â‚ż
"I do not fear computers; I fear the lack of them" – Isaac Asimov
Isaac's quote describes my current situation: confronting a truth that hurts to a greater or lesser extent depending on your margin or concept of freedom. In advance, I invite the audience reading this to digest it cautiously, especially if you have something to lose in cyberspace like anonymity, money, or other things, whether legal or not.
Security Measures We Take
We all take security measures when interacting with a computer:
- A PIN or an ultra-long password known only to us.
- Password managers.
- VPNs to encrypt connections or more decentralized options like onion layers.
Regarding antivirus software for which we pay fortunes year after year:
Spoiler alert: I wouldn't advise anyone to use one, even if it sounds counterproductive. These are tools that scan every file on your device to collect data, and there are already multiple cases of these security companies selling this information.
Spoiler alert: I wouldn't advise anyone to use one, even if it sounds counterproductive. These are tools that scan every file on your device to collect data, and there are already multiple cases of these security companies selling this information.
Key Takeaway:
Education about where to go and where not to is better than antivirus software.
The Real Question: Safe From Whom?
We perform multiple actions daily to stay "safe," but safe from whom? That is the real question.
We supposedly protect ourselves from:
- Criminals.
- Cybercriminals.
But what we are forgetting—or perhaps what we most likely never knew—is that there are other protagonists almost no one noticed: governments.
Governments as Silent Watchers
At the forefront are the CNI or NSA, and most will probably say:
"How is that possible?"
"How is that possible?"
You might think I'm only referring to those cases where they infect computers with spyware targeting certain wanted individuals, but that it doesn't affect you as an ordinary person.
Here's the Truth:
That's where we are all wrong.
You Already Lost Before Starting
You lost your security, privacy, and/or anonymity (note: anonymity and privacy are not the same) the very second you:
- Bought your new laptop.
- Or, for the more tech-savvy, assembled your own PC.
The government has all five senses on your device.
How Did You Lose Before Starting?
Simple and straightforward: what they sell you is already compromised.
To be more specific:
- Your motherboard (the "brain" of your PC) contains a small chip: the Intel Management Engine (IME).
Before explaining what this chip does, let me ask:
- Does anyone in 2025 still use a PC from 2007?
- Most likely no one does.
- Does anyone use any motherboard without AMD or Intel as its processor?
- Almost no one, right?
What Does the IME Chip Do?
The Intel Management Engine (IME) is an autonomous subsystem integrated into many Intel processors since 2008. It is designed to facilitate remote management of devices and provides a range of features and services for system management even when:
- The main operating system is not functioning.
- The device is turned off.
Features of Intel Management Engine
-
Autonomous Subsystem:
IME is an independent microcontroller that operates autonomously on the main processor. It runs its own operating system, historically a reduced version of MINIX—a Unix-based operating system. -
Hardware Access:
It has direct access to various hardware components such as memory, storage, network, and processor, enabling it to perform management functions without intervention from the main operating system. -
Remote Management Functions:
IME allows IT administrators to perform various tasks like:- Updating firmware.
- Diagnosing hardware issues.
- Remotely controlling or recovering systems.
It can function even when the device is off as long as it's connected to power and a network.
Why Is This Concerning?
In simpler terms:
It is theoretically possible for a third party—whether a cybercriminal or intelligence entities—to have control over your device remotely without your permission.
Important Reminder:
IME has absolute permissions over your device.
Permission Layers in Systems
For those knowledgeable in this field:
Most systems generally consist of layers of permissions and users—the simplest being:
- System.
- User.
- Sub-permissions like:
- Full Control.
- Modify.
- Read & Execute.
- Read.
- Write.
- Special Permissions.
In this case:
IME would be at the top of everything without you being able to interact with it—disable it or modify it.
IME would be at the top of everything without you being able to interact with it—disable it or modify it.
Can You Disable IME?
There is only perhaps a very remote possibility that your BIOS has an option to partially suppress IME but never an option to remove or degrade it.
Note: There is also its ARM equivalent for Ryzen processors.
Solutions for Regular Users
What solutions exist for us mere mortals in technology and computing?
Here are four drastic options (without delving into details only experts could execute):
-
Never use any PC or laptop manufactured from 2008 onward:
Even if you want to use a 2007 PC, you'll be limited by its computational capacity. -
Use an open-source motherboard:
These are developed by the community and known not to have IME but cannot use Intel or AMD processors—in simple terms—neither Windows nor iOS; Linux-based systems would be the options. -
Not ideal: Change macOS or Windows systems to Linux-based ones like:
- Qubes OS.
- PureOS.
These can partially stop IME but have limitations regarding which programs can be installed by non-experts. -
Lastly: Surrender and accept defeat.
My Personal Take
If you ask me which option I'd choose—the truth is none appeal much—but perhaps two seem salvageable:
- Changing my machine's operating system (the cheap "simple" quick option).
- Buying a compatible open-source motherboard (the ideal option) for my other components.
Final Thoughts
Faced with this rather discouraging outlook—I bid farewell by saying:
We need imminent change because this silently lurks waiting—to cut freedoms forever.