Right? Even setting aside the inevitable “have you considered Linux?” chat, if you’re the kind of person who refuses to install Windows 11, why would you be sure you’ll install Windows 12?
We’ve seen nothing to suggest Windows won’t just continue to get less usable, more bloated, more spyware-ridden, and just generally more anti-consumer.
To me it isn’t even the bloat and spyware, because you can possibly patch those out. To me the issue with 11 and 12 is that they require you to have TPM which potentially could be used to remotely disable your computer without your consent.
You are better off not encrypting your device with it because you can circumvent TPM entirely if you have physical access or admin rights anyway. (So full disk encryption would not work if you were raided). It is a security flaw, and I am certain that the purpose is to allow backdoors and for Digital Rights Management, and you want neither on your computer.
Well I have good news for you, the TPM can’t do those things. The TPM is just a hardware module that stores cryptographic keys in a tamper-resistant chip, and can perform basic crypto functions.
In of itself, it can’t be addressed remotely, but it is usually used as a component of a greater security scheme. For example, in full disk encryption, it can be used to ensure that disk can’t be decrypted on a different device.
There’s been a lot of FUD surrounding TPMs, and it doesn’t help that the actual explanation of their function isn’t something easily described in a couple of sentences.
There’s no reason to be afraid of a TPM, and for the privacy-minded and security-conscious, it can even be used as part of a greater security scheme for your device and its data.
Of course at the same time, it’s not a feature most home users would make full use of, and as for not liking Windows, carry on. There’s plenty of reasons to avoid it if those things are important to you
May I ask a question out of curiosity? If my system dies on a hardware level, and I have to save my hard drive, how can I access it then if I can’t put it in another system?
Generally commercial drive encryption solutions, like Bitlocker, usually has a backup recovery key that can be used to access the encryption key if your TPM is reset, or if your device dies.
So I guess the short answer is most of these solutions don’t fully protect it from being moved to another device, they just add another layer of security and hassle that makes it harder to do. And without the TPM as part of these solutions, you would be entering a 48-character passphrase every time you boot your device, which has several security flaws of its own.
Assuming you use bitlocker on your PC, how do you know the entire content of the TPM (your bitlocker encryption key, etc) cannot be fetched from the TPM by the manufacturer or any third parties they shared it tools and private keys with?
It is my understanding that every TPM has a predetermined private key inside that you the user cannot see, but how can I be sure no one else does either?
And because it is hardware based, how do I as a user know that it does what it claims it does as I would with a software based encryption software that is open source (like truecrypt/veracrypt).
As for DRM, doesn’t Xbox series have their equivalent chips that specifically is used for DRM? Also wasn’t DRM listed as one of the features when they introduced TPM?
Assuming you use bitlocker on your PC, how do you know the entire content of the TPM (your bitlocker encryption key, etc) cannot be fetched from the TPM by the manufacturer or any third parties they shared it tools and private keys with?
The TPM specification is an open standard by the Trusted Computing Group, and there are certification organizations that will audit many of these products, so that’s a good place to begin.
As with any of the hardware in your device, it does require some amount of trust in the manufacturers you have chosen. These same concerns would apply to anything from the onboard USB controllers to the CPU itself. There’s no way to be absolutely certain, but you can do your due diligence to get a reasonable level of confidence.
And because it is hardware based, how do I as a user know that it does what it claims it does as I would with a software based encryption software that is open source (like truecrypt/veracrypt).
This is a reasonable thing to think about, although very few individuals are qualified to understand and audit the source code of encryption software either, so in most cases you are still putting your faith in security organizations or the community to find issues.
When it comes to security, it often comes with a trade-off. Hardware devices can achieve a level of security that software can’t completely reproduce, but they are a lot harder to audit and verify their integrity.
In any case, the TPM is something that software solutions have to explicitly call in the first place, it isn’t something that activates itself and starts digging into your hard drive. Which means if you don’t want to use it in your security solution, then it will sit there and do nothing. You can keep using your encryption keys in clear memory, visible to any privileged software.
