Back then people took the idea of privacy really seriously. From what I saw what mostly killed it was the mobile phone revolution.
The entire mobile ecosystem was basically built to productize the user. A few oddballs pointed this out and were ignored because phones are shiny. The "mobile mentality" bled back into the entire rest of the computing ecosystem and this is where we are today.
Ultimately it's rooted in economics. People like free stuff, and the only way to give it to them is to monetize it indirectly via ads and surveillance.
> Ultimately it's rooted in economics. People like free stuff, and the only way to give it to them is to monetize it indirectly via ads and surveillance.
It's more than economics - they actively attack privacy and user control. E.g. DRM anti-circumvention laws, the impossibility of buying a CPU without Intel Management Engine (or AMD equivalent) unless you're a government agency [1], forcing the Trusted Platform Module on users, the gradual vanishing of rootable-phones and proliferation of apps that require a non-rooted phone, no more non-smart TVs, etc. Countless cases where there are no freedom-respecting options available for commoners at any price.
DRM exists to protect the revenue streams of content owners. IME exists because Intel’s big customers want it and the people who don’t want it don’t have enough money for a custom SKU. TPM exists just because it’s a good security feature that the industry has demanded. Mainstream phones run non-privileged because businesses and the general public do not need root, and those who do want those features are a niche market. TVs mostly have smart features because subsidized TV with more features sell better than more expensive TV with fewer features.
Corporations optimize for money, they’re indifferent to privacy, they’ll sell whatever people are willing to buy that makes them the most money.
> IME exists because Intel’s big customers want it and the people who don’t want it don’t have enough money for a custom SKU
I addressed this - systems without IME exist, but are not available for purchase, for any price, except for governments. That's not economics.
> TPM exists just because it’s a good security feature that the industry has demanded
Industry demands it, and OS and CPU manufacturers collude to make sure every user gets it, whether they want it or not, so that when they start pushing remote-attestation and other user-hostile technologies in the future, they won't lose any market.
> Mainstream phones run non-privileged
I specifically said "non-rootable", i.e. non-privileged by default, but that can be unlocked. So mainstream phones would remain non-privileged except for those motivated enough to follow an unlock procedure. But it's a common tactic to excuse deliberate lock-down with "few need it, so we will invest resources into making sure they can't have it, when our previous models allowed it". If MS prevented users from running any compiler except Visual Studio on Windows, would you excuse it because those that need it are a niche market, for whom the more expensive Windows Pro licenses are made?
> subsidized TV with more features sell better than more expensive TV with fewer features
There are no non-smart TVs on store shelves next to smart ones, just for a higher price, despite demand [1]. In fact it's a challenge to find one at all.
Saying it's just about money is technically correct in most cases, but very misleading. It hides the fact that in most cases it's not just about offering a cheaper product, but involves backroom lobbying from other interests to restrict consumer options, like forcing them to watch ads on DVDs [2]. It's "about money" in the same way that robbery is about money.
Not if you're buying Intel, they don't. The IME reads the HAP bit during boot, and if that's set will set its state to disabled, but it's still there and you're still relying on the software to actually behave as it's supposed to. The same applies to the hardware disable mechanism which involves doing fucky stuff with some of the HDA pins.
>systems without IME exist, but are not available for purchase, for any price, except for governments
There isn't much of a point for Intel to make one without it. It's easier to support less SKUs. There are many other CPU manufacturers out there if IME is specifically something you don't want.
>OS and CPU manufacturers collude to make sure every user gets it, whether they want it or not
Because application developers want >90% of the userbase to support it. If only 5% of users have it then it limits the apps that can use it.
>they start pushing remote-attestation and other user-hostile technologies in the future, they won't lose any market.
Remote attestation isn't user hostile. It is a security feature that protects platforms that the software uses. Users benefit from the platforms they are using being secure. Users don't like playing against cheaters in muliplayer games. Users don't like receiving spam messages. Users don't like their accounts being hacked.
I have a few smart TVs. I use them as monitors and do not give them access to my networks. Aside from some “magic” SSID that provokes an automatic covert connection by my device from a wardriving van/drone, I don’t understand what the other security risks could be?
