Mixed Signals
Any sufficiently advanced information is indistinguishable from noise
Tuesday 5 June 2007, 7:47 PM
Taking sweeties from strangers - update
As well as the cornets, the nice ice babe with the Intel van was also doling out promotional USB keys. Nothing unusual there - this is fairly standard practice for press packs and the like these days. Indeed, this one has a 166K PDF on it extolling Intel's extreme cleverness - on a 10MB partition, on a 1GB drive. Bit silly, but there we go.
So yours truly looked at the document, made a copy, and thought "Don't like that partition, I'll just have it out". No way, said my computer. So I fired up some hairy-arsed Linux software, the sort that could de-partition India and Pakistan from one rather spiky command line. "Go away", it said. "That's not kosher."
Blimey. What's going on?
Well, that's a very good question. After some dismal faffery with various tools, all of which just underlined the utter anonymity of the drive in front of me - and the ferociousness with which it held onto that partition and that darn document, I took another tack. I searched for promotional USB drive companies.
And of course, this is just another service they offer, alongside silk-screening your company logo on the case and custom plastic design. Here's an example, although there's no reason to think this happens to be the company behind Intel's key. And a quote from that page: "Non-Erasable Content: Pre-load specific content such as marketing materials and application software that you never want removed by end users.". Well, yes, I can see how that can be done - and there are lots of cheap ways to make it happen, now I think about it. There's probably a utility somewhere to undo it -- I know that U3, who do this sort of thing for retail devices, have one. And I also know it doesn't work on my key. Ahem.
But there's worse. What else can you give the promotion-seeking company, CustomUSB?
"Private Data Area: A hidden data area not visible to the user can securely store information and/or collect information for a variety of uses."
Pardon? You mean this key, given to me by a nice lady along with an ice cream, could be harbouring invisible software and invisible data storage, and I have no way of telling?
Further investigation? I think so. Meanwhile, you may care to think up how many ways this particular option could be abused. I can think of lots. Have I got reason to distrust Intel? Of course not. Did I have reason to distrust HP, before it employed private detectives and deception to monitor my colleagues in San Francisco? Of course not.
But how paranoid should we be?
PreviousComments on this post
I think we SHOULD be paranoid as the phrase, "sometimes, yes, they ARE out to get you" is true in some cases...
Ultimately, if it is possible to imagine, it remains possible to occur and likely to occur without any impetus to restraint, i.e.: embarrassment or legislation.
If our information is useful to a corporation, they should be honest and pay us what it is worth and be open about it.
Maybe you should send them your recently irradiated sandisk ;-)
Wasn't there a recent example of USB keys being left in a station car park - anyone curious (read: daft) enough to load up the USB was then assaulted by malicious Trojan code that swiped banking login details?
Difficult to be over-paranoid in the circumstances....
