got this is my mail box : Life's better together when you avoid Windows 11



From an information security standpoint I don't think my TPM is out to get me... :) I do. think that Microsoft is doing things to reign in the abuse of their licenses. Some of their activities are a bit intrusive for my taste but its no worse than other products. I tried out windows 11 and there is nothing revolutionary in it. I can understand dropping the backwards compatibility as it makes development of new products easier. Free products have their place but don't see people who develop software for a living as conspirators in some tyranny. Free products can also be an attack vector used to let an unwitting user to download themselves into problems. Free isn't always free. I use linux almost exclusively as I can achieve what I need to do without buying licenses or upgrading hardware. I also have lower expections. If something doesn't work the way I expect it I just back out of it or start over. Many folks are not looking to turn their computer into an experiment. They want to turn it on and epect everything to work. Wow guess that article triggered me a bit.. :) Found myself defending Microsoft a bit more than they deserved
 
Last edited:
@jpnilson I think the very fact that you'd need to defend M$ says enough. They're not trying to fight the good fight for their licenses, they are trying to force people to get TPM'ed. Also, truly free, that is Libre OSS is hardly much of a vector. Play Store apps have been shown nefarious, so, yeah, that "porn.exe" or "Please install our fast downloader to download your file: Quikdoanlowd.exe" or "Shooter.exe" is probably a vector for adware or turning your PC into a zombue on a botnet, that's erroneous "freeware" and people who install that deserve it. I have never had 1 single virus or intrusion on my non-Linux machines, from DOS to Windows 7 (that's where I quit 100%). So stupid is stupid. If Linux a bigger share, idiots would do it with AppImages. I mean people would copy+paste "rm -R ~/" into their console (or the worse version, lol).

