Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,400 --> 00:00:02,480 Many of you who are users of Windows 10 2 00:00:02,480 --> 00:00:05,200 are likely in panic since Windows 10 is 3 00:00:05,200 --> 00:00:08,080 about to be classified as end of life by 4 00:00:08,080 --> 00:00:11,519 Microsoft. End of life is today, October 5 00:00:11,519 --> 00:00:13,679 14th, 2025, 6 00:00:13,679 --> 00:00:17,039 a day that will live in tech infamy. 7 00:00:17,039 --> 00:00:19,680 Currently, still 40% of Windows users 8 00:00:19,680 --> 00:00:22,640 are still on Windows 10. 9 00:00:22,640 --> 00:00:24,640 Likely the main reason you have not 10 00:00:24,640 --> 00:00:27,119 updated to Windows 11 is because you 11 00:00:27,119 --> 00:00:29,679 cannot. Your old computer is considered 12 00:00:29,679 --> 00:00:32,480 junk now because it doesn't have this 13 00:00:32,480 --> 00:00:35,200 thing called a TPM chip. You're being 14 00:00:35,200 --> 00:00:38,160 pushed to get a C-pilot PC, one that is 15 00:00:38,160 --> 00:00:40,640 equipped to handle the AI companion, 16 00:00:40,640 --> 00:00:42,399 even though likely you have not come up 17 00:00:42,399 --> 00:00:45,200 with a reason to want to use some spying 18 00:00:45,200 --> 00:00:48,239 AI in your daily computer life. So, you 19 00:00:48,239 --> 00:00:50,399 don't want this. But it's worse. So, 20 00:00:50,399 --> 00:00:52,079 Microsoft has basically been 21 00:00:52,079 --> 00:00:53,600 systematically 22 00:00:53,600 --> 00:00:56,640 exerting dominance over its users to the 23 00:00:56,640 --> 00:00:58,480 point that you question now if your 24 00:00:58,480 --> 00:01:02,000 machine is yours or if it is Microsoft 25 00:01:02,000 --> 00:01:04,000 and you're just paying for it. Just to 26 00:01:04,000 --> 00:01:06,159 put some balance in this video, let me 27 00:01:06,159 --> 00:01:09,840 show you that I have a long career as a 28 00:01:09,840 --> 00:01:12,320 Windows developer and I've had Bill 29 00:01:12,320 --> 00:01:14,159 Gates demonstrate my software at a 30 00:01:14,159 --> 00:01:17,280 keynote speech and I'm a Windows expert. 31 00:01:17,280 --> 00:01:19,119 And for many years, even as a privacy 32 00:01:19,119 --> 00:01:21,840 guru, I had a tolerant approach to 33 00:01:21,840 --> 00:01:23,680 Windows since there were many ways I 34 00:01:23,680 --> 00:01:25,520 could configure it to avoid privacy 35 00:01:25,520 --> 00:01:27,520 dangers. But in recent years, with the 36 00:01:27,520 --> 00:01:29,920 advent of Windows 11, I have to say that 37 00:01:29,920 --> 00:01:32,640 Microsoft has truly gone crazy. And the 38 00:01:32,640 --> 00:01:34,479 current direction of Windows 11 tells me 39 00:01:34,479 --> 00:01:38,320 that it is time for all of you to go. 40 00:01:38,320 --> 00:01:41,040 You are not a Microsoft slave. You own 41 00:01:41,040 --> 00:01:43,439 your device. Take your freedom back. 42 00:01:43,439 --> 00:01:46,960 dump Windows otherwise it will own you. 43 00:01:46,960 --> 00:01:49,600 Microsoft has plans for you and you will 44 00:01:49,600 --> 00:01:51,840 not like those plans. What I'm going to 45 00:01:51,840 --> 00:01:54,640 discuss here are the specific reasons 46 00:01:54,640 --> 00:01:56,960 that I have to part ways with Windows 47 00:01:56,960 --> 00:01:58,880 and hopefully software developers make 48 00:01:58,880 --> 00:02:00,560 good versions of their products in 49 00:02:00,560 --> 00:02:02,960 Linux. So we have little reason to use 50 00:02:02,960 --> 00:02:05,920 this Windows 11 garbage and you will 51 00:02:05,920 --> 00:02:09,119 discover that it is garbage. Yes, this 52 00:02:09,119 --> 00:02:11,360 is a rant. So, if you want to learn the 53 00:02:11,360 --> 00:02:16,120 specifics, stay right there. 