I don’t know specifically about the XBox and how it uses it, but the TPM absolutely can be used as part of a DRM scheme. Since the TPM can be used to encrypt data with a key that can’t be exported, it could be part of a means to hinder copying of content. Of course this content still has to be decrypted into memory in order to be used, so people looking to defeat this DRM usually still can. DRM as a whole is often shown to be a pretty weak solution for copy protection, but companies won’t stop chasing it just the same.
I am a software developer, so I have some confidence that I can at least personally verify that the source doesn’t do anything malicious.
And while the software doesn’t have to use TPM, it shouldn’t be up to the software, it should be up to me, the user.
Windows 11 enforces using TPM 2.0, so I get no choice in the matter.
If it becomes standard to use TPM, I the user lose control.
You can keep using your encryption keys in clear memory, visible to any privileged software.
What kind of software would I give kernel level access to? Honestly the only thing I can think of is if I ran it all in a virtual machine and the VM memory was dumped, but other than that, it would imply the OS itself is accessing the RAM, or a hardware level vulnerability allows it, but at this point, how is TPM even going to help?
I’m not, my post said this isn’t an issue till 12, as in, I’m not even considering 11, but I will consider 12.
That said, you can’t stay on 10 forever without losing modern software support and modern drivers and security updates after EOL… So you basically HAVE to move at some point. My point was just in not touching 11. But it’s unlikely that you’ll be able to keep a Win 10 device running till 13 so… It’s either 11 or 12 and with the way Microsofts cycles go, 12 likely will be better than 11.
If not… Well… Maybe Linux and proton will have caught up and Nvidia will actually make drivers etc etc. But not worth worrying about that yet.
Up to XP I used several dos versions, win3.1, 95, 98, 98SE, and then XP. From there I skipped one version, so 7, then 10. Worked out pretty well so far. So my next windows will hopefully also be 12, and I hope it will have a better UI than 11.
Linux is also interesting, but I like gaming without fiddling too much with my operating system, I just don’t want to commit my rare spare time to that. I want install -> play.
Linux is also interesting, but I like gaming without fiddling too much with my operating system, I just don’t want to commit my rare spare time to that. I want install -> play.
With Proton, running Windows games from Steam has become pretty much click-and-play. If you do all your gaming through Steam, most games just work.
For the same reason I’m not still running 7…because you can’t actually stay on one version forever. I’m going to put the whole Linux thing aside because… Yeah, that’s a topic of its own and I think anyone with half a mind knows the reasons why Linux isn’t everyone’s first choice.
But at some point Win 10 will reach EOL and will stop receiving updates. It’ll stop receiving new versions of DirectX etc. People will stop making drivers for it. Software will start requiring things in newer versions of Windows, etc. The list goes on, but inevitably you have to update.
Luckily with Windows, you can usually skip one full release, but you can’t really make it past 2. Hence why I said 12. Am I crazy about the way 12 is shaping out? No. But you’d be crazy to think that you can just remain on 10 forever so I’m being realistic.
Also, Windows is well known to have a shitty even/odd cycle where every other release sucks and the alternating ones are less bad. So hopefully 12 will be the same. For example, 95 was really good, 98 was meh, XP was fantastic, ME/2000 are kind of a joke, Vista sucked, 7 was good enough, 8 was miserable, 10 was okay, 11 is awful… So if the pattern continues, 12 should be better than 11 at least.
I didn’t think this actually needed an answer but… Maybe I’m getting old and am too used to Microsofts cycles. Also, my point was “this isn’t a problem till 12” meaning, I’m not touching 11 so it doesn’t even matter till I start considering 12. Never said I was definitively doing it.
I did in fact use them. Most consumers didnt. Not really worth going to the in and out intricacies when the majority of people brushed past 2000 and never touched pro or had a need for server.
anyone who used NT4 and thought 2000pro was a bad drop is bonkers.
Also, I’m dubious of your experience because 2000 pro WAS window 2000. There was no ‘non pro’ - if you used windows 2000, every day you either saw it boot up saying windows 2000 Professional or Windows 2000 Server or Windows 2000 Advanced Server.
So you’re either misremembering, or kinda full of shit. Confusing it for Windows ME perhaps?
