[Fwd: Re: sad treacherous computing day]

Richard Stallman rms at gnu.org
Fri May 11 19:30:39 UTC 2007


    The TC in ThinkPads need proprietary software do be really dangerous,
    but that's not the TPM Stallman fears. That's Palladium (or whatever the
    last name) where even Free Software wouldn't make any difference,
    because the control starts at boot in hardware before any software is
    loaded.

I object to both of them, because both attack our freedom in ways that
we cannot overcome by developing and using free software.  The TPM is
designed for "remote attestation", which enables a web site to check
whether you are running the "official" DRM-afflicted software.  If you
are not -- for instance, if you have installed GNU/Linux instead --
then the site simply refuses to talk to you.  And the "official"
DRM-afflicted software won't let you redistribute whatever you got
from that site.

The result is that there is no way to talk to the site from a machine
running free software.  It is not just hard, it is not just illegal
in some countries whose governments are against their own citizens.
It is impossible.

That is what makes treacherous computing so dangerous.

You are right that the essence of treacherous computing is encryption
that uses keys not fully under the user's control.  However, just
installing your own key does not overcome the problem.  Doing that
won't enable you to talk to the web sites that do remote attestation.
On the contrary, it will make sure you can't talk to them.  They know
what key your machine is supposed to have, and if you have replaced
that key, your machine will never work with those sites.





More information about the Discussion mailing list