54 00:02:21,599 --> 00:02:24,640 Windows 10 end of life. While it is 55 00:02:24,640 --> 00:02:26,480 definitely the right of a software 56 00:02:26,480 --> 00:02:28,239 company to classify their old software 57 00:02:28,239 --> 00:02:30,640 as end of life, especially after 10 58 00:02:30,640 --> 00:02:33,280 years of release, one needs to ask why 59 00:02:33,280 --> 00:02:35,760 there's so much resistance. I've never 60 00:02:35,760 --> 00:02:37,760 encountered so much resistance to moving 61 00:02:37,760 --> 00:02:40,720 to a newer version. likely since DOSs 62 00:02:40,720 --> 00:02:44,560 3.1 to Windows and that was justifiable. 63 00:02:44,560 --> 00:02:47,360 Windows required new hardware since DOS 64 00:02:47,360 --> 00:02:50,400 3.1 was textbased and Windows was 65 00:02:50,400 --> 00:02:52,720 graphical and tons of software had to 66 00:02:52,720 --> 00:02:55,519 change to go to Windows which took time. 67 00:02:55,519 --> 00:02:57,680 But in theory, most apps that work in 68 00:02:57,680 --> 00:02:59,280 Windows 10 will still work in Windows 69 00:02:59,280 --> 00:03:02,239 11. Yet there's so much resistance and 70 00:03:02,239 --> 00:03:04,879 much of it likely is because the users 71 00:03:04,879 --> 00:03:07,920 cannot upgrade to Windows 11. Microsoft 72 00:03:07,920 --> 00:03:10,640 itself is blocking them. In order for 73 00:03:10,640 --> 00:03:13,040 many users to move to Windows 11, they 74 00:03:13,040 --> 00:03:15,760 have to buy newer computers. And the 75 00:03:15,760 --> 00:03:18,080 justification for this on the Microsoft 76 00:03:18,080 --> 00:03:20,560 side is twofold. First is the push for 77 00:03:20,560 --> 00:03:23,920 this security chip called a TPM chip 78 00:03:23,920 --> 00:03:25,920 which is lacking on old computers and 79 00:03:25,920 --> 00:03:28,640 which I will tell you now is a huge risk 80 00:03:28,640 --> 00:03:31,360 to privacy. And the second justification 81 00:03:31,360 --> 00:03:34,000 for Microsoft is to encourage more 82 00:03:34,000 --> 00:03:36,000 people to use Windows C-Pilot, which 83 00:03:36,000 --> 00:03:39,760 creates AI capable computers. Again, a 84 00:03:39,760 --> 00:03:42,640 massive risk to privacy. But there's 85 00:03:42,640 --> 00:03:45,519 more. New computers using Windows 11 now 86 00:03:45,519 --> 00:03:47,440 turn on Bit Locker, which is disk 87 00:03:47,440 --> 00:03:50,000 encryption by default. You might think 88 00:03:50,000 --> 00:03:53,120 this is a good thing, but not really. 89 00:03:53,120 --> 00:03:55,440 Windows has been forcing us to use cloud 90 00:03:55,440 --> 00:03:57,599 services constantly with features like 91 00:03:57,599 --> 00:03:59,840 one drive to ensure that you keep your 92 00:03:59,840 --> 00:04:01,760 files on Microsoft servers. And now 93 00:04:01,760 --> 00:04:05,200 they're pushing the new Windows backup. 94 00:04:05,200 --> 00:04:08,959 There's the push for Office 365 again to 95 00:04:08,959 --> 00:04:11,040 ensure that Microsoft keeps your 96 00:04:11,040 --> 00:04:12,799 documents. 97 00:04:12,799 --> 00:04:15,439 Or how about the Microsoft ID and the 98 00:04:15,439 --> 00:04:17,680 constant battle to ensure that you have 99 00:04:17,680 --> 00:04:20,479 a computer free from a privacy invading 100 00:04:20,479 --> 00:04:22,720 identifier? or how Microsoft keeps 101 00:04:22,720 --> 00:04:25,120 forcing updates that you cannot turn 102 00:04:25,120 --> 00:04:27,040 off. I'm going to cover all these 103 00:04:27,040 --> 00:04:29,199 approaches by Microsoft and explain to 104 00:04:29,199 --> 00:04:34,040 you why you don't want them. 105 00:04:34,240 --> 00:04:36,880 Microsoft ID. 106 00:04:36,880 --> 00:04:39,040 I'm sure this irks a lot of people 107 00:04:39,040 --> 00:04:40,960 lately. It is extremely difficult to 108 00:04:40,960 --> 00:04:44,320 install Windows without a Microsoft ID. 109 00:04:44,320 --> 00:04:46,720 Basically, Microsoft wants you to log 110 00:04:46,720 --> 00:04:48,479 into them just like Apple and Google 111 00:04:48,479 --> 00:04:51,440 requires you to to ensure that device is 112 00:04:51,440 --> 00:04:53,919 tied to an identity. There's still a way 113 00:04:53,919 --> 00:04:56,240 to avoid the Microsoft ID, but it is not 114 00:04:56,240 --> 00:04:58,240 obvious and requires so much trial and 115 00:04:58,240 --> 00:05:00,639 error to figure out. But