Register
Email: Password:
Forum » Trusted(Treacherous) Computing

Trusted(Treacherous) Computing

Binky 16 years ago
1. The GNU Project distributes the GNU Privacy Guard, a program that implements public-key encryption and digital signatures, which you can use to send secure and private email. It is useful to explore how GPG differs from treacherous computing, and see what makes one helpful and the other so dangerous.

When someone uses GPG to send you an encrypted document, and you use GPG to decode it, the result is an unencrypted document that you can read, forward, copy, and even re-encrypt to send it securely to someone else. A treacherous computing application would let you read the words on the screen, but would not let you produce an unencrypted document that you could use in other ways. GPG, a free software package, makes security features available to the users; they use it. Treacherous computing is designed to impose restrictions on the users; it uses them.
2. The supporters of treacherous computing focus their discourse on its beneficial uses. What they say is often correct, just not important.

Like most hardware, treacherous computing hardware can be used for purposes which are not harmful. But these uses can be implemented in other ways, without treacherous computing hardware. The principal difference that treacherous computing makes for users is the nasty consequence: rigging your computer to work against you.

What they say is true, and what I say is true. Put them together and what do you get? Treacherous computing is a plan to take away our freedom, while offering minor benefits to distract us from what we would lose.
3. Microsoft presents palladium as a security measure, and claims that it will protect against viruses, but this claim is evidently false. A presentation by Microsoft Research in October 2002 stated that one of the specifications of palladium is that existing operating systems and applications will continue to run; therefore, viruses will continue to be able to do all the things that they can do today.

When Microsoft speaks of “security” in connection with palladium, they do not mean what we normally mean by that word: protecting your machine from things you do not want. They mean protecting your copies of data on your machine from access by you in ways others do not want. A slide in the presentation listed several types of secrets palladium could be used to keep, including “third party secrets” and “user secrets”—but it put “user secrets” in quotation marks, recognizing that this somewhat of an absurdity in the context of palladium.

The presentation made frequent use of other terms that we frequently associate with the context of security, such as “attack”, “malicious code”, “spoofing”, as well as “trusted”. None of them means what it normally means. “Attack” doesn't mean someone trying to hurt you, it means you trying to copy music. “Malicious code” means code installed by you to do what someone else doesn't want your machine to do. “Spoofing” doesn't mean someone fooling you, it means you fooling palladium. And so on.
4. A previous statement by the palladium developers stated the basic premise that whoever developed or collected information should have total control of how you use it. This would represent a revolutionary overturn of past ideas of ethics and of the legal system, and create an unprecedented system of control. The specific problems of these systems are no accident; they result from the basic goal. It is the goal we must reject.
Interesting.
From:
Can You Trust Your Computer?
See also:
Trusted Computing FAQ
Electronic Frontier Foundation
Public Knowledge
Trusted Computing - An Animated Short
#
MageKing17 16 years ago
I quote from the ESRB thread:
"MageKing17" said:
"Grim Reaper" said:
"MageKing17" said:
Whitelisting simply does not work. You can blacklist all you want, because if something new comes along that performs a necessary function, it is instantly allowed access ("assume good faith"). If it is later determined to be harmful (by design or accident (those happen too, you know, "never attribute to malice that which can adequately be explained through stupidity")), it can be blacklisted... but a whitelist is just inherently a bad idea, when it comes to software.
One exception to that rule: NoScript.

It's a Firefox add-on which blocks all sorts of scripting from a website unless you allow them to run yourself. Saves you from all the potentially hazardous scripts n' stuff you might otherwise execute (perhaps even without knowing).
I should've been clearer.

Whitelisting can work in certain situations. However, in deciding what software on your computer can access certain files, whitelisting does not work. For example, say you've got a program that makes editing, say, data files for some kind of project very easy. That program then, for example, gets a patch that breaks it, and for whatever reason, you can't go back to the old version. Now let's suppose that editing program was the only program whitelisted to edit not only those data files, but to edit the list of programs able to edit those files! Contrived? Not really. Murphy's law, after all.

However, whitelisting, say, what programs are able to access the internet (like quite a few firewalls do), can and does work, because it's virtually impossible for the list itself to become totally inaccessible, and you can disable whether or not the list has any affect at all. As I understand it, neither are assured under this Trusted Computing crap.
#
Forum » Trusted(Treacherous) Computing

Post Reply


Your email:
Your name: