I don’t really like Windows but it’s for my gaming PC. My laptop does run linux. I don’t know much of anything about 11 and whether it’s better or not.

  •  boonhet   ( @boonhet@lemm.ee ) 
    link
    fedilink
    English
    9
    edit-2
    1 year ago

    Uhhhh what telemetry thing in the motherboard?

    If you mean the TPM, that’s not for telemetry, it’s for security. It does still have some implications you might not enjoy though - IF you use bitlocker on Windows AND have TPM enabled, I believe you can’t move your drive to another device because it requires the original device’s TPM for decryption (and no, you can’t just swap out a TPM module either - it won’t be the considered the same device). That’s about all you need to fear from the TPM.

    All the windows telemetry stuff is in Windows settings. And of course there’s some you can’t disable in windows settings either, but there’s scripts for stuff and you can run pihole and block every non-essential microsoft domain.

      •  boonhet   ( @boonhet@lemm.ee ) 
        link
        fedilink
        English
        4
        edit-2
        1 year ago

        That’s a side effect of your device being more secure, yes. After all, the most secure device is a simple rock. Nobody can hack it and it can’t rip Marvel movies off Disney+.

        To be clear, Microsoft doesn’t give a single fuck about you doing piracy, they actually need your device to be secure because otherwise you might switch to another OS for security. Disney and the like, however, will likely in the future require you to use a TPM2 device for advanced DRM.

        Of course, if this is something you’re rightly worried about, the right course of action isn’t to install Windows and disable TPM (which also, as I said, does nothing for disabling Telemetry). It’s to install a Linux distro that’s hopefully not Ubuntu, because that’s way too commercial and not free enough.

        Also, at the moment, the Linux desktop install base is small enough that any streaming service can just disable their services for Linux users altogether, TPM or not. So we do actually need to be voting with our OS installs and sooner rather than later.

          •  boonhet   ( @boonhet@lemm.ee ) 
            link
            fedilink
            English
            21 year ago

            It disallows certain attacks other people could perform on your devices. I’ve already explained this in 2 other comments in this thread.

            Firstly, even with physical access to your device, it’ll be harder to fuck with the firmware or software on your computer. Windows literally can’t unlock your data if something’s fucky, because TPM won’t give it the required keys. Secondly, TPM can be used as a more secure way to store encryption keys in general. And thirdly, you get hardware random number generation, which can be very useful if your system’s entropy is too low.

            Yes, unfortunately it also means DRMs can force you to consume content on only the exact same hardware you purchased it for. But there ARE legitimate use cases for TPM too. TPM has been used in enterprise settings for over a decade.

            Luckily for now at least, there’s a solution for the whole DRM issue too. It’s called piracy. Plenty of DRM free content out there. It’s possible that some streaming content literally won’t reach your favourite torrent site because hardware DRM, but I’m not TOO worried about it personally, because HDCP can be bypassed, so there’s still a way to capture the signal, it’s just between the computer and the screen.

            But overall, definitely use Linux instead of Windows with TPM off if you’re worried about ANY of this. And I mean, sure, keep TPM off, it’s highly unlikely that you’ll actually need the niche extra security it provides on a personal device.

            • The only one with physical access to my hardware trying to fuck with the software is me. Evil maid attacks are purely hypothetical for almost everyone, and suggesting that TPM is necessary to protect against them is dishonest. TPM is a much greater threat than any it purports to protect against.

    • The way it was explained to me was that TPM allows windows to get a unique identifier for your motherboard which is supposedly similary to how nvidia identifies users for telemetry with gpus. But i digress i am not an expert on these particular kinds of tech.

      Why would windows make it mandatory if its only required for an optional feature?

      •  boonhet   ( @boonhet@lemm.ee ) 
        link
        fedilink
        English
        4
        edit-2
        1 year ago

        Your motherboard already has a unique identifier, as does your CPU, your GPU, and I believe your RAM too. It’s how their licensing system can tell when your existing Windows install has been transferred to another set of hardware You can overwrite data on your motherboard, but it’s like 0.0001% of users who’d do that, so Microsoft doesn’t care.

        Now, it’s possible there are errors in what I’m saying next, I’m not an expert. But here’s how I understand it.

        TPM allows Windows to make sure it’s still on the exact same machine it was on before, for sure. No trickery. So if you lock your drive with Bitlocker using TPM, it’s not possible to just clone your drive and try to unlock in another machine. Any data theft requires the user to have possession of the exact machine you configured it on, in addition to your Windows/Microsoft password. And if someone does something funky with your motherboard firmware, you can’t unlock the drive either, because it’s no longer the same trusted one. At the same time, a legitimate firmware update from the manufacturer can screw things up too if they’re negligent about it. I believe Bitlocker has recovery keys for occasions such as this.

        It’s also a sort of a secure key storage I believe, so things like Windows Hello facial recognition use it (Apple similarly uses T2 for touch ID on modern macs, but since touch ID came before T2, I’m not sure what they used before).

        Basically it has security features, some of them allow for comfort features, some for stuff you don’t need too much as a regular joe, but Microsoft is enforcing better security defaults like this because there are ridiculously obscure threats out there and they don’t want to be known as “the operating system that gets the most viruses” anymore. Windows is already the only operating system you need to pay money for (MacOS licenses are technically free, but you do need the hardware, so there’s still a cost to be fair), but it’s also got the reputation for being the least secure historically (no longer such a clear cut case, thanks to the work they’ve been putting in, for an example, Microsoft Defender is actually pretty decent).

        • Oh I absolutely understand there are proper usecases for TPM like all our work laptops have bit locker enabled. But my personal device is a Diy desktop of Theseus that doesnt leave my house and it doesn’t really have all that much sensitive data anyway. My main issue with tracking/identifiers/telemetry is they use it to serve ads tailored to my behaviors they learned from the data they verified from me using those same identifiers. I am something of an anti-advertisement extremist for psychological reasons. There designed to get in my head and physically hurt.