Not trying to defend intel, just trying to offer a (somewhat justified) answer:
If people are using more streaming services, that means Intel should focus more on their Integrated Graphics platforms. If people are downloading significantly more data than ever before, they should probably make sure their networking drivers receive more support.
Knowing how people use their PC's, even by category, can help Intel manage its driver development.
That’s a very poor excuse for mass collection of personal data. They can easily figure that out from commercial datasets, or even a small-scale research effort.
Ya, I think the key bit of spook that can be derived from the title is that they're using the CPUs to do this, maybe like they're baking it into Intel ME. That's what I first thought until I read the article. It's just intel saying, hey come install our spyware. However it's worth nothing that I bet this will come preinstalled on a ton of devices which is in fact spooky.
It doesn't have to be that bad. Every organization has constraints - particularly people's time. If Netflix, Amazon, and Hulu come up with some new video codec and plan on releasing it in 12 months into their services, and I know 80% of my consumers use video streaming services, then I know that I should allocate most of my development resources / people towards enabling the new codec on GPU's my company sells.
Knowing how people use your products helps allocate new development features. This problem isn't unique to intel.
Is this codec scenario plausible, that something so significant would be broadly adopted and Intel would need user usage data to decide whether to support it?
Usage data could be very useful for decisions on what to dedicate die area to, and how to price products.
They might find that a market segment doesn't do a lot of playing 3D games, but does spend a lot of time watching Youtube on battery, and so make the decision to drop integrated GPU shader cores and dedicate more die area to video decoding, to make energy efficiency better when watching video.
But now we are not speculating about potential new additions, we want to know utilization of existing circuits to allocate resources & improve in the future. I'd hope this could be measured without collecting a ton of personal data.
These goals blur together. R&D effort, and usage of die area are all justified by market potential. Knowing how large the market for a technology or tradeoff actually is has value.
> I'd hope this could be measured without collecting a ton of personal data.
Intel's claim is that they don't: "we would like your permission to collect [...] The categories of websites you visit, but not the URL itself" also the privacy safeguarding statement at the top of the page.
The whole purpose of CIP is to gather data on actual users' computing needs. For many computer users, the web is most of their computing experience -- it seems appropriate therefore to include usage of the web in the program.
Much like any customer experience study, privacy is an issue. Intel do at least claim to be mitigating the impact to privacy.
I'm of the opinion they should add FPGAs to everything. Every chip now has an insane amount of die area dedicated to the northbridge or the L3 cache. Anything else turns the junk we buy into garbage the moment everyone switches to a new standard.
Unless they're shipping a fairly complete domain -> category map to your machine and doing all categorization offline, unlikely, then they absolutely have the ability to collect it, and will "accidentally" do so at some point. We've all seen this movie now, multiple times.
edit: also the knee-jerk reaction most people are going to have to this, is concern about certain categories of websites.
Third party services (e.g. https://www.webshrinker.com/apis/) exist to perform this kind of classification. They'll be doing the classification API calls from the client (CIP-enrolled) machine, then sending the results (and not the domains or URLs that generated them) back to their own endpoint.
> The information collected includes categorized web browsing history that shows how long and how often you visited specific categories of sites (i.e. social media, personal finance, or news). All site visits are classified into one of 30 categories. We do not collect URLs, web pages titles, or user-specific content without explicit permission from you.
From a technical perspective, how does this work? I can only think of two ways:
(1) Intel downloads a big "map" file containing a huge list of pre-defined domains and categories. This means either the categories are pretty slim or you have a GB's big file
(2) Each URL is sent to Intel (aka "collected"). Maybe they don't "store" it ("We promise") but as soon as it leaves your system you have no control on this
They could use a technique like Google Safe Browsing where you send a partial hash of the url, and they send back the subset of the map containing only urls which could match that hash
They can strip the request down to the domain name, hash that with a OTP to do a fuzzy lookup on their end which would be difficult (not impossible) to reverse per reference, but would require APT to do en masse.
There is probably some flaw with this method... curious if others think there's a "safe enough" way to do something like this...
No server-supplied metadata is trustworthy enough to base your business decisions on. If 80% of the internet traffic was illegal server-based video streaming, those providers would simply be changing the metadata every time they got “profiled”. Some probly even do it proactively.
Intel would be much better off to focus on what the cpu is asked to do (decode 4:4:4 h265 and/or aggressively tune for low latency, for example).
Exactly. Why do they need to know categories of websites? They should be collecting the things your computer is doing from a technical standpoint. Then I could be convinced that they were trying to learn how to improve their products from an engineering perspective. As it stands CIP looks like a way to use the large installed base of their products to improve the marketing/partnership side of their business.
