• BobGnarley@lemm.ee
      link
      fedilink
      English
      arrow-up
      13
      ·
      4 months ago

      Its a “trusted” execution environment for the system. So basically, it has access over your entire system and there’s no way to know what it is doing because it is proprietary and many people and third party security groups have expressed concerns about it before and asked them to open source the code that runs it and they will not do it.

      Intel has a similar system the Intel Management Engine but you can disable that after bootup and also run it on open source bios so that it is essentially neutered. You cannot do that with AMD.

      The NSA disables and removes Intel ME on their systems, so it seems like there’s a very real threat from these proprietary systems that have complete and entire control over every aspect of the machine and software running it.

      • daellat@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        4 months ago

        So you called it spyware but now you say you dont know what it is doing. So which one is it?

        • BobGnarley@lemm.ee
          link
          fedilink
          English
          arrow-up
          10
          ·
          4 months ago

          The fact that you can’t discern what it is doing and it can’t be disabled makes it invasive software. There’s no shortage of qualified experts who agree with what I said and many others who point out glaring security vulnerabilities that come with using it. I linked a few for your convenience.

          https://www.eteknix.com/nsa-may-backdoors-built-intel-amd-processors/

          https://www.theregister.com/2018/01/06/amd_cpu_psp_flaw/

          https://www.phoronix.com/news/AMD-PSP-Disable-Option

          I’d say with all of the above at the very least its invasive software that has complete access to your system and all of its files and processes.

          Spyware by definition is “Any malicious software that is designed to take partial or full control of a computer’s operation without the knowledge of its user.” The fact that you can’t look into what all it can do makes it capable of doing this.

          • daellat@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            4 months ago

            Perhaps I’m being pedantic, but even in your quoted definition we don’t know that it’s spyware. Because 1) we don’t know if it takes full control 2) it’s there with our knowledge. I still can’t agree to your conclusion in your first comment that it is. It might be, but I’d phrase that differently.

            blablabla more blabbering around the point below: just pure speculation of what it could possibly be worst case scenario.

            Spyware by definition is “Any malicious software"

            Cool, but since you have no idea whether or not its malicious calling it spyware is false.

            • trolololol@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              4 months ago

              Media definition of spyware for data privacy purposes is exactly that. The difference here is that this is a tool that can be leveraged to make a copy of all the data in your computer and put it on the cloud, among other things. Tik tok and Facebook can’t do that and are subject to much bigger scrutiny.