Here’s the summary for the wikipedia article you mentioned in your comment:
Windows 2000is a major release of the Windows NT operating system developed by Microsoft and designed for businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officially released to retail on February 17, 2000and September 26, 2000for Windows 2000 Datacenter Server. It was Microsoft's business operating system until the introduction of Windows XP Professional in 2001. Windows 2000 introduced NTFS 3.0, Encrypting File System, as well as basic and dynamic disk storage. Support for people with disabilities was improved over Windows NT 4.0 with a number of new assistive technologies, and Microsoft increased support for different languages and locale information. The Windows 2000 Server family has additional features, most notably the introduction of Active Directory, which in the years following became a widely used directory service in business environments. Four editions of Windows 2000 were released: Professional, Server, Advanced Server, and Datacenter Server; the latter was both released to manufacturing and launched months after the other editions. While each edition of Windows 2000 was targeted at a different market, they shared a core set of features, including many system utilities such as the Microsoft Management Console and standard system administration applications. Microsoft marketed Windows 2000 as the most secure Windows version ever at the time; however, it became the target of a number of high-profile virus attacks such as Code Red and Nimda. For ten years after its release, it continued to receive patches for security vulnerabilities nearly every month until reaching the end of support on July 13, 2010, the same day that support ended for Windows XP SP2.Windows 2000 and Windows 2000 Server were succeeded by Windows XP and Windows Server 2003, released in 2001 and 2003, respectively. Windows 2000 is the final version of Windows NT that supports PC-98, i486 and SGI Visual Workstation 320 and 540, as well as Alpha in alpha, beta, and release candidate versions. Its successor, Windows XP, only supports x86, x64 and Itanium processors.
Yeah, okay, so this was all just a “Omg just use Linux” type post.
Not everyone can conveniently just ditch a major OS for something with less support. Like I said before, there is a reason everyone isn’t just jumping ship for Linux. People have plenty of legitimate reasons for it from work, to time commitment, to driver support, required software that doesn’t support it, etc.
Good for you that you can switch and deal. Not everyone can. I’m not sure why so many Linux proponents are entirely fucking blind literally every possible reason that might keep someone off Linux and have to come fucking flying in on crusades on some fucking high horse of “Oooh, what peasants, of course everyone should just be switching to Linux!”
Why would you install windows 12?
Right? Even setting aside the inevitable “have you considered Linux?” chat, if you’re the kind of person who refuses to install Windows 11, why would you be sure you’ll install Windows 12?
We’ve seen nothing to suggest Windows won’t just continue to get less usable, more bloated, more spyware-ridden, and just generally more anti-consumer.
To me it isn’t even the bloat and spyware, because you can possibly patch those out. To me the issue with 11 and 12 is that they require you to have TPM which potentially could be used to remotely disable your computer without your consent.
You are better off not encrypting your device with it because you can circumvent TPM entirely if you have physical access or admin rights anyway. (So full disk encryption would not work if you were raided). It is a security flaw, and I am certain that the purpose is to allow backdoors and for Digital Rights Management, and you want neither on your computer.
Well I have good news for you, the TPM can’t do those things. The TPM is just a hardware module that stores cryptographic keys in a tamper-resistant chip, and can perform basic crypto functions.
In of itself, it can’t be addressed remotely, but it is usually used as a component of a greater security scheme. For example, in full disk encryption, it can be used to ensure that disk can’t be decrypted on a different device.
There’s been a lot of FUD surrounding TPMs, and it doesn’t help that the actual explanation of their function isn’t something easily described in a couple of sentences.
There’s no reason to be afraid of a TPM, and for the privacy-minded and security-conscious, it can even be used as part of a greater security scheme for your device and its data.
Of course at the same time, it’s not a feature most home users would make full use of, and as for not liking Windows, carry on. There’s plenty of reasons to avoid it if those things are important to you
May I ask a question out of curiosity? If my system dies on a hardware level, and I have to save my hard drive, how can I access it then if I can’t put it in another system?
Generally commercial drive encryption solutions, like Bitlocker, usually has a backup recovery key that can be used to access the encryption key if your TPM is reset, or if your device dies.
So I guess the short answer is most of these solutions don’t fully protect it from being moved to another device, they just add another layer of security and hassle that makes it harder to do. And without the TPM as part of these solutions, you would be entering a 48-character passphrase every time you boot your device, which has several security flaws of its own.
