It’s a decision that may seem like a no-brainer. You’ve got a new job, and they’ve just given you a brand-new ThinkPad. Perfect, you think to yourself. It’s about time I got rid of that 10-year-old MacBook Air.
I’ve been there. Surveys have shown that over half of workers use work-issued devices for personal tasks — whether sending personal messages, shopping online, accessing social media, or reading the news. The prospect of using your work laptop as your only laptop — not just for work, but also for Netflixing, group chat messaging, reading fanfiction, paying bills, and emailing recipes to your mom — is understandably tempting, especially for folks who work from home. Keeping work tasks and personal tasks in one place may feel like...
This advice applies to phones too. Do not use work devices for your non-work activities, and do not use your personal devices for work purposes. Both scenarios can give your employer much more control and visibility into your private life than they should have.
Nope. Battery powered lawn mowers have too many drawbacks for me. They're heavier and harder to push. They have less power than corded mowers. The battery takes too long to charge, possibly leaving you with a half-mowed lawn. The battery will lose capacity over time, eventually requiring replacement. If you don't have the mental capacity to manage an electric cord, maybe you shouldn't be operating a lawn mower at all.
Riot’s new game, Valorant, has already come under criticism for its anti-cheating methods, but the company plans to further tighten its requirements. According to the Twitter account @AntiCheatPD, Valorant now requires a TPM to be installed if a player is running Windows 11:
Valorant has started to enforce both TPM and Secure boot if YOU are playing on Windows 11 to ensure a trusted platform when playing Valorant. @RiotVanguard team yet again leading the anti-cheat industry in the right direction for competitive integrity pic.twitter.com/qgTM1yNqdA
Using TPM to enforce anti-cheating provisions is an interesting idea, but it could come with some significant downsides for user privacy and anonymity. Riot can do more than ban a user’s account or IP address. It can ban the actual, physical PC. Each TPM has a burned-in RSA key that cannot be changed. Ban the RSA key, and you ban the entire machine. Riot also requires Secure Boot to be enabled on all Windows 11 installations.
In theory, some desktop systems could avoid this problem by swapping out the physical TPM module. It might still be possible for some desktop users and enthusiasts to regain access to the game by decrypting their drives, disabling Secure Boot, replacing the TPM module, and then re-enabling Secure Boot and the new TPM module, but this exercise must be approached with care.
While disabling Secure Boot will not wipe a PC, removing an existing TPM module will make a drive unreadable unless it is decrypted first. Additionally, this “workaround” is only possible on motherboards that support a separate TPM header/module. If the end-user’s TPM support is built directly into the UEFI, as is typical, you’d need a new physical UEFI chip (assuming it can be swapped) or an entirely new motherboard.
We’re no fans of online cheating, but cheaters are not the only people potentially being watched here. Forcing every computer to authenticate through a hardware module whose authentication key cannot be changed may stop cheaters, but it also provides a much more effective method of monitoring what people say and do online. China, for example, is now heavily restricting the amount of time children can game in part by requiring game developers to implement facial recognition software. It’s implemented a social creditspying system that monitors and grades what citizens do and say online.
Microsoft’s TPM 2.0 requirement in Windows 11 ties your system to a single encryption key that can be read to identify that PC, specifically. It can theoretically be used as part of a DRM authentication scheme to confirm you have the right to access content. While a TPM module is not DRM in and of itself, it can absolutely be used as part of DRM systems. A TPM module is not the only way to track a machine’s activity online — MAC addresses can also be used for this purpose — but companies like Apple have implemented MAC address randomization in iOS devices when they scan for networks. It’s not clear a TPM 2.0 key can be obfuscated in a similar way.
This scheme hearkens back to Intel’s decision to include a unique identifier flag inside the Pentium III or Microsoft’s proposals for Palladium nearly 20 years ago. The problem is made more complicated by the fact that TPM modules and Secure Boot both have legitimate security uses. It would be easier to declare this a unilaterally bad development if MS didn’t have a cogent security argument to make.
But just because a company has an argument doesn’t mean end users are required to accept it. Our concern at this point isn’t for cheaters who get banned from games they cheat in. It’s for the way this capability will likely be abused by corporations and governments in the future. It would be naive to pretend this will not happen.