It sucks that you can’t just turn that connectivity off with a physical switch, but it’s hard to see this as a deal breaker. If I get really paranoid I’ll just solder a 50 ohm resistor from the wifi antenna lead (on the motherboard)to ground.
Is there some reason that people are compelled to connect their smart tvs to their networks?
> I addressed this - systems without IME exist, but are not available for purchase, for any price, except for governments. That's not economics.
As I understand governments just set a bit to disable IME on already existing processors. But if you want a feature and are willing to give them billions of dollars, Intel or anyone else absolutely will add a feature for you. You can call up any fab and have them make whatever you want. Custom silicon is absolutely a thing, but it requires big bucks. Nobody makes bleeding-edge node processors for applications with tiny markets precisely because of economics. They are made for the only market with enough revenue to support the R&D cost: the mass market.
> I specifically said "non-rootable", i.e. non-privileged by default, but that can be unlocked. So mainstream phones would remain non-privileged except for those motivated enough to follow an unlock procedure.
Mainstream phones don't do this. They still sell. Therefore it is proven that the market DGAF. The largest customers for a company like Samsung are businesses who don't want the phones to be unlockable. They want that shit locked down and surveilled like Fort Knox. Pun intended. https://samsungknox.com/en
> If MS prevented users from running any compiler except Visual Studio on Windows, would you excuse it because those that need it are a niche market, for whom the more expensive Windows Pro licenses are made?
I don't think they have a reason to expend resources to affirmatively make this change -- but the few products they've released for which it was inconvenient to add support for things like this, they absolutely have. eg: S mode.
> There are no non-smart TVs on store shelves next to smart ones, just for a higher price, despite demand [1]. In fact it's a challenge to find one at all.
You can find sometimes find Spectre dumb TVs at walmart. Know why the they're hard to find? Because TVs have large fixed costs to produce, and if you don't move enough units to cover both the marginal and fixed costs, you cannot afford to offer the product at all.
> "This question of smart-TV data privacy and security is by far the most-asked among Ask Wirecutter readers."
I don't doubt that Wirecutter has received maybe hundreds of questions about this topic. But almost 225 million TVs sell annually. People buy smart TVs.
It's just the reality that privacy is not a primary purchasing consideration for mass market customers. The mass market doesn't care. If you even read a privacy policy, people will think you're weird. I wish it weren't the case, but it plainly is. It really won't change until people stop buying these products.
> But almost 225 million TVs sell annually. People buy smart TVs.
There's literally nothing else on the consumer market. Edit: There may be a dumb Sceptre TV hidden in a Walmart warehouse somewhere, but I checked and there are none available in my entire EU country. Meanwhile the smart TVs sure don't advertise their spyware as prominently as their price, so we can add fraud in addition to robbery.
> As I understand governments just set a bit to disable IME on already existing processors. But if you want a feature and are willing to give them billions of dollars, Intel or anyone else absolutely will add a feature for you. [..] Custom silicon is absolutely a thing
If all it takes is setting a bit, I don't see why you'd invoke custom silicon except to muddy the waters.
Also, it's besides my point. The fact that people buy smart TVs in large numbers is proof of the fact that the privacy concerns are not a factor in the mass market's buying decisions.
Do you own a TV? Did you buy a Sceptre? Why not? Did you not care enough about the privacy consideration to do a quick search to see that they exist? Most people don't.
> If all it takes is setting a bit, I don't see why you'd invoke custom silicon except to muddy the waters.
Because I was responding precisely to your gripe about "impossibility of buying a CPU without Intel Management Engine (or AMD equivalent)". If you are happy setting that bit, then the problem you are complaining about doesn't exist:
> Do you own a TV? Did you buy a Sceptre? Why not?
I do, I did not, because my TV is old enough to not yet be "smart", and because Sceptres are literally not available anywhere in my country. Am I now virtuous enough by your standards to point out how hostile manufacturers are to users?
> The fact that people buy smart TVs in large numbers is proof
Hey I wonder if you asked ten random people if they knew their smart TV was reporting the contents of their USB sticks and their viewing habits to 3rd parties, how many would answer yes? This is the same revealed preference tortured logic that concludes people don't care about child labor because they still buy chocolate. Out of sight out of mind.
