I have a visceral negative reaction to this security chip because of Microsoft's name behind it. Microsoft has shown they have contempt for users' privacy and security through Windows telemetry, Edge telemetry, BitLocker backdoor (MS strongly pushes users to backup keys to the cloud while calling it "encrypted", among security blunders). As recently as 2020, Bing suffered a huge data breach that linked users to terms that could be used to blackmail them (adult keywords).
Then there's Microsoft's cozy relationship with the NSA, building decryption tools targeting their own users. [1]
For these reasons alone, even if Pluton is virtual Fort Knox, it's DOA for me.
Game was won long time ago, the public ate client-server executables as soon as modems were fast enough in 1997 with the likes of ultima online, MMO's/steam/drm is all the same thing, us losing control of our PC's becuase the average gamer and PC user is stupid even among professionals.
The industry always wanted to kill infinitely copyable local application binaries and they found their way in via PC gaming in 97 with ultima online, lineage and everquest. That told the entire tech industry the average person would literally pay for a broken application and pay for the priveledge of robbing his or herself. The average member of the PC using public is oblivious.
The time to get nervous was the advent of MMO's, which were just RPG's with stolen networking code, which gave valve the inspiration for steam, which was a direct attack on local executables. So valve, Ea, etc, have been hacking our PC's since the mid 90's and early 2000's.
To complain about pluton now, means you're 20 years too late.
Go have a read of this paper by university researchers, this has been the plan of the WIP (world intellectual property organization) since the mid 90's. The attack on and the ending of general computing was planned from the beginning.
PC game companies accelerated it with gambling by rebranding their PC rpg's with stolen networking multiplayer mmo's to disposess the masses.
Most hackernews commenters today are oblivious, I see positive comments about steam mmo's/f2p games when they are just regular pc games with missing files and game code. Our species is really dumb.
I'm having a hard time understanding your argument. Are you saying that ultima online, lineage, and everquest were bad? Like, some of the most memorable, and fundamentally important games in history? What exactly do you mean by "stolen networking code"?
Up until 1997 every PC game was something called a local application, aka all the code resides on your pc singleplayer+multipalyer comes inside the same executable.
When you network two or more computers together, EVERY program in existence an be split between your machine and some remote machine and run between them as two exe's. You'd only do that if your plan was to steal software from a computer illiterate public.
99.9% of every "MMO" you were given is actually entirely living on your pc, they wanted to kill piracy and artificially jack up game prices because when you network your computers together they can monopolize their own products and inflate the price of software to astronomical levels (aka the subscription).
We already had infinity multiplayer games in the 90's in quake 2, go listen here at John carmacks comment.
(somewhat paraphrasing) "No limit to the number of players inside a multiplayer world"
So no ultima online, everquest, guild wars 1 ad wow are literally just RPG's with network multiplayer removed and dumped into a seperate exe, aka stolen networking code. Because quake 2 already had limitless multiplayer, and ANY game can be made in a game engine. AKA we could use quake 2 engine and clone all mmo's and turn them back into local applications allowing you to host your own games and remove the user account requirement. Like 99% of pc games until Ultima online in 97.
That is why modern Unreal engine FPS games like Transformers fall of cybertron have their multiplayer "shut down" the public bought into the MMO scam that led to steam.
So we have an unreal engine game (Transformers FoC) (2014)
And we got UT2004 a game from 2004 that has more features then modern incarnations, how did we end up going backwards in time in PC gaming?
AKA how can a game from 2014 have less features then Unreal tournament 2004 and prior even though Transformers was released in 2014? Makes no sense right?
> BitLocker backdoor (MS strongly pushes users to backup keys to the cloud while calling it "encrypted", among security blunders)
Even if it's suspicious, it's very easy to understand how this particular thing happened. Key management and handling is surprisingly difficult, even for IT professionals. Look at how many private keys get checked into GitHub on a regular basis.
You have to understand what the keys do and how they protect your data. You need to know that your data is really really gone if you lose them. You need to understand what happens if someone else gets their hands on your keys. You need to keep copies of the backup keys but not too many copies because that's also insecure. You need to understand what powers you are giving another person by asking them to keep a copy of your keys. You need to understand who it is safe to hand your keys over to. You need to be able to tell when you are being tricked into handing your keys over to someone or something malicious.
Some of us may understand all of this but there are many people in the world from whom it is simply unreasonable to expect that. The same people who create new Facebook accounts because they forgot the password to their old one, or take their computer to a repair shop if their emails won't download. BitLocker key backup is about the best way that Microsoft Customer Service or your organisation IT helpdesk can turn around and say "well actually, yes, we can help with this" rather than leaving users to suffer consequences they probably didn't even know about.
> BitLocker key backup is about the best way that Microsoft Customer Service or your organisation IT helpdesk can turn around and say "well actually, yes, we can help with this" rather than leaving users to suffer consequences they probably didn't even know about.
This is the best way for Microsoft. They have the keys to data.
The best way for other people is education. Just as you lit a match when you're a child and get burned and you learn that fire burns, just like this you can teach people about their data and the consequences of giving it to others. This, of course, does not work because (in this case) Microsoft has a conflict of interest. They want your data.
I'm astonished how my company talks about information security when almost everything they have is in the cloud. Microsoft has the emails, Microsoft has the code. Yes they do claim it is secure but the keys are only accessible by the Microsoft OS.
