Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 0 00:00:00,400 --> 00:00:05,200 Many of you who are users of Windows 10 1 00:00:02,480 --> 00:00:08,080 are likely in panic since Windows 10 is 2 00:00:05,200 --> 00:00:11,519 about to be classified as end of life by 3 00:00:08,080 --> 00:00:13,679 Microsoft. End of life is today, October 4 00:00:11,519 --> 00:00:17,039 14th, 2025, 5 00:00:13,679 --> 00:00:19,680 a day that will live in tech infamy. 6 00:00:17,039 --> 00:00:22,640 Currently, still 40% of Windows users 7 00:00:19,680 --> 00:00:24,640 are still on Windows 10. 8 00:00:22,640 --> 00:00:27,119 Likely the main reason you have not 9 00:00:24,640 --> 00:00:29,679 updated to Windows 11 is because you 10 00:00:27,119 --> 00:00:32,480 cannot. Your old computer is considered 11 00:00:29,679 --> 00:00:35,200 junk now because it doesn't have this 12 00:00:32,480 --> 00:00:38,160 thing called a TPM chip. You're being 13 00:00:35,200 --> 00:00:40,640 pushed to get a C-pilot PC, one that is 14 00:00:38,160 --> 00:00:42,399 equipped to handle the AI companion, 15 00:00:40,640 --> 00:00:45,200 even though likely you have not come up 16 00:00:42,399 --> 00:00:48,239 with a reason to want to use some spying 17 00:00:45,200 --> 00:00:50,399 AI in your daily computer life. So, you 18 00:00:48,239 --> 00:00:52,079 don't want this. But it's worse. So, 19 00:00:50,399 --> 00:00:53,600 Microsoft has basically been 20 00:00:52,079 --> 00:00:56,640 systematically 21 00:00:53,600 --> 00:00:58,480 exerting dominance over its users to the 22 00:00:56,640 --> 00:01:02,000 point that you question now if your 23 00:00:58,480 --> 00:01:04,000 machine is yours or if it is Microsoft 24 00:01:02,000 --> 00:01:06,159 and you're just paying for it. Just to 25 00:01:04,000 --> 00:01:09,840 put some balance in this video, let me 26 00:01:06,159 --> 00:01:12,320 show you that I have a long career as a 27 00:01:09,840 --> 00:01:14,159 Windows developer and I've had Bill 28 00:01:12,320 --> 00:01:17,280 Gates demonstrate my software at a 29 00:01:14,159 --> 00:01:19,119 keynote speech and I'm a Windows expert. 30 00:01:17,280 --> 00:01:21,840 And for many years, even as a privacy 31 00:01:19,119 --> 00:01:23,680 guru, I had a tolerant approach to 32 00:01:21,840 --> 00:01:25,520 Windows since there were many ways I 33 00:01:23,680 --> 00:01:27,520 could configure it to avoid privacy 34 00:01:25,520 --> 00:01:29,920 dangers. But in recent years, with the 35 00:01:27,520 --> 00:01:32,640 advent of Windows 11, I have to say that 36 00:01:29,920 --> 00:01:34,479 Microsoft has truly gone crazy. And the 37 00:01:32,640 --> 00:01:38,320 current direction of Windows 11 tells me 38 00:01:34,479 --> 00:01:41,040 that it is time for all of you to go. 39 00:01:38,320 --> 00:01:43,439 You are not a Microsoft slave. You own 40 00:01:41,040 --> 00:01:46,960 your device. Take your freedom back. 41 00:01:43,439 --> 00:01:49,600 dump Windows otherwise it will own you. 42 00:01:46,960 --> 00:01:51,840 Microsoft has plans for you and you will 43 00:01:49,600 --> 00:01:54,640 not like those plans. What I'm going to 44 00:01:51,840 --> 00:01:56,960 discuss here are the specific reasons 45 00:01:54,640 --> 00:01:58,880 that I have to part ways with Windows 46 00:01:56,960 --> 00:02:00,560 and hopefully software developers make 47 00:01:58,880 --> 00:02:02,960 good versions of their products in 48 00:02:00,560 --> 00:02:05,920 Linux. So we have little reason to use 49 00:02:02,960 --> 00:02:09,119 this Windows 11 garbage and you will 50 00:02:05,920 --> 00:02:11,360 discover that it is garbage. Yes, this 51 00:02:09,119 --> 00:02:16,120 is a rant. So, if you want to learn the 52 00:02:11,360 --> 00:02:16,120 specifics, stay right there. 53 00:02:21,599 --> 00:02:26,480 Windows 10 end of life. While it is 54 00:02:24,640 --> 00:02:28,239 definitely the right of a software 55 00:02:26,480 --> 00:02:30,640 company to classify their old software 56 00:02:28,239 --> 00:02:33,280 as end of life, especially after 10 57 00:02:30,640 --> 00:02:35,760 years of release, one needs to ask why 58 00:02:33,280 --> 00:02:37,760 there's so much resistance. I've never 59 00:02:35,760 --> 00:02:40,720 encountered so much resistance to moving 60 00:02:37,760 --> 00:02:44,560 to a newer version. likely since DOSs 61 00:02:40,720 --> 00:02:47,360 3.1 to Windows and that was justifiable. 62 00:02:44,560 --> 00:02:50,400 Windows required new hardware since DOS 63 00:02:47,360 --> 00:02:52,720 3.1 was textbased and Windows was 64 00:02:50,400 --> 00:02:55,519 graphical and tons of software had to 65 00:02:52,720 --> 00:02:57,680 change to go to Windows which took time. 66 00:02:55,519 --> 00:02:59,280 But in theory, most apps that work in 67 00:02:57,680 --> 00:03:02,239 Windows 10 will still work in Windows 68 00:02:59,280 --> 00:03:04,879 11. Yet there's so much resistance and 69 00:03:02,239 --> 00:03:07,920 much of it likely is because the users 70 00:03:04,879 --> 00:03:10,640 cannot upgrade to Windows 11. Microsoft 71 00:03:07,920 --> 00:03:13,040 itself is blocking them. In order for 72 00:03:10,640 --> 00:03:15,760 many users to move to Windows 11, they 73 00:03:13,040 --> 00:03:18,080 have to buy newer computers. And the 74 00:03:15,760 --> 00:03:20,560 justification for this on the Microsoft 75 00:03:18,080 --> 00:03:23,920 side is twofold. First is the push for 76 00:03:20,560 --> 00:03:25,920 this security chip called a TPM chip 77 00:03:23,920 --> 00:03:28,640 which is lacking on old computers and 78 00:03:25,920 --> 00:03:31,360 which I will tell you now is a huge risk 79 00:03:28,640 --> 00:03:34,000 to privacy. And the second justification 80 00:03:31,360 --> 00:03:36,000 for Microsoft is to encourage more 81 00:03:34,000 --> 00:03:39,760 people to use Windows C-Pilot, which 82 00:03:36,000 --> 00:03:42,640 creates AI capable computers. Again, a 83 00:03:39,760 --> 00:03:45,519 massive risk to privacy. But there's 84 00:03:42,640 --> 00:03:47,440 more. New computers using Windows 11 now 85 00:03:45,519 --> 00:03:50,000 turn on Bit Locker, which is disk 86 00:03:47,440 --> 00:03:53,120 encryption by default. You might think 87 00:03:50,000 --> 00:03:55,440 this is a good thing, but not really. 88 00:03:53,120 --> 00:03:57,599 Windows has been forcing us to use cloud 89 00:03:55,440 --> 00:03:59,840 services constantly with features like 90 00:03:57,599 --> 00:04:01,760 one drive to ensure that you keep your 91 00:03:59,840 --> 00:04:05,200 files on Microsoft servers. And now 92 00:04:01,760 --> 00:04:08,959 they're pushing the new Windows backup. 93 00:04:05,200 --> 00:04:11,040 There's the push for Office 365 again to 94 00:04:08,959 --> 00:04:12,799 ensure that Microsoft keeps your 95 00:04:11,040 --> 00:04:15,439 documents. 96 00:04:12,799 --> 00:04:17,680 Or how about the Microsoft ID and the 97 00:04:15,439 --> 00:04:20,479 constant battle to ensure that you have 98 00:04:17,680 --> 00:04:22,720 a computer free from a privacy invading 99 00:04:20,479 --> 00:04:25,120 identifier? or how Microsoft keeps 100 00:04:22,720 --> 00:04:27,040 forcing updates that you cannot turn 101 00:04:25,120 --> 00:04:29,199 off. I'm going to cover all these 102 00:04:27,040 --> 00:04:34,040 approaches by Microsoft and explain to 103 00:04:29,199 --> 00:04:34,040 you why you don't want them. 104 00:04:34,240 --> 00:04:39,040 Microsoft ID. 105 00:04:36,880 --> 00:04:40,960 I'm sure this irks a lot of people 106 00:04:39,040 --> 00:04:44,320 lately. It is extremely difficult to 107 00:04:40,960 --> 00:04:46,720 install Windows without a Microsoft ID. 108 00:04:44,320 --> 00:04:48,479 Basically, Microsoft wants you to log 109 00:04:46,720 --> 00:04:51,440 into them just like Apple and Google 110 00:04:48,479 --> 00:04:53,919 requires you to to ensure that device is 111 00:04:51,440 --> 00:04:56,240 tied to an identity. There's still a way 112 00:04:53,919 --> 00:04:58,240 to avoid the Microsoft ID, but it is not 113 00:04:56,240 --> 00:05:00,639 obvious and requires so much trial and 114 00:04:58,240 --> 00:05:03,120 error to figure out. But basically, most 115 00:05:00,639 --> 00:05:05,120 people will be forced to put an ID card 116 00:05:03,120 --> 00:05:07,919 on your computer. So, whatever you do on 117 00:05:05,120 --> 00:05:10,240 the internet can be attributed to your 118 00:05:07,919 --> 00:05:12,240 particular machine. When Microsoft began 119 00:05:10,240 --> 00:05:15,039 pushing this heavily in later updates of 120 00:05:12,240 --> 00:05:17,280 Windows 10 and now locked in in Windows 121 00:05:15,039 --> 00:05:20,960 11 for the most part, it was the first 122 00:05:17,280 --> 00:05:24,479 sign of a red flag. Microsoft became big 123 00:05:20,960 --> 00:05:26,880 all of a sudden again as a company once 124 00:05:24,479 --> 00:05:29,520 they moved their infrastructure to a 125 00:05:26,880 --> 00:05:31,759 cloud-based one. This has guaranteed the 126 00:05:29,520 --> 00:05:35,120 income stream to Microsoft and raised 127 00:05:31,759 --> 00:05:38,880 their position as the number two company 128 00:05:35,120 --> 00:05:41,919 in valuation at $3.9 trillion. This 129 00:05:38,880 --> 00:05:44,400 growth in the cloud is Satiana Dela's 130 00:05:41,919 --> 00:05:48,160 claim to fame. So the idea of the 131 00:05:44,400 --> 00:05:50,400 Microsoft ID is to tie you to the cloud. 132 00:05:48,160 --> 00:05:52,800 One drive means you store your data to 133 00:05:50,400 --> 00:05:54,720 the cloud. Lately they're pushing 134 00:05:52,800 --> 00:05:58,160 Windows backup. And of course with 135 00:05:54,720 --> 00:06:01,360 Office 365, Xbox, and now with Copilot, 136 00:05:58,160 --> 00:06:04,479 your life will truly reside in Microsoft 137 00:06:01,360 --> 00:06:07,039 servers. This of course is the original 138 00:06:04,479 --> 00:06:09,280 Google formulas, so they're keen to 139 00:06:07,039 --> 00:06:12,000 dominate that now. And as proof, 140 00:06:09,280 --> 00:06:14,319 Microsoft has surpassed even Google in 141 00:06:12,000 --> 00:06:16,639 valuation. As a privacy expert, one of 142 00:06:14,319 --> 00:06:19,520 the main goals I have is to ensure that 143 00:06:16,639 --> 00:06:21,360 devices have anonymity. And you cannot 144 00:06:19,520 --> 00:06:23,360 do that if your device is currently 145 00:06:21,360 --> 00:06:26,560 logged into Microsoft where app and 146 00:06:23,360 --> 00:06:28,639 device telemetry ensures that they know 147 00:06:26,560 --> 00:06:30,720 everything you're doing on your machine. 148 00:06:28,639 --> 00:06:33,039 And the Microsoft ID is a big and 149 00:06:30,720 --> 00:06:34,960 primary part of this. Since they don't 150 00:06:33,039 --> 00:06:40,600 want you to have an anonymous device, 151 00:06:34,960 --> 00:06:40,600 then this is definitely a nogo for me. 152 00:06:43,360 --> 00:06:48,639 It's my machine. I paid for it. 153 00:06:46,400 --> 00:06:50,560 Microsoft didn't pay for it. So, as I 154 00:06:48,639 --> 00:06:53,199 will explain in many details here, 155 00:06:50,560 --> 00:06:56,000 Microsoft is definitely not interested 156 00:06:53,199 --> 00:06:58,240 in respecting your rights to have other 157 00:06:56,000 --> 00:07:01,199 things on your computer, even in 158 00:06:58,240 --> 00:07:03,759 separate partitions. I have had multiple 159 00:07:01,199 --> 00:07:06,319 instances of Windows wiping out entire 160 00:07:03,759 --> 00:07:08,479 Linux partitions and even a data only 161 00:07:06,319 --> 00:07:11,199 partition just because it didn't 162 00:07:08,479 --> 00:07:13,520 recognize the format. This is extremely 163 00:07:11,199 --> 00:07:15,759 aggravating. I have lost so much data 164 00:07:13,520 --> 00:07:18,080 from unexpected events like doing a 165 00:07:15,759 --> 00:07:20,639 Windows update and having it wipe the 166 00:07:18,080 --> 00:07:23,280 dual boot files and then continuing on 167 00:07:20,639 --> 00:07:26,639 to overwriting partition data to wipe 168 00:07:23,280 --> 00:07:29,599 Linux completely. As an advanced user, 169 00:07:26,639 --> 00:07:31,680 even if I had no gripes with Microsoft, 170 00:07:29,599 --> 00:07:33,840 there are many reasons for me to have 171 00:07:31,680 --> 00:07:36,639 multiple operating systems on my 172 00:07:33,840 --> 00:07:39,280 machine. This is not that uncommon with 173 00:07:36,639 --> 00:07:42,479 software developers. Yet, they force 174 00:07:39,280 --> 00:07:44,400 updates on you and you can't stop it and 175 00:07:42,479 --> 00:07:47,120 then they act like they're the only 176 00:07:44,400 --> 00:07:49,120 users of the machine. Now, over time, 177 00:07:47,120 --> 00:07:50,880 I've come up with workarounds to the 178 00:07:49,120 --> 00:07:53,520 stupidity of Windows and Windows 179 00:07:50,880 --> 00:07:57,199 policies, and I'll discuss that in an 180 00:07:53,520 --> 00:07:59,280 upcoming dual boot video. But generally, 181 00:07:57,199 --> 00:08:01,599 this lack of certainty to what Windows 182 00:07:59,280 --> 00:08:03,599 will do is a dangerous roll of the dice 183 00:08:01,599 --> 00:08:06,080 for people who make a living off 184 00:08:03,599 --> 00:08:10,080 computers. 185 00:08:06,080 --> 00:08:12,160 TPM is for you or for them. One of the 186 00:08:10,080 --> 00:08:15,039 biggest changes that Microsoft made is 187 00:08:12,160 --> 00:08:17,120 to not allow updates to Windows 11 from 188 00:08:15,039 --> 00:08:20,479 Windows 10. If your computer doesn't 189 00:08:17,120 --> 00:08:23,280 have the security chip called ATPM, 190 00:08:20,479 --> 00:08:25,039 which is an acronym for trusted platform 191 00:08:23,280 --> 00:08:27,199 module, you don't need to worry about 192 00:08:25,039 --> 00:08:30,160 what it means. It's a security chip and 193 00:08:27,199 --> 00:08:32,640 it has similar functions to the Titan M2 194 00:08:30,160 --> 00:08:35,120 chip on Pixels or the Apple secure 195 00:08:32,640 --> 00:08:37,760 enclave on iPhones. The basic 196 00:08:35,120 --> 00:08:40,080 functionality of the TPM, as with all 197 00:08:37,760 --> 00:08:42,479 other security chips, is that 198 00:08:40,080 --> 00:08:45,279 cryptographic keys used for encryption 199 00:08:42,479 --> 00:08:48,160 are not kept in the open in accessible 200 00:08:45,279 --> 00:08:50,240 memory or hard drive where third parties 201 00:08:48,160 --> 00:08:52,560 can potentially have access to them. 202 00:08:50,240 --> 00:08:55,600 Instead, the keys are stored inside the 203 00:08:52,560 --> 00:08:57,760 TPM with inaccessible private keys. 204 00:08:55,600 --> 00:09:00,399 There's no way to see the private keys. 205 00:08:57,760 --> 00:09:03,680 You present a public key to the TPM chip 206 00:09:00,399 --> 00:09:06,000 and it can validate it via the chip by 207 00:09:03,680 --> 00:09:08,080 checking the private key internally. 