Intel Bows to Pressure- Changes PIII ID 118
Justin Cave writes "Intel states that they will change
the PIII's unique ID feature in response to
public pressure. They will disable the feature by default and provide software to permanently disable it. "
What about DSL? (Score:1)
kooks (Score:1)
don't ruin my security (in knowing the chip i paid 700 bucks for is genuine) just because you have no technical/economical/political sense!
software houses would love for people to repurchase licenses with each hardware upgrade but they KNOW that people will not stand for it. the only company that could possibly get away with it would be microsoft, but they stand on such shakey legs now as it is i doubt they'd be stupid enough to ever do such a thing.
anyways, i can think of so many more reasons why this cpu id would never be used to track customers, and never be required by anybody for anything. except of course intel, who would use it to assure customers that the $700 piece of silicon they just bought is the real deal, and to assist in tracking down the source of counterfeit chips.
and on the later, i can see how intel might want to track batches, of say 100 cpus (or however many fit in a 'case'), keeping tabs of which distributors the chips pass through. now if a customer buys a counterfeit chip, it can be tracked somewhat through the distribution channels, and hopefully to the culprit. end-users should not and probably couldn't be tracked--too much burdon on the distribution channel.
okay, i feel a little better.
jcr@e-orchard.com
Not good enough!!!! >>> (Score:1)
The reas issue is... (Score:1)
Ah- they made a meaningless concession, groovy ;P (Score:2)
This is about setting up tollgates. It doesn't matter a damn whether the PIII ID is on or off by default- or what the ID even is! They could all be the same for all the difference it would make. This ID says _one_ message above all else- 'I am a Pentium III chip!' 'Okay, you may pass'.
Who here has seen the 'Comic Explorer' effort on the Dilbert website? That's what we're talking about, not privacy issues. If I'm not mistaken Comic Explorer (and a silly idea it is, too- they seem to be confused about why anybody'd even want to play with such a toy) can be used by non Pentium II computers. However, Intel have paid off many people to suggest or demand that Pentium IIs, specifically, be used on their sites.
Expect payoffs for people to not only demand, but _require_ the PIII ID on their sites. Yes, this cuts down the demographics- but it is not the site's idea, it is _Intel's_ idea and they are getting desperate for a way to _force_ people to get PIIIs and not keep buying those damned celerons. I picture them trying to cut a _big_ deal with some major player like Amazon.com or somewhere else that is a key web location- Microsoft might well be a target, but again this doesn't benefit the web site at all, only Intel, which is why Intel will pay off people to do it, and why it probably cannot get Microsoft to require this. MS has its own fish to fry and will refuse to play along, but Intel will surely find _somebody_ who is willing to get paid to cut off access to non-PIIIs, and then goodbye AMD, goodbye Celerons, PPC? What's that? It'll be Intel- it's not just a good idea, it's the law.
And the boycotts will not stop this, and the notion that sites 'would never' do this is wrong because the site has to make a decision to intentionally hose their whole readership, or cordon off an area and deny it to their whole readership (like the Dilbert Comic Explorer?) for the purpose of requiring PIIIs alone, and getting paid off by Intel.
Be ready to keep an eye out for these, because they _will_ be turning up here and there, despite how unpractical the idea is. How much would you personally have to be paid to make an area of your site PIII-only? I think I'd only require a hundred thousand bucks. How about making the whole site PIII-only and hosing everybody? That would be more like a million. Intel won't be paying _me_, but they will be able to get to some webmasters.
Sleight of Hand (Score:1)
It's not enough (Score:1)
That's all fine and good for trying to save face in the wake of a massive boycott but it doesn't change the problem! When I'm FORCED to toggle it BACK ON just to dial into my ISP to "make sure no one is stealing my account" then I will blame INTEL. When I'm forced to turn it BACK ON just to download the latest Windows '98 patches (you can damn well bet that Microsoft LOVES this idea!), I will blame INTEL. The only solution to this problem is the removal of the ID all together. End of story.
Is it enough? (Score:1)
I have a hunch that many people won't be pleased until the feature is completely removed. Nevertheless, opt-in is a lot better than opt-out. At this point, the only thing that I can see that would make a lot of people turn the ID on would be requirements from vendors for it.
I still don't understand how a CPU ID is supposed to help commerce, though. It's just a number, with little to corroborate if someone spoofs it. Add that to the fun involved with multi-user systems (or even a household PC with a single-user OS), and insecure host identification makes very little sense. A much better solution is for the vendors that need it to use public-key cryptography for verification of identity.