The legitimate way to acquire this information would be to purchase it from partners who have a legitimate reason to collect it. If you want to know how popular 4K streaming is, for instance, Netflix, Twitch (etc) can provide that information.
My uninformed guess is that the information would be far less costly and of far better quality than using some large-scale spyware deployment instead. Unless there's something more that can make it worth Intel's while.
Because collecting data about streaming service usage makes sense when you operate a streaming service. I don't see anything inherently wrong with it so long as the information is anonymous.
Sorry, my response was a little short. I should have said that people like your ISP and cloud hosting are/can already spying on us. If Intel wanted this data solely for the purposes of improving drivers, they could buy it from internet connectivity companies. We don't also need them tracking everything we do.
Yeah the word "spy" might be debatable but it's certainly something like "snooping".
Just because they process the data doesn't mean they need to record it. I feel like a good analogy here is the ISP is your secretary. Sure they must have access to your documents to do their job, but if they're reading through your stuff for "gossip" or snapping photos of your documents, that'd still be an invasion of privacy.
Yes but ISPs are huge and can limit logging to outbound connections. No individual recording would be done. Privacy is kept -- with a big caveat that deanonymisation of aggregated data is possible in a number of cases, of course, granted.
GP says "Cloudflares of the world", i.e. companies providing similar services. We can take your word when it comes to Cloudflare itself, but that doesn't mean your competitors don't sell, barter or exchange data - and frankly, at this point, just possessing this data is grounds for reasonable suspicion. At least it seems to me that whatever value or code of behavior can be broken for profit will get broken by someone eventually.
(And even as we trust Cloudflare of 2019 doesn't do it, who's to say Cloudflare of 2021 will still live by this code? Can you guarantee that? I often find myself wishing for an established way for a company to make legally enforceable vows about its behavior. Maybe there is something like this already?)
Suprisingly recently, I learned that cloudflare does hand over data about browsing and also inspects the data that is being exchanged by the user and the web site - and pro-actively hands the data to various gov agencies.
I do not think most webmasters or web surfers know this.
see "Among other things, that resulted in us cooperating around monitoring potential hate sites on our network and notifying law enforcement when there was content" - and more, via: https://blog.cloudflare.com/terminating-service-for-8chan/
Maybe it could have to do with different kinds of CPU workloads imparted by different mixes of HTML, CSS, and Javascript functionality. After all web browser performance is a common complaint.
Intel has cared a lot about things like JS performance so may want to directly observe what js is being run.
I recall that being a big challenge when I worked on browsers - it’s very difficult to see what users actually encounter beyond “top X website” lists, which are of questionable value.
> Data collected from your system is temporarily stored locally on your system before being uploaded to a secure cloud environment, which may be physically located in accordance with Intel’s Privacy Notice.
> Intel keeps the data for a maximum of seven years. Intel takes reasonable steps to reduce the risk that any data kept for over three years can be traced to a particular computer.
Tied to user for 3 years. From a law enforcement perspective I’m more interested in the ‘other devices in your computing environment’. They state they are generating a random UID tied to your system, so I assume if I know the UID from the suspect computer then a warrant could be issued to Intel for this information.
If it's kept over three years, you have to believe that there are backups of the data made, and that the backups are retained forever. So ANY persistent mapping from the data to a specific computer is effectively permanent the moment it hits their backend (maybe someone has to load a tape, so it's not instantaneous, but still available to a warrant or subpoena or shenanigans).
If there is any "risk that any data ... can be traced to a particular computer" on day 1 that the stuff is stored, then that risk never goes away.
The issue is that the compatibility and styling (animations etc.) are not fully supported or available. This should have been standardised much earlier, alas here we are with a half-assed solution to a very common pattern.
Indeed. Or rather: as an user, the animations only an issue when they're broken (or performance-intensive). Which immediately suggests a way for correctly doing such expandable paragraphs: just don't animate them if you can't make it work perfectly everywhere.
I guess you can always hack something in Javascript if you wish to have animations, which is always better than to go with an implementation in full Javascript.
The one thing that does not stop boggling my mind on a daily basis is the lack of a consistent feature detection and the subsequent fallback mechanism for the web. I need to look at all these weird angles and use polyfills just to check if the feature is there in the first place. Even then, I cannot accomplish this without JS, and cannot react to it without JS.
It's not a choice I have, so fuck it: I'll make it viewable without JS, and usable with JS.
You can always detect whether tag <foo> is supported in JavaScript by testing whether HTLMFooElement is defined (but I understand you are speaking more generally).