> If you are happy setting that bit, then the problem you are complaining about doesn't exist
Then this is a recent development, because in 2017 even Google was unable to get rid of IME: As of 2017, Google was attempting to eliminate proprietary firmware from its servers and found that the ME was a hurdle to that. - https://en.wikipedia.org/wiki/Intel_Management_Engine#By_Goo...
I don't disagree that the state of things are the way they are.
People say they care about the moral hazards, noneconomic costs, and other bad downstream consequences of their consumption if confronted about them.
Yet, most go right back out to the store and continue consuming the same products and services anyway. But saying that someone does or doesn't support something has no functional relevance when they open their wallet and literally reward it for happening.
My point is only that that there is one reason why these things happen -- because the economics of these situations encourage companies to take these actions.
I don't like that these things are happening any more than you do, but lip service it will never change it. It has to be made financially unviable. For it to stop, either the mass market must be convinced to make purchasing decisions based on it, or the activities must be made financially unviable by force of law.
> For it to stop, either the mass market must be convinced to make purchasing decisions based on it, or the activities must be made financially unviable by force of law.
In the end, these are kind of the same thing; because the laws are made by the people the mass market elects. The second can sometimes advance in a direction people don't "care" about, but they can't long go strongly against them.
e.g. the EU could require all smart TVs be sold with a switch that puts them in "dumb mode" and it would probably work for them, but if they straight banned smart TVs that'd get overturned quite quickly by the people.
>But saying that someone does or doesn't support something has no functional relevance when they open their wallet and literally reward it for happening.
A very relatable example for people here are gamers and professionals who shout they want AMD Radeon to become competitive to Nvidia GeForce, and then go right out and buy Nvidia GeForces once the products come out. We don't even need to talk about Intel ARC.
Capitalism is a system of voting with wallets, so voting with speech has no bearing on what results come out of capitalism as you say.
It’s not up to the consumer which GPU is better; it’s up to the producer. A consumer might want better competition but if the competing producers aren’t actually delivering, there’s nothing the consumer can do about it. Maybe you’re describing some theory where you buy the inferior competing product hoping that the company reinvests those revenues into developing a better product, but (a) there’s no guarantee of that ever working out and (b) this particular example doesn’t even work for that since both AMD and Intel have CPU revenue they could invest in competing with Nvidia.
I mean, if AMD GPU’s were worse across the board but people bought them anyway because they were that annoyed at Nvidia, what would that actually demonstrate? It would demonstrate that AMD didn’t actually need to step up their GPU game after all. They could carry on with an inferior product and face no repercussions. The thing is, real world customers, given the choice, don’t usually buy inferior products in an effort to subsidize struggling producers. And if you force them to do so, you basically end up with the Jones Act.
Both sides factor into the equation, the producer needs to produce good products and the consumer needs to decide whose products they wish to enable more of.
Look at Intel and AMD in the CPU market: AMD is slowly but surely taking market share from Intel because they are making the superior products overall and the consumers are willing to put their wallets where their mouths are. By contrast, Nvidia vs. AMD in the GPU market is an example of consumers not willing to put their wallets where their mouths are and the market will reflect that.
The difference is that AMD is making CPU’s that are competitive with Intel on a cost-performance basis. It doesn’t make any sense to blame this on the consumer when it’s a case of the producer failing to compete.
Another take: people are consistent - they want something to happen, but they don't want to make a big personal sacrifice that may, possibly, with a very little probability, actually make it happen, and that's only if almost everyone does it at the same time.
I.e. gamers are not dumb.
> Capitalism is a system of voting with wallets, so voting with speech has no bearing on what results come out of capitalism as you say.
Modern economy is a system set up in a way to force people to wallet-vote for specific classes of options, as it exploits the fact that most people are extremely price-sensitive by default, since the pool of votes they have is almost entirely spent on voting "yes I want to keep living in this apartment" and "yes I want me and my family to eat today". People will accept a lot of shit from the market, in order to not lose the vote for "my kids get to have a meal every day".
Looking at purchasing patterns of regular people and making inferences about their general preferences? It's even more idiotic than making a psychological study of students in your class, and generalizing the result to the whole population.