basically, most 116 00:05:00,639 --> 00:05:03,120 people will be forced to put an ID card 117 00:05:03,120 --> 00:05:05,120 on your computer. So, whatever you do on 118 00:05:05,120 --> 00:05:07,919 the internet can be attributed to your 119 00:05:07,919 --> 00:05:10,240 particular machine. When Microsoft began 120 00:05:10,240 --> 00:05:12,240 pushing this heavily in later updates of 121 00:05:12,240 --> 00:05:15,039 Windows 10 and now locked in in Windows 122 00:05:15,039 --> 00:05:17,280 11 for the most part, it was the first 123 00:05:17,280 --> 00:05:20,960 sign of a red flag. Microsoft became big 124 00:05:20,960 --> 00:05:24,479 all of a sudden again as a company once 125 00:05:24,479 --> 00:05:26,880 they moved their infrastructure to a 126 00:05:26,880 --> 00:05:29,520 cloud-based one. This has guaranteed the 127 00:05:29,520 --> 00:05:31,759 income stream to Microsoft and raised 128 00:05:31,759 --> 00:05:35,120 their position as the number two company 129 00:05:35,120 --> 00:05:38,880 in valuation at $3.9 trillion. This 130 00:05:38,880 --> 00:05:41,919 growth in the cloud is Satiana Dela's 131 00:05:41,919 --> 00:05:44,400 claim to fame. So the idea of the 132 00:05:44,400 --> 00:05:48,160 Microsoft ID is to tie you to the cloud. 133 00:05:48,160 --> 00:05:50,400 One drive means you store your data to 134 00:05:50,400 --> 00:05:52,800 the cloud. Lately they're pushing 135 00:05:52,800 --> 00:05:54,720 Windows backup. And of course with 136 00:05:54,720 --> 00:05:58,160 Office 365, Xbox, and now with Copilot, 137 00:05:58,160 --> 00:06:01,360 your life will truly reside in Microsoft 138 00:06:01,360 --> 00:06:04,479 servers. This of course is the original 139 00:06:04,479 --> 00:06:07,039 Google formulas, so they're keen to 140 00:06:07,039 --> 00:06:09,280 dominate that now. And as proof, 141 00:06:09,280 --> 00:06:12,000 Microsoft has surpassed even Google in 142 00:06:12,000 --> 00:06:14,319 valuation. As a privacy expert, one of 143 00:06:14,319 --> 00:06:16,639 the main goals I have is to ensure that 144 00:06:16,639 --> 00:06:19,520 devices have anonymity. And you cannot 145 00:06:19,520 --> 00:06:21,360 do that if your device is currently 146 00:06:21,360 --> 00:06:23,360 logged into Microsoft where app and 147 00:06:23,360 --> 00:06:26,560 device telemetry ensures that they know 148 00:06:26,560 --> 00:06:28,639 everything you're doing on your machine. 149 00:06:28,639 --> 00:06:30,720 And the Microsoft ID is a big and 150 00:06:30,720 --> 00:06:33,039 primary part of this. Since they don't 151 00:06:33,039 --> 00:06:34,960 want you to have an anonymous device, 152 00:06:34,960 --> 00:06:40,600 then this is definitely a nogo for me. 153 00:06:43,360 --> 00:06:46,400 It's my machine. I paid for it. 154 00:06:46,400 --> 00:06:48,639 Microsoft didn't pay for it. So, as I 155 00:06:48,639 --> 00:06:50,560 will explain in many details here, 156 00:06:50,560 --> 00:06:53,199 Microsoft is definitely not interested 157 00:06:53,199 --> 00:06:56,000 in respecting your rights to have other 158 00:06:56,000 --> 00:06:58,240 things on your computer, even in 159 00:06:58,240 --> 00:07:01,199 separate partitions. I have had multiple 160 00:07:01,199 --> 00:07:03,759 instances of Windows wiping out entire 161 00:07:03,759 --> 00:07:06,319 Linux partitions and even a data only 162 00:07:06,319 --> 00:07:08,479 partition just because it didn't 163 00:07:08,479 --> 00:07:11,199 recognize the format. This is extremely 164 00:07:11,199 --> 00:07:13,520 aggravating. I have lost so much data 165 00:07:13,520 --> 00:07:15,759 from unexpected events like doing a 166 00:07:15,759 --> 00:07:18,080 Windows update and having it wipe the 167 00:07:18,080 --> 00:07:20,639 dual boot files and then continuing on 168 00:07:20,639 --> 00:07:23,280 to overwriting partition data to wipe 169 00:07:23,280 --> 00:07:26,639 Linux completely. As an advanced user, 170 00:07:26,639 --> 00:07:29,599 even if I had no gripes with Microsoft, 171 00:07:29,599 --> 00:07:31,680 there are many reasons for me