The funny thing is that capitalism was all about property. "I own my {house, computer, car}." I'm really curious how this will evolve in the long term when noone will own anything. A new era of "digital slavery" ?
AFAIK Windows only treats it like a TPM (*), so you could just talk to it using TSS to access whatever keys it has just like Windows itself would. "Access" != "export", of course, because it's an HSM.
(*) A TPM that is special for being baked into the CPU, and for being a known quantity that can thus be updated via Windows Update and used for Secure Boot attestation, but a TPM all the same.
14 comments
[ 1.4 ms ] story [ 46.4 ms ] threadThen there's Microsoft's cozy relationship with the NSA, building decryption tools targeting their own users. [1]
For these reasons alone, even if Pluton is virtual Fort Knox, it's DOA for me.
[1] https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-...
The industry always wanted to kill infinitely copyable local application binaries and they found their way in via PC gaming in 97 with ultima online, lineage and everquest. That told the entire tech industry the average person would literally pay for a broken application and pay for the priveledge of robbing his or herself. The average member of the PC using public is oblivious.
The time to get nervous was the advent of MMO's, which were just RPG's with stolen networking code, which gave valve the inspiration for steam, which was a direct attack on local executables. So valve, Ea, etc, have been hacking our PC's since the mid 90's and early 2000's.
To complain about pluton now, means you're 20 years too late.
Go have a read of this paper by university researchers, this has been the plan of the WIP (world intellectual property organization) since the mid 90's. The attack on and the ending of general computing was planned from the beginning.
https://web2.qatar.cmu.edu/cs/15349/dl/DRM-TC.pdf
PC game companies accelerated it with gambling by rebranding their PC rpg's with stolen networking multiplayer mmo's to disposess the masses.
Most hackernews commenters today are oblivious, I see positive comments about steam mmo's/f2p games when they are just regular pc games with missing files and game code. Our species is really dumb.
When you network two or more computers together, EVERY program in existence an be split between your machine and some remote machine and run between them as two exe's. You'd only do that if your plan was to steal software from a computer illiterate public.
99.9% of every "MMO" you were given is actually entirely living on your pc, they wanted to kill piracy and artificially jack up game prices because when you network your computers together they can monopolize their own products and inflate the price of software to astronomical levels (aka the subscription).
We already had infinity multiplayer games in the 90's in quake 2, go listen here at John carmacks comment.
(somewhat paraphrasing) "No limit to the number of players inside a multiplayer world"
https://youtu.be/TfeSMaztDVc?t=96
So no ultima online, everquest, guild wars 1 ad wow are literally just RPG's with network multiplayer removed and dumped into a seperate exe, aka stolen networking code. Because quake 2 already had limitless multiplayer, and ANY game can be made in a game engine. AKA we could use quake 2 engine and clone all mmo's and turn them back into local applications allowing you to host your own games and remove the user account requirement. Like 99% of pc games until Ultima online in 97.
That is why modern Unreal engine FPS games like Transformers fall of cybertron have their multiplayer "shut down" the public bought into the MMO scam that led to steam.
So we have an unreal engine game (Transformers FoC) (2014)
https://imgur.com/a/RxGQWdq
And we got UT2004 a game from 2004 that has more features then modern incarnations, how did we end up going backwards in time in PC gaming?
AKA how can a game from 2014 have less features then Unreal tournament 2004 and prior even though Transformers was released in 2014? Makes no sense right?
That's what I mean by stolen networking code.
Even if it's suspicious, it's very easy to understand how this particular thing happened. Key management and handling is surprisingly difficult, even for IT professionals. Look at how many private keys get checked into GitHub on a regular basis.
You have to understand what the keys do and how they protect your data. You need to know that your data is really really gone if you lose them. You need to understand what happens if someone else gets their hands on your keys. You need to keep copies of the backup keys but not too many copies because that's also insecure. You need to understand what powers you are giving another person by asking them to keep a copy of your keys. You need to understand who it is safe to hand your keys over to. You need to be able to tell when you are being tricked into handing your keys over to someone or something malicious.
Some of us may understand all of this but there are many people in the world from whom it is simply unreasonable to expect that. The same people who create new Facebook accounts because they forgot the password to their old one, or take their computer to a repair shop if their emails won't download. BitLocker key backup is about the best way that Microsoft Customer Service or your organisation IT helpdesk can turn around and say "well actually, yes, we can help with this" rather than leaving users to suffer consequences they probably didn't even know about.
This is the best way for Microsoft. They have the keys to data. The best way for other people is education. Just as you lit a match when you're a child and get burned and you learn that fire burns, just like this you can teach people about their data and the consequences of giving it to others. This, of course, does not work because (in this case) Microsoft has a conflict of interest. They want your data. I'm astonished how my company talks about information security when almost everything they have is in the cloud. Microsoft has the emails, Microsoft has the code. Yes they do claim it is secure but the keys are only accessible by the Microsoft OS.
The funny thing is that capitalism was all about property. "I own my {house, computer, car}." I'm really curious how this will evolve in the long term when noone will own anything. A new era of "digital slavery" ?
(*) A TPM that is special for being baked into the CPU, and for being a known quantity that can thus be updated via Windows Update and used for Secure Boot attestation, but a TPM all the same.