Everything you say flies in the face of Nvidia continuing to get away with ridonkulous pricing despite continued claims of gamers wanting to see AMD Radeon become competitive.
If you want changes in a company's behaviour, you buy or boycott their products as applicable. The bottom line is literally and rightfully the only factor companies truly care about.
> Everything you say flies in the face of Nvidia continuing to get away with ridonkulous pricing despite continued claims of gamers wanting to see AMD Radeon become competitive.
That's the problem though: unless AMD can offer GeForce equivalents at lower price, gamers won't be buying it. They'll keep buying Nvidia products instead, because they want to play their games now, and they aren't going to settle for a worse card just to make a point.
> If you want changes in a company's behaviour, you buy or boycott their products as applicable.
No, you don't, because boycotts don't work. They never did[0]. They cannot be made to work, as humans simply can't spontaneously self-coordinate at the scale necessary[1].
----
[0] - Except hyper-local cases where the majority of the target market knows the vendor personally, and know each other personally, because they live in the same area.
[1] - This being the general reason for most of our present-era large-scale and global problems.
> The fact that people buy smart TVs in large numbers is proof of the fact that the privacy concerns are not a factor in the mass market's buying decisions.
It's not a proof of it at all.
People don't choose options from the abstract space of possible TVs. They choose from what's available. The vendors can and do set the range of choices people have, and there's shit all mass market can do about it. Literally everyone may hate it, but if the vendors don't offer an option that doesn't suck, and/or spend a lot of effort and money advertising the options that do suck, then people will buy it, and will hate it, because they don't have an actual choice here.
Not at comparable quality or price point. The insidious parts about abusive business models like surveillance/ad-sponsored or "free with ads" is that they set a price point that more honest business models can hardly reach.
Take two practically identical TVs by two competing vendors. One decides to go evil and have their product show ads in the UI, while siphoning data. They other does not. The first can use the money they make on ads and surveillance to lower the price of the product, even below manufacturing costs. You can't compete with that while staying honest.
> The reality is that people do not care enough to even read the privacy policies.
Of course. Why would you expect to? Every product and service now comes with insanely long terms of service and privacy policies, written in a way as to prevent regular people from even trying to understand it. There is only so much hours in a day, so much days in a lifetime, so much money in the wallet - people "don't care" about privacy, but not in the sense that it doesn't matter, but rather there's too many more important/pressing things to do than read ToS-es all day.
Yes, this is in line with what I was trying to point out above about the economics of the situation. The economic value consumers place on privacy is lower than what is required to release a mass market competitive device without ad data monetization. Think we’re just talking in circles at this point.
What makes the Raspi special is a vast repository of documentation, a community of people offering support, and extremely well supported peripherals with tight integration. This is a lot of work to do well and to maintain.
>The telescreen received and transmitted simultaneously. Any sound that Winston made, above the level of a very low whisper, would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live--did live, from habit that became instinct--in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized.
And that is precisely what using the Internet in 2023 entails. Every
single thing you do is being monitored and compiled by the government. Likely with CloudFlare acting as the universal man-in-the-middle.
And you directly feel the chilling effect of it, no longer can you type whatever you want into that search box anymore. It's super creepy, and we're used to it. Only when it's gone, for example when we use a locally running AI chatbot, do we feel freedom again, and the difference is striking.
Thank God the next great thing in tech is AI and we have the option of running that locally. And because of that, I am looking forward to tech progress again. Where progress doesn't always mean expanding state control over people.
There's a huge difference between TPM and IME: with TPM, you can put your own keys, and use the TPM to refuse payloads not signed with your keys (ex: a Windows install thumbdrive)
With AMT/IME or BootGuard, you don't get that control: you can't replace the bootguard keys (as it's a way to kill the secondary market of CPUs being resold and used in a different motherboard) and with AMT you can't fully disable it unless you're a government agency as you said.
The technology isn't bad, it's the actual implementation that's wrong by avoiding certain features which could give the user more freedom.
Yeah security is good but it needs to serve the user, meaning they must be able to have full control over it if they so desire.
I also hate Apple's Mac and iOS closedness. Sure, on Mac you can disable SIP but you will disable its security completely, and you will also lose access to some of the OS features.