I understand your feeling, and by making it usable without JavaScript you are already going a long way, but using those tags also makes your pages accessible.
Making your pages beautiful with animations is only extra. Things already work out of the box in any case without <details> without effort, only better if it is supported.
HTML is mostly designed to gracefully degrade, detection is not always necessary.
How would you like things to be handled? Handling retro compatibility is hard and I find HTML does a good job at it.
Out of a stance that is now more political than anything, the applications I've been building are entirely operating with server-side HTML templates with absolutely minimum to no JS (only for the occasional page load event or whatnot). When you respond to requests in under 100ms (plus network latency), you don't need an SPA layer to fool people into thinking that they're not in a web page.
I've built a website like that, for someone drawing comics. Fully works in simple HTML, looks better with CSS, and faster and slightly more enjoyable with JS. The JS avoids jumps and flashes (especially annoying since the website has a black background) when opening a page by only reloading relevant parts so the browser does not need to fully redraw the website, with great care to handle history correctly and consistently with what would happen with JS disabled.
Edge never really gained popularity so that disappearing (with Chrome-Edge) is neither here nor there. IE11 is here to stay until at least 2025.
In no small part due to Microsoft's decision to make IE11's rendering engine the only browser that could support: Java Applets, Flash, ActiveX, that almost all major companies and large governments use. If they had incorporated those into Edge and hidden them behind ten layers of security warnings, we wouldn't be in this mess.
Try to service large corporations and governments. Our IE11 user share is over 70% for the product (but under 30% for the marketing/public pages). This won't change until every last Java Applet/Flash/ActiveX control dies, and that isn't happening fast -- companies literally in 2019 still sell products using the tech' (Oracle!).
If I’m understanding this right, Intel looks at your web browsing to optimize their drivers? Why would you ever willfully share this information with Intel?
Probably they want to group their buyers using that browsing information. E.g HN readers tend to have i7 CPUs etc.
While they state only "The categories of websites you visit, but not the URL itself" is transferred. I'm wondering how you do this? The most privacy friendly method would be to have an offline mapping with e.g. the 10000 most visited sites and their categories.
As I understand it, the CIP is opt-in, so it is truly voluntary.
EDIT: Well, it's supposed to be opt-in, but apparently Intel has been sneaking it on user computers without their approval, which suggests that the checkbox used to install it from the driver assistant might be checked by default... so not opt-in.
I think they're using this data to help guide how they should compete with AMD and ARM.
They also say they're saving the RAM used and software applications you use... To me that's about figuring out what's more important to end users; incredibly powerful (multi-core) machines or incredibly efficient (fastest single threaded speed per watt) ones.
Right now Intel is getting hammered on both fronts with ARM chips dangerously fast for single threaded applications (A13) and AMD totally slaughtering their desktop/server market... They have no modem business, and if I was Intel, I'd be pretty fucking scared right now. The weight of the rest of the industry might be large enough now to truly make 'em irrelevant.
As a result, they need to be very, very careful about where they invest resources as the future could be very dim for them...
P.S. I do think: sure they could sell it, but is that data really going to make up for the dip in their actual business? Nah.
How can a company like Intel that was top dog for (at least) 10 years in a row get slaughtered on two fronts? Seems like they should have billions in the bank to burn on whatever they need to get back on top.
To me this is like people projecting doom and gloom for Apple after Microsoft makes better products for 2 years, but maybe I'm missing something.
The landscape that Intel dominated has changed completely and they have not. They're like Microsoft without Azure, without Office, without Xbox... they have one meaningful product: CPUs and their GPU is a six-months to a year out for a v1 which will probably not be very great.
If either Microsoft or Apple had continued to only have one meaningful product they'd both be shells of who they are now.
> Seems like they should have billions in the bank to burn on whatever they need to get back on top.
It's a persistent extreme exaggeration, that's all it is. It's a projection of what some people want to have happen (death to Intel, rise of AMD; if AMD dominates, it'll then be death to AMD), rather than a reflection of what reality actually looks like. Aka wishing it were so.
What does reality actually look like? Intel's profits keep climbing and climbing.
2018 was the best year Intel has ever had in its entire history. $70.8 billion in sales, $23 billion in operating income. Operating income skyrocketed 58% in just two years. The extraordinary level of profitability they're sitting at has only been reached by a select few companies in all of corporate history.
Intel generated more operating income just last quarter than AMD has net in its entire 50 year history combined.
But surely sales must have declined then, given the scaremongering, even if profitability remained high? Nope. 2018 was a great year for sales growth for Intel, fastest growth they've seen in a decade.
They went from $55b in 2015 to $59b to $62b to $70b in sales, after many years of near-stagnation.