208 00:09:06,000 --> 00:09:09,680 This allows things like dis encryption 209 00:09:08,080 --> 00:09:12,480 to be done without creating some 210 00:09:09,680 --> 00:09:15,600 loophole for some hacker to capture an 211 00:09:12,480 --> 00:09:18,480 encryption key because its processes are 212 00:09:15,600 --> 00:09:21,040 locked inside a separate chip. There's 213 00:09:18,480 --> 00:09:23,279 theoretically no outside access to it. 214 00:09:21,040 --> 00:09:25,279 Sounds good in theory, right? Now, let 215 00:09:23,279 --> 00:09:27,839 me tell you the multiple problems with 216 00:09:25,279 --> 00:09:31,360 this TPM module. As it turns out, 217 00:09:27,839 --> 00:09:34,399 Microsoft actually stores your Microsoft 218 00:09:31,360 --> 00:09:37,839 ID together with the device ID 219 00:09:34,399 --> 00:09:40,000 identifiers in the cloud tied to your 220 00:09:37,839 --> 00:09:42,080 Microsoft account. This will become 221 00:09:40,000 --> 00:09:44,320 important when we talk about Bit Locker, 222 00:09:42,080 --> 00:09:47,440 which I'll discuss next. But the main 223 00:09:44,320 --> 00:09:50,000 issue here is that the TPM module is a 224 00:09:47,440 --> 00:09:52,000 device identifier. In fact, on most 225 00:09:50,000 --> 00:09:54,399 operating systems, whether it is Apple, 226 00:09:52,000 --> 00:09:57,040 Google or Microsoft, the security chip 227 00:09:54,399 --> 00:09:59,760 actually announces a unique device 228 00:09:57,040 --> 00:10:01,920 identifier. Since each security chip is 229 00:09:59,760 --> 00:10:04,959 flashed with a unique value for each 230 00:10:01,920 --> 00:10:08,080 device, it is like an IMEI on a phone. 231 00:10:04,959 --> 00:10:10,240 It gives out a unique ID. The problem is 232 00:10:08,080 --> 00:10:13,279 that some specific Microsoft products 233 00:10:10,240 --> 00:10:15,440 and services validate you based on this 234 00:10:13,279 --> 00:10:18,079 unique ID. And because it is now 235 00:10:15,440 --> 00:10:20,640 connected to the cloud, added to your 236 00:10:18,079 --> 00:10:23,920 upcoming extreme relationship with the 237 00:10:20,640 --> 00:10:27,040 Windows Copilot AI Companion, this is 238 00:10:23,920 --> 00:10:29,120 now going to be extra dangerous. What 239 00:10:27,040 --> 00:10:31,920 would have been a better option is to be 240 00:10:29,120 --> 00:10:34,480 able to insert your own security chip in 241 00:10:31,920 --> 00:10:36,720 your computer, similar to a UB key, 242 00:10:34,480 --> 00:10:38,880 where you can plug it or remove it at 243 00:10:36,720 --> 00:10:41,360 will, depending on what you're doing. 244 00:10:38,880 --> 00:10:43,519 Then at least you're given a choice. 245 00:10:41,360 --> 00:10:46,320 Now, there's no choice. Windows 11 246 00:10:43,519 --> 00:10:48,160 requires a TPM and Windows 11 will track 247 00:10:46,320 --> 00:10:51,760 your Microsoft ID together with your 248 00:10:48,160 --> 00:10:55,200 device ID based on the TPM. New software 249 00:10:51,760 --> 00:10:57,279 utilizes this. Now, gamers are suddenly 250 00:10:55,200 --> 00:11:00,079 discovering that their device ID are 251 00:10:57,279 --> 00:11:02,880 known to Microsoft and didn't know how. 252 00:11:00,079 --> 00:11:06,000 Yes, of course, there's the Xbox ID for 253 00:11:02,880 --> 00:11:08,240 Xbox gamers, but now the device ID is 254 00:11:06,000 --> 00:11:10,160 specifically known and is pulled from 255 00:11:08,240 --> 00:11:12,399 the TPM. 256 00:11:10,160 --> 00:11:15,120 Third parties can access this now with 257 00:11:12,399 --> 00:11:17,920 no restriction via API. If you want to 258 00:11:15,120 --> 00:11:21,040 know how to check your TPM status, here 259 00:11:17,920 --> 00:11:24,079 are example commands on Windows. By the 260 00:11:21,040 --> 00:11:26,000 way, you can restrict access to the TPM 261 00:11:24,079 --> 00:11:28,399 in Linux, and I'll make a separate TPM 262 00:11:26,000 --> 00:11:30,480 video in the future to manage all this. 263 00:11:28,399 --> 00:11:33,360 There's a deliberate purpose to all this 264 00:11:30,480 --> 00:11:34,880 madness, and it's all tied to the AI. 265 00:11:33,360 --> 00:11:36,880 So, don't think this is some random 266 00:11:34,880 --> 00:11:38,880 choice by Microsoft, but I'll get to 267 00:11:36,880 --> 00:11:43,480 that. In the meantime, let's go to the 268 00:11:38,880 --> 00:11:43,480 next level, which is Bit Locker. 269 00:11:43,839 --> 00:11:48,640 Bit Locker. 270 00:11:46,320 --> 00:11:50,399 Bit Locker is new. If you buy a new 271 00:11:48,640 --> 00:11:52,399 Windows computer, you will have this 272 00:11:50,399 --> 00:11:55,279 shock when you try to install Linux on 273 00:11:52,399 --> 00:11:57,839 it or if you try to turn off secure 274 00:11:55,279 --> 00:12:01,279 boot. Bit Locker is a new Microsoft 275 00:11:57,839 --> 00:12:03,600 drive encryption. It is a Microsoftonly 276 00:12:01,279 --> 00:12:06,079 product. It is tied to the full hard 277 00:12:03,600 --> 00:12:08,959 drive. So you cannot for example have a 278 00:12:06,079 --> 00:12:11,760 Linux partition freely. It will also be 279 00:12:08,959 --> 00:12:14,480 subject to Bit Locker. Yes, I'll discuss 280 00:12:11,760 --> 00:12:16,560 secure boot later as well. I just got 281 00:12:14,480 --> 00:12:20,399 myself a new laptop. It's a brand new 282 00:12:16,560 --> 00:12:22,399 Lenovo ThinkPad X1 Carbon. And as usual, 283 00:12:20,399 --> 00:12:24,639 as the first step to installing Linux, I 284 00:12:22,399 --> 00:12:27,279 would typically go to BIOS and turn off 285 00:12:24,639 --> 00:12:29,600 secure boot. Was I in for a shock? 