Read this first.
The article goes ga-ga over TPM and its apparently extraordiary capabilities. But I see a lot of issues with this technology.
(In fact, with TPM, your bank wouldn’t even need to ask for your username and password — it would know you simply by the identification on your machine.)
1. Let us say that I own an computer with this TPM chip and my bank website registers this computer's TPM id as my legitimate id for checking. Now, I cant lug my computer everywhere. So, if I want to access my bank account from another PC, I wont be able to because the TPM id is not mine! Sheesh! What a big inconvenience!
And what if you dont have a PC? And use your company PC or your friend's PC for accessing the global internet world?
The TPM chip was created by a coalition of over one hundred hardware and software companies, led by AMD, Hewlett-Packard, IBM, Microsoft and Sun.
If they do manage to go through with this idea, it would force _every individual_ to have his/her own PC. Sounds like a hardware-manufacturer-association consipracy.
Then if your bank has TPM software, when you log into their Web site, the bank’s site also “reads” the TPM chip in your computer to determine that it’s really you.
2. Hmm... not sure about this but I think this is a major privacy and security issue. But I think the author has got it wrong. I think the TPM id would be sent to the bank site with the http request. So, the TPM would sit on the network card. Nope, I dont think so because network cards are replaceable. Plus, the TPM supposedly checks the softwares installed, the licenses of movie cds, etc, etc. It needs other softwares to cooperate with it. For example, MS office may have to check with the TPM chip to see if it is illegal or not. Or, the TPM chip needs to check the software's license when it is invoked. The latter method means that the TPM chip would be able to check only a pre-defined set of software (read, M$ office, M$ windows). And since the TPM cannot be re-programmed (yeah, you wish!), changes in licencing policies would not be reflected and you would either have to take the TPM chip to the hardware manufacturer to get it re-programmed (doubtful) or get a new chip (which means, re-registering with your bank site) == Major Inconvenience!
A movie, for example, would be able to look at the TPM and know whether it was legally licensed to run on that machine, whether it could be copied or sent to others, or whether it was supposed to self-destruct after three viewings. If you tried to do something with the movie that wasn’t allowed in the license, your computer simply wouldn’t cooperate.
3. this is hilarious. So, if I buy a music cd or a dvd, I cant play it anywhere I want! So, whats the point of buying the cd, which is the epitome of mobile storage! Also, it seems weird that such measures would gel with the consumers.
Users will still control how much of their identity they wish to reveal — in fact, for complex technical reasons, the TPM will actually also make truly anonymous connections possible, if that’s what both ends of the conversation agree on.
4. Yeah! thats great! wait a minute, if all anonymous interactions have to pre-approved, how do you get that approval without revealing your identity? And what is there to stop the TPM from sending its id with all requests? certainly, not the user!
And should a media or software company come up with overly Draconian restrictions on how its movies or music or programs can be used, consumers will go elsewhere.
5. What if the industry gangs up on the consumer? eg, MPAA, RIAA.
6. Quite frankly, I do not like the idea that my online activity could be traced with the TPM id. I am sure data mining companies would pounce on that information and sell it spammers and telemarketeers. Security is a major issue, agreed, but this is such an half-assed, spank-the-user, inconvenient, forced (and numerous other negative adjectives) way of going about this.
But the train has already left the station: by the end of this decade, a TPM will almost certainly be part of your desktop, laptop and even cell phone.
Makes it sound inevitable, doesnt he? But it is unlikely that what he says is true. Because without solving the issues mentioned above, this idea will never be acceptable for the users. If they do, there is always the lawsuits.
Thursday, January 12, 2006
Read this first.