Surely Intel is seeing really bad erosion then in its most recent quarterly results? No - $6.5 billion in operating income last quarter. More than AMD's sales for the last four quarters combined. And one of the best quarterly profit figures Intel has ever generated.
Funny that you bring up past numbers on revenue and profit. Andy Grove, Intel’s most celebrated CEO, used to sound a note of warning about relying too much on such metrics for decision-making.
Revenue, which is really about what has already happened, is a lagging indicator of bad news.
I have no horse in this race, but I think it is instructive to point out that after the iPhone launched in 2007, BlackBerry maker RIM would go on to attain impressive revenue numbers in its history starting in 2009 ($11,065m) and 2010 ($14,953m) before peaking in 2011 ($19,907m). It has been on a downward trajectory ever since.
Intel isn't as diversified and MS or Apple. Intel used to have a de facto monopoly on hardware because migrating away from x86 was very costly and offered no benefits.
But now there are tangible reasons to move away from x86. The industry spent the last decade doing the heavy lifting to make their software cross platform, which has allowed companies to not only easily move from x86, but to also create completely custom hardware. Intel's customers are also their competition.
I will be seriously impressed if Intel manages a pivot, because, as far as I can tell, they don't have a secondary business to fall back on.
Intel's competitive advantage was, for many years, their superior process -- always far ahead of the competition. For reasons that aren't clear to me (still an Intel investor), Intel's process advantage has stumbled.
I informally interviewed with Intel's process engineering in the early 2010s and was amazed to grok that they truly viewed Moore's law as a target. The job looked extremely stressful, as a new miracle was required roughly every eighteen months, and every piece of the process had to work, or the whole line would fail. Intel's (and modern chip-building in general) fabrication work is truly astounding.
Intel's real competition is Nature, and Nature gets exponentially more difficult.
It's an opt-in program. I'd be upset if it were mandatory or opt-out. But opt-in doesn't bother me.
> How do I participate in the Intel® Computing Improvement Program?
>When you download and install the Intel® Computing Improvement Program, click Accept on the invitation to join.
> What if I don't choose to participate?
> System performance information is not collected or sent to Intel. As a result, performance information from your computer cannot be used to improve future products.
Usual disclaimers: I don't work for Intel, never have, no plans to, no direct financial interest in them, etc.
No surprise more and more entities want that delicious browsing history data, it's extremely valuable and profitable.
These days you need to really understand your threat model when it comes to using the internet and who might be able to record every keystroke and website you visit.
We used to call them "keyloggers" but now GBoard and Windows 10 have "clipboard sync" features.
I think there's going to be some genuine business in having scripts make random web searches, copy/paste random things with the cloud sync feature enabled etc to trick algorithms and what data can be harvested from what they collect.
If you poison the data they have on you then what use is it collecting it? Maybe I just am a raging furry, and adore Adolf Hitler and buy Nazi related materials.
I tend to agree with you. Though when Intel starts selling your data to the government you might want to limit those Nazi searches, could impact your ability to cross the border without a hassle.
Yes, but presumably they want to know what type of JS is being run.
The characteristics (memory access, numeric operations, etc) are complex and simply saying “make all of it fast” isn’t helpful - presumably intel is trying to make their chips faster at everything in general, but if they find that there are a few particular bottlenecks maybe they could allocate more resources/surface area to those particular instructions, etc
No, I don't want that. I'm just suggesting a way for them to not have to ask the world for this data by eating their own dog food, in the context of this thread, in a consciously unfriendly way.
The particular opcode was a very low cost one - most of the win came from memory savings (it’s basically float->int conversion with overridden round mode)
At some point we're going to have to start using our personal firewalls for outgoing traffic too which is going to be a massive pain. It seems that every company is jumping on the telemetry band wagon.
Let’s assume Intel has the best motivations here, and really wants to ensure that Intel devices perform better than competitors. There’s a far better way to accomplish this without invading the privacy of end users and becoming yet another attack vector (has anyone coined YAAV yet?):
- Create a program that allows developers and other companies to upload their code to be stored and executed by Intel to test and store performance improvements and regressions
- For those who don’t trust Intel with their code, allow them to register their site as part of a testing program. Intel can then rank the importance of these sites internally by popularity or whatever kind of metrics they want.
If developers and companies care, they’ll participate and work with Intel directly. If they don’t, they won’t. Stop pushing this crap onto users’ machines, building profiles, storing data, and invading everyone’s privacy.
There's an even better way of doing this and they never have to leave the lab. They have all of the CPUs and enough of the hardware configurations themselves to actually run a test. Just go by some of the "most popular websites" list that's out there.