286 00:12:27,279 --> 00:12:32,240 First, Windows 11 Bit Locker was enabled 287 00:12:29,600 --> 00:12:34,639 by default. So the moment I turn off 288 00:12:32,240 --> 00:12:37,440 secure boot without warning the drive 289 00:12:34,639 --> 00:12:40,240 locked up and I basically had no access 290 00:12:37,440 --> 00:12:42,399 to the SSD drive. The lock up is at the 291 00:12:40,240 --> 00:12:44,959 BIOS level. So basically it will refuse 292 00:12:42,399 --> 00:12:46,800 to boot the hard drive. Now I can of 293 00:12:44,959 --> 00:12:49,680 course reformat the hard drive some 294 00:12:46,800 --> 00:12:51,680 other way or insert a different SSD 295 00:12:49,680 --> 00:12:53,920 drive. But unlike older versions of 296 00:12:51,680 --> 00:12:56,399 Windows on my particular computer there 297 00:12:53,920 --> 00:12:59,440 is no longer a recovery partition. So 298 00:12:56,399 --> 00:13:01,680 you can't just boot to recovery. I had 299 00:12:59,440 --> 00:13:05,040 to find a custom boot image from Lenovo 300 00:13:01,680 --> 00:13:07,760 and flash it to a USB. I spent an entire 301 00:13:05,040 --> 00:13:10,079 day making a boot partition, copying all 302 00:13:07,760 --> 00:13:12,240 my data, and I lost it all and had to 303 00:13:10,079 --> 00:13:14,079 start from scratch. Now, here's the 304 00:13:12,240 --> 00:13:16,240 kicker. When you lose access because of 305 00:13:14,079 --> 00:13:18,240 Bit Locker, it revealed some interesting 306 00:13:16,240 --> 00:13:20,720 things. Apparently, when you log in 307 00:13:18,240 --> 00:13:23,519 using your Microsoft ID, the recovery 308 00:13:20,720 --> 00:13:27,120 key for your hard drive as stored in the 309 00:13:23,519 --> 00:13:30,160 TPM and the device ID are all now stored 310 00:13:27,120 --> 00:13:31,920 at Microsoft and tied to your Microsoft 311 00:13:30,160 --> 00:13:34,399 ID. So basically, while you think your 312 00:13:31,920 --> 00:13:35,920 Bit Locker is tied to just your TPM 313 00:13:34,399 --> 00:13:37,600 chip, in reality, it is tied to 314 00:13:35,920 --> 00:13:40,480 Microsoft since someone with access to 315 00:13:37,600 --> 00:13:43,519 your Microsoft ID can basically recover 316 00:13:40,480 --> 00:13:46,480 your Bit Locker encrypted drive recovery 317 00:13:43,519 --> 00:13:49,120 key. In my case, and maybe because I 318 00:13:46,480 --> 00:13:51,360 turned off my Microsoft ID, I actually 319 00:13:49,120 --> 00:13:54,160 could not unlock my Bit Locker lock 320 00:13:51,360 --> 00:13:56,800 drive. I had to start from scratch. 321 00:13:54,160 --> 00:13:58,959 However, this exposes how this supposed 322 00:13:56,800 --> 00:14:01,440 security protection is fundamentally 323 00:13:58,959 --> 00:14:04,079 tied to Microsoft control. The thing 324 00:14:01,440 --> 00:14:06,959 that angers me the most is that this is 325 00:14:04,079 --> 00:14:09,600 a drive where I, as the owner, decided 326 00:14:06,959 --> 00:14:12,240 to make a separate partition for another 327 00:14:09,600 --> 00:14:15,279 operating system. And yet Microsoft 328 00:14:12,240 --> 00:14:18,079 decides that it will override that and 329 00:14:15,279 --> 00:14:19,920 take control of the entire drive. Linux 330 00:14:18,079 --> 00:14:22,720 of course does not have rights to Bit 331 00:14:19,920 --> 00:14:24,880 Locker. It is not some open-source 332 00:14:22,720 --> 00:14:29,839 software. So Microsoft here decided that 333 00:14:24,880 --> 00:14:33,320 it owned your computer, not you. 334 00:14:29,839 --> 00:14:33,320 Secure boot. 335 00:14:33,360 --> 00:14:37,519 Secure boot is a BIOS setting and if 336 00:14:35,360 --> 00:14:40,160 enabled anytime you boot an operating 337 00:14:37,519 --> 00:14:43,040 system like Windows or a DRO like 338 00:14:40,160 --> 00:14:45,120 Ubuntu, the UP boot software will check 339 00:14:43,040 --> 00:14:49,279 the signing key of the product and see 340 00:14:45,120 --> 00:14:53,040 if it is an approved OS, meaning it is 341 00:14:49,279 --> 00:14:55,120 signed using Microsoft keys. That alone 342 00:14:53,040 --> 00:14:57,920 is problematic, but we'll ignore that 343 00:14:55,120 --> 00:14:59,839 for now. In some ways, secure boot was a 344 00:14:57,920 --> 00:15:01,920 waste of time because for the average 345 00:14:59,839 --> 00:15:04,320 person, it did not offer any kind of 346 00:15:01,920 --> 00:15:07,120 security. at least until Bit Locker and 347 00:15:04,320 --> 00:15:09,920 TPM happened. All you had to do was turn 348 00:15:07,120 --> 00:15:11,760 secure boot off. There's no security 349 00:15:09,920 --> 00:15:14,000 whatsoever required in turning off 350 00:15:11,760 --> 00:15:16,800 secure boot in BIOS. You could do this 351 00:15:14,000 --> 00:15:19,120 to any computer, but this was only an 352 00:15:16,800 --> 00:15:22,079 inconvenience as it potentially delayed 353 00:15:19,120 --> 00:15:24,240 a hacker by maybe only 2 minutes. 