--Phil (Not that this affects me directly--it'll be a while before I can afford a PIII-class processor.)
The stupid masses run everything (Score:1)
Next thing you know, we'll be arguing that digital certificates, ethernet MAC addresses, IP addresses, credit card numbers, and phone numbers violate our privacy! I can't wait until they figure out that IPv6 will mean your IP address will effectively describe exactly how to route packets TO YOUR HOME!!! My God!! Imagine!
The stupid masses run everything (Score:1)
Open Source (was: Overclocking police made easy.) (Score:1)
XV *is* open source, the source is just not *that* far spread. (I once downloaded the xv-3.1a source when the PNG file format was new and there existed only a patch to xv...)
Sure, xv is not free (like free beer), but it comes with quite a lax license: Only commercial use has to be paid, IIRC. So what is your problem? It is a rather similar license to netscapes, except you can get the source. :-)
I say boycott them anyway. (Score:1)
Even if the chips are shipped with PSN "off", don't buy them. The marketing numbers on sales of these chips will prevent PSN requirments for authentication from becoming a standard. Something no sane netizen would want.
Not good enough!!!! >>> (Score:1)
I believe it's been stated above and in the article that there will be a method to permanently disable the feature, so if for whatever twisted reason Microsoft decided to be deceptive enough to trick you into rebooting just to get the ID re-enabled, you can have it forced off forever.
Ummm....how do we KNOW? (Score:1)
This is silly (Score:1)
Why in the world would your ISP/favorite web site require you to use a PIII just to connect to the Internet?
Why would you blame Intel for your ISP's stupid policies (requiring you to use the same Intel PIII PC to connect to the Internet)?
Come on, guys, stop freaking out over this and put some reasoning behind your frightened arguments.
Not good enough!!!! >>> (Score:1)
Why must there be a way to re-enable it in the software? You have no idea how the hardware implements this particular CPU instruction (though I'll admit neither do I). It's trivial to build the CPU so that a permanent-disable command can be sent that can't be undone by any other instruction.
Not good enough!!!! >>> (Score:1)
Somehow I don't think it will be THAT hard to find out.
Also, that doesn't prevent windows itself from doing it.
So write Microsoft and make sure that they put in some sort of verification before allowing the CPU's ID state to be changed. This is an OS problem, not an Intel problem.
Windoze/Office 2000, both have an online registration, during the install doze2000 re-enables the id. Office also has an online registration. Both register your cpu id number with microsoft.
What if you've permanently disabled the CPU's ID mechanism since then? Does that mean you can't run the program anymore? There are so many things you're not considering.
Now on te subject of the disable, i'm pretty sure intel could easily design the chip so the id can be *permanetly* disabled. But we'll never know...
Why would we never know? I wonder how many people with PIII's will "permanently disable" their CPU ID and then proceed to use every conceivable trick and instruction in an effort to get it enabled again. I'd wager quite a few. At some point you've just got to concede that it can't be turned on again with software.
I say stick with linux, how long do you think it will be before we have "Disable CPU ID" as an option in the kernel config.
"stick with linux"? Since when did this become a Linux vs. _____ debate? I doubt we'll ever see a "Disable CPU ID" option in the kernel. It will probably end up being a user-land util requiring root privileges.
This IS silly (Score:1)
So, now all these processors have these ID's built into them.
What about those that have their ID's permanently disabled? Do you expect that Intel and the other vendors are going to go against the public's wishes and remove the permanent disable ability?
What about that other 10%? Do you think that they're going to be all-but-ignored by ISP's and software developers?
Consider one more thing: the hardware may make the ID available, but it's the SOFTWARE that actually uses it. If you don't want your ID going out over the Internet, configure your software so that it doesn't send it! Don't buy software from companies that mandate one of these ID's (which just seems silly considering the volume of customers they'd be losing).
These CPU ID's DO have some very valid and useful uses that don't have anything to do with your privacy. You need to be worrying about the software that uses these ID's, not the hardware.
Netscape leaks privileged information (Score:1)
This is probably a good policy.
You can try e-mailing Netscape too and ask them about the suspicious traffic. I'm sure they'd be happy to explain it to you.
Perhaps... (Score:1)
Since you don't seem to be subscribed to BugTraq (where software and network issues like this are discussed frequently), let me just say that people are CONSTANTLY trying to break things with operating systems and software. If some experienced network administrators see some traffic that looks odd, they will investigate it and report their findings. Any attempt by a software company to do what you're describing WILL BE DISCOVERED eventually. In light of Microsoft's history and the publicized nature of this and other privacy-related issues, do you really think they're going to risk it?