@Everyone: MS pushing for TPM is getting a foot in the door. Piracy aint hurting them and user security is just an excuse to push for a system of greater control which is harder to circumvent.
TPM 2.0 is already able to be used for anti-cheat systems. That means it has substantial power over your PC.
That's what's being forgotten with these technologies. They should not exist because they undermine the user's absolute control over their PC. Yes, their PC which is a physical object they paid for and own.
How long do you think before TPM will be used to outright block certain software (maybe 2.0 won't be as easy, but next revision it will -- between that and intel's ME, I'm sure blocking certain execution will be flying a fcking kite with next gen ME breezily scanning L1 cache)?
Say you have a Playstation emulator app. Sony need only pay MS to prevent it working on MS and it won't be a simple hack to get around. Now Sony wouldn't but Ninetendo would since they are actually at war with emulators. Call it piracy all you like, but it is not piracy until you illegally download a game you do not own and play it. And before anyone on this thread uses the "gun = emulator = tool for (killing/piracy)" analogy: emulators, to date, have never killed people and I support freedom of gun ownership anyway.
Quite honestly, what I do with my PC has nothing whatsoever to do with my OEM, my OS, or my apps -- except the app I'm using for that action and there's a boatload of nuance there. If I do (and I don't) pirate Photoshop, that has fckall, fckall, to do with my OSdm and MS do not get to police what I do with my machine, (even if I'm watching 24-hour beastiality clown porn). My pirating Photoshop is between me and Adobe. That's it. If I crack Adobe's protection, tough shite, stop btching and improve on it. Okay, so some of you want to make the argument we should all band together to fight piracy, kiddy porn, terrorism, hacking, grooming, beastiality, ... and whatever BS threat I missed out on. Since we're past the point of false equivalence already with the gun comparison, lemme do a thought experiment (or two):
1) Should an attourney tell the court if his client said something to him that proves she really is The Mushroom Killer? Err, it'd be nice, but he is not allowed to coz there is a system in place to ensure fair trials. What if his client was drunk, she slurred some words, they were misheard/misinterpreted. Best not drink in front of your own fcking attourney.
2) Kay, above was extreme, so try this: The Fifth Amendment. You Americans love this one. It's not just self-incrimination, it includes not being deprived of liberty without just cause. Both are undermined by daily PC use if there is an electronic policeman in your PC. See by that, using your PC to commit an offense incriminates yourself. While arguing over liberty, I remind you that just cause is not retroactive. Furthermore, if you cannot use your PC how you see fit, that ain't liberty to begin with!!
The industry throws excuse propaganda to justify so-called safety precautions to protect users and intellectual property. They use The Horsemen (terrorism, child porn, et al) to justify more invasive measures. A set of questions:
1) Who is safer? a) Uninformed user with super anti-virus installed. b) Informed user with nothing installed? Spoiler alert: it's b.
2) Does DRM protect against piracy? Is there a single Netflix show not available for illegal download thanks to DRM? Spoiler: No.
3) Did cyber spying prevent 9/11? Well we don't remember that date for fun. Do terrorists rely on modern technology more than decentralised word-of-mouth cells (and individuals)? No. Fair enough: do some terrorists use modern comms? Sure, but not being able to it ain't gonna stop them and they'll wisen up to stop using everyday tech after a few plans get foiled.
4) Would privacy-invasive actions help the authorities managing to catch badguys. Sure. Would it help authorities prevent crimes? Ask victims of violence and exploitation.
5) Would privacy-invasive tech finally stop child porn? Yes...but only on your PC. Reality check: CP has been around longer than the net. While WWW did make distribution easier, it's not gonna stop pedos. See before CP was big online, there were them clubs. Groups of friends. And people who "knew a guy". Yeah, actually having CP online was a good thing, it made dumber pedos easier to catch and I don't mean to seem harsh, but little Jenny still got abused, whether 1 copy of her abuse video or 100 got around. She didn't get abused for each copy and the sick fck who did it enjoyed it so he didn't do it for the cash -- that was a bonus. So, please think of how legit this CP argument is. It's not.
6) Would it stop spreading of disinformation? No. It'd stop spreading of select disinformation. If you still believe half the crap on TV or in the papers, you're screwed mate. Jounalistic integrity died completely by the end of the 1990s. Take some controvertial topics (plural) and investigate both sides of each yourself. A pattern emerges. Besides, even if you choose to believe mainstream news, do you honestly thinks cults of conspiracy theorists were born online. The anti-vaxxers started in the 1980s when 5 idiots a paper saying childhood vaccines caused autism (FTR: I am neither pro- nor anti- vaxx with Covid -- I made up my mind, you make up yours).
7) Does anti-cheat software work? Honestly who gives a flying fck, it's a computer game, not an application for a position as head surgeon.
What I'm getting at is there are: a) Zero justifications for these technologies, and b) dangerous consequences which may include foiling your plans to out a minister who did some money laundering, all coz he is proactively protected by dear lil' de-anonymising tech. Or worse, you wanna do some Snowden-level whistleblowing. Maybe just spread anti-government sentiment. "Nothing to hide"... Yeah and I'm The Easter Bunny. The aforementioned do and brave people like that are risking everything to save our fat asses.
Look, everyone has secrets or something to hide. Most of ours are downright dull, like the fact we visit the library on Tuesdays just so we can check out that fine assistant in her skinny jeans. For some, it gets a wee bit saucier when we sneak a few snaps for the spank bank as she bends to pick up the book we left on the floor. And then there's pirates: yar, stealing money out of the pockets of multi-million enterprises. And then there's the more hectic stuff.
Bottom line is I don't want someone able to find out that I secretly watch Lego stop-animation porn or if I'm dating online.

But I digress. Those things are to come. Right now there's a real possibility that what software we use could be blocked from working (properly at least). That's the "now" issue. I hope more people move away from Windows. I hope that between the GNU/Linux and *BSD systems, we can even just hit around half of Apple's market share. I believe in freedom to do as I wish with my hardware that I bought fair 'n square (and software would be nice, too -- yes, I believe Libre OSS does have great commercial potential with the right business model and yes, I'd buy the game if I hadn't already donated during development -- but I'm a realist and foresee the pitfalls that are hard to reconcile, not just from a commercial POV).