to have 172 00:07:31,680 --> 00:07:33,840 multiple operating systems on my 173 00:07:33,840 --> 00:07:36,639 machine. This is not that uncommon with 174 00:07:36,639 --> 00:07:39,280 software developers. Yet, they force 175 00:07:39,280 --> 00:07:42,479 updates on you and you can't stop it and 176 00:07:42,479 --> 00:07:44,400 then they act like they're the only 177 00:07:44,400 --> 00:07:47,120 users of the machine. Now, over time, 178 00:07:47,120 --> 00:07:49,120 I've come up with workarounds to the 179 00:07:49,120 --> 00:07:50,880 stupidity of Windows and Windows 180 00:07:50,880 --> 00:07:53,520 policies, and I'll discuss that in an 181 00:07:53,520 --> 00:07:57,199 upcoming dual boot video. But generally, 182 00:07:57,199 --> 00:07:59,280 this lack of certainty to what Windows 183 00:07:59,280 --> 00:08:01,599 will do is a dangerous roll of the dice 184 00:08:01,599 --> 00:08:03,599 for people who make a living off 185 00:08:03,599 --> 00:08:06,080 computers. 186 00:08:06,080 --> 00:08:10,080 TPM is for you or for them. One of the 187 00:08:10,080 --> 00:08:12,160 biggest changes that Microsoft made is 188 00:08:12,160 --> 00:08:15,039 to not allow updates to Windows 11 from 189 00:08:15,039 --> 00:08:17,120 Windows 10. If your computer doesn't 190 00:08:17,120 --> 00:08:20,479 have the security chip called ATPM, 191 00:08:20,479 --> 00:08:23,280 which is an acronym for trusted platform 192 00:08:23,280 --> 00:08:25,039 module, you don't need to worry about 193 00:08:25,039 --> 00:08:27,199 what it means. It's a security chip and 194 00:08:27,199 --> 00:08:30,160 it has similar functions to the Titan M2 195 00:08:30,160 --> 00:08:32,640 chip on Pixels or the Apple secure 196 00:08:32,640 --> 00:08:35,120 enclave on iPhones. The basic 197 00:08:35,120 --> 00:08:37,760 functionality of the TPM, as with all 198 00:08:37,760 --> 00:08:40,080 other security chips, is that 199 00:08:40,080 --> 00:08:42,479 cryptographic keys used for encryption 200 00:08:42,479 --> 00:08:45,279 are not kept in the open in accessible 201 00:08:45,279 --> 00:08:48,160 memory or hard drive where third parties 202 00:08:48,160 --> 00:08:50,240 can potentially have access to them. 203 00:08:50,240 --> 00:08:52,560 Instead, the keys are stored inside the 204 00:08:52,560 --> 00:08:55,600 TPM with inaccessible private keys. 205 00:08:55,600 --> 00:08:57,760 There's no way to see the private keys. 206 00:08:57,760 --> 00:09:00,399 You present a public key to the TPM chip 207 00:09:00,399 --> 00:09:03,680 and it can validate it via the chip by 208 00:09:03,680 --> 00:09:06,000 checking the private key internally. 209 00:09:06,000 --> 00:09:08,080 This allows things like dis encryption 210 00:09:08,080 --> 00:09:09,680 to be done without creating some 211 00:09:09,680 --> 00:09:12,480 loophole for some hacker to capture an 212 00:09:12,480 --> 00:09:15,600 encryption key because its processes are 213 00:09:15,600 --> 00:09:18,480 locked inside a separate chip. There's 214 00:09:18,480 --> 00:09:21,040 theoretically no outside access to it. 215 00:09:21,040 --> 00:09:23,279 Sounds good in theory, right? Now, let 216 00:09:23,279 --> 00:09:25,279 me tell you the multiple problems with 217 00:09:25,279 --> 00:09:27,839 this TPM module. As it turns out, 218 00:09:27,839 --> 00:09:31,360 Microsoft actually stores your Microsoft 219 00:09:31,360 --> 00:09:34,399 ID together with the device ID 220 00:09:34,399 --> 00:09:37,839 identifiers in the cloud tied to your 221 00:09:37,839 --> 00:09:40,000 Microsoft account. This will become 222 00:09:40,000 --> 00:09:42,080 important when we talk about Bit Locker, 223 00:09:42,080 --> 00:09:44,320 which I'll discuss next. But the main 224 00:09:44,320 --> 00:09:47,440 issue here is that the TPM module is a 225 00:09:47,440 --> 00:09:50,000 device identifier. In fact, on most 226 00:09:50,000 --> 00:09:52,000 operating systems, whether it is Apple, 227 00:09:52,000 --> 00:09:54,399 Google or Microsoft, the security chip 228 00:09:54,399 --> 00:09:57,040 actually announces a unique device 229 00:09:57,040 --> 00:09:59,760 identifier. Since each security chip is 230 00:09:59,760 --> 00:10:01,920 flashed with a unique value for each 231 00:10:01,920 --> 00:10:04,959 device, it is like an IMEI on a phone. 