Microsoft did a highly unusual move with the new Windows 11: It requires the activation of a piece of hardware in your PC called the "TPM" module (Trusted Platform Module) . This module will turn your PC into a so called "trusted computing" platform. In the past, a lot of PCs (if not almost all of them) shipped with this module disabled, for very good reasons.
You better hold your socks, because this is not some alarmist nonsense, it is quite a big deal. How you decide today about it not only affects your operating system, but also your fundamental basic rights and freedoms and the well-being and integrity of our society.
Why it is there
Many branches of digital industry did not like the idea that people are in principle in full control over the things that happen on their PCs. They wanted to e.g. make a product that charges the user double or triple in a row for the same benefit, such as listening to a song, opening a PDF file or playing a video game. But given that the owner still has actual control over their PC - like a car owner has control over their car who can in principle decide to drive wherever they want - then no software can effectively dictate such things upon you. And even if it tried, then you can just use tools to repair the software and stop it from trying. Because it is your PC and you are ultimately in charge of what it does. Even if the software is trying to pull tricks on you.
This is why the industry wants to establish "trust" into your personal affairs on your PC: they have no trust in how you use their products and whether or not you use them in a manner that they personally deem as desirable and permissible. They want to cripple the abilities and possibilities you naturally have, in order to charge you extra for having it run in a normal manner. This is why the industry needed to implement a hardware mechanism, that guarantees that you no longer have a final say in how your PC functions. You would just take a backseat like in a taxi that used to be your own car, or a backseat in a restaurant that used to be your own kitchen. And after everything was easy and free the first year, suddenly a glass of water will cost $3 instead of $0.03 and you have already been too contracted and entangled into their scheme to move away from it.
This is why the lobby organizations TCPA/TCG were formed at the end of the 90s, that ultimately pushed the TPM 2.0 module into each and every modern PC that exists today. Digital rights organizations such as the EFF have fought the TPM module and warned about it since its inception. Now that the trusted computing infrastructure has been established, Microsoft is making its final move in trying to take you for a fool.
What it does
To put it simply, the TPM grants any piece of software the ability to effectively hide data from the user. The user (who is not to be trusted) cannot make sense of this data and cannot change this data in a meaningful way. This is ensured by special cryptographic processes that run totally isolated inside the TPM module. This also implies that the data cannot be erased without the software ceasing to function entirely, until this exact hidden data is reinstated. In many ways this is comparable to websites being able to store secret cookies on your PC that you cannot ever erase. It might not strike you as such a doomsday scenario at first, you might think that cookies are just a small thing after all. And they are really useful for a lot of totally harmless features. But you have to consider, that this thought only holds true to how websites function today with regular cookies. Over time websites and governments would team up, adapt to this new power and abuse it for all kinds of purposes. Some of those purposes are highly dangerous and detrimental to all sorts of issues. The exact same is true to the TPM module.
Where it will lead to
20 years ago there was a huge public outrage online, caused by the plans of the TCPA/TCG and later of Microsoft with their "Palladium" platform. Back then, many experts and organizations have warned about the dangers and long-term implications of "trusted computing". In the early 2000 internet, unlike today, Wikipedia did not exist yet and corporate disinformation campaigns were rather limited to conventional methods, like buying research and academic papers, politicians or simply B2B advertising. Ultimately the resistance of major outlets and associations seemed so high online, that the industry did a pull back. Palladium did not happen - yet. Under the disguise of giving you a choice about the TPM, they covertly implemented trusted computing on every modern PC in the shadows. The "innocent" TPM module was planted like a ticking time bomb. Long since then buried, forgotten and grown plenty of grass over, Palladium is now making a comeback. The mandatory TPM module in Windows 11 is Microsoft's silver bullet designed to outpace any public debate or informed choice about it.
Here are some of the negative long-term consequences of trusted computing:
- it enables universal censorship by corporations and governments and thus cripples free speech (affects: journalists, critics, activists, writers, consumers, ordinary people)
- it enables infallible, unpreventable and totalitarian forms of tracking, profiling, deanonymizing / personal identification, mass surveillance and spying by corporations and governments
- software can run in any sort of arbitrary manner, e.g. to milk money, and it can not be changed
- software within the scheme can execute untrusted malicious code that the user has no control over
- it can lock users out of their own data intentionally or accidentally
- it can prevent users from exercising their rights and basic freedoms
- it enables corporations to engage in anti competitive practice
- it ultimately enables corporations to entirely shut down free software and digital freedoms
"The real problem is that it's possible to make a service or product that you can only access if you have an activated TPM. In the future, if you disable your TPM you may lose the ability to exchange documents or email with your coworkers, buy music online, or do any number of important things that require your computer to communicate with other computers. This will force you to keep your TPM enabled all the time in order to get stuff done. If you have to keep your TPM enabled all the time, then you get all the bad effects of Trusted Computing like government/commercial spying and other people controlling your computer. " ~ Disabling TPM
It is very easy: never ever activate the TPM module, no matter the cost. If you know people who are ignorant of the problem then send them information material and try to explain it to them. You cannot run Windows 11 without the TPM module, fine. This will eventually change, if enough people boycott it. Windows 11 might even become a failed OS, like Windows Vista did or Windows 8 and the next version will be less erroneous. Also consider that you will probably be able to run Windows 10 for another 8 years. So switching now will only yield disadvantages to you. If you do IT support or provide aid to friends and relatives, you can refuse to help them if their computer has its TPM module activated, and offer to install Windows 10 instead.
But if you ask me personally: the best course of action is to switch to Linux right away. Pick Ubuntu, it even runs on a substantial variety of phones now. There are local Linux groups that can help you. Free software is about freedom, for yourself and for all of us. We need to care about our environments and the future we set for our children. What political parties and software we elect to have power over our lives and society. The digital realm and the internet are no exception to the rule. It matters just as badly.
Always check that the TPM module is disabled in the BIOS. Never enable it. It is highly dangerous.
If you have already made the wrong choice, there is still time to do the right thing.