Items tagged with: DRM
The #Intel Management Engine (frequently abbreviated as ME) is a separate #computer within Intel computers, which denies users #control by forcing them to run #nonfree #software that cannot be modified or replaced by anyone but Intel. This is #dangerous and #unjust. It is a very serious #attack on the #freedom, #privacy, and #security of computer users.
The Management Engine started to appear in Intel computers around 2007.
It could, for instance, be used to remotely:
- Power the computers on and off.
- Boot computers from remote #storage located on the system administrator's #machine or on a #server, and take control of the computer that way.
- Retrieve and store various #serial #numbers that #identify the computer hardware.
It now constitutes a #separate computing environment that is designed to deny users the control of their computer. It can even run #applications that implement Digital Restrictions Management ( #DRM ). See Defective by Design to learn why DRM is bad.
The remote administration is done through applications running inside the Management Engine, such as AMT (Active Management Technology). AMT gives #remote system administrators the same control they would have if sitting in front of the computer. AMT can also control Intel #Ethernet #interfaces and #Wi-Fi cards to #filter or #block #network traffic from going in or out of the computer.
We could correct all these problems if the users were able to run fully free software on the Management Engine, or at least, make it not run any code, effectively disabling it. The former is impossible because the Management Engine will only run code that is #cryptographically signed by Intel. This means that unless someone finds a flaw in the #hardware that enables users to bypass the signature check, users are effectively denied the ability to #install the software they wish in the Management Engine.
Despite all Intel's efforts to make the Management Engine inescapable, software developers have had some success with preventing it from loading code. For instance, the #Libreboot project disables the Management Engine by removing all the code that the Management Engine is supposed to load on some #Thinkpad computers manufactured in #2008, including the R400, T400, T400s, T500, W500, X200, X200s, and X200T.
Also, many Intel computers manufactured in 2006 have the ancestor of the Management Engine which is disabled from the start, such as the Lenovo Thinkpads X60, X60s, X60 Tablet and T60, and many more.
A free software program named intelmetool is capable of detecting if the Management Engine is absent or disabled. With more recent hardware, it is not yet possible to fully disable the Management Engine, as some of the hardware needs to be initialized by it. It is however possible to limit the amount of nonfree software running on the Management Engine by removing parts of the #code and/or by configuring it to not run some code.
Independently from the Management Engine, other issues affect computers users in very similar ways:
Many computers use nonfree boot software (like #BIOS or #UEFI or equivalent) and/or require it to be cryptographically signed by the hardware manufacturer. This raises similar concern for the freedom, privacy, and security of computer users because the boot software is responsible for loading the operating system, and has more control over the computer than the operating system. This issue also affects computers using other architectures such as #ARM.
#AMD computers made after 2013 also have a separate computer within the computer, called PSP (Platform Security Processor), which has similar #issues.
Because of Intel's attack on users' freedom, to avoid being denied freedom, privacy, and security, computer users wanting to use a machine with an Intel processor must use older computers with no Management Engine, or whose Management Engine is disabled.
Whenever companies follow Intel's path, we will need to design our own hardware to keep being able to escape such attacks on freedom, by ensuring that users can run fully free software on it. This will also create the necessary building blocks that will enable users to benefit from hardware #freedoms in the #future, when manufacturing technologies are easily available to end users.
At the moment the only way to avoid this universal backdoor is to use computers that have been certified to respect your freedom (RYF).
#NSA #spyware #spy #mass #surveillance #technology #laptops #CPU #processor #universal #backdoor #malware #Corei3 #Corei5 #Corei7
When this eBook store closes, your books disappear too
It’s a reminder, one I think which needs repeating regularly, of the shift in how we define ownership in the always-online era. In this case it’s about books, but it’s the same with most of your digital purchases - we’re increasingly leasing our minor belongings, which I think means leasing aspects of our memories and even personalities too.https://www.bbc.co.uk/news/technology-47810367
If you can't download it, you don't own it. If it's not in an openly documented format, you don't own it. If it requires a proprietary application, or proprietary code to read/watch/listen/view, you don't own it.
Credit to Microsoft for recognizing this and refunding the books in this case. Still it does not solve the underlying problem with the model. Only we as consumers can change that, so I guess it's safe to assume there will be no change.
#drm #ebook #ownership #society