Yeah we don't want these hardware IDs to be visible on the web, but also don't forget how well you can already be tracked anyway through fingerprinting.
There's a company called BlueCava which has your "device ID", but by that they don't mean a hardware ID, they just have a really good fingerprint: http://www.bluecava.com/ They claim 99.7% accuracy. A critical article about BlueCava's "device ID" technology: http://news.idg.no/cw/art.cfm?id=A36FB35A-9CA1-6125-AC87C18E040B4065 A classic is of course also EFF's Panopticlick tool: https://panopticlick.eff.org/ I assume Privoxy on the FreedomBox will somewhat reduce this fingerprinting problem, but we should keep it in mind.. Markus -- Project Danube: http://projectdanube.org Personal Data Ecosystem Consortium: http://personaldataecosystem.org/ On Thu, Jun 28, 2012 at 2:58 PM, <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ben Mendis, you are missing my points. Regardless whether a > product, such as software, ebook, video, etc. are purchased with > DRM, the two UUIDs of TPM and the PSN are visible online to > websites. > > I already quoted that Intel's PSN is sent to Microsoft. When > Windows computers start up, Microsoft automatically authenticates > computes regarding whether they have genuine Microsoft. Microsoft > antivirus and WMP does this too. Microsoft reads the PSN and TPM of > computers to match the hardware with Microsoft' serial number. > > There are articles that Microsoft's customers information is > available to government. See > http://newsworldwide.wordpress.com/2008/05/02/microsoft-discloses- > government-backdoor-on-windows-operating-systems/ > > http://www.pcworld.com/article/190233/microsofts_spy_guide_what_you_ > need_to_know.html > > Microsoft and Skype's backdoor for government is at: > http://memeburn.com/2011/07/microsoft-and-skype-set-to-allow- > backdoor-eavesdropping/ > > Your quote: "there is no benefit to home users, as websites are not > using this technology." is from a very old article that was written > prior to TPM. From: http://www.geek.com/glossary/P/psn-processor- > serial-number/ > > TPM is not software dependent. "The TPM is bound to a single > platform and is independent of all other platform components (such > as processor, memory and operating system)." > http://h20331.www2.hp.com/Hpsub/cache/292199-0-0-225-121.htm > > TPM is on by default. Users do not need to enable it. > > TPM is not used only when users purchase a DRM product. Reread the > list of ARM's TrustZone's users in my prior email. > > Website and malware use Javascript. Javascript can read UUIDs. > Apple prohibits javascript in apps from reading UUIDs: "The uuid > property returns the device’s unique identification id. NOTE: Apple > no longer permits obtaining the uuid within applications. If you > use this property in an app intended for Apple, it may get rejected > or pulled from the store without notice at a later date. This > property is still permitted for Android." > http://www.appmobi.com/documentation/device.html > > Though Apple's policy is to prohibit reading UUIDs, Apple's apps do > read them and sell them. "An examination of 101 popular smartphone > "apps"—games and other software applications for iPhone and Android > phones—showed that 56 transmitted the phone's unique device ID to > other companies without users' awareness or consent. Forty-seven > apps transmitted the phone's location in some way. Five sent age, > gender and other personal details to outsiders. The findings reveal > the intrusive effort by online-tracking companies to gather > personal data about people in order to flesh out detailed dossiers > on them. > Among the apps tested, the iPhone apps transmitted more data than > the apps on phones using Google Inc.'s Android operating system." > http://online.wsj.com/article/SB100014240527487046940045760200837035 > 74602.html > > Many apps written for smartphones are also written for tablets and > PCs. They read the UUIDs of computers and sell this information. > > This week, Intel's processor was hacked again. > http://thehackernews.com/2012/06/intel-cpu-vulnerability-can- > provide.html > > News articles on hacks do not give a step by step tutorial on how > to to do. Hacking websites and forums may have tutorials. Visible > PSN enables hacking of processors. > > Your question of how a website determine the geolocation of a > client is a separate topic. Browsers, such as Firefox, have > geolocation enabled. Most people do not know that there is an > option to disable the geolocation in Firefox. Google Gears tracks > geolocation offline. There are other Google apps that track > geolocation which are used by websites tracking the geolocation of > their visitors. So what UUIDs are Google apps using to track > geolocation? > > "Geolocation can be performed by associating a geographic location > with the Internet Protocol (IP) address, MAC address, RFID, > hardware embedded article/production number, embedded software > number (such as UUID, Exif/IPTC/XMP or modern steganography), > invoice, Wi-Fi connection location, or device GPS coordinates, or > other, perhaps self-disclosed, information." > http://www.privacyinfo.org/geoip > > I should not have to have the burden to take the time to research > how PSN, TPM and ARM's TrustZone are used. They exist to enable > tracking of computers offline and online by websites. Websites sell > user information. Malware tracks UUIDs. > > You do not need to know everything to ask Marvell whether their PSN > is visible and whether there is ARM TrustZone in their motherboard. > Please ask and disclose the answer on FreedomBox's website. > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wsBcBAEBAgAGBQJP7FT0AAoJEMry4TZLOfxmHL4IAIqMwhXjT22tfVOyI4LFpQsxwLTd > NrXeXapCgsgdfTpgNSk3eyS8f9ItMAR4OJ1Y+BuAxqhI3p4UeQcUGo3obo9dq42adlAR > RvPuXfGU8z+SUsVeuXpFYotW1TBOENh8LH7C0LBatwZVKnJn0FyPmzrn4cRBGDj5npnY > 8Cjt2MXmtmVYMSgMYRj0jXTX9CkTTSvpZ/Z7zEL29QuaoJkWEgn5kRxo7xSYRL76NvRm > ye6spMBq1OiQhhm+I7gFZBqzfKQb+G2A2t0P0m8ifjkz0m1BX3TA38C7b2IimE408YRO > l/nWpsJ8uJsguYtKsWHdXEjKtkrki7luc17nPjAnymk= > =6WVz > -----END PGP SIGNATURE----- > > > _______________________________________________ > Freedombox-discuss mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
