I read this article, not sure I fully understand all it is saying. Wondering if the Purism is aware of this and if their computers would protect users from this.
Well, it seems to me that if you don’t use the tools of the jackboots, they will have a hard time fingerprinting you and your files.
The basic idea is provenance i.e. where did some media object come from.
The problems could be many:
- if the browser is updated to check provenance for any media item that it is displaying to you then you could be telling Microsoft about everything you are reading / viewing / …
- as with Secure Boot, having Microsoft in charge of the show always leaves open source platforms a little concerned
- if browsers, apps or social media platforms start to suppress or deprioritise media that has no provenance then that is a good tool for control over what you see and what you don’t see
The project itself observes that provenance doesn’t tell you anything about whether you should trust the content or its source, only what the source is. It is in part motivated by “deep fakes” or other fakes that are purporting to come from one “trusted” source but are actually fake and come from some other source. (In other words, to some extent, if some “alternative” source wants to put out “fake news” then that is fine provided that they either put it out legitimately under their own name or they intentionally put it out anonymously.)
I would start with a default position of distrust over any initiative like this. While they may be able to mouth words about what problem they are trying to solve and why they are doing it, I wouldn’t necessarily take that at face value and I wouldn’t assume that it can’t be repurposed.
Regarding the first item above, straight away I would disable this functionality in the browser - if given the choice.
There are two cases regarding checking provenance though. a) The provenance is ‘in situ’. No check on the internet is needed. b) The provenance is external to the media object. A check on the internet is needed in order to establish its provenance.
PS Intel is part of this … but so is ARM. So escaping from Intel won’t necessarily escape this initiative, whatever it ultimately becomes.
Greetings Din, welcome to the right place and prepare to step into the world of those that understand these things, even better than I.
I embarked on the very same journey a few years back and have asked many of the same questions you pose. I support and encourage others to support the Purism Concept for Digital Comm. If we don’t, alternatives to what is proposed by BIG TECH, will be only for those who are very savvy.
In this community you will find many folks far smarter than I that have taken many steps towards preserving the essentials of what I have come to understand as Life, Liberty and the Pursuit of Happiness. It once was the American way, now its become more of a mission to try to preserve it, than a basic fundamental right to privacy.
Its no longer a given, just as true “Freedom” is not free.
A price must be paid, due diligence, ingenuity, research, and a willingness to change how you do things.
You have a choice, Blue Pill, or Red Pill?
If your sticking with Fakebook, Windoz, Googled and the rest, it has nothing to do with Purism, but everything to do with you. Like someone else said, if you don’t play the game their way, you can write the rules, our way.
Dump “ISM”, take a walk on the wildside of “The Open Souce Community” . Follow a few rabbit trails, meet a few Penguins, and you might just meet Alice along the way, or end up in the “Land Of Oz” and have Toto pull back the curtain for you…
Welcome to Purism, where we get pure about the “isms”
Totalitarian-ism has no tolerance for anything outside of their Matrix-ism.
We have no tolerance for the Matrix, the “delusional illusion” to control.
It’s all Pure_BS
The Microsoft press release is very light on details:
The fact that ARM and Intel are involved tells me that they will use an ID from the processor to identify the source. I’m guessing that this information will be embedded in documents and multimedia files and probably encrypted and have a hash to detect changes. I’m guessing that there will need to be some external certificate authority as well to stop easy hacking of the provenance info.
Intel is the biggest single contributor to the Linux kernel, so the Linux kernel is likely to get support for this feature if it ever sees the light of day. However, it also won’t be hard for any Linux distro to strip out any provenance info from files. That is the advantage of FOSS, that you can change the code to remove any feature that you don’t want.
Without more details, it is hard to know whether this is something to be concerned about or not, but it doesn’t seem like it would be hard to opt out by stripping identifying info from files. I can’t see the two major parent distros (Debian and Arch) making it the default setting, so we probably are protected in the Linux world. However, I can foresee a future where you won’t be allowed to post files on certain platforms where the files don’t have provenance information included.
My recommendation is to use FOSS platforms where the major technical decisions are made by communities (like Debian, Arch, Gentoo, and their derivatives), rather than by commercial entities that have financial incentives to comply. If we have free/open source processors (like an OpenHW RISC-V processor in an FPGA), then it won’t be hard to modify the processor to not report identifying info.
My second recommendation is to call out misinformation when you see it and stop visiting sites which have a history of promoting misinformation, because you are helping to create the problem and giving fuel to initiatives like C2PA.
Some interesting context for Big Tech
I must admit that I didn’t read the linked article.
I just want to add, that there are fakes, that take a file (e.g. a photo) and use it in a different context together with a factual lie.
A fictive example: An article about people from political group X demonstrated in the streets against upcoming law Y. A backward image search on the web would reveal, that the demonstrating people on the photo in the article were instead demonstrating against something else in another country. So sometimes provenance can do good like uncover fakes.
Provenance would only help in that example if the scope increased from not just identity (provenance) but also to include a timestamp and GNSS coords. Would it stop there? Already the privacy concerns are mounting up. Would there be a trusted source of time? A trusted source of GNSS coords?
Hypothetically speaking, would I be able to change the provenance and update the timestamp and location by “recapturing” the image?