Assuming you use bitlocker on your PC, how do you know the entire content of the TPM (your bitlocker encryption key, etc) cannot be fetched from the TPM by the manufacturer or any third parties they shared it tools and private keys with?
It is my understanding that every TPM has a predetermined private key inside that you the user cannot see, but how can I be sure no one else does either?
And because it is hardware based, how do I as a user know that it does what it claims it does as I would with a software based encryption software that is open source (like truecrypt/veracrypt).
As for DRM, doesn’t Xbox series have their equivalent chips that specifically is used for DRM? Also wasn’t DRM listed as one of the features when they introduced TPM?
The TPM specification is an open standard by the Trusted Computing Group, and there are certification organizations that will audit many of these products, so that’s a good place to begin.
As with any of the hardware in your device, it does require some amount of trust in the manufacturers you have chosen. These same concerns would apply to anything from the onboard USB controllers to the CPU itself. There’s no way to be absolutely certain, but you can do your due diligence to get a reasonable level of confidence.
This is a reasonable thing to think about, although very few individuals are qualified to understand and audit the source code of encryption software either, so in most cases you are still putting your faith in security organizations or the community to find issues.
When it comes to security, it often comes with a trade-off. Hardware devices can achieve a level of security that software can’t completely reproduce, but they are a lot harder to audit and verify their integrity.
In any case, the TPM is something that software solutions have to explicitly call in the first place, it isn’t something that activates itself and starts digging into your hard drive. Which means if you don’t want to use it in your security solution, then it will sit there and do nothing. You can keep using your encryption keys in clear memory, visible to any privileged software.
I don’t know specifically about the XBox and how it uses it, but the TPM absolutely can be used as part of a DRM scheme. Since the TPM can be used to encrypt data with a key that can’t be exported, it could be part of a means to hinder copying of content. Of course this content still has to be decrypted into memory in order to be used, so people looking to defeat this DRM usually still can. DRM as a whole is often shown to be a pretty weak solution for copy protection, but companies won’t stop chasing it just the same.
I am a software developer, so I have some confidence that I can at least personally verify that the source doesn’t do anything malicious.
And while the software doesn’t have to use TPM, it shouldn’t be up to the software, it should be up to me, the user.
Windows 11 enforces using TPM 2.0, so I get no choice in the matter.
If it becomes standard to use TPM, I the user lose control.
What kind of software would I give kernel level access to? Honestly the only thing I can think of is if I ran it all in a virtual machine and the VM memory was dumped, but other than that, it would imply the OS itself is accessing the RAM, or a hardware level vulnerability allows it, but at this point, how is TPM even going to help?
I’m not, my post said this isn’t an issue till 12, as in, I’m not even considering 11, but I will consider 12.
That said, you can’t stay on 10 forever without losing modern software support and modern drivers and security updates after EOL… So you basically HAVE to move at some point. My point was just in not touching 11. But it’s unlikely that you’ll be able to keep a Win 10 device running till 13 so… It’s either 11 or 12 and with the way Microsofts cycles go, 12 likely will be better than 11.
If not… Well… Maybe Linux and proton will have caught up and Nvidia will actually make drivers etc etc. But not worth worrying about that yet.
Up to XP I used several dos versions, win3.1, 95, 98, 98SE, and then XP. From there I skipped one version, so 7, then 10. Worked out pretty well so far. So my next windows will hopefully also be 12, and I hope it will have a better UI than 11.
Linux is also interesting, but I like gaming without fiddling too much with my operating system, I just don’t want to commit my rare spare time to that. I want install -> play.
With Proton, running Windows games from Steam has become pretty much click-and-play. If you do all your gaming through Steam, most games just work.
Sadly I do non of my gaming through steam. But someone else might find this answer useful!
deleted by creator
For the same reason I’m not still running 7…because you can’t actually stay on one version forever. I’m going to put the whole Linux thing aside because… Yeah, that’s a topic of its own and I think anyone with half a mind knows the reasons why Linux isn’t everyone’s first choice.
But at some point Win 10 will reach EOL and will stop receiving updates. It’ll stop receiving new versions of DirectX etc. People will stop making drivers for it. Software will start requiring things in newer versions of Windows, etc. The list goes on, but inevitably you have to update.
