if Intel is so worried about overclocking fraud, why not just encode into the chip what speed THEY sold it as, and release the code required to query the chip. If someone thinks they got burned on an overclocked chip, give them the tools to take their grievance to the BBB, the Police, or a pair of hired thugs if you're so inclined. As to theft, don't CPU's have Serial Numbers already? This won't make fraud and theft go away, it'll just make it more difficult to detect.

    It also seems to me that a persons ID could easily be stolen. Just write a daemon to watch for the incoming CPU ID query, intercept it, and reply with a packet you stole from a remote system by sending it a query packet. The only alternitive is to have the CPU compare every bit of data that goes through it with what a query packet looks like, which seems to be quite a waste of valuable CPU space & time.

    Incidently, the patch that intel offers seems more like placing a piece of tape over the bar code, rather than removing it. Can the CPU be un-patched?

    Anonymous speach is extremly important in any society that claims to be free. Sometimes a responsible citizen is forced by honor to break the law. What of the political dissident who wishes to speak out, but can't because any message they send will cause them do dissapear?

    A section of the chip capable of generating random numbers (utilizing quantum effects) would be extremly handy....In fact, I think it's the only good idea in this entire proposal.

    This "revolutionary" (or is it counter-revolutionary) double-edged sword is very dull on the side I'd want to use, and I could shave with the other.

  • I stand corrected again....techweb has an article on it....it's going to be a standard feature on the Pentium III's (and the associated celerons).

    http://www.techweb.com/wire/story/TWB19990120S00 17
  • Don't forget the "Win" in Wintel.Mr.Bill wants to charge a yearly license fee for his new 'doze 2000 and what better way to keep tabs on his investment.Can't have folks passing around the cd now can we? Let's see..to push it past the public we will need to utter the magic mantra.."it fights kiddie porn" and let's throw in .."it will help update your software so you won't have to think about it"..for good measure.
  • First they put them in you car, so it wont
    get stolen

    Then they put them in your dog, so he is easier
    to find.....

    Then they put them in your computer, so they can
    lower cost, and reduce fraud......

    Then they will put them in your children, so you
    can be secure in knowing your child's whereabouts
    .....

    Finaly they will put them in you, so you can't
    break their laws :~(

    -Master Switch
  • Up to now, the only way provided by Microsoft to identify laptops for licensing purposes has been by the address of the NIC card, and that is an unreliable, quirky method. Three cheers for Intel.
  • You are free to buy some MSFT stock. Then you will be happy when they make more money.
  • Tracking can hurt you, even if you don't do anything illegal; your viewing and shopping habits can be used against you. e.g. if you buy a lot of beer, that could be brought up as evidence in court. Employers and insurance companies would also be interested in "what kind of a person you are."

    See (http://www.msnbc.com/local/KNSD/119513.asp) for an example of what grocery club cards can to do you.
    Avoid trading convenience/pocket change for privacy!
  • So the suggestion is that if we have done nothing wrong we should be willing to give up some freedom? This is absurd.
  • Their benefits arguments don't make sense. On the one hand, they claim that the major benefit is that if someone steals your computer, then uses it to connect to the internet, it will give itself away. On the other hand, they claim that they will make software available to easily disable the autoidentification... which is it, it can't work both ways!

    IMHO, I think security takes a giant step backwards when you start authenticating machines instead of people. My take on this is that now anybody with physical access to my computer is me for the sake of ecommerce... I find this very disturbing. Also, unlike a password, once somebody figures out how to spoof your CPU ID, it can't be changed!. Finally, I don't understand what this will do for me that a good public key system won't do much better...
  • Well for one, I'd hate to have to buy all new software everytime I upgrade my CPU...
  • Intel doesn't need ID's *or* FSB/multiplier lock to stop false marking of CPU's! Just a few ROM bits to tell what bus/clock speed the chip is approved for, and maybe something to tell what it is actually running at.

  • > then it might be too late to write the configuration bits.

    Couldn't you put the clock ID bits in some sort of microcode?
  • So, it says this will put an end to illegal overclocking: ie, companies buying lower Hz and selling as higher Hz.

    The question is, will intel stop multiplier locking their chips so its easier for those who want to overclock to overclock.

    Somehow, I doubt it.

"When the going gets weird, the weird turn pro..." -- Hunter S. Thompson

Working...