354 00:15:22,079 --> 00:15:26,399 However, what I didn't realize is that 355 00:15:24,240 --> 00:15:30,000 since DROs like Ubuntu are actually 356 00:15:26,399 --> 00:15:32,480 signed using Microsoft keys that they 357 00:15:30,000 --> 00:15:35,199 don't need secure boot to be turned off. 358 00:15:32,480 --> 00:15:37,120 It does bother me that Microsoft inserts 359 00:15:35,199 --> 00:15:40,079 themselves into security features of the 360 00:15:37,120 --> 00:15:42,959 bootloader, but at least popular distros 361 00:15:40,079 --> 00:15:45,760 are exempt. Special distros will require 362 00:15:42,959 --> 00:15:47,839 secure boot to be turned off though. But 363 00:15:45,760 --> 00:15:50,160 the worst part about secure boot is that 364 00:15:47,839 --> 00:15:52,639 it totally messes up using virtual 365 00:15:50,160 --> 00:15:55,199 machines. If you're going to use any 366 00:15:52,639 --> 00:15:56,959 virtual machine like KVM or virtual box, 367 00:15:55,199 --> 00:15:59,360 it's actually going to use the same 368 00:15:56,959 --> 00:16:03,279 bootloader programs with secure boot and 369 00:15:59,360 --> 00:16:05,279 it will cause the VM to fail. So you 370 00:16:03,279 --> 00:16:07,680 have to run a bunch of command line 371 00:16:05,279 --> 00:16:11,279 instructions to sign the virtual machine 372 00:16:07,680 --> 00:16:13,519 software itself again using the same 373 00:16:11,279 --> 00:16:15,600 Microsoft keys. 374 00:16:13,519 --> 00:16:18,079 I mean it's really hard to get Microsoft 375 00:16:15,600 --> 00:16:20,720 away from anything. The tendrils of 376 00:16:18,079 --> 00:16:22,800 control are just everywhere. 377 00:16:20,720 --> 00:16:25,519 And again to remind you of what I just 378 00:16:22,800 --> 00:16:28,240 said, secure boot is now tied to Bit 379 00:16:25,519 --> 00:16:30,399 Locker. If you turn off secure boot, Bit 380 00:16:28,240 --> 00:16:32,639 Locker will lock up and there's no 381 00:16:30,399 --> 00:16:35,839 direct recovery by turning secure boot 382 00:16:32,639 --> 00:16:38,480 back on. And in case you're wondering, 383 00:16:35,839 --> 00:16:41,480 yes, secure boot is another Microsoft 384 00:16:38,480 --> 00:16:41,480 invention. 385 00:16:42,560 --> 00:16:46,560 Force updates. 386 00:16:44,880 --> 00:16:49,120 just to make sure that they have full 387 00:16:46,560 --> 00:16:51,440 control over your machine. Microsoft of 388 00:16:49,120 --> 00:16:54,320 course forces updates on you. All these 389 00:16:51,440 --> 00:16:56,240 are under the guise of cyber security of 390 00:16:54,320 --> 00:16:58,000 course and I'm sure all these cyber 391 00:16:56,240 --> 00:17:02,399 security experts will all chime in and 392 00:16:58,000 --> 00:17:04,880 say that I need all this. Yeah, right. 393 00:17:02,399 --> 00:17:07,120 Why not let me decide that? You don't 394 00:17:04,880 --> 00:17:09,360 know what I want or need. And in any 395 00:17:07,120 --> 00:17:13,520 case, I have limited use of Windows. 396 00:17:09,360 --> 00:17:16,079 Extremely limited. Like 1% usage. So, I 397 00:17:13,520 --> 00:17:19,360 don't want an OS I use 1% of the time to 398 00:17:16,079 --> 00:17:21,839 dictate my use of the computer 100% of 399 00:17:19,360 --> 00:17:24,959 the time. You want to hack my Windows 400 00:17:21,839 --> 00:17:26,959 installation? Go ahead. I have nothing 401 00:17:24,959 --> 00:17:29,600 on it. It just bugs me that someone else 402 00:17:26,959 --> 00:17:32,160 decides what I need and choices are kept 403 00:17:29,600 --> 00:17:34,480 from me. And these force updates have 404 00:17:32,160 --> 00:17:36,960 caused me massive problems. One of the 405 00:17:34,480 --> 00:17:39,200 well-known incidents was when Microsoft 406 00:17:36,960 --> 00:17:42,080 overwrote the boot instructions, which 407 00:17:39,200 --> 00:17:44,799 in my case is set up to be dual boot. I 408 00:17:42,080 --> 00:17:47,280 can choose to boot Linux or Windows. I'm 409 00:17:44,799 --> 00:17:48,720 primarily a Linux user. Then it 410 00:17:47,280 --> 00:17:50,640 completely overrides the boot 411 00:17:48,720 --> 00:17:53,280 instruction. So now I can't boot to 412 00:17:50,640 --> 00:17:55,600 Linux. So usually I have to always put a 413 00:17:53,280 --> 00:17:58,320 delay on Windows updates, which you can 414 00:17:55,600 --> 00:18:00,080 only delay up to two weeks. This gives 415 00:17:58,320 --> 00:18:02,640 me an allowance to prepare for a 416 00:18:00,080 --> 00:18:04,400 catastrophe, but that's the limit, 2 417 00:18:02,640 --> 00:18:08,080 weeks. So I have to find some time 418 00:18:04,400 --> 00:18:09,600 within a twoe window to do an update. I 419 00:18:08,080 --> 00:18:12,320 don't want to be in the middle of an 420 00:18:09,600 --> 00:18:14,960 important project and be shut down just 421 00:18:12,320 --> 00:18:17,919 because I voted to zucking Windows. For 422 00:18:14,960 --> 00:18:20,640 my specific use, I rarely want a Windows 423 00:18:17,919 --> 00:18:22,880 update if some specific major security 424 00:18:20,640 --> 00:18:25,520 thing is announced. I would like to be 425 00:18:22,880 --> 00:18:28,080 given the choice. Tell me the risk and 426 00:18:25,520 --> 00:18:32,640 I'll decide. But I guess it is no longer 427 00:18:28,080 --> 00:18:35,440 your computer when you run Windows 11. 