People, for better or worse, have always been a little touchy about unique identifiers. Social security numbers. Barcodes. RFID. GUIDs. In this day and age of massive registration databases, of drive-by identity theft, a number can be a very powerful thing.

You may remember the sound and fury over the Pentium III processor's embedded serial number, a feature which could have been used (potentially) to track a user's computer without the user's knowledge or consent. This was back in 1999—ancient history—but it was taken quite seriously at the time. In the United States, the Federal Trade Commission was asked, repeatedly, to investigate the technology as an unfair and deceptive trade practice. Meanwhile, across the Atlantic, an advisory group to the European Parliament came very close to recommending a complete European ban of the chip.

Intel was and is one of the premiere technology companies in the world. And yet the message was clear, on both sides of the Atlantic: stay the f--k out of our lives. Intel was forced to first disable, and then discontinue entirely, the tracking feature. And you know what? In hindsight, the privacy concerns were probably exaggerated. Computer hardware is and has always been full of unique or semi-unique markers. That's how most licensing and registration software works, after all: by taking a look at a couple pieces of hardware and cobbling together a unique key.

Fast forward, ten years later.

Today I'd like to talk to you about an electronic privacy issue which is a hundred times more serious than the Pentium III, and a hundred times less publicized. This technology, which exists today, and which quite possibly is working its deceptive magic on your computer even as you read this, is exactly what the world was worried about when the Pentium III was introduced. Back then, the privacy concerns were unfounded.

Today, not so much. Read on.

Imagine, if you will, that your computer has been branded with a unique identifier, very similar to the one introduced with the Pentium III. Only this unique identifier isn't associated with a particular piece of hardware; it's associated with your entire machine—the one you're using to read this, and who knows, maybe the one your kid uses. You can change your CPU; doesn't matter. Reformat your hard drive; doesn't matter. The identifier persists.

And this is where it gets scary.

Let's imagine that this "computer barcode" was distributed across the Internet without your knowledge or consent, linked into a massive online database containing some 60,000,000 unique device identifiers, each one representing a personal computer somewhere in the world: yours, mine, your next door neighbor's, your cousin's in Tuscaloosa, your uncle's in Paris. And let's assume that this database was billed as "fraud prevention" technology, but that it was maintained by a private company selling their services—access to this database—for cold, hard cash. With zero oversight. Zero regulation. Zero anything.

Would it bother you?

Because, ladies and gentlemen, this technology already exists.

Exactly as described above.

And it's far more common than you think.

And if you're reading this article, there's a better than average chance that you've already been infected with it (and "infected," believe me, is the word).

Welcome to the wonderful world of ieSnare.

Sporting a name that smacks of destructive Internet script kiddie hubris, and backed by the resources of a dedicated company by the name of iovation, ieSnare is quietly one of the nastiest, most underhanded pieces of spyware/malware this author has encountered, in a long history of spyware-induced pain and anguish. It is quite simply a worldwide, online, profit-driven computer blacklist capable of uniquely identifying your machine (once submitted to the database) whenever you visit any site, or use any product, protected by the ieSnare system. In iovation's own words:

iovation ReputationManager utilizes proprietary methods to uniquely identify devices connected to the Internet, creating unique identification for them that remain constant across all subscribing online businesses. For example, a PC device connecting to one online gaming or e-commerce site protected by iovation ReputationManager is assigned a device identifier by the same method used to identify PCs connecting to other e-commerce sites/networks protected by the system.

Hello, Big Brother.

Tellingly, there is no publically available listing of companies who employ ieSnare technology although you can find various mentions and references on Google. I found out about ieSnare because I noticed that the Full Tilt, Ultimate Bet, and Bodog online poker clients were opening a curious file on my local hard drive:

STM.SOL is what's known as a Flash local shared object—which is basically a Flash "cookie". And unless you're a web developer, I'll bet you had no idea that there was even such a thing as a Flash cookie, or that Flash cookies are immune to typical "delete cookie" commands in your web browser. What's more, ieSnare sneaks under the radar of most antispy software because Flash cookies are either ignored, or viewed as low-risk items.

Like most successful spyware, ieSnare capitalizes on user ignorance. Whether or not ieSnare is an acceptable way to prevent fraud and/or increase operational efficiency is a discussion we can have once companies stop trying to slip this technology in through the electronic back door.

And by the way: guess who provides at least some of the funding for iovation?

Anybody?

The selfsame company which brought you the Pentium III and the unique identifier that caused such a stir ten years ago: Intel.

What a coincidence. No matter how things change, it would seem, the more they stay the same.