Honestly I’m surprised that they cant just be remotely disabled. I’m not advocating for this feature by the way. I’m just surprised that it’s not a thing.
How would it be a thing? You don't even need a network card, much less a network connection, to use a GPU. I guess they could manufacture these in a way that requires online activation of the firmware, but that would be a big step in the wrong direction of consumer rights.
Each and every second-hand buyer in the world would block nvidia in the firewall after that. You know you need to tighten the screws when your GPU is trying to phone home.
In that case, it can easily be swapped around: card won't run unless it can reach an online endpoint.
E.g. to fetch some binary blob that must be loaded in firmware. Only handed out and signed when requester is known to be legit.
Not saying I'd like this, or that I endorse this, though.
And yet I would bet they already do phone home and send shittons of information.
But to use that to self destroy if stoken or the like would likely generate way too much negative PR to nvidia and bring unwanted attention, so they wont.
I know for a fact my drivers do not phone home. The only GPU driver I've used for years is the one that comes in the linux kernel. It's open source, I haven't read all the code, but I know I could and I know the developers wouldn't be phoning home.
I'd bet a large number of linux users are in this situation since nouveau (nvidia), intel, and amdgpu drivers all exist in the linux kernel and work well.
I'd also bet that whoever buys this type of nuclear-powered graphics card does not plan to use a driver that will not allow 3D gaming or bitcoin mining.
Consumer rights haven't taken a loss because there is no consumer and no rights. Users have no right to use stolen property. The have rights when they legitimately acquire the product.
Even if its changed hands, its still illegal to purchase stolen property and the police will just take it from you without compensating you.
You never "really owned" a TV because they were never open source. If the feature never activates, it never affects the user in any way and it may as well not exist. If it does activate wrongly, you have consumer law and protections to get your money back.
I'd argue that serial number checks would be the company protecting it's property. It would be far better if the company could rely on the state to protect its property.
I also really don't see activation lock as consumer rights taking a loss, thieves aren't consumers. Being able to brick hardware that thieves steal is a consumer protection. If EVGA started to block resale, that would be a completely different story, but I was happy to activation lock my stolen iPhone. Apple lets you resell, but if you steal a truck load of iPhones I doubt they would activate.
I mean doesn't Microsoft already phone home a unique GUID identifying the hardware in your computer that it ties Windows key activations to? And since Microsoft owns Canonical, probably in Ubuntu as well (on the defaults)?
Easy. Gate critical API calls implemented in the hardware behind cryptographic signature verification. You sign the firmware using your private manufacturer's key. You validate with a public key burnt into the Silicon.
They apply the same type of gatekeeping to power management and reclocking in post-Maxwell GPU architectures. This is why the nouveau driver hasn't been able to maintain parity with the proprietary driver.
I can't quite remember the search engine contortions I did to home in on it the first time, but I think "Falcon high-security power-management reclocking firmware signature verification Maxwell 970 GPU driver" should get you in the right direction.
Basically, Nvidia cryptographically signs the firmware blob (digest), and I think uses asymmetric crypto implemented through a public key embedded in the silicon that can decrypt the firmware signature shipped with the driver for comparison by the Falcon microprocessor to gate access to what firmware code can gain access to the power management/reclocking API's that make modern gfx cards useful. I was doing some research on it at one point between jobs, but it's been a while. Long story short, if Nvidia doesn't bless your firmware, you can't get full use out of your card. Anti-competitive/anti-user as all hell, no network connection required, and you can technically still "use it" at a near useless base clock rate.
This practice is part of why there was all that controversy around that hash-rate limiter added to 3060/70 GPU firmware?
A signed development version of the driver without the hash-rate limiter was leaked, meaning all the miners just used that as their driver to get full performance cryptocurrency mining on the cheaper cards.
This is why, God as my witness, I will do everything in my power to never support Nvidia as a company ever again, and I have become increasingly vigilant against other actors trying to sneakily push cryptography based anti-features elsewhere.
I was never interested in hardware at this level of gory detail before, but now that I've seen it it can't be unseen; and I must protect open computing for those who come after me.
It could be done if nvidia cooperated. It's basically impossible to use a nvidia gpu without the driver software which _is_ networked. Nvidia already added malware to their drivers before to stop mining so blocking some stolen cards would not be out of the question.
Nvidia drivers work just fine with no networking, I've used them so frequently.
The anti-mining technique that Nvidia uses depends on firmware modifications as well. Thus the firmware of these stolen GPUs must already support such a banlist.
You could in theory keep it fully offline but at some point you are likely to accidentally allow it network access or want to update the driver and if that happens, the card is bricked. It also makes the cards completely worthless on the second hand market.
They absolutely can though. The driver has the ability to connect to the internet and the company has shown that limiting hardware via software is something they do.
How about this... some of these will probably be sold to unwitting gamers, right? So push a driver update with the hot serial numbers and have it pop up a window saying "tell us who sold you this GPU and not only will we let you keep the card, but we'll even throw in a free year of GeForce now" (EVGA can foot the bill). Then track down the thieves, done.
> some of these will probably be sold to unwitting games, right?
Probably not, they’re more likely to get used for mining by someone who knows they’re stolen. The thieves already know that selling them is extremely risky. Which is why tracking from the driver is an interesting idea, but also probably won’t work. But then again, we’re only speculating, so maybe it’d work!