I'm not saying we shouldn't be careful of the things we install. I just think that we need to contact the software/OS vendors and hear how they're planning on implementing the CPU ID stuff before we freak out.
Yay for Intel. (Score:1)
--
What a relief. (Score:1)
--
Privacy Orgs do not think it's a good idea (Score:1)
that Intel is doing this or that the patch will
fix the problem, I decided to see the arguments
against this type of technology. Seems to me
that they make more sense.
http://www.privacy.org/bigbrotherinside/
Some concerns remain. (Score:1)
go nowadays
What happens if a country like
names here ) releases a law, that its citizens
who want to connect to the Internet _have_
to enable the ID feature "for security reasons"?
Poor INTEL, as it looks you was caught pants down
because you didn't realize the consequences of
editing global licence plates. Time to rethink
privacy? These global licence plates will arrive
sooner or later. But if I can choose I will
prefer the second choice.
--
PIII = Pill? (Score:1)
My mind wanders at work sometimes, I guess.
Permanently disable? (Score:1)
Re: (Score:1)
It's not enough (Score:1)
I have a simple solution for this. A program that patches the OS to send a random CPU ID when ever the CPU ID is requested from a web site or software.
Instead of random numbers this patch could let you assign any number you want to send or we could even have the patch send the same numbers all the time. Imagine the effect on this if everyone sent the same number.
There, problem solved. When ever Microsoft request your CPU Id when you download a patch you can give it what ever random number you computer feels like passing it or with, a check box, you can give it the number of fleas on your dog.
My question is... (Score:1)
Now, I don't have any numbers, but I know for a fact that there are still significant numbers of computers out there NOT running P2s after a year of having them shoveled down our throats. (or implanted directly into our brains ala Homer Simpson) Not to mention those pretty 'lil iMacs.
Considering how many NON-P3s are out on the market right now, IMHO, it would be the height of lunacy to put "This site designed only for the P3 processor" on your ECommerce site.
Personally, I think that if sites started requiring the CPU ID, it would be a major blow to the ECommerce industry as a whole. I don't know many ppl who will be willing to shell out $2-3K just so they can purchase a $20 item on the 'Net. And the majority of 'Net users aren't 3D-game-a-holics who 'need' the speed increase of a P3! I say this while typing away on my K6-200 (running Linux), which is still plenty fast for 90% of what I push through it. (Of course, that's not saying that I won't be upgrading to a K7 this fall...we've all got to have goals.)
Copy-Protection and Privacy (Score:1)
As long as this feature is there, no matter whether enabled by default or not, software companies will sooner or latter force their custumers to switch it on. Update "wizards" and digital signatures using the CPU ID will be other obvious applications and could be easily marketed as "security features" to the privacy-unaware public.
You don't have to be especially paranoid to imagine what happens if hardware vendors, software companies and certain three letter agencies begin to trade this information
What about DSL? (Score:1)
And for the record "we" aren't powerful. It was the larger privacy groups which got Intel to change.
Intel Inside (Score:1)
Um, Intel is notoriously expensive.
Or are you suggesting that these people should destroy the thick end of a billion dollars worth of perfectly-working chips, and reveal for public inspection several billion dollars worth of intellectual property (because I doubt you'd trust Intel's word that the feature was disabled), just so that reinforced paranoids can be certain that, whilst they're being tracked by their IP address and statistically sampled by their browsing habits, they're not also being tracked by which computer they use?
Remember, if you're trying to work out markets, you don't need perfect data and you don't need user names. With the present HTTP protocol, you can't avoid leaving an audit trail of the pages you've visited; if a webmaster knows that 37% of your users visit page A, 29% proceed to page B,
That magic word "boycott" (Score:1)
I think the magic word is 'internet', at least as much as 'boycott'.
Boycotts are no use unless you advertise loudly, widely and frequently what you're boycotting and why.
It's not enough (Score:1)
No, when you're forced to turn it back on to dial into your ISP, you'll change ISP.
When I'm forced to turn it BACK ON just to download the latest Windows '98 patches (you can damn well bet that Microsoft LOVES this idea!), I will blame INTEL.
No, when you're forced to turn it back on to load Win98 patches, you'll complain in the same way and to the same channels as you did this time, and Microsoft will give way in the same way that Intel did.
My question is... (Score:1)
But, unfortunately, it's no more secure than a (properly-crypted, stored in a non-exportable database) cookie, either. Both are 'something you have'; fiddling the kernel to send someone else's CPUID is not technically harder than copying someone else's cookie.