428 00:18:32,640 --> 00:18:37,120 Overwriting partitions. 429 00:18:35,440 --> 00:18:39,200 Again, similar to the updates 430 00:18:37,120 --> 00:18:40,799 overwriting the boot instructions, you 431 00:18:39,200 --> 00:18:43,280 have some dangerous utilities like 432 00:18:40,799 --> 00:18:45,200 Windows disk management utility. Again, 433 00:18:43,280 --> 00:18:47,679 one that was designed to prevent other 434 00:18:45,200 --> 00:18:49,919 operating systems from running. If you 435 00:18:47,679 --> 00:18:52,880 accidentally go into disk management and 436 00:18:49,919 --> 00:18:54,960 decide to view a Linux partition, which 437 00:18:52,880 --> 00:18:56,720 it will not recognize, you might 438 00:18:54,960 --> 00:18:59,120 accidentally overwrite the entire 439 00:18:56,720 --> 00:19:01,280 partition and lose everything. And this 440 00:18:59,120 --> 00:19:03,679 is something that already happened to 441 00:19:01,280 --> 00:19:05,679 me. At the very least, it should 442 00:19:03,679 --> 00:19:08,240 recognize a foreign partition and not 443 00:19:05,679 --> 00:19:10,400 allow a write, at least without a ton of 444 00:19:08,240 --> 00:19:12,720 warnings. But there's no warning. It 445 00:19:10,400 --> 00:19:14,720 just overwrites and your Linux partition 446 00:19:12,720 --> 00:19:17,120 with all your data is suddenly wiped out 447 00:19:14,720 --> 00:19:19,679 just because you decided to have Linux 448 00:19:17,120 --> 00:19:22,400 coexist with Windows because, you know, 449 00:19:19,679 --> 00:19:26,160 you think it's your own computer. A 450 00:19:22,400 --> 00:19:27,840 Linux partition is formatted using ext4. 451 00:19:26,160 --> 00:19:29,760 You think in this day and age that 452 00:19:27,840 --> 00:19:32,880 Windows with its resources could 453 00:19:29,760 --> 00:19:36,160 recognize an ext4 partition, especially 454 00:19:32,880 --> 00:19:40,760 since it is zucking open source, but of 455 00:19:36,160 --> 00:19:40,760 course they do this intentionally. 456 00:19:41,120 --> 00:19:46,640 The real objective is AI. Like I said, 457 00:19:45,039 --> 00:19:48,720 there's a reason to all this madness, 458 00:19:46,640 --> 00:19:51,440 and it is the control that Microsoft 459 00:19:48,720 --> 00:19:54,400 wants to put on us. So, let me show you 460 00:19:51,440 --> 00:19:55,840 this again in case you forgot. Well, I 461 00:19:54,400 --> 00:19:58,160 mean, I guess the first thing to say is 462 00:19:55,840 --> 00:20:01,440 that we are on a mission to create a 463 00:19:58,160 --> 00:20:04,480 true AI companion. And to me, an AI 464 00:20:01,440 --> 00:20:08,640 companion is one that can hear what you 465 00:20:04,480 --> 00:20:11,840 hear um and see what you see and live 466 00:20:08,640 --> 00:20:14,400 life essentially alongside you. um you 467 00:20:11,840 --> 00:20:16,240 know your AI companion will be able to 468 00:20:14,400 --> 00:20:18,240 remember uh everything that you've 469 00:20:16,240 --> 00:20:20,240 talked about session to session 470 00:20:18,240 --> 00:20:23,360 understand the content of the web pages 471 00:20:20,240 --> 00:20:24,960 that you browse um and be able to talk 472 00:20:23,360 --> 00:20:27,679 to you just like I'm talking to you now 473 00:20:24,960 --> 00:20:30,559 so it's going to have this seamless 474 00:20:27,679 --> 00:20:33,679 fluid very very smooth conversational 475 00:20:30,559 --> 00:20:36,400 interaction yes the purpose of this is 476 00:20:33,679 --> 00:20:38,880 to immerse yourself in the see what you 477 00:20:36,400 --> 00:20:41,440 see technology for the computer to get 478 00:20:38,880 --> 00:20:44,000 to know you intimately ly for the 479 00:20:41,440 --> 00:20:45,919 computer to be a copy of your brain. So 480 00:20:44,000 --> 00:20:48,159 the way this is intended to work, the 481 00:20:45,919 --> 00:20:51,440 vast majority of you have to be running 482 00:20:48,159 --> 00:20:53,280 on a Windows Copilot PC with Windows 11. 483 00:20:51,440 --> 00:20:54,880 And if you have this setup, then Windows 484 00:20:53,280 --> 00:20:57,200 recall starts recording all your 485 00:20:54,880 --> 00:21:00,400 activity by screenshots every few 486 00:20:57,200 --> 00:21:02,960 seconds. Then the AI analyzes what's 487 00:21:00,400 --> 00:21:05,280 happening on screen and notates it and 488 00:21:02,960 --> 00:21:08,000 stores that information on the hard 489 00:21:05,280 --> 00:21:10,400 drive. in which case Windows 11 will 490 00:21:08,000 --> 00:21:12,320 have a complete history of your life. 491 00:21:10,400 --> 00:21:14,480 Now, of course, philosophically 492 00:21:12,320 --> 00:21:16,799 speaking, putting your entire life on a 493 00:21:14,480 --> 00:21:19,679 computer changes the way you use a 494 00:21:16,799 --> 00:21:22,159 computer. Suddenly, you have to be super 495 00:21:19,679 --> 00:21:24,799 interested in cyber security because you 496 00:21:22,159 --> 00:21:28,000 need to protect your device in ways you 497 00:21:24,799 --> 00:21:30,640 didn't have to do before. Makes sense. 