I know perfectly well what the TPM does, and didn’t intend to imply any surveillance function of that module itself, it was more of an observation that:

1) Keeping encryption keys in a tamper-proof module means the user has less control of their computer.

2) TPM is an enabling technology for more nefarious schemes, if you can’t tell when the system is encrypting data, how will you even know what it sends when it does ‘phone home’?

3) TPM was introduced in Apple/Intel CPU hardware in 2005, with the potential use as a more bulletproof mechanism for enforcing Apple’s monopoly. DRM on Apple hardware is already infamous, to the point that you can’t watch a video purchased on iTunes on an external monitor, unless it meets certain requirements.

The intention was presumably to prevent Mac OS X from running on Apple-approved hardware. Yes, there are patches around this, but Apple has periodically been slow in publishing the Intel branches of Darwin source code for Intel to protect their “secure booting” scheme. They also prevent debuggers like dtrace from certain applications (notably iTunes).

http://blogs.sun.com/ahl/entry/mac_os_x_and_the

The society of 1984 is, for me, is about institutions controlling individual and collective behaviour through repressive means. Massive surveillance systems are part of this, but so are mandatory DRM schemes. Any system which is designed to prevent the user from being aware of what is running on their computer, is conceptually no different than a rootkit, IMHO.

When an OS (such as Vista) uses encryption to obfuscate movement of digital data through the system, how does that help me do my work more efficiently? All it does is make the computer industry trade user control for controls imposed by the entertainment industry.

It also makes the computer vendors beholden to the entertainment industry. If I want to watch a DVD, I’ll get a $40 DVD player. Don’t force me to replace my perfectly good operating system with a DRM-friendly one.

First, you realise this post is 2 years old?

> Sometime around 2005, when Intel started shipping systems with the TPM (trusted platform module) chip, is when 1984 happened. … “copy anything you want – we’re watching everything you do online anyway”

Do you have the slightest idea what a TPM module actually does? Apparently not. It’s a hardware random number generator, secure key generator, and secure key store. These are all useful, documented functions, and have nothing whatsoever to do with “watching everything you do online”. How could it possibly? It’s a chip on the motherboard. It doesn’t have some magical direct access to the internet, it just provides functions that an operating system can use. Nor does it work in some shady, obfuscated way with proprietary OSes only: Linux has supported TPM modules since 2.6.12 (you can go view the driver code for it yourself in the normal way).

Yes, OSes can potentially watch and report everything you do online. But they don’t. Don’t believe me, buy a hardware packet sniffer and confirm for yourself. And they could do this before TPM modules.

>2008: the telecom firms that conspired with the government to surveil everytning, got retroactive immunity.

And yet your post was mainly complaining about a tool that would allow you more secure generation of encryption keys. Oh, the irony…

1984 wasn’t like 1984 because the technology wasn’t ready yet.

Sometime around 2005, when Intel started shipping systems with the TPM (trusted platform module) chip, is when 1984 happened. Apple helped out a bit by putting this tech in ALL of their Intel macs.

1984: the message wasn’t “don’t copy that floppy”

2005: the message seemed to change a bit: “copy anything you want – we’re watching everything you do online anyway”

2008: the telecom firms that conspired with the government to surveil everytning, got retroactive immunity.

Good luck to you, sir

However, this voids no existing security measures, which prevent UNTRUSTED people getting access to the information in the first place. As soon as you share trusted info with an untrusted party you have a security breach, this is obvious.

Yeah, there’s reasons that the IT department locks down the companies computers. One of the biggest reasons is because the general end user is a total moron who uses the company machine for their own personal use. When this happens, they go to websites that infect their machines with crap like WinAntivirusPro, they install software that load software and don’t have the common sense to uncheck the “install Yahoo bar”, install “google bar”, install this and that.

The reason that machines are locked down is because the general user lacks any and all common sense to actually protect their data. I could give two caca’s about users taking pictures of their screens, big deal. They cannot be trusted with their machines. Plain and simple.

I want you to update a document but I want to be sure that you dont messup and lose your laptop/usb key/floppy like you always usually do.

I would prefer to know that, even when you somehow manage to mess up looking after sensitive information, that it will not find its way into the wrong hands of someone competent. If you printed it out you would probably lose it in the same way you misplace every report I ask for.

I’ve disabled the CD-Writer, USB Pens and the Floppy Disk drive because it would be stupid to try and protect something from your own stupidity by letting you put it on your ipod or some other small, lose able, unencrypted device.

You’ve just taken a photograph of your screen, with our secret document open on the desktop. And posted it on the net. Nice going!

I’ve just taken a box and had all your personal effects left at reception with your Pink Slip.

Move on.