-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ben Mendis, you are missing my points. Regardless whether a product, such as software, ebook, video, etc. are purchased with DRM, the two UUIDs of TPM and the PSN are visible online to websites.
I already quoted that Intel's PSN is sent to Microsoft. When Windows computers start up, Microsoft automatically authenticates computes regarding whether they have genuine Microsoft. Microsoft antivirus and WMP does this too. Microsoft reads the PSN and TPM of computers to match the hardware with Microsoft' serial number. There are articles that Microsoft's customers information is available to government. See http://newsworldwide.wordpress.com/2008/05/02/microsoft-discloses- government-backdoor-on-windows-operating-systems/ http://www.pcworld.com/article/190233/microsofts_spy_guide_what_you_ need_to_know.html Microsoft and Skype's backdoor for government is at: http://memeburn.com/2011/07/microsoft-and-skype-set-to-allow- backdoor-eavesdropping/ Your quote: "there is no benefit to home users, as websites are not using this technology." is from a very old article that was written prior to TPM. From: http://www.geek.com/glossary/P/psn-processor- serial-number/ TPM is not software dependent. "The TPM is bound to a single platform and is independent of all other platform components (such as processor, memory and operating system)." http://h20331.www2.hp.com/Hpsub/cache/292199-0-0-225-121.htm TPM is on by default. Users do not need to enable it. TPM is not used only when users purchase a DRM product. Reread the list of ARM's TrustZone's users in my prior email. Website and malware use Javascript. Javascript can read UUIDs. Apple prohibits javascript in apps from reading UUIDs: "The uuid property returns the device’s unique identification id. NOTE: Apple no longer permits obtaining the uuid within applications. If you use this property in an app intended for Apple, it may get rejected or pulled from the store without notice at a later date. This property is still permitted for Android." http://www.appmobi.com/documentation/device.html Though Apple's policy is to prohibit reading UUIDs, Apple's apps do read them and sell them. "An examination of 101 popular smartphone "apps"—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone's unique device ID to other companies without users' awareness or consent. Forty-seven apps transmitted the phone's location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them. Among the apps tested, the iPhone apps transmitted more data than the apps on phones using Google Inc.'s Android operating system." http://online.wsj.com/article/SB100014240527487046940045760200837035 74602.html Many apps written for smartphones are also written for tablets and PCs. They read the UUIDs of computers and sell this information. This week, Intel's processor was hacked again. http://thehackernews.com/2012/06/intel-cpu-vulnerability-can- provide.html News articles on hacks do not give a step by step tutorial on how to to do. Hacking websites and forums may have tutorials. Visible PSN enables hacking of processors. Your question of how a website determine the geolocation of a client is a separate topic. Browsers, such as Firefox, have geolocation enabled. Most people do not know that there is an option to disable the geolocation in Firefox. Google Gears tracks geolocation offline. There are other Google apps that track geolocation which are used by websites tracking the geolocation of their visitors. So what UUIDs are Google apps using to track geolocation? "Geolocation can be performed by associating a geographic location with the Internet Protocol (IP) address, MAC address, RFID, hardware embedded article/production number, embedded software number (such as UUID, Exif/IPTC/XMP or modern steganography), invoice, Wi-Fi connection location, or device GPS coordinates, or other, perhaps self-disclosed, information." http://www.privacyinfo.org/geoip I should not have to have the burden to take the time to research how PSN, TPM and ARM's TrustZone are used. They exist to enable tracking of computers offline and online by websites. Websites sell user information. Malware tracks UUIDs. You do not need to know everything to ask Marvell whether their PSN is visible and whether there is ARM TrustZone in their motherboard. Please ask and disclose the answer on FreedomBox's website. -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wsBcBAEBAgAGBQJP7FT0AAoJEMry4TZLOfxmHL4IAIqMwhXjT22tfVOyI4LFpQsxwLTd NrXeXapCgsgdfTpgNSk3eyS8f9ItMAR4OJ1Y+BuAxqhI3p4UeQcUGo3obo9dq42adlAR RvPuXfGU8z+SUsVeuXpFYotW1TBOENh8LH7C0LBatwZVKnJn0FyPmzrn4cRBGDj5npnY 8Cjt2MXmtmVYMSgMYRj0jXTX9CkTTSvpZ/Z7zEL29QuaoJkWEgn5kRxo7xSYRL76NvRm ye6spMBq1OiQhhm+I7gFZBqzfKQb+G2A2t0P0m8ifjkz0m1BX3TA38C7b2IimE408YRO l/nWpsJ8uJsguYtKsWHdXEjKtkrki7luc17nPjAnymk= =6WVz -----END PGP SIGNATURE----- _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