232 00:10:04,959 --> 00:10:08,080 It gives out a unique ID. The problem is 233 00:10:08,080 --> 00:10:10,240 that some specific Microsoft products 234 00:10:10,240 --> 00:10:13,279 and services validate you based on this 235 00:10:13,279 --> 00:10:15,440 unique ID. And because it is now 236 00:10:15,440 --> 00:10:18,079 connected to the cloud, added to your 237 00:10:18,079 --> 00:10:20,640 upcoming extreme relationship with the 238 00:10:20,640 --> 00:10:23,920 Windows Copilot AI Companion, this is 239 00:10:23,920 --> 00:10:27,040 now going to be extra dangerous. What 240 00:10:27,040 --> 00:10:29,120 would have been a better option is to be 241 00:10:29,120 --> 00:10:31,920 able to insert your own security chip in 242 00:10:31,920 --> 00:10:34,480 your computer, similar to a UB key, 243 00:10:34,480 --> 00:10:36,720 where you can plug it or remove it at 244 00:10:36,720 --> 00:10:38,880 will, depending on what you're doing. 245 00:10:38,880 --> 00:10:41,360 Then at least you're given a choice. 246 00:10:41,360 --> 00:10:43,519 Now, there's no choice. Windows 11 247 00:10:43,519 --> 00:10:46,320 requires a TPM and Windows 11 will track 248 00:10:46,320 --> 00:10:48,160 your Microsoft ID together with your 249 00:10:48,160 --> 00:10:51,760 device ID based on the TPM. New software 250 00:10:51,760 --> 00:10:55,200 utilizes this. Now, gamers are suddenly 251 00:10:55,200 --> 00:10:57,279 discovering that their device ID are 252 00:10:57,279 --> 00:11:00,079 known to Microsoft and didn't know how. 253 00:11:00,079 --> 00:11:02,880 Yes, of course, there's the Xbox ID for 254 00:11:02,880 --> 00:11:06,000 Xbox gamers, but now the device ID is 255 00:11:06,000 --> 00:11:08,240 specifically known and is pulled from 256 00:11:08,240 --> 00:11:10,160 the TPM. 257 00:11:10,160 --> 00:11:12,399 Third parties can access this now with 258 00:11:12,399 --> 00:11:15,120 no restriction via API. If you want to 259 00:11:15,120 --> 00:11:17,920 know how to check your TPM status, here 260 00:11:17,920 --> 00:11:21,040 are example commands on Windows. By the 261 00:11:21,040 --> 00:11:24,079 way, you can restrict access to the TPM 262 00:11:24,079 --> 00:11:26,000 in Linux, and I'll make a separate TPM 263 00:11:26,000 --> 00:11:28,399 video in the future to manage all this. 264 00:11:28,399 --> 00:11:30,480 There's a deliberate purpose to all this 265 00:11:30,480 --> 00:11:33,360 madness, and it's all tied to the AI. 266 00:11:33,360 --> 00:11:34,880 So, don't think this is some random 267 00:11:34,880 --> 00:11:36,880 choice by Microsoft, but I'll get to 268 00:11:36,880 --> 00:11:38,880 that. In the meantime, let's go to the 269 00:11:38,880 --> 00:11:43,480 next level, which is Bit Locker. 270 00:11:43,839 --> 00:11:46,320 Bit Locker. 271 00:11:46,320 --> 00:11:48,640 Bit Locker is new. If you buy a new 272 00:11:48,640 --> 00:11:50,399 Windows computer, you will have this 273 00:11:50,399 --> 00:11:52,399 shock when you try to install Linux on 274 00:11:52,399 --> 00:11:55,279 it or if you try to turn off secure 275 00:11:55,279 --> 00:11:57,839 boot. Bit Locker is a new Microsoft 276 00:11:57,839 --> 00:12:01,279 drive encryption. It is a Microsoftonly 277 00:12:01,279 --> 00:12:03,600 product. It is tied to the full hard 278 00:12:03,600 --> 00:12:06,079 drive. So you cannot for example have a 279 00:12:06,079 --> 00:12:08,959 Linux partition freely. It will also be 280 00:12:08,959 --> 00:12:11,760 subject to Bit Locker. Yes, I'll discuss 281 00:12:11,760 --> 00:12:14,480 secure boot later as well. I just got 282 00:12:14,480 --> 00:12:16,560 myself a new laptop. It's a brand new 283 00:12:16,560 --> 00:12:20,399 Lenovo ThinkPad X1 Carbon. And as usual, 284 00:12:20,399 --> 00:12:22,399 as the first step to installing Linux, I 285 00:12:22,399 --> 00:12:24,639 would typically go to BIOS and turn off 286 00:12:24,639 --> 00:12:27,279 secure boot. Was I in for a shock? 