Language Selection

English French German Italian Portuguese Spanish

Let’s see some ID, please

MSNBC.com

Let’s see some ID, please
The end of anonymity on the Internet?
By Michael Rogers
Columnist
Special to MSNBC
Updated: 7:53 a.m. ET Dec. 13, 2005

As the joke goes, on the Internet nobody knows you’re a dog. But although anonymity has been part of Internet culture since the first browser, it’s also a major obstacle to making the Web a safe place to conduct business: Internet fraud and identity theft cost consumers and merchants several billion dollars last year. And many of the other more troubling aspects of the Internet, from spam emails to sexual predators, also have their roots in the ease of masking one’s identity in the online world.

Change, however, is on the way. Already over 20 million PCs worldwide are equipped with a tiny security chip called the Trusted Platform Module, although it is as yet rarely activated. But once merchants and other online services begin to use it, the TPM will do something never before seen on the Internet: provide virtually fool-proof verification that you are who you say you are.

Some critics say that the chip will change the free-wheeling Web into a police state, while others argue that it’s needed to create a safe public space. But the train has already left the station: by the end of this decade, a TPM will almost certainly be part of your desktop, laptop and even cell phone.

The TPM chip was created by a coalition of over one hundred hardware and software companies, led by AMD, Hewlett-Packard, IBM, Microsoft and Sun. The chip permanently assigns a unique and permanent identifier to every computer before it leaves the factory and that identifier can’t subsequently be changed. It also checks the software running on the computer to make sure it hasn’t been altered to act malevolently when it connects to other machines: that it can, in short, be trusted. For now, TPM-equipped computers are primarily sold to big corporations for securing their networks, but starting next year TPMs will be installed in many consumer models as well.

With a TPM onboard, each time your computer starts, you prove your identity to the machine using something as simple as a PIN number or, preferably, a more secure system such as a fingerprint reader. Then if your bank has TPM software, when you log into their Web site, the bank’s site also “reads” the TPM chip in your computer to determine that it’s really you. Thus, even if someone steals your username and password, they won’t be able to get into your account unless they also use your computer and log in with your fingerprint. (In fact, with TPM, your bank wouldn’t even need to ask for your username and password — it would know you simply by the identification on your machine.)

The same would go for online merchants — once you’d registered yourself and your computer with an Amazon or an e-Bay, they’d simply look for the TPM on your machine to confirm it’s you at the other end. (Of course you could always “fool” the system by starting your computer with your unique PIN or fingerprint and then letting another person use it, but that’s a choice similar to giving someone else your credit card.)

Another plus for the TPM is that your computer will be able to make sure that it’s really a legitimate e-commerce site you’re connected to, and not some phishing-style fraud. There would still, of course, be ways that you could access your bank or e-commerce accounts from other computers when you were traveling, but the connection wouldn’t be as secure as using your own computer. Plans are already underway to put TPMs into smartphones and other portable devices as well.

The TPM will become even more important as we move toward Web-based applications, where we may actually store our documents and files on remote servers. The TPM could automatically encrypt any files as soon as they left your computer, and only allow decryption privileges to your TPM and any others you might specify. It could automatically encrypt email as well, so that only specific recipients are able to read it. And it could more firmly identify where email originates, taking a big step forward in controlling spam at the source.

That is the potential good news. But some critics are worried that the TPM is a step too far. Their concern particularly revolves around using the TPM to control “digital rights management” — that is, what you can and cannot do with the music, movies and software you run on your computer.

A movie, for example, would be able to look at the TPM and know whether it was legally licensed to run on that machine, whether it could be copied or sent to others, or whether it was supposed to self-destruct after three viewings. If you tried to do something with the movie that wasn’t allowed in the license, your computer simply wouldn’t cooperate.

The same would go for software. Now that Apple is moving to Intel processors, Mac fans are watching closely to see if the new machines will incorporate TPMs. That may be the way that Apple makes sure that its Macintosh operating system only runs on Apple computers — otherwise, hackers will probably be quick to figure out ways to make the new Intel-based Macintosh software run on HP or Dell machines as well. Similar concerns arise around how Microsoft might make use of TPM to insure that its software is used only on machines with paid-up licenses (as one joke has it: “TPM is Bill Gates’ way of finally getting the Chinese to pay for software.”)

(MSNBC is a Microsoft - NBC joint venture.)

Ultimately the TPM itself isn’t inherently evil or good. It will depend entirely on how it’s used, and in that sphere, market and political forces will be more important than technology. Users will still control how much of their identity they wish to reveal — in fact, for complex technical reasons, the TPM will actually also make truly anonymous connections possible, if that’s what both ends of the conversation agree on. And should a media or software company come up with overly Draconian restrictions on how its movies or music or programs can be used, consumers will go elsewhere. (Or worse: Sony overstepped with the DRM on its music CDs recently and is now the target of a dozen or so lawsuits, including ones filed by California and New York.)

To future historians, the anonymity we’ve experienced in the first decade of the commercial Internet may in retrospect seem aberrant. In the real world, after all, we carry multiple forms of fixed identification, ranging from our faces and fingerprints to drivers’ licenses and social security numbers. Some of these are easier to counterfeit than others, but generally most of us are more comfortable when we can prove who we are. In some situations — driving cars, boarding aircraft — we’re required to have identification. Of course, our real world policies on identification — what kind we must have, when we need to display it — have evolved over centuries of social and political thought and is still, post 9/11, a national hot-button. With the arrival of the Trusted Computing Module, the argument will now extend to cyberspace as well.
© 2005 MSNBC Interactive

© 2005 MSNBC.com

URL: http://www.msnbc.msn.com/id/10441443/from/RS.4/

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.