Windows 11 TPM Chip is Privacy Invasion

Windows 11 TPM Chip is Privacy Invasion

In this video, Rob Braxman discusses the privacy implications of the TPM (Trusted Platform Module) chip in Windows 11 computers, arguing that it poses a significant threat to user privacy and control. Rob Braxman shares his experience of data loss and explains how the TPM, BitLocker, and Microsoft’s cloud services work together to create a system where Microsoft has extensive access to user data and system configurations.

Key Points:

  • TPM Chip & Windows 11 Requirement: Windows 11 requires a TPM chip (version 2.0), which Rob Braxman argues is not just a security feature but also a privacy risk.
  • BitLocker Enabled by Default: BitLocker, a drive encryption feature, is now automatically enabled on new Windows 11 PCs and is tied to the TPM.
  • Endorsement Key (EK): The TPM has a unique, factory-burned-in endorsement key (EK) that acts as a digital passport for the machine. This EK is tied to the user’s Microsoft account and cannot be changed or deleted.
  • Microsoft Platform Crypto Provider (PCP): The PCP routes all TPM operations through Microsoft’s cloud, giving Microsoft access to all security interactions, including Windows Hello, BitLocker, and other application interactions.
  • Platform Configuration Registers (PCRs): PCRs record hardware configurations, and changes (like swapping SSDs) can trigger Windows to lock the drive or alter the boot sequence.
  • Remote Attestation: Applications can remotely query the TPM and get a signed PCR quote, allowing them to verify the device’s configuration and potentially deny access based on the results. Microsoft’s Azure attestation service is already live.
  • Windows Copilot & Recall: Windows Recall takes screenshots every few seconds, storing them in an encrypted database, with the TPM used for encryption. This raises concerns about potential data collection and analysis by Microsoft.
  • Kill Chain: Rob Braxman outlines a “kill chain” where Microsoft can identify, configure, observe, and ultimately lock users out of their systems based on their identity, configuration, behavior, and policies.

Fighting Back:

  • Don’t use Windows 11 as your main OS: Stick with Windows 10 or use Linux.
  • Disable or reset the TPM: Disable in BIOS or reset using Clear-TPM in PowerShell (but only if you never log in again to Microsoft).
  • Never use embedded AI: Avoid Copilot, Apple Intelligence, and Google Gemini.
  • Boycott attestation apps: Switch banks or services if they use attestation.

Highlighted Information:

  • “Cyber security is not privacy.” Rob Braxman emphasizes that security measures implemented by tech companies may not align with user privacy interests.
  • The EK (Endorsement Key) is permanent and unchangeable, acting as a permanent identifier for your machine.
  • Microsoft can build a database of every Windows 11 machine and track user activity through the TPM and cloud services.
  • Rob Braxman draws parallels to debanking and social credit systems, suggesting that this infrastructure could be used to control user access to services based on their system configuration or behavior.
  • “You are not the user. You are the product.” Rob Braxman concludes by urging viewers to take action to protect their privacy and control over their devices.

YouTube Video

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *