There are some speculations about TPM uncontrollably sending data to manufacturer servers if a laptop has any Internet connection. Others say it’s not intended/capable of that, like this answer for example (which is 5 years old though).
Lemmy, what do you say?
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.44K Posts
- 57.4K Comments
- Modlog
You confuse TPMs with Microsoft’s proprietary pluton processor, which is now being forced into consumer grade CPUs from AMD and Intel.
Tl;dr: TPMs are very unlikely to make your privacy better or worse, but they could definitely be abused by a company like MS to make end users’ experiences worse. They could also be used for significant security and privacy gains… they’re a tool.
The TPM can be used to provide a cryptographic binding between aspects of your system’s configuration and a unique key which is resident within the TPM (a process called “attestation”). It can also generate secondary keys that are associated with the base key, and use those to do cryptographic operations like encryption/decryption and authentication.
Telemetry wise, the TPM’s only utility might be to “prove” that the data sent from your PC wasn’t tampered with. That said, I don’t think MS is actually doing that, and they don’t need to in order to be incredibly invasive in their telemetry.
The (imo) worst way in which a TPM might be abused in a user-hostile sense is to detect if the OS has been modified by the user, or if an installation isn’t legitimate, etc. That could be used to disable certain features if you try to install unauthorised software, dual boot Linux or whatever. This would be similar to the smartphones of today, which can for example disable access to banking apps if jailbroken/rooted.
TPMs (>2.0 at least) otherwise have the potential to realise a significant improvement in security and privacy for users, if used correctly. They can be used for encryption and credentials that are bound in hardware and therefore practically impossible to steal. And can detect hardware tampering and potentially foil Evil Maid attacks. Imagine if your login sessions for various websites were bound to your hardware, such that a dodgy extension could never steal your cookies.
Big thanks for detailed answer! My understanding is more clear now.
The TPM doesn’t do anything by itself.
But if Windows is sending all of your data, including stored files and passwords for some third party like its TOS says it can, than that’s Windows breaching your privacy. Or if the remote management hardware that comes with every computer is allowing some third party to access it with more capabilities than even you have, like they are normally designed, than that’s your CPU’s manufacturer breaching your privacy (but those are supposed to be turned off).
But again, the TPM by itself doesn’t do anything.
Playing devil’s advocate here: what’s the chance TPM is preloaded with garbage that would make Microsoft blush, but the operating system you’re using is Linux
with the typical proprietary blobs that you need these days?Edit: got rid of an extra confounding variable in my question
You are looking at the wrong place. The TPM is a very standard piece of hardware, that shouldn’t even need firmware (it would completely cancel the entire point of it). It enables a whole lot of shit, but it isn’t the thing that does the shit.
Now, you can go look at the always-on network enabled uncontrollable management unity that exists inside your computer’s processor… Intel pinky swears they can’t access them in any way and will only activate them if you pay extra¹; AMD AFAIK doesn’t even try to say anything.
1 - Makes sense to you? Well, how do they activate it if they can’t access it?
It does, much appreciated!
This is fake
Is this windows 11 and onward? Can you override it? Because it might also not be an unauthorized copy.
deleted by creator
Looks bad enough. But what’s TPM role in this?
Microsoft Pluton is a kind of TPM with additional features:
https://learn.microsoft.com/en-us/windows/security/hardware-security/pluton/microsoft-pluton-security-processor
https://www.microsoft.com/en-us/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/
Funnily enough, they don’t advertise preventing users from opening unapproved media files as a feature. So that could either mean they’re sneaking it in, or that the image is not genuine.