I guess it boils down to one simple thing that humans have faught to have for themselves and take from others since the dawn of civilisation: Freedom.

And sorry for the long-winded, ultra-verbose post. Call me passionate.
 
Well I guess I don't see the ability to circumvent anti-cheat software as a great argument. Personally every system running in my home has a TPM. After having been burglarized a couple times its nice to know that my disk drives roaming about the country are not decryptable by the creep on the way to the pawn shop. As for viruses on linux machines I would agree that they are not that common for the typical end user. If you are a business with a significant public presence you are being probed constantly. Someone will find a way in, maybe wreak havoc , maybe install a rootkit and have their way with your business. Although linux is inherently easier to keep secure it is susceptible to all manner of compromise by a bad actor.
 
Lol, mate, I wasn't putting the ability to circumvent anti-cheat as a good point, was saying that it wasn't really a strong case and using TPM for it makes me feel uneasy bout how TPM may be leveraged/used in the future so far as censorship is concerned.

As for storage devices, hate to break this to ya and anyone reading this, but physical access will mean I can get your data if that's what I want, unless you use decent encryption. In the scenario of theft, luckily nobody would bother with your storage except to wipe it and install a most likely cracked version of Windows. So if they did snoop, they'd hit an encryption brick wall and move on. I put my personal stuff in a file container which is nicely portable, easy to backup in cloud storage, and easy to keep on a bootable 32GB flashdrive with a bare, but functional OS (what I have).

I do agree any system can be vulnerable, just *nix systems mitigate it by design. It's near impossible to get a virus if you follow the rules, and if you did get any malware, you'd need to give it privilege to become a rootkit, or even impact on anything besides ~/ and /tmp and a few /var/... places. So between running as an underprivileged user and jailing, you're reasonably protected.
Linux attacks are mainly network related. So that only matters if you have a remote login, eg ssh-server. So for daily use, a desktop user is mostly safe.

The actual idea of TPM is not inherently bad. It's the implementation that sucks. It needs 100% transparency and end user accessibility (which will strengthen, not weaken, security), otherwise it'll remain this potential ultimate nightmare for freedom and privacy advocates.
Guess people like me value freedom over pragmatism. We want our devices to truly be our devices.
 
Well I guess I don't see the ability to circumvent anti-cheat software as a great argument.
With the technology available today anti-cheat software shouldn't be needed to run as kernel rootkits on the client, it could be done on the server-side only in combination with machine learning. If they can use machine learning for all sorts of scientific appliances including medical. They can sure as hell use it to create an anti-cheat system only needed to run on the server-side that automatically picks up new cheats/hacks and blocks that client on the server side automatically.
 
Last edited:
Thinking of why someone would do this on the client side I would suspect its easier to implement. Spending the money to develop some sort of AI solution would be expensive. It would also be resource intensive to do on server side. Offloading that to the clients would be much easier. TPM stores Keys that are used to identify who you are. Not exactly a rootkit. I guess if one wants to play a game or use software they need to comply with the license. TPM merely helps enforce that.
 
And if one wants to not play a game and not use a software, one still has to comply??
Storing keys to uniquely identify who you are... How is that an okay lor a good thing? Esp, when you can''t opt out.

Re rootkit, by merit of being able to run on a root, kernel, or firmware (note firmware) level, that makes it a rootkit. Rootkits are not malware necessarily as we define it. It just refers to a certain level of control usurped from the user and their device
 
TPM securely store and protect keys. It identifies the hardware not a human being. The connection between a TPM and PII are made in a vendor database who undoubtedly received information from the end user in the first place. At best a TPM is like the license plate on your car. The plate identifies the owner and maybe that you paid your taxes if you have access to the right database. The requirement for driving the car. If you are worried about being identified there are ways to keep that from happening. If you want to use the software you have to follow the rules.
 

Staff online


Top