Intel GPU drivers now collect telemetry data on "which types of websites you visit, which Intel says are dumped into 30 categories and logged without URLs or information that identifies you, including how long and how often you visit certain types of sites". It also snitches details on your computer and "other devices in your environment", as well as "how you use your computer" (no clarification provided).
@ramonita Man, this is nuts. Does anybody know a good way to monitor what on your machine is sending out internet traffic, and maybe block it? It seems like there should be a well developed solution for that. :/
@Angle@ramonita if it's a hardware level thing then you might have to monitor it from another system. Something like wireshark could do some of that, although you might need to use something like sslstrip if this stuff is secure...some firewalls (pfSense for example) also have this kind of monitoring available!
@nuncio@ramonita a GPU could probably exfiltrate data via a web browser. Website asks the web browser to render something in a way that involves the GPU, and then ships the rendering back to Intel.
I doubt they do this, but they could. In the case of these drivers, part of their code runs runs on the CPU so it's much easier.
@mori_au because we live in a capitalist system and the goal is to maximise profits for capital owners, who have judged they have some more profits doing this invasion of privacy.
Are we sure this type of thing does not qualify as malware? How would we even opt out of tracking that happens in drivers? (because of course, all these things are never opt-in to make the most profit off of unknowing subjects)
That would be some headline: Sensitive Health Documents Leaked Through Printer Driver, or worse.
@arzi
GDPR only applies to data that can be linked back to an identifiable individual. Anonymised data, therefore isn't covered by GDPR. @kkarhan@ramonita@EU_Commission@bsi@noybeu@torvalds
the phrasing is ambiguous so I don't know if they do log how often you visit a category or not. but even if they don't, as someone else posted, 2**30 is more than one billion distinct profiles, which together with specific data on the computer hardware, serial number of card, and details of nearby hardware, will make it pretty trivial to poinpoint who is being spied on and deanonymise the data.
It's not as if #Intel's #GPU's can make loading websites faster.
Whereas I could understand if they politely ask me if I want to tell them what applications and hardware I use so they can optimize their stuff (similar to Steam's Hardware Survey)...
This should always be an explicit opt-in, just like sending #Crashlytics should be.
@SnugAsABugInARug@arzi@kkarhan@ramonita@EU_Commission@bsi@noybeu@torvalds how can they guarantee it isn't possible to use it to isolate and identify the user and its online presence? this seems like a huge backdoor issue that could be used to spy on foreign governments.
@kkarhan@SnugAsABugInARug@arzi@ramonita@EU_Commission@bsi@noybeu@torvalds european governments uses windows though. which also seems like it isn't strictly legal; seeing as the billions of RnD taxes should be poured into local open source projects and not thrown at a foreign proprietary entity.
amd and intel both have open source drivers for linux. amd and intel both collect telemetry data from windows users with their drivers, but so does nvidia, and unlike the other two, nvidia neither asks permission nor offers an opt-out. so I would avoid nvidia when doing politics as the worse of the 3.
even with amd or intel on linux, you still have proprietary firmware blobs. I would imagine it should be at least possible to isolate these blobs from network or disk access, though I don't know if linux/bsd people have taken the trouble of investigating them for bad behaviour or keeping the firmwares as curtained as possible.
in any case modern computers are inherently untrustworthy. but some types of computer are more untrustworthy than others, and the difference still matters.
Add comment