287 00:12:27,279 --> 00:12:29,600 First, Windows 11 Bit Locker was enabled 288 00:12:29,600 --> 00:12:32,240 by default. So the moment I turn off 289 00:12:32,240 --> 00:12:34,639 secure boot without warning the drive 290 00:12:34,639 --> 00:12:37,440 locked up and I basically had no access 291 00:12:37,440 --> 00:12:40,240 to the SSD drive. The lock up is at the 292 00:12:40,240 --> 00:12:42,399 BIOS level. So basically it will refuse 293 00:12:42,399 --> 00:12:44,959 to boot the hard drive. Now I can of 294 00:12:44,959 --> 00:12:46,800 course reformat the hard drive some 295 00:12:46,800 --> 00:12:49,680 other way or insert a different SSD 296 00:12:49,680 --> 00:12:51,680 drive. But unlike older versions of 297 00:12:51,680 --> 00:12:53,920 Windows on my particular computer there 298 00:12:53,920 --> 00:12:56,399 is no longer a recovery partition. So 299 00:12:56,399 --> 00:12:59,440 you can't just boot to recovery. I had 300 00:12:59,440 --> 00:13:01,680 to find a custom boot image from Lenovo 301 00:13:01,680 --> 00:13:05,040 and flash it to a USB. I spent an entire 302 00:13:05,040 --> 00:13:07,760 day making a boot partition, copying all 303 00:13:07,760 --> 00:13:10,079 my data, and I lost it all and had to 304 00:13:10,079 --> 00:13:12,240 start from scratch. Now, here's the 305 00:13:12,240 --> 00:13:14,079 kicker. When you lose access because of 306 00:13:14,079 --> 00:13:16,240 Bit Locker, it revealed some interesting 307 00:13:16,240 --> 00:13:18,240 things. Apparently, when you log in 308 00:13:18,240 --> 00:13:20,720 using your Microsoft ID, the recovery 309 00:13:20,720 --> 00:13:23,519 key for your hard drive as stored in the 310 00:13:23,519 --> 00:13:27,120 TPM and the device ID are all now stored 311 00:13:27,120 --> 00:13:30,160 at Microsoft and tied to your Microsoft 312 00:13:30,160 --> 00:13:31,920 ID. So basically, while you think your 313 00:13:31,920 --> 00:13:34,399 Bit Locker is tied to just your TPM 314 00:13:34,399 --> 00:13:35,920 chip, in reality, it is tied to 315 00:13:35,920 --> 00:13:37,600 Microsoft since someone with access to 316 00:13:37,600 --> 00:13:40,480 your Microsoft ID can basically recover 317 00:13:40,480 --> 00:13:43,519 your Bit Locker encrypted drive recovery 318 00:13:43,519 --> 00:13:46,480 key. In my case, and maybe because I 319 00:13:46,480 --> 00:13:49,120 turned off my Microsoft ID, I actually 320 00:13:49,120 --> 00:13:51,360 could not unlock my Bit Locker lock 321 00:13:51,360 --> 00:13:54,160 drive. I had to start from scratch. 322 00:13:54,160 --> 00:13:56,800 However, this exposes how this supposed 323 00:13:56,800 --> 00:13:58,959 security protection is fundamentally 324 00:13:58,959 --> 00:14:01,440 tied to Microsoft control. The thing 325 00:14:01,440 --> 00:14:04,079 that angers me the most is that this is 326 00:14:04,079 --> 00:14:06,959 a drive where I, as the owner, decided 327 00:14:06,959 --> 00:14:09,600 to make a separate partition for another 328 00:14:09,600 --> 00:14:12,240 operating system. And yet Microsoft 329 00:14:12,240 --> 00:14:15,279 decides that it will override that and 330 00:14:15,279 --> 00:14:18,079 take control of the entire drive. Linux 331 00:14:18,079 --> 00:14:19,920 of course does not have rights to Bit 332 00:14:19,920 --> 00:14:22,720 Locker. It is not some open-source 333 00:14:22,720 --> 00:14:24,880 software. So Microsoft here decided that 334 00:14:24,880 --> 00:14:29,839 it owned your computer, not you. 335 00:14:29,839 --> 00:14:33,320 Secure boot. 336 00:14:33,360 --> 00:14:35,360 Secure boot is a BIOS setting and if 337 00:14:35,360 --> 00:14:37,519 enabled anytime you boot an operating 338 00:14:37,519 --> 00:14:40,160 system like Windows or a DRO like 339 00:14:40,160 --> 00:14:43,040 Ubuntu, the UP boot software will check 340 00:14:43,040 --> 00:14:45,120 the signing key of the product and see 341 00:14:45,120 --> 00:14:49,279 if it is an approved OS, meaning