Yay for Intel. (Score:1)
Read the EULA on preinstalled copies of Windows, it says that it is licenced to the one machine EVER and may NEVER be used on any other machine!
This is stupid but Microsoft and others ARE doing it.
Personally, I like the ONE cpu AT-A-TIME licence.
If it is never being used by more than one person at a time, I see no problem with having it on multiple computers.
James
Yay for Intel. (Score:1)
As for software piracy, I'd be very happy if MS's software wasn't piratable at all, but not if the same measure made the average user even more traceable with everything they do on the internet. In fact, I'd have welcomed and these processor ID's, if it wasn't for the idea that software should send them over the internet in any case. just use them locally to check your licenses on proprietary software, I have no problem with that.
Damn, this stuff moves fast. (Score:1)
Is it enough? (Score:1)
Another step backward! (Score:1)
You are the ignorant one, and it's not technical (Score:1)
Not all bad. (Score:1)
#1, it would allow single processor tracking from production to end user. You can check with Intel and see if the Pentium II-450 you just bought started life as a P2-400... A big problem with a number of small computer manufacturers. I've no problem with overclocking, but when a company tries to sell me a re-marked processor....
#2, as a method of tracking stolen processors. Buy your computer, check the ID with Intel, and if it's listed as stolen, go back to the store to get a refund...
I think something along the lines of a BIOS utility that allows you to write your ID out to floppy, would be a better way to go. Then you could have the choice of "installing" the ID or not.
My thoughts.
Not all bad. (Score:1)
Overclocking police made easy. (Score:1)
I know of an immediate and rather frightening problem:
- Check processor ID
- send it in an encrypted packet to Intel (somehow)
- Intel checks this against a database.
- Intel sends info back regarding max clockchip speed
- Program receives this data. Then spurious OS crashes occur if the computer is discovered to run at a faster clockrate than that permitted by the Intel database
- Luser goes out and buys a real chip at proper speed
Far off? Maybe now, but by the time the Pentium V comes out, ID's will be compulsory for most Internet access unless we have a good privacy lobby (or live in the EU;)Netscape leaks privileged information (Score:1)
- Microsoft [possibly] sneaked in some sort of secret evil function in IE that does the things you describe
I wouldn't necessarily assume that Microsoft is always evil and will always sell your soul out and Netscape is always good. Probably the opposite, as MS isn't about to go under (read: trying desparately to survive), and Netscape isn't being investigated by the DOJ, and as a perceived underdog it is less likely to catch so much bad press when/if they're caught.- It's pretty trivial to sniff network connections (especially HTTP, which is typically 100% human-readable).
I have in fact that done that with my own computer and I have found that my Netscape Communicator 4.5 has made some attempts to contact somewhere.spurious.netscape.com when I hadn't been there in a while and was probably slashdotting. Forgotten what it was that NS was trying to leak, but luckily it failed because of a draconian firewall that we have (didn't use the configured proxy: how thick is that?)ps: Any website that has sponsors is probably evil, ie they might be monitoring and selling your traffic as this may or may not be a condition of getting paid advertising money. I find that principles will fly out through the window remarkably quickly if your survival is at stake.
Netscape leaks privileged information (Score:1)
- I'm not. Quite the opposite. I was being sarcastic to counter the previous poster's silly arguments
Whoops - I thought I understood sarcasm - ought to read the whole thread before replying in future. There are a lot of people who seem to think that all evil is confined to one particularly rich and influential software company. They should get out a bit more...- There are a million reasons why your browser might be doing this that have nothing to do with Netscape violating your privacy or gathering privileged information...
True - and I shouldn't jump to conclusions. But this remains somewhat suspicisous. I always disable everything I cannot fully control. The proxy wasn't used and this suggests that this feature is embedded deep in the code somewhere, and not part of the regular picture retrieval service. Who knows, maybe I am just seeing red and confusing buggy programming with something more sinister...If you have NS, you might want to try the same trick yourself. I'd be interested if you found anything. I would myself but only kernel 2.2 seems to have broken my packet sniffer :-(
---
I'm not paranoid - it's just that everyone's out to get me
Europe has a Larger economy ? (Score:1)
GDP for Euroland is $6.8trillion, but the Euroland only includes those nations who have adopted the single currency. The UK, Finland and Greece are outside Euroland but still fall within any other definition of the word "Europe" including "EU". These countries more than make up the $1.3 trillion gap, so they probably give Europe a bigger economy than the US. Or am I mistaken?