There should be a way to sign your own code and simply allow that to be trusted with full protection, just like it is on generic intel systems with secure boot where you can easily add your own signing keys.
> I also hate Apple's Mac and iOS closedness. Sure, on Mac you can disable SIP but you will disable its security completely, and you will also lose access to some of the OS features.
On an Apple Silicon Mac you can have multiple operating systems installed, with different security configuration. It's totally possible to have both Asahi and macOS installed without disabling any security features in macOS.
> with TPM, you can put your own keys, and use the TPM to refuse payloads not signed with your keys (ex: a Windows install thumbdrive)
No, that's UEFI Secure Boot, which doesn't use the TPM - it's entirely handled on-CPU. Most of the keys on a TPM are under user control (but aren't involved in the boot process) other than the EK, which is generated at manufacture time and will be consistent for the lifetime of the TPM.
The majority of that comment is just, uh, wrong and bizarre and conspiracy theory laden and I can't figure out what it's actually trying to say about IEEE 1667 at all.
IMO the main culprit of the sea change is ubiquitous network connectivity, which allowed widespread adoption of centralized backhaul/control based software architectures
The secondarily, the workings of software are increasingly opaque to most people. This leaves people unaware of what is actually being done. It seems that when most people are shown a snapshot of surveillance records about themselves they get seriously concerned, but otherwise out of sight out of mind.
The solution in the modern day is the same as the solution back then - endeavor to run software that is designed to represent your own interests rather than those of its authors. It doesn't particularly matter if my CPU, or any other component, has a serial number, camera, microphone, GPS receiver, etc, if I'm not trusting software that will take sensitive data and send it off to hostile parties.
That's true from a technical point of view, but I was referring to the social and behavioral angle. It seems like it was mobile that killed the commitment to privacy in the minds of users.
My only real reservation about the EV revolution is that this is doing similar things to people with regard to cars. An EV is just a car with a battery and a motor instead of a gas tank and an ICE, but the "form factor change" seems like it can be used as a pretext to introduce a lot of other changes like your car no longer being yours. Teslas are too cloud connected already, and Ford is talking about a car that can repossess itself at their command. When you pay off your car does this feature get turned off? I doubt it.
It seems like it's easy to use any change as a pretext to smuggle other perhaps less palatable changes in alongside it.
I agree that shiny new things are often traps, which then normalize bad developments across an industry. But I also think a lot of the privacy/autonomy shift was really a shift to a wider gamut of non-technical people using technology, and would have happened regardless of the new form factor. Also the change wasn't led by mobile, but rather it was web 2.0 that really kicked off the trend of centrally controlled software.
It's the general principle of the matter. Why should an item you supposedly own have programming that works directly contrary to your interests?
Specific easily-imaginable attackers are law enforcement, criminals, and finance companies. Both through deliberate unjust actions, as well as administrative mixups. "Sorry, despite your car being paid off, we incorrectly thought your loan was in default. But we returned your car a week later, so no harm done, right?"
And responding to your other comment about criminals, actual physical property can be parted out and sold. As opposed to committing fraud to obtain paper assets, which can be investigated and reversed. Stealing cars and financial fraud are just different (criminal) industries.
You don't own a car that you are paying a loan for.
The bank does. It is letting you use it until you pay the loan off.
What you're describing is not a 'whoops sorry', but a felony theft. If your laws can't handle felony theft, self-repo devices aren't the problem in your society.
Actually you do own a car that you are paying a loan for. A lien holder is not an owner.
And sure, I definitely support policing the incorrect actions of systems as the basic crimes that they fundamentally are. But that isn't really how things work in the real world (at least in the US), where institutional criminals generally escape being charged.
It's a distinction without a difference. Some locales give the lien holder an incredible amount of power over the vehicle, some give slightly less. At the end of the day, though, it's not your car until you own it free and clear.
The relevant law in Washington State:
> Once you are in default, the lender may repossess your car at any time. They do not have to notify you before the repossession takes place. The lender cannot commit a crime, use abusive language, enter a home without permission, or take an item if you physically resist. Cars can be towed from public or private lots.