Well, you're saying metrics and they're saying web browsing data.
You're probably thinking metrics because that's how the program is presented: as a way to help ensure Intel products and drivers are performing well.
But what does browsing data have to do with that?
E.g. I notice the privacy policy covering this data specifically allows them to use the data they collect for advertising and allows them to let their partners use it for advertising as well.
Is that what you were expecting from the Intel CIP?
I dunno why they need it and I personally won't share it, but if they ask honestly, without any manipulation tricks, and people decide to share it, I don't see an issue. Freedom goes both ways.
But there's manipulation tricks. And they ought to be making a fair offer that involves paying you a fair rate to be monitored. It should just come naturally. Otherwise they're using manipulation tricks.
I'm sorry, but "opt-in" has almost always been a load of BS in my experience. Most examples I have seen look like: "Do you accept these terms? A.) Yes, and continue using our product B.) No, and revoke your access to our product."
And how long until the installer for some "partner" software enrolls me in this program without my knowledge? (Or only explained deep in some EULA nobody will read...)
From what I can tell, it's "opt in" in the sense that so long as you're paying really close attention when installing Intel's Driver & Support Assistant, it's technically possible to avoid accidentally turning it on. (However, it is apparently impossible to to avoid installing it regardless of which options you choose in that installer - hence the FAQ item "If I choose not to participate in the program now, can I join the program later?" that says people with that installed can just turn it on from CIP's control panel entry.)
I don't know if I am getting this right, but this seems to be a program that you can install and they at least ask. So I have not as much a problem with it.
I wouldn't want them to be able to read my CPU SN though and connect it to any browsing data. But there sure are people that wouldn't mind.
If I compare this behavior to MS and their telemetry crap, this is a gigantic improvement. Not saying that collecting usage information should even be further normalized.
From doing a quick Google, it looks like Intel have been sneaking this software onto people's computers bundled with stuff like drivers, and some people have been having serious trouble actually uninstalling it: https://www.tenforums.com/customization/113108-inquiry-about...
But clearly they should reword it to be more explicit.
s/categories of websites you visit/
- Each month, whether you have or have not visited some streaming video website on this list (click to see list) (i.e. a single "yes" or "no" for the whole list)
- Each month, whether you have or have not visited some shopping website from on this list (click to see list)
- ...
/
Ford CEO Jim Hackett: “We already know and have data on our customers. By the way, we protect this securely; they trust us. We know what people make. How do we know that? It’s because they borrow money from us. And when you ask somebody what they make, we know where they work, you know. We know if they’re married. We know how long they’ve lived in their house because these are all on the credit applications. We’ve never ever been challenged on how we use that. And that’s the leverage we got here with the data.”
Is this tied to installing other Intel software or drivers? The page reads like you specifically decide to download this solely for the purpose of helping Intel. Not sure they will get many takers that way.
After the rather recent let downs (Still waiting for my free of charge replacement CPU for the ones vulnerable to meltdown and spectre.), just one more reason not to buy Intel crap.
This seems to be genuinely opt-in: You have to explicitly sign up for this program, download and run their software. It's not like they're spying on unsuspecting chip-buyers.
Surely Intel’s engineers can browse the web themselves to find out what kinds of websites and JavaScript exists and use that knowledge to optimize their microcode or whatever.
Or buy a report from one of the hundreds of companies doing this kind of user tracking.
There’s no great reason why they would need to begin collecting data on each of their users.
> Surely Intel’s engineers can browse the web themselves to find out what kinds of websites and JavaScript exists
They wouldn't have access to the frequency of visits, an important factor.
> There’s no great reason why they would need to begin collecting data on each of their users.
I've given you one above.
Also, it's not "each of their users", it's those voluntarily agreeing to submit this information (as opposed to "you need to install X to unlock feature Y", and installing an executable.
If everything were to go according to plan, it would be harmless, yes. The problem is that data becomes a liability.
The same way having a few sparklers in your closet safe enough, having a few websites of your users is safe. But when you have a huge cache of personal data from large numbers of users, it becomes attractive to foreign governments, foreign gangs, feature creep from questionable law enforcement practices under a corporate surveillance state, unethical domestic lawyers, script kiddies, and so on. It's like having a whole fireworks store in your closet... It just keeps getting harder and harder to store safely the more information you collect!
And you're not totally wrong- at least they're doing the right thing and making this opt-in. However, this collection appears to be one done by a bunch of GPU nerds, which raises warnings that it won't be protected as well as, say, google doc data.
Telemetry is now an attack vector for privacy in general because no one can be trusted with the data.