498 00:21:28,000 --> 00:21:32,159 This information used to be private in 499 00:21:30,640 --> 00:21:34,320 your brain. and now it is on your 500 00:21:32,159 --> 00:21:37,120 computer and now you have to lock it up 501 00:21:34,320 --> 00:21:38,960 with all the security BS. Did you need 502 00:21:37,120 --> 00:21:40,559 this? If you're like me where you 503 00:21:38,960 --> 00:21:42,159 partition what you do in your life, you 504 00:21:40,559 --> 00:21:45,039 don't need to put your entire life on 505 00:21:42,159 --> 00:21:46,799 display in social media. Just like I 506 00:21:45,039 --> 00:21:49,120 don't need my computer to know 507 00:21:46,799 --> 00:21:51,200 everything, but they're not making it a 508 00:21:49,120 --> 00:21:53,679 choice. It is a crazy decision, but it 509 00:21:51,200 --> 00:21:56,080 comes with all the baggage of requiring 510 00:21:53,679 --> 00:21:58,559 Bit Locker, Secure Boot, and a TPM. And 511 00:21:56,080 --> 00:22:00,880 I'm sure they'll add more in the future 512 00:21:58,559 --> 00:22:03,440 because without all this, someone could 513 00:22:00,880 --> 00:22:05,520 hack your computer and read all your 514 00:22:03,440 --> 00:22:08,000 data. Of course, no one tells you that 515 00:22:05,520 --> 00:22:10,559 HQ could just ask the AI what it knows 516 00:22:08,000 --> 00:22:13,200 about you and it is able to summarize 517 00:22:10,559 --> 00:22:15,919 that for someone without having to do 518 00:22:13,200 --> 00:22:18,640 any special decryption. This is the 519 00:22:15,919 --> 00:22:22,000 stupidity of all this. This is the 520 00:22:18,640 --> 00:22:25,679 purpose of all this BS. The answer, of 521 00:22:22,000 --> 00:22:28,720 course, is just to say no. Thank you. 522 00:22:25,679 --> 00:22:32,240 We're not given a choice. So, make the 523 00:22:28,720 --> 00:22:36,000 choice and not use Windows 11 unless you 524 00:22:32,240 --> 00:22:38,400 believe in this AI companion BS. People 525 00:22:36,000 --> 00:22:41,360 often argue with me about issues related 526 00:22:38,400 --> 00:22:43,600 to cyber security versus privacy. This 527 00:22:41,360 --> 00:22:46,080 is a clear explanation of the 528 00:22:43,600 --> 00:22:48,559 difference. All the cyber security 529 00:22:46,080 --> 00:22:51,440 protections put in by Microsoft are here 530 00:22:48,559 --> 00:22:54,159 to take away all your privacy. If you're 531 00:22:51,440 --> 00:22:56,480 a follower of mine, you are at odds with 532 00:22:54,159 --> 00:23:01,400 this reasoning. So, install Linux and 533 00:22:56,480 --> 00:23:01,400 tell Microsoft to go zuck themselves. 534 00:23:03,360 --> 00:23:07,440 Folks, thank you for watching my videos. 535 00:23:05,600 --> 00:23:09,520 As many of you know, this channel does 536 00:23:07,440 --> 00:23:11,360 not have sponsors and we primarily 537 00:23:09,520 --> 00:23:13,600 sustain ourselves by just creating 538 00:23:11,360 --> 00:23:16,720 products and services that we use to 539 00:23:13,600 --> 00:23:18,880 defend our privacy posture. I'd like to 540 00:23:16,720 --> 00:23:21,360 invite you to visit our community site 541 00:23:18,880 --> 00:23:23,840 Braxme which has a growing community of 542 00:23:21,360 --> 00:23:26,240 privacy enthusiasts. There are people 543 00:23:23,840 --> 00:23:28,880 from various walks of life and beliefs 544 00:23:26,240 --> 00:23:31,520 and they converge together in the mutual 545 00:23:28,880 --> 00:23:33,600 support of privacy issues. We have a 546 00:23:31,520 --> 00:23:36,640 store there with products ranging from 547 00:23:33,600 --> 00:23:38,640 the Bra virtual phone service, 548 00:23:36,640 --> 00:23:41,120 Braxmail, 549 00:23:38,640 --> 00:23:43,840 BytesVPN 550 00:23:41,120 --> 00:23:46,080 and other services like flashing an OS. 551 00:23:43,840 --> 00:23:47,679 All these are tools used by the privacy 552 00:23:46,080 --> 00:23:50,880 aware and you can even talk to the 553 00:23:47,679 --> 00:23:53,360 actual users of the products directly. 554 00:23:50,880 --> 00:23:55,440 Join us. We'd love to have you there and 555 00:23:53,360 --> 00:23:57,679 you don't even have to identify yourself 556 00:23:55,440 --> 00:24:00,240 to be part of the community. The very 557 00:23:57,679 --> 00:24:02,720 successful Bra 3 phone is also available 558 00:24:00,240 --> 00:24:04,720 for pre-order on a second batch. The 559 00:24:02,720 --> 00:24:06,400 first batch has been sold out. 560 00:24:04,720 --> 00:24:08,960 Information about that is on 561 00:24:06,400 --> 00:24:11,600 bratech.net. 562 00:24:08,960 --> 00:24:13,120 Thanks also to those who donate to us on 563 00:24:11,600 --> 00:24:16,640 Patreon, locals, and YouTube 564 00:24:13,120 --> 00:24:20,120 memberships. You are all appreciated. 565 00:24:16,640 --> 00:24:20,120 See you next time. 43157