As the 2016 paper “Privacy Concerns of TPM 2.0” discusses, the Trusted Computing Group that created the TPM 2.0 standard has attempted to address privacy concerns around the technology, but it has done so in a way that may exacerbate future problems. The authors note:
The privacy concerns of TPM 2.0 are due to the way privacy is defined by TCG. In the specifications of trust requirements for TPM 2.0, TCG excludes the manufacturers of TPM chips and computing platforms from the set of potential privacy threats. This assumption is unrealistic for corporate and private users of computing platforms especially in the post-Snowdon [sic] world we live in, where we know that (secret) state sponsored tracking and mass surveillance is a reality. (Emphasis Original)
The paper claims that the TCG’s privacy model for TPM 2.0 “models remote transaction parties as the sole potential threat to end users’ privacy. It remains silent about potential threats from TPM manufacturers and law enforcement entities.” The authors also note that privacy is supposed to be central to the goals of the TCG and TPM 2.0, writing, “It is therefore surprising to read in the TPM 2.0 specifications that end-user privacy has been partially traded off to give TPM manufacturers the power to identify and trace end-user computing platforms.”
TPM 2.0 is good for companies and governments that want more control over how someone can use their own hardware and what services they’re allowed to access. It’s hard to argue with the idea that manufacturers should crack down harder on cheating in video games if it guarantees a better experience for their players. Just be aware that the same technology that protects the system also functions to control it. This control will be abused by some governments and corporations and it’ll be used to justify yet more data gathering.
How one feels about Microsoft requiring a TPM 2.0 chip in Windows 11 is a matter of personal opinion, but be aware that the company’s talk of improved security comes at the cost of decreased user control. TPM 2.0 doesn’t just provide increased security, it also exposes every PC to potentially increased surveillance.
Microsoft has announced it will support Windows 10 until October 15, 2025. Hat-tip to THG for surfacing this one.
So... TPM 2.0 brings new risks to buying used hardware. Is that eBay deal going to get a machine that won't run software because it was once used by a bad person? This story is only talking about blocking games, but the ability could easily be used by other software companies.
Over Labor Day weekend, a social media firestorm began when Tripwire CEO John Gibson tweeted his endorsement of a recent Texas anti-abortion law that prohibits abortions at six weeks. The controversy ended with Gibson's swift departure from his company, following disavowals from multiple associated studios.
Tripwire Interactive, the Georgia-based studio and publisher responsible for games like Maneater, Chivalry 2, and the Killing Floor series, confirmed Monday that CEO John Gibson has been replaced by Vice President Alan Wilson, who will lead the company as it searches for a new head executive.
"The comments given by John Gibson are of his own opinion and do not reflect those of Tripwire Interactive as a company," the developer said in a statement. "His comments disregarded the values of our whole team, our partners, and much of our broader community. Our leadership team at Tripwire are deeply sorry and are unified in our commitment to take swift action and to foster a more positive environment."
If he was Joe Sixpack, sure, but there is a risk for a C-level executive who makes policy when wading into a potent political argument. There is a history of companies meddling with things like health coverage, parental leave, etc. and a board of directors is likely to look at that from the perspective of how many customers might stop buying, the impact on hiring, and whether this could prove expensive if an employee sued alleging harassment or unfair treatment — no, it's not a given that it would cost them but it's also easy to replace someone with a more prudent candidate who will likely perform just as well.
The private email service Protonmail is drawing harsh criticism from its users after providing IP information linked to a French activist who used the service, as first reported by TechCrunch.
The data was requested as part of a broader investigation into a group of climate activists who have occupied a number of apartments and commercial spaces in Paris. While the members of the group are anonymous, one had used the address “firstname.lastname@example.org” in online postings. As a result, French police sought to identify any persons linked to the account.
Because ProtonMail is based in Switzerland, it is not subject to French or EU requests. But the company is still subject to requests...
I think they could certainly do that if you're using their webmail interface. They do have a "bridge" product which would probably be more difficult to compromise on an individual basis. But yeah...the IP logging isn't particularly surprising. They obviously collect that information and discard it under normal circumstances. They should've used the TOR service: https://protonmail.com/blog/tor-encrypted-email/
Apple is delaying its child protection features announced last month, including a controversial feature that would scan users’ photos for child sexual abuse material (CSAM), following intense criticism that the changes could diminish user privacy. The changes had been scheduled to roll out later this year.
“Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material,” Apple said in a statement to The Verge. “Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing...
Finally! This article at least mentions one of my concerns about Apple's CSAM scanning announcement. If I had an Apple phone I would be upset about their plan to use up some of *MY* storage, CPU, and bandwidth (to update the hash table) - to scan for things that they'll never find on *MY* phone. I bought the phone, I pay for the bandwidth, Apple doesn't have the right to use my resources.