[Freedombox-discuss] PSN, ARM's Trust Zone and TPM
markus at personaldataecosystem.org
Fri Jun 29 08:36:54 UTC 2012
Yeah we don't want these hardware IDs to be visible on the web, but also
don't forget how well you can already be tracked anyway through
There's a company called BlueCava which has your "device ID", but by that
they don't mean a hardware ID, they just have a really good fingerprint:
They claim 99.7% accuracy. A critical article about BlueCava's "device ID"
A classic is of course also EFF's Panopticlick tool:
I assume Privoxy on the FreedomBox will somewhat reduce this fingerprinting
problem, but we should keep it in mind..
Project Danube: http://projectdanube.org
Personal Data Ecosystem Consortium: http://personaldataecosystem.org/
On Thu, Jun 28, 2012 at 2:58 PM, <freebirds at hushmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Ben Mendis, you are missing my points. Regardless whether a
> product, such as software, ebook, video, etc. are purchased with
> DRM, the two UUIDs of TPM and the PSN are visible online to
> I already quoted that Intel's PSN is sent to Microsoft. When
> Windows computers start up, Microsoft automatically authenticates
> computes regarding whether they have genuine Microsoft. Microsoft
> antivirus and WMP does this too. Microsoft reads the PSN and TPM of
> computers to match the hardware with Microsoft' serial number.
> There are articles that Microsoft's customers information is
> available to government. See
> Microsoft and Skype's backdoor for government is at:
> Your quote: "there is no benefit to home users, as websites are not
> using this technology." is from a very old article that was written
> prior to TPM. From: http://www.geek.com/glossary/P/psn-processor-
> TPM is not software dependent. "The TPM is bound to a single
> platform and is independent of all other platform components (such
> as processor, memory and operating system)."
> TPM is on by default. Users do not need to enable it.
> TPM is not used only when users purchase a DRM product. Reread the
> list of ARM's TrustZone's users in my prior email.
> property returns the device’s unique identification id. NOTE: Apple
> no longer permits obtaining the uuid within applications. If you
> use this property in an app intended for Apple, it may get rejected
> or pulled from the store without notice at a later date. This
> property is still permitted for Android."
> Though Apple's policy is to prohibit reading UUIDs, Apple's apps do
> read them and sell them. "An examination of 101 popular smartphone
> "apps"—games and other software applications for iPhone and Android
> phones—showed that 56 transmitted the phone's unique device ID to
> other companies without users' awareness or consent. Forty-seven
> apps transmitted the phone's location in some way. Five sent age,
> gender and other personal details to outsiders. The findings reveal
> the intrusive effort by online-tracking companies to gather
> personal data about people in order to flesh out detailed dossiers
> on them.
> Among the apps tested, the iPhone apps transmitted more data than
> the apps on phones using Google Inc.'s Android operating system."
> Many apps written for smartphones are also written for tablets and
> PCs. They read the UUIDs of computers and sell this information.
> This week, Intel's processor was hacked again.
> News articles on hacks do not give a step by step tutorial on how
> to to do. Hacking websites and forums may have tutorials. Visible
> PSN enables hacking of processors.
> Your question of how a website determine the geolocation of a
> client is a separate topic. Browsers, such as Firefox, have
> geolocation enabled. Most people do not know that there is an
> option to disable the geolocation in Firefox. Google Gears tracks
> geolocation offline. There are other Google apps that track
> geolocation which are used by websites tracking the geolocation of
> their visitors. So what UUIDs are Google apps using to track
> "Geolocation can be performed by associating a geographic location
> with the Internet Protocol (IP) address, MAC address, RFID,
> hardware embedded article/production number, embedded software
> number (such as UUID, Exif/IPTC/XMP or modern steganography),
> invoice, Wi-Fi connection location, or device GPS coordinates, or
> other, perhaps self-disclosed, information."
> I should not have to have the burden to take the time to research
> how PSN, TPM and ARM's TrustZone are used. They exist to enable
> tracking of computers offline and online by websites. Websites sell
> user information. Malware tracks UUIDs.
> You do not need to know everything to ask Marvell whether their PSN
> is visible and whether there is ARM TrustZone in their motherboard.
> Please ask and disclose the answer on FreedomBox's website.
> -----BEGIN PGP SIGNATURE-----
> Charset: UTF8
> Version: Hush 3.0
> Note: This signature can be verified at https://www.hushtools.com/verify
> -----END PGP SIGNATURE-----
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freedombox-discuss