[Freedombox-discuss] PSN, ARM's Trust Zone and TPM
freebirds at hushmail.com
freebirds at hushmail.com
Thu Jun 28 12:58:28 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ben Mendis, you are missing my points. Regardless whether a
product, such as software, ebook, video, etc. are purchased with
DRM, the two UUIDs of TPM and the PSN are visible online to
websites.
I already quoted that Intel's PSN is sent to Microsoft. When
Windows computers start up, Microsoft automatically authenticates
computes regarding whether they have genuine Microsoft. Microsoft
antivirus and WMP does this too. Microsoft reads the PSN and TPM of
computers to match the hardware with Microsoft' serial number.
There are articles that Microsoft's customers information is
available to government. See
http://newsworldwide.wordpress.com/2008/05/02/microsoft-discloses-
government-backdoor-on-windows-operating-systems/
http://www.pcworld.com/article/190233/microsofts_spy_guide_what_you_
need_to_know.html
Microsoft and Skype's backdoor for government is at:
http://memeburn.com/2011/07/microsoft-and-skype-set-to-allow-
backdoor-eavesdropping/
Your quote: "there is no benefit to home users, as websites are not
using this technology." is from a very old article that was written
prior to TPM. From: http://www.geek.com/glossary/P/psn-processor-
serial-number/
TPM is not software dependent. "The TPM is bound to a single
platform and is independent of all other platform components (such
as processor, memory and operating system)."
http://h20331.www2.hp.com/Hpsub/cache/292199-0-0-225-121.htm
TPM is on by default. Users do not need to enable it.
TPM is not used only when users purchase a DRM product. Reread the
list of ARM's TrustZone's users in my prior email.
Website and malware use Javascript. Javascript can read UUIDs.
Apple prohibits javascript in apps from reading UUIDs: "The uuid
property returns the device’s unique identification id. NOTE: Apple
no longer permits obtaining the uuid within applications. If you
use this property in an app intended for Apple, it may get rejected
or pulled from the store without notice at a later date. This
property is still permitted for Android."
http://www.appmobi.com/documentation/device.html
Though Apple's policy is to prohibit reading UUIDs, Apple's apps do
read them and sell them. "An examination of 101 popular smartphone
"apps"—games and other software applications for iPhone and Android
phones—showed that 56 transmitted the phone's unique device ID to
other companies without users' awareness or consent. Forty-seven
apps transmitted the phone's location in some way. Five sent age,
gender and other personal details to outsiders. The findings reveal
the intrusive effort by online-tracking companies to gather
personal data about people in order to flesh out detailed dossiers
on them.
Among the apps tested, the iPhone apps transmitted more data than
the apps on phones using Google Inc.'s Android operating system."
http://online.wsj.com/article/SB100014240527487046940045760200837035
74602.html
Many apps written for smartphones are also written for tablets and
PCs. They read the UUIDs of computers and sell this information.
This week, Intel's processor was hacked again.
http://thehackernews.com/2012/06/intel-cpu-vulnerability-can-
provide.html
News articles on hacks do not give a step by step tutorial on how
to to do. Hacking websites and forums may have tutorials. Visible
PSN enables hacking of processors.
Your question of how a website determine the geolocation of a
client is a separate topic. Browsers, such as Firefox, have
geolocation enabled. Most people do not know that there is an
option to disable the geolocation in Firefox. Google Gears tracks
geolocation offline. There are other Google apps that track
geolocation which are used by websites tracking the geolocation of
their visitors. So what UUIDs are Google apps using to track
geolocation?
"Geolocation can be performed by associating a geographic location
with the Internet Protocol (IP) address, MAC address, RFID,
hardware embedded article/production number, embedded software
number (such as UUID, Exif/IPTC/XMP or modern steganography),
invoice, Wi-Fi connection location, or device GPS coordinates, or
other, perhaps self-disclosed, information."
http://www.privacyinfo.org/geoip
I should not have to have the burden to take the time to research
how PSN, TPM and ARM's TrustZone are used. They exist to enable
tracking of computers offline and online by websites. Websites sell
user information. Malware tracks UUIDs.
You do not need to know everything to ask Marvell whether their PSN
is visible and whether there is ARM TrustZone in their motherboard.
Please ask and disclose the answer on FreedomBox's website.
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify
wsBcBAEBAgAGBQJP7FT0AAoJEMry4TZLOfxmHL4IAIqMwhXjT22tfVOyI4LFpQsxwLTd
NrXeXapCgsgdfTpgNSk3eyS8f9ItMAR4OJ1Y+BuAxqhI3p4UeQcUGo3obo9dq42adlAR
RvPuXfGU8z+SUsVeuXpFYotW1TBOENh8LH7C0LBatwZVKnJn0FyPmzrn4cRBGDj5npnY
8Cjt2MXmtmVYMSgMYRj0jXTX9CkTTSvpZ/Z7zEL29QuaoJkWEgn5kRxo7xSYRL76NvRm
ye6spMBq1OiQhhm+I7gFZBqzfKQb+G2A2t0P0m8ifjkz0m1BX3TA38C7b2IimE408YRO
l/nWpsJ8uJsguYtKsWHdXEjKtkrki7luc17nPjAnymk=
=6WVz
-----END PGP SIGNATURE-----
More information about the Freedombox-discuss
mailing list