If you default on payments, it doesn't sound like it's 'your' car anymore. You aren't the owner of something that can legally be taken away from you at any time.
And yet if you loan the car to someone who gets into a serious accident, it is you who gets sued, not the lienholder. Likewise, if the car appreciates in value you are the one who benefits.
Concretely, your citation only shows that the owner-lienholder distinction is small for one specific aspect. And even with the law you cited there are still significant differences - for example, a traditional tow truck is unable to force entry into your garage and take the car, while a backdoored self driving car can open the door and drive itself away (it would necessarily be integrated with the door opener so you can summon it from elsewhere).
Ultimately, talking about concepts like "ownership" is only useful as a lemma (I often call home mortgages on bubble prices "renting from the bank"). The larger argument here is the desire to keep ownership (aka capital) distributed throughout society rather than concentrated into a few centralized administrators. And yes, it's a quick hop from the trend of most people mortgaging capital goods, to most people leasing capital goods. But that's all the more reason to emphasize the distinction to keep it from being further eroded.
Why would they want to steal your car, and why would they feel the need to do it when they aren't in physical vicinity of it?
If they can't be assed to show up in person to rob you, why would they want to steal your car? Why not just drain your bank account? Or just steal the deed to your house?
I think that the medium shapes the resulting political characteristics of the system, yes the centralized network, where every user is easily traceable thus readily policed and censored, ends up creating totalitarianism, given how human nature works...
So we need to design a system that isn't easily traced, as an inherent property of how it operates, so that it's not possible for those who want to exert power over others, to do so.
Just as an example, using a radio/satellite data broadcasting architecture, where the receiver is untraceable, means that the government can no longer round up people for reading "forbidden" things anymore. That allows us to have a new darknet to replace Tor that's far more difficult for the government to police.
Again as an example, the content request can be transmitted anonymously using HF radio or LoRaWAN, being only a few bytes, and has no sender address. And the response can come down via satellite, broadcast to everyone, who also ends up storing it locally on their computer. That way we can reduce the number of retransmissions required. We already have a usable worldwide satellite data broadcasting network, you can see a list of recent transmissions at https://blocksat.info.
It's certainly enough bandwidth to support a text based darknet, which works in a similar way to how Teletext did, but with caching of content on your local hard disk. Which you can browse freely like the Internet.
IMO the main culprit of the sea change is Ubiquitous network connectivity
Right. I'm dreading the day when platform vendors decide that connectivity is fast and ubiquitous enough so that "your" "computer" should become a dumb framebuffer with all processing and storage done in their data centers, which will eliminate the last vestiges of user privacy and control.
“people like free stuff” is something many/most would agree with and yet i wonder if an equally powerful explanation is that people weight the concrete thing in hand more than the abstract vague fear that they can’t tell if it even actually threatens them? i.e. when the privacy heist finally turns on the everyman rather than outliers, we may get another shot at privacy. If it even does!
You could opt out of that and many people did. Opting out required contacting one entity once. In fact I seem to recall that they asked if you wanted your number listed when you got a phone line, at least in some places.
It requires a tremendous amount of technical skill and diligence to opt out of the everything-is-malware hellscape we (our industry) created.
And like today, did the data brokers digitise those details and link them with your shopping history, your medical records, and your financial details?
Of course not. Stop trying to trivialise privacy. Despite addresses being printed in a big book years ago, it was for regular people to look up other regular people.
People take the idea of privacy really seriously today, as well. But just like then, not enough people take it seriously.
Obviously, despite the number of people who did take it seriously 25 years ago, the companies didn't really care, they still did what they did and structured the industry to become rent-seekers.
The problem with regulation is that the biggest companies pay people a lot of money to figure out how to best game the system, with the goal being infinite growth. Even if you try to regulate this type of behavior, there will be a large number of lawyers and businesspeople trying to figure out how to stretch the letter of the law as far as they can, and the biggest ones may even decide that they'd rather pay any related fines, than give up their user data revenue stream.
To create effective legislation, you should also at least make a sensible attempt at figuring out if there might be any unintended consequences.
