Sure, CompuTrace and similar technlogies has it’s place, on some devices owned by some high-security enterprises. I really dislike that OEMs appear to put CompuTrace in ALL (AFAICT) new devices. This is somewhat like how Microsoft has used Secure Boot as an excuse to lock down Windows PCs from loading non-Windows OSes. NIST advice for this doesn’t prevent a local user from selecting the OS they want, however. OEMs should be providing two levels of security, tamper-proof devices, for high-security enterprises, and owner-configurable devices, which let the owner have the ability to configure the silicon/firmware security/privacy features, and install the OS they prefer.
Strange, I thought only companies and governments are allowed to access your device’s CompuTrace phone-home chips and firmware. But it appears that there are multiple companies selling support for this to end-users, see the advertisements here:
https://twitter.com/search?q=computrace&src=typd
Companies: decide carefully if you want to use tracking software on your employees. Or at least do it politely:
OEMs: please make CompuTrace-free model(s) of at least one of your (server, laptop, tablet, and smartphone) product line. Privacy-minded consumers will probably even pay a premium for it.
By now, I would have presumed some privacy-minded activist group like the FSF would have a campaign against this, perhaps as part of their Free Hardware campaign…
https://twitter.com/delroth_/status/679972181061820416
Lenovo: fix your CompuTrace QA, see above.
Modders: If you have disabled CompuTrace module in firmware, perhaps using UEFITool or another tool, please write a quick HOWTO, for others to benefit from, such as above Lenovo user. Thanks in advance!
Firmware Security 