this post was submitted on 22 Jun 2023
48 points (100.0% liked)
Technology
37737 readers
378 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The way it was explained to me was that TPM allows windows to get a unique identifier for your motherboard which is supposedly similary to how nvidia identifies users for telemetry with gpus. But i digress i am not an expert on these particular kinds of tech.
Why would windows make it mandatory if its only required for an optional feature?
Your motherboard already has a unique identifier, as does your CPU, your GPU, and I believe your RAM too. It's how their licensing system can tell when your existing Windows install has been transferred to another set of hardware You can overwrite data on your motherboard, but it's like 0.0001% of users who'd do that, so Microsoft doesn't care.
Now, it's possible there are errors in what I'm saying, I'm not an expert. But.
TPM allows Windows to make sure it's still on the exact same machine it was on before, for sure. No trickery. So if you lock your drive with Bitlocker using TPM, it's not possible to just clone your drive and try to unlock in another machine. Any data theft requires the user to have possession of the exact machine you configured it on, in addition to your Windows/Microsoft password. And if someone does something funky with your motherboard firmware, you can't unlock the drive either, because it's no longer the same trusted one. At the same time, a legitimate firmware update from the manufacturer can screw things up too if they're negligent about it. I believe Bitlocker has recovery keys for occasions such as this.
It's also a sort of a secure key storage I believe, so things like Windows Hello facial recognition use it (Apple similarly uses T2 for touch ID on modern macs, but since touch ID came before T2, I'm not sure what they used before).
Basically it has security features, some of them allow for comfort features, some for stuff you don't need too much as a regular joe, but Microsoft is enforcing better security defaults like this because there are ridiculously obscure threats out there and they don't want to be known as "the operating system that gets the most viruses" anymore. Windows is already the only operating system you need to pay money for (MacOS licenses are technically free, but you do need the hardware, so there's still a cost to be fair), but it's also got the reputation for being the least secure historically (no longer such a clear cut case, thanks to the work they've been putting in, for an example, Microsoft Defender is actually pretty decent).
Oh I absolutely understand there are proper usecases for TPM like all our work laptops have bit locker enabled. But my personal device is a Diy desktop of Theseus that doesnt leave my house and it doesn’t really have all that much sensitive data anyway. My main issue with tracking/identifiers/telemetry is they use it to serve ads tailored to my behaviors they learned from the data they verified from me using those same identifiers. I am something of an anti-advertisement extremist for psychological reasons. There designed to get in my head and physically hurt.