I don't have an answer, other than to say that perhaps there should be a lobbying group for privacy with the same dedication to trying to figure out how to game the system, but to further privacy rather than to erode it. Fight fire with fire. I genuinely wish anyone who tries this good luck in raising the capital it would need to be competitive.
I think it's also just the growth of the industry in general. Tech enthusiasts care about privacy, but your average consumer is unconcerned. Only 26.2 percent of US households had an internet connection in 1999,[1] so the tech enthusiasts were a larger piece of the market. But by the time the iPhone launched in 2007, 75% of Americans were using the internet.[2]
I’m not entirely sure privacy was taken more seriously then.
In some ways the genie was out of the bottle too fast with social media for new users in awe to know any better for 10-15 years.
It could be a similar genie is already out of the bottle moment with GPT for some, and hopefully there’s enough people online now with more than awareness of new tech outpacing user sophistication and to some degree legislation.
A market where people pay directly for the product is necessary but not sufficient for a market that contains privacy-conscious products.
If nobody will pay for anything, you literally can't run a business in the market without resorting to some backhanded way of getting paid like selling out your users.
If people will pay, it's possible to run such a business. This does not however guarantee that businesses won't misbehave. There's always the temptation to double-dip.
Contrast Apple and Microsoft. Apple so far has at least somewhat resisted the temptation to double-dip and sell their users out to ads and spyware. Microsoft couldn't care less as evidenced by the ad and shovelware laden monstrosity that is Windows 11. There's no guarantee that Apple won't move further to the dark side, but since people pay directly for Apple products they at least can try to stay honest. (... and they've to some extent branded themselves as privacy conscious, so going to the dark side could harm their brand.)
Consumer awareness, choice, and in some cases regulation are required to get the rest of the way there.
I miss those early days when we could be optimistic about the future. It seems like every year that passes we descend further into a cyberpunk dystopia. Computers used to empower us, now they empower others to control us.
In those days I worked for Intel in a branch in Copenhagen, Denmark. Doing Ethernet stuff, pretty far from the CPU dev and fab running the company. Incidentally Phil Zimmermann, maker of PGP, was in town, giving a lecture on privacy. I had the chance of asking him of his opinion; he reflected and said: "I think Intel has made a mistake." I agreed but didn't expect Intel mgmt to take action on this. And for a year I was right. In 2000, the serial numbers were quietly removed. Just to be re-added some years later....
The notion of internet privacy was more refined back then. Notice the reference to an "e-commerce transaction". IMHO, people in the early days understood that making purchases or other commercial transactions was only one use of the internet. Today, every use of the internet is targeted with surveillance, including all the noncommercial uses. Today, functional equivalents of "IDs" are sent 24/7, even without user input, not only when a user chooses to engage in commerce.^1
Scott McNealy, then CEO of Sun Microsystems: "You have zero privacy anyway. Get over it."
I wonder how much Microsoft paid them for this. As I understand it, historically, the Windows license for a particular installation was tied to the CPU's id.
Look for the Trusted Computing Platform and the Consortium.
There is a sibling here talking about it being a conspiracy theory, but it was an official organization, with many published technical documents, that had the explicit goal of removing the user's rights to manage their own computers.
> Members include Intel, AMD, IBM, Microsoft, and Cisco.
> The core idea of trusted computing is to give hardware manufacturers control over what software does and does not run on a system by refusing to run unsigned software
I see that you are quoting Wikipedia, which claims to be quoting Trusted Platform Module FAQ from 2006[0]. However, if you actually read the FAQ, the authors explicitly reject that:
> Can the Trusted Platform Module control what software runs?
> No. There is no ability to do this. The subsystem can only act as a 'slave' to higher level services and applications by storing and reporting pre-runtime configuration information. Other applications determine what is done with this information. At no time can the TCG building blocks 'control' the system or report the status of applications that are running.
I'm not saying TPMs cannot be (or are not, today) used to give non-users control over what users can do with software running on their machine, however in the absence of evidence, I'm not inclined to believe that trusted computing efforts started with such "evil" intentions in the first place.
Albeit heavily abused, TPMs are still a great idea IMO.
Good catch, thank you for the correction. I should have dug deeper, at least to skim through the source material, instead of trusting a Wikipedia article to confirm my bias.
