-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have other work that I really should be doing instead of feeding the trolls so this will likely be my last response on this topic.
On Thu, 28 Jun 2012, [email protected] wrote:
Ben Mendis wrote: "Because a UUID is just a number. A number, by itself, is not a threat" Whereas, using PSN and AMD DASH or Intel AMT is how IT administrators, hackers and government discretely remotely take complete control of computers.
DASH or AMT, maybe. But PSN, no. You have yet to demonstrate in any way how a PSN could be used by an attacker to gain remote access to a system. Please stop spreading this FUD.
Whereas, PSN can be tracked without opening a browser, without being online.
Again, you have yet to demonstrate how a PSN could magically be transmitted from my computer to Microsoft's servers when my system is not connected to any network. I know, it's unreasonable of me to challenge you on this because you're not a programmer, but frankly if you don't know what you're talking about, don't spread this FUD.
Did Freedomboxfoundation sign a nondisclosure agreement? If not, please do and then ask.
Assuming they did sign an NDA, or assuming I signed an NDA... wouldn't that implictly (or even explicitly) mean that we would not be able to disclose any response we received from these companies under that agreement. Unless I'm mistaken, that's the whole point of an NDA.
Today, I did post my questions on ARM's forum. I will post their replies if any.
Please do. But also realize that the existence of a PSN or TrustZone in the CPU does not inheirently represent a threat to the security of the system. At least not from any of the evidence that you have been able to produce. These processor features can only become a threat in conjuction with specific local software that is intentionally designed to access those features of the processor. Removing the serial number is not a good "fix" for the issue you have been describing, because in those scenarios the software that the user is running is not trustworthy, so they're fucked anyways. If you only run trustworthy software, there's no issue. If you had bothered to become a programmer and learn about how computers work on the inside, then you'd be able to understand my skepticism of your claims. What you're saying basically amounts to, "If someone knows your name, then they can use your name to hi-jack your brain and use mind-control to make you do whatever they want." While that might be the plot of some popular fictions, it's not reality. Furthermore, I think it's hillarious that you're lecturing us on what is and isn't "private" from a Hushmail account. You don't even own your private key. Hushmail has servers in the USA which puts them under US jurisdiction. If the gov't was investigation you, they could subpoena Hushmail for ALL of your emails, decrypted and in plain text. And since Hushmail owns your private key, they would be legally obligated to give you up. Your fourth amendment rights don't even enter into it. And that's not conspiracy theory, it's US Law. Go read about it or talk to the talented lawyers at the EFF if you don't belive me. Good game, Ben the Pyrate -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJP7LDmAAoJEMco5sYyM+0wh5gH/A0X3pIUl62J9yp2rdmvoghe g91sX2CVXA/jPCHZW79vCEXhq0DYHSJrYVp3if54ytSnPcZu3U8E8fKWZ13TAM7N MHNBVo51ygj8vV+F9KpByBkshHNmCv0JA2ubxDo4I5CelsUrljJbKDe50pRxCWvH h+5gBiuoZ3xFh5B55EUA3snuOVS5ZJ8ENjPFcM8IrDKtsVnODRzs5LubKxCLZVm8 E1Kirbxnm1SCIuj12s2Idu6LWZd34Nk2ZGhXiaq3JAZp9PSm5hF2WBUG3eNttpQq 1vy5Nojje9YRmaboltYiqX4TNbHfjFbhOVFeVykAlHNqsl4DZyTfIGuJjD72GSk= =yrqy -----END PGP SIGNATURE----- _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