it is 342 00:14:49,279 --> 00:14:53,040 signed using Microsoft keys. That alone 343 00:14:53,040 --> 00:14:55,120 is problematic, but we'll ignore that 344 00:14:55,120 --> 00:14:57,920 for now. In some ways, secure boot was a 345 00:14:57,920 --> 00:14:59,839 waste of time because for the average 346 00:14:59,839 --> 00:15:01,920 person, it did not offer any kind of 347 00:15:01,920 --> 00:15:04,320 security. at least until Bit Locker and 348 00:15:04,320 --> 00:15:07,120 TPM happened. All you had to do was turn 349 00:15:07,120 --> 00:15:09,920 secure boot off. There's no security 350 00:15:09,920 --> 00:15:11,760 whatsoever required in turning off 351 00:15:11,760 --> 00:15:14,000 secure boot in BIOS. You could do this 352 00:15:14,000 --> 00:15:16,800 to any computer, but this was only an 353 00:15:16,800 --> 00:15:19,120 inconvenience as it potentially delayed 354 00:15:19,120 --> 00:15:22,079 a hacker by maybe only 2 minutes. 355 00:15:22,079 --> 00:15:24,240 However, what I didn't realize is that 356 00:15:24,240 --> 00:15:26,399 since DROs like Ubuntu are actually 357 00:15:26,399 --> 00:15:30,000 signed using Microsoft keys that they 358 00:15:30,000 --> 00:15:32,480 don't need secure boot to be turned off. 359 00:15:32,480 --> 00:15:35,199 It does bother me that Microsoft inserts 360 00:15:35,199 --> 00:15:37,120 themselves into security features of the 361 00:15:37,120 --> 00:15:40,079 bootloader, but at least popular distros 362 00:15:40,079 --> 00:15:42,959 are exempt. Special distros will require 363 00:15:42,959 --> 00:15:45,760 secure boot to be turned off though. But 364 00:15:45,760 --> 00:15:47,839 the worst part about secure boot is that 365 00:15:47,839 --> 00:15:50,160 it totally messes up using virtual 366 00:15:50,160 --> 00:15:52,639 machines. If you're going to use any 367 00:15:52,639 --> 00:15:55,199 virtual machine like KVM or virtual box, 368 00:15:55,199 --> 00:15:56,959 it's actually going to use the same 369 00:15:56,959 --> 00:15:59,360 bootloader programs with secure boot and 370 00:15:59,360 --> 00:16:03,279 it will cause the VM to fail. So you 371 00:16:03,279 --> 00:16:05,279 have to run a bunch of command line 372 00:16:05,279 --> 00:16:07,680 instructions to sign the virtual machine 373 00:16:07,680 --> 00:16:11,279 software itself again using the same 374 00:16:11,279 --> 00:16:13,519 Microsoft keys. 375 00:16:13,519 --> 00:16:15,600 I mean it's really hard to get Microsoft 376 00:16:15,600 --> 00:16:18,079 away from anything. The tendrils of 377 00:16:18,079 --> 00:16:20,720 control are just everywhere. 378 00:16:20,720 --> 00:16:22,800 And again to remind you of what I just 379 00:16:22,800 --> 00:16:25,519 said, secure boot is now tied to Bit 380 00:16:25,519 --> 00:16:28,240 Locker. If you turn off secure boot, Bit 381 00:16:28,240 --> 00:16:30,399 Locker will lock up and there's no 382 00:16:30,399 --> 00:16:32,639 direct recovery by turning secure boot 383 00:16:32,639 --> 00:16:35,839 back on. And in case you're wondering, 384 00:16:35,839 --> 00:16:38,480 yes, secure boot is another Microsoft 385 00:16:38,480 --> 00:16:41,480 invention. 386 00:16:42,560 --> 00:16:44,880 Force updates. 387 00:16:44,880 --> 00:16:46,560 just to make sure that they have full 388 00:16:46,560 --> 00:16:49,120 control over your machine. Microsoft of 389 00:16:49,120 --> 00:16:51,440 course forces updates on you. All these 390 00:16:51,440 --> 00:16:54,320 are under the guise of cyber security of 391 00:16:54,320 --> 00:16:56,240 course and I'm sure all these cyber 392 00:16:56,240 --> 00:16:58,000 security experts will all chime in and 393 00:16:58,000 --> 00:17:02,399 say that I need all this. Yeah, right. 394 00:17:02,399 --> 00:17:04,880 Why not let me decide that? You don't 395 00:17:04,880 --> 00:17:07,120 know what I want or need. And in any 396 00:17:07,120 --> 00:17:09,360 case, I have limited use of Windows. 