Big Brother says... (Score:1)
Besides, how 'permanently' disabled will it be though software?? I'll believe it when I smell smoke, not before.
What they ought (moral issue) to do is 1) destroy the poisoned chips already made and 2) submit a RANDOM sampling of chips to independent review, just to make sure that 'feature' didn't make it back in. Brother Intel has openned a Pandora's box, and I think all free-source free-thinkers out there should seriously consider their alternatives.
But then again, MS (as almost all other big software firms) has been putting serial numbers on individual copies of software. What's to stop them from sending data back to Redmond, each time we go on-line?? It's not as though we can look at the original code, right? With all those animated Easter eggs, who'd complain about a small auditing routine that runs each time you visit www.microsoft.com??
This, if nothing else, is good reason for open source software. The world is a truly scary place when you need open source hardware as well.
Not good enough!!!! >>> (Score:1)
Now on the subject of the disable, i'm pretty sure intel could easily design the chip so the id can be *permanetly* disabled. But we'll never know...I say stick with linux, how long do you think it will be before we have "Disable CPU ID" as an option in the kernel config.
Probably not (Score:1)
Khudos for Intel (Score:1)
Wake up guys (Score:1)
It has absolutely no value whatsoever for e-commerce. It is another red herring, like encryption control laws. A dishonest person is not going to use the standard products. They will use software which doesn't use the serial number in the CPU, and which uses the very best encryption.
This isn't really a big brother issue. Its one of those "if you can't do something useful, do something easy" things. These are usually promoted with statements like "its not perfect, but at least we are doing something about the problem". In fact, as in the serial number case, they are doing something irrelevant to the e-commerce problem.
On what planet would this be a privacy issue? (Score:1)
Attention, people: software can broadcast your identity with our without a chip ID number. And if your software doesn't send the ID number, then web servers can't see it. I haven't seen any Intel announcements about shipping magic fingers with which they can poke around inside someone your computer over a phone line.
A more realistic worry is that software companies will start using the serial number to restrict licenses to a single machine, but that doesn't have a whole lot to do with privacy issues.
On what planet would this be a privacy issue? (Score:1)
Attention, people: software can broadcast your identity with our without a chip ID number. And if your software doesn't send the ID number (or sends a fake), then web servers can't see it. I haven't seen any Intel announcements about shipping magic fingers with which someone can poke around inside your computer over a phone line.
There could be problems with software companies that use the serial number to restrict licenses to a single machine, but that doesn't have a whole lot to do with privacy issues.
Big Brother Inside (Score:1)
Thanks.
IP (Score:1)
OTOH, in a web browser, it could be embedded within the HTTP request. In that case, use a proxy server (squid) that can filter out the header. HTTPS is another story, over, however. Netscape allows a Security proxy. Presumably that uses HTTP to the proxy, which then does the encryption side. In that case, you could still filter the header (pre-encryption). So you run your own proxy on 127.0.0.1...
I don't think there is much chance of success (whatever "success" can be considered to be in this case), mainly because the Pentium III, as I understand it, is not a low-end consumer product. Perhaps in another year or so: The Pentium II is already nearly a low-end product. Net commerce that requires this chip-ID stuff is going to cut it's own throat, since they are excluding most of the computers out there.
Still, I would not buy a Pentium III because of this "feature", even if it is off by default. I'm not particularly a fan of the Intel architecture to begin with. As others have pointed out, this can be a boon for the Free Software/Open Source movement, since the "feature" is probably primarily a dongle for copy protection. "What, I have to buy my software all over again because I bought a new computer?!" If Intel wants to sink with Microsoft, that's their business...
On the MicroSoft planet .. (Score:1)
Yay for Intel. not quite. (Score:1)
Its a bad idea to begin with.
And if they want to keep software to a machine
but using Hardware, why not use the ethernet card?
that usually doesnt change or perhaps the HD sn#.
Frankly I dont give a flying
a great way to keep track of people surfing habits and their life online.
Dont you think if M$ is in bed with intel and internet exploder is a major M$ product that it will freely hand out your machine CPU ID to any web site that wants it, or uses a M$ server product.
-Zeb
long pointless rant i know.
It wasn't the public pressure, it was the money... (Score:1)
The Fed "must assure Europeans that the United States has adequate privacy protections or risk a prohibition against businesses in those 15 countries [of the European Union] from disclosing personal information about citizens there to U.S. companies."
Follow the money...
Why... (Score:1)
Lord Rion
Hired Net Grunt