"push a driver update with the hot serial numbers and have it pop up a window"
Sure that runs foul of computer misuse act, millioms od people were downloading a driver, and you used it to get admin rights and take control of their computer, and 99.9% of them have no stolen GPU.
It's like if you broke into and searched every house in London to find a batch of srolen iPhones, you aren't allowed to do that
Let's ignore the privacy and consumer rights implications of what you're proposing for a second. Is the cost of adding remote tracking and disabling capability to every EVGA video card worth it? How does that impact their ORM customers knowing that they're now on the hook for any security failure EVGA has? They could introduce a vulnerability far worse than anything they prevent. Any hacker that compromises EVGA's remote kill switch keys could now hijack their entire user base.
So EVGA loses a truckload of hardware in a theft in an event so rare that the fact that it happens makes the front page of hackernews. Unless this starts to be a pattern, it makes far more sense for them to file an insurance claim and write off the loss than to try a risky technical solution - which might not even work, given that hackers are really good at bypassing DRM solutions anyway.
Auto-updating software and drivers have been around for ages by now, quite often with pretty lousy security. A lot of companies even require you to register your hardware to use all features - NVidia, for example, but AFAIK Razer does, too. Oculus comes to mind as well. Wacom even tracks you from within their driver [0] and I won't even go into the insanity that AV software does.
They might theoretically be on the hook for damages they introduce, but in reality, there's already a ton of services running on every device that can compromise you if the infrastructure behind it is hacked. EVGA wouldn't even be a worthwhile target.
And, as mentioned above, NVidia already has the necessary infrastructure in place. So the effective cost for doing this would be close to zero.
> which might not even work, given that hackers are really good at bypassing DRM solutions anyway.
Hackers are, yes. But the price you fetch for a card will go down massively if you need high technical skills to run it.
Would you purchase an Evga card if you knew they could disable it remotely? How about if you’re an OEM and you’re bundling video cards, would you risk the hit to your brand?
From the pov of the end user this is an anti feature. It makes the product worse.
I don't disagree that this is an anti-feature. My point is, companies get away with far worse and people probably wouldn't stop buying EVGA because of it. In fact, they obviously don't, as the NVidia driver already has that capability. Windows does, too.
So the answer to
> How about if you’re an OEM and you’re bundling video cards, would you risk the hit to your brand?
is clearly yes, as has been shown in the last years. Hell, we have cars that can be disabled remotely. Nearly nobody cares about about them creating a capability you could reasonably assume they already had. You and I might, but most consumers care about FPS - and getting a card at all - much more.
Thinking about it a bit, there are physical solutions EVGA/NVidia can take that don't rely on introducing DRM components into the software. One that comes to mind would be stamping a red embossed serial number into the plastic around the entire chassis around the card. It wouldn't look very nice but it would be nearly impossible to remove and sanding it down would look extremely obvious that it was a stolen card in any product listings.
Is it dumb? Many manufacturers already do this. Samsung had a case recently where they bricked all of the stolen smart TVs. Apple would do this as well. Basically any technology product company has or is considering having the ability to brick stolen devices.
And I'm not against this either. The law can provide a strong set of rights for actual owners, but if your product is stolen, you have no rights over it.
For laptops and smartphones, sure being stolen a common risk, and that kind of functionality grants the end-user some protection, and perhaps a chance to recover the good.
For TVs and motherboards, GPUs, printers, etc it's basically superfluous DRM that typically only serves the manufacturer.
Overall Smart TVs have been the polar opposite of user-respecting technology.
Of course anti theft serves the manufacturer. And I think that is ok. If you have a stolen product, you have 0 rights to use or posses that product.
Once you purchase the product legitimately, you now have legal protection so that the OEM may not lock you out. Products should respect the owner. Stolen products are still owned by the OEM and not the person physically holding the product.
Almost appropriate. 99.99% of houses are never robbed and yet everybody locks them. Of course we can leave our doors unlocked and that's the difference: choice. We should be able to turn off DRM. I can accept that without DRM I can't watch that streaming service (even if there are many ways to circumvent and/or to prove a purchase) but not to use a product for my own sake (eg: run my software on it.)
Without going to entirely FOSS TV firmware, I'm not sure how this matters at all. It will never trigger for legitimate buyers and if it ever does somehow, you call the company. If they do not cooperate, you take it up with your consumer protection agency and they fine the company for you.
But the reality is that it never will activate and you wont ever know about it so it can't possibly impact your life and there are appropriate safe guards against misuse. It's about as useful as asking why you are forced to use a specific brand of flash chip on the image processing board.
Ebay can definitely (as in feasible) block or delete listings for stolen goods based on serial numbers. Not sure if they do that but I think they do this for bikes?
If they disabled mining on all GPUs and hardware not intended for that purpose, video card prices would return to normal in a month.
Unfortunately it's too late; we just entered the era in which every appliance consumes less power, yet there is an unprecedented demand for energy, and it grows steadily. What will happen when everyone on the planet will want their own mining machine on 24/7?
"They" == "those who can do that", that is, developers under their employers direction.
Not every sentence containing "they" is necessarily a flat earth like conspiracy.
