The Dangers of Microsoft Pluton

The same things that make it good in a corporate environment can make it abusive in a personal machine.

By forcing the kernel to be untamperable, Microsoft can arbitrarily enforce ANY policy they choose on your PC. They could spy on every single piece of network communication. They could ban any given software from being able to run on Windows - maybe Chrome, maybe Steam, any competitor at all. They actually could easily enforce laws on banned content too - any given website, book, audio or video could be impossible to consume, and an attempt to try could be reported to Microsoft. They could stream the contents of your display and mic and camera at any time to anyone they choose. There is literally nothing they cannot do with complete control over the kernel. And since the kernel and Windows itself is closed source, there are ways to hide all of it so you would never even know.

Security is great but it also goes hand-in-hand with control and surveillance. Every capability to increase security also increases the amount of control those providing the security have.

> They actually could easily enforce laws on banned content too

Exactly this. As soon as governments (or lobbyists) discover that this level of control is available to them, they will introduce whatever remaining laws they need, banning E2E encrypted chat apps, or Tor, or bittorrent clients.

I suspect that, like civil asset forfeiture, or running commands on botnet-infected devices[0], these actions will have only the thinnest veneer of "due process" applied to them. After all, if your computer is running "illegal" software, why should the government wait for your permission before deleting that software, or even tell you that it had done it after the fact?

[0] https://uk.pcmag.com/security/139675/us-disrupts-cyclops-bli...

> They could ban any given software from being able to run on Windows - maybe Chrome, maybe Steam, any competitor at all.

IIRC, this was the reason Valve created SteamOS: they feared Microsoft would use their control over Windows so that the only viable software store on PCs would be Microsoft's own store.

Microsoft doesn't need an "untamperable" kernel to force spying on users. Windows 10/11 has horrible invasive telemetry that can't be disabled, but no one has figured out how to modify the OS and strip it out, all the "solutions" involve temporarily disabling services or blocking network traffic. Is there actually some new capability here that points to future surveillance and censorship, or are you just fitting everything Microsoft does into a narrative where these things are just around the corner and waiting for the right technology? In my opinion the technology has been there for many years, it's just waiting for the US to go insane enough to implement massive censorship.

Like the App Store.

Hopefully we get the digital markets act over here for similar protections

But you can install your own OS. You can't disable this tool via another OS.

Particularly now that heterogeneous computing is making it big, video decoding can easily just be made not to work unless this tech stack okays it--regardless of the OS.

This chip could all out disable other operating systems if they don't provide the spyware telemetry that Microsoft requires.

By "this tool" do you just mean the Pluton system in general or some specific thing? The attestation stuff is a software feature that would be disabled by booting another OS that doesn't support it. It needs the Pluton hardware to be possible, but the software side is in the OS not hardcoded on the chip.

Disabling other operating systems would be done by the BIOS if manufacturers locked down the configuration of existing secure boot functionality, doesn't need any new features.

If I'm not mistaken, "no one has figured out" is factually incorrect. https://ameliorated.info/ blocks nearly all OS network requests (and hopefully all OS telemetry) by physically removing the relevant files from the system (though this breaks UWP apps, .appx, and such), and disables Windows Update to prevent telemetry components from being reinstalled. I use it on a near-daily basis, and it works quite well in most cases, although having a separate admin account by default, not being able to create new accounts (they show black screens), and missing features (Action Center and notifications) do sting, and I'm worried about the lack of security updates. If you do choose to use it, https://git.ameliorated.info/Joe/amecs is important for configuring the system.