There are lots of totally well meaning reasons to put unique ID'S in hardware: asset management and theft mitigation, security by locking SW to particular HW, etc. Not saying those are good ideas, just that a well meaning person could come up with them on service of reasonable customer benefits.
maybe because the NSA had enough compromising stuff (aka kompromat) on some high-enough Intel bigwig(s) to convince them to implement it. As in: "a nice career and family life you got there. Would be a pity if that all went down the drain just because of some stupid scandal, wouldn't it? Besides, by pushing this simple little feature for us, you'll be proving to be a real patriot. You wouldn't want to be a non-patriot now, would you?"
Is there any evidence to suggest kompromat has ever been used to blackmail American tech executives to backdoor their products for NSA or other agency?
If there were any solid evidence, then the program would be unable to continue, because -in large part- the folks being blackmailed would have solid reason to distrust that the blackmailer would actually keep their secrets.
There is circumstantial evidence that the NSA is shady as shit. A few notable items:
1) The NSA coerced nearly every major and minor telco in the US to assist in their ongoing highly-illegal domestic wiretapping operations. (When this came to light, Congress retroactively immunized (from prosecution) those telcos that assisted the NSA in breaking the law.)
2) The Director of National Intelligence, James Clapper knowingly lied by omission before Congress about the scope and nature of NSA's domestic wiretapping operations.
3) The NSA's lawyers lied under oath to the US Supreme Court about the NSA's various domestic wiretapping operations.
In a similar way, there's no solid evidence that TSA was a combination jobs program, massive money-making program for then-VP Dick Cheney's business buddies and their pretty-useless microwave-imaging device company, and internal contraband-and-warrant checkpoint-establishment program. But when you compare the organization's stated goals with what it actually achieves, and how it responds to criticism at the difference between the two, it's pretty clear that its stated aims are substantially different from its actual aims.
Had a doctor say a version of this when we turned down genetic testing of our newborn. I was like "That isn't the argument you want to make with me." haha.
You see, in our state, it is law to take the blood of the newborn to test for disease. Sounds sorta okay until you learn that the state has been selling the genetic data of your offspring without your consent.
I was completely blown away by it because they didn't even do informed consent on the public health sites. It's a totally rampant violation of your child's 4th amendment rights – on the day they are born.
We also tried to decline genetic testing and blood sample storage, but after much back and forth we were told that if we did not submit our child to testing we would be reported to CPS for child neglect.
Be sure to retain an attorney, and meet with CPS up front (ideally before the child is born, but as soon as reasonably possible).
CPS will most likely not enforce on child neglect if the sense is that you are both (1) respectful (2) lawyered up (3) proactive. It is because they are very unlikely to prevail in court in these situations.
Please don't take HN threads into flamewar, regardless of how nice someone isn't or you feel they aren't. It's not what this site is for, and destroys what it is for.
That quote was made by a very important (at the time) person in the tech industry, about 16 years before Trump had even announced his run for presidency.
His present-time support for Trump doesn't have much to tell me about the events that happened close to two decades prior, in an entirely different context.
P.S. Among many others, one of the reasons I was excited about Trump's presidency ending was the hope that I won't have to be digging through "orangemanbad" quips in conversations about entirely unrelated topics anymore. Oh boy how unreasonably optimistic I was about it.
Or you assign and track serial numbers yourself, like people do with, say, literally every other object in every large scale operation in the history of humanity?
For that reason exist (e)SIMs, bar codes, qr codes, serial numbers in general, serial numbers of assemblies, serial numbers of sub-assemblies, serial numbers of parts, etc. You don't need a manufacturer to give something a serial number?
There is still a serial number printed on the box, and a batch number on the box AND heat spreader.
A part of the serial number (assembly test process order number) is also printed on the CPU package (not the box, but the actual die carrier). So, even if the counterfeiter made the effort to replace the heat spreader, you could still find out.
The entire mobile ecosystem was basically built to productize the user. A few oddballs pointed this out and were ignored because phones are shiny. The "mobile mentality" bled back into the entire rest of the computing ecosystem and this is where we are today.
Ultimately it's rooted in economics. People like free stuff, and the only way to give it to them is to monetize it indirectly via ads and surveillance.