Luckily with Windows, you can usually skip one full release, but you can’t really make it past 2. Hence why I said 12. Am I crazy about the way 12 is shaping out? No. But you’d be crazy to think that you can just remain on 10 forever so I’m being realistic.
Also, Windows is well known to have a shitty even/odd cycle where every other release sucks and the alternating ones are less bad. So hopefully 12 will be the same. For example, 95 was really good, 98 was meh, XP was fantastic, ME/2000 are kind of a joke, Vista sucked, 7 was good enough, 8 was miserable, 10 was okay, 11 is awful… So if the pattern continues, 12 should be better than 11 at least.
I didn’t think this actually needed an answer but… Maybe I’m getting old and am too used to Microsofts cycles. Also, my point was “this isn’t a problem till 12” meaning, I’m not touching 11 so it doesn’t even matter till I start considering 12. Never said I was definitively doing it.
yeah someone never used nt4 would think that. gha.
Windows 2000 pro and server 2000 were enormous steps up in QOL and functionality.
I did in fact use them. Most consumers didnt. Not really worth going to the in and out intricacies when the majority of people brushed past 2000 and never touched pro or had a need for server.
anyone who used NT4 and thought 2000pro was a bad drop is bonkers.
Also, I’m dubious of your experience because 2000 pro WAS window 2000. There was no ‘non pro’ - if you used windows 2000, every day you either saw it boot up saying windows 2000 Professional or Windows 2000 Server or Windows 2000 Advanced Server.
So you’re either misremembering, or kinda full of shit. Confusing it for Windows ME perhaps?
https://en.wikipedia.org/wiki/Windows_2000
Here’s the summary for the wikipedia article you mentioned in your comment:
Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and designed for businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officially released to retail on February 17, 2000 and September 26, 2000 for Windows 2000 Datacenter Server. It was Microsoft's business operating system until the introduction of Windows XP Professional in 2001. Windows 2000 introduced NTFS 3.0, Encrypting File System, as well as basic and dynamic disk storage. Support for people with disabilities was improved over Windows NT 4.0 with a number of new assistive technologies, and Microsoft increased support for different languages and locale information. The Windows 2000 Server family has additional features, most notably the introduction of Active Directory, which in the years following became a widely used directory service in business environments. Four editions of Windows 2000 were released: Professional, Server, Advanced Server, and Datacenter Server; the latter was both released to manufacturing and launched months after the other editions. While each edition of Windows 2000 was targeted at a different market, they shared a core set of features, including many system utilities such as the Microsoft Management Console and standard system administration applications. Microsoft marketed Windows 2000 as the most secure Windows version ever at the time; however, it became the target of a number of high-profile virus attacks such as Code Red and Nimda. For ten years after its release, it continued to receive patches for security vulnerabilities nearly every month until reaching the end of support on July 13, 2010, the same day that support ended for Windows XP SP2.Windows 2000 and Windows 2000 Server were succeeded by Windows XP and Windows Server 2003, released in 2001 and 2003, respectively. Windows 2000 is the final version of Windows NT that supports PC-98, i486 and SGI Visual Workstation 320 and 540, as well as Alpha in alpha, beta, and release candidate versions. Its successor, Windows XP, only supports x86, x64 and Itanium processors.to opt out, pm me ‘optout’. article | about
At some point I’d think you would have left windows behind for most daily tasks. I left around 20 years ago and haven’t had a problem at all.
Yeah, okay, so this was all just a “Omg just use Linux” type post.
Not everyone can conveniently just ditch a major OS for something with less support. Like I said before, there is a reason everyone isn’t just jumping ship for Linux. People have plenty of legitimate reasons for it from work, to time commitment, to driver support, required software that doesn’t support it, etc.
Good for you that you can switch and deal. Not everyone can. I’m not sure why so many Linux proponents are entirely fucking blind literally every possible reason that might keep someone off Linux and have to come fucking flying in on crusades on some fucking high horse of “Oooh, what peasants, of course everyone should just be switching to Linux!”
Fuck off with your condescending bullshit.
I use macOS.
Same problems, different name, and some new problems thrown in on top. Moving along.
Such as?