397 00:17:09,360 --> 00:17:13,520 Extremely limited. Like 1% usage. So, I 398 00:17:13,520 --> 00:17:16,079 don't want an OS I use 1% of the time to 399 00:17:16,079 --> 00:17:19,360 dictate my use of the computer 100% of 400 00:17:19,360 --> 00:17:21,839 the time. You want to hack my Windows 401 00:17:21,839 --> 00:17:24,959 installation? Go ahead. I have nothing 402 00:17:24,959 --> 00:17:26,959 on it. It just bugs me that someone else 403 00:17:26,959 --> 00:17:29,600 decides what I need and choices are kept 404 00:17:29,600 --> 00:17:32,160 from me. And these force updates have 405 00:17:32,160 --> 00:17:34,480 caused me massive problems. One of the 406 00:17:34,480 --> 00:17:36,960 well-known incidents was when Microsoft 407 00:17:36,960 --> 00:17:39,200 overwrote the boot instructions, which 408 00:17:39,200 --> 00:17:42,080 in my case is set up to be dual boot. I 409 00:17:42,080 --> 00:17:44,799 can choose to boot Linux or Windows. I'm 410 00:17:44,799 --> 00:17:47,280 primarily a Linux user. Then it 411 00:17:47,280 --> 00:17:48,720 completely overrides the boot 412 00:17:48,720 --> 00:17:50,640 instruction. So now I can't boot to 413 00:17:50,640 --> 00:17:53,280 Linux. So usually I have to always put a 414 00:17:53,280 --> 00:17:55,600 delay on Windows updates, which you can 415 00:17:55,600 --> 00:17:58,320 only delay up to two weeks. This gives 416 00:17:58,320 --> 00:18:00,080 me an allowance to prepare for a 417 00:18:00,080 --> 00:18:02,640 catastrophe, but that's the limit, 2 418 00:18:02,640 --> 00:18:04,400 weeks. So I have to find some time 419 00:18:04,400 --> 00:18:08,080 within a twoe window to do an update. I 420 00:18:08,080 --> 00:18:09,600 don't want to be in the middle of an 421 00:18:09,600 --> 00:18:12,320 important project and be shut down just 422 00:18:12,320 --> 00:18:14,960 because I voted to zucking Windows. For 423 00:18:14,960 --> 00:18:17,919 my specific use, I rarely want a Windows 424 00:18:17,919 --> 00:18:20,640 update if some specific major security 425 00:18:20,640 --> 00:18:22,880 thing is announced. I would like to be 426 00:18:22,880 --> 00:18:25,520 given the choice. Tell me the risk and 427 00:18:25,520 --> 00:18:28,080 I'll decide. But I guess it is no longer 428 00:18:28,080 --> 00:18:32,640 your computer when you run Windows 11. 429 00:18:32,640 --> 00:18:35,440 Overwriting partitions. 430 00:18:35,440 --> 00:18:37,120 Again, similar to the updates 431 00:18:37,120 --> 00:18:39,200 overwriting the boot instructions, you 432 00:18:39,200 --> 00:18:40,799 have some dangerous utilities like 433 00:18:40,799 --> 00:18:43,280 Windows disk management utility. Again, 434 00:18:43,280 --> 00:18:45,200 one that was designed to prevent other 435 00:18:45,200 --> 00:18:47,679 operating systems from running. If you 436 00:18:47,679 --> 00:18:49,919 accidentally go into disk management and 437 00:18:49,919 --> 00:18:52,880 decide to view a Linux partition, which 438 00:18:52,880 --> 00:18:54,960 it will not recognize, you might 439 00:18:54,960 --> 00:18:56,720 accidentally overwrite the entire 440 00:18:56,720 --> 00:18:59,120 partition and lose everything. And this 441 00:18:59,120 --> 00:19:01,280 is something that already happened to 442 00:19:01,280 --> 00:19:03,679 me. At the very least, it should 443 00:19:03,679 --> 00:19:05,679 recognize a foreign partition and not 444 00:19:05,679 --> 00:19:08,240 allow a write, at least without a ton of 445 00:19:08,240 --> 00:19:10,400 warnings. But there's no warning. It 446 00:19:10,400 --> 00:19:12,720 just overwrites and your Linux partition 447 00:19:12,720 --> 00:19:14,720 with all your data is suddenly wiped out 448 00:19:14,720 --> 00:19:17,120 just because you decided to have Linux 449 00:19:17,120 --> 00:19:19,679 coexist with Windows because, you know, 450 00:19:19,679 --> 00:19:22,400 you think it's your own computer. A 451 00:19:22,400 --> 00:19:26,160 Linux partition is formatted using ext4. 452 00:19:26,160 --> 00:19:27,840 You think in this day and age that 453 00:19:27,840 --> 00:19:29,760 Windows with its resources could 454 00:19:29,760 --> 00:19:32,880 recognize an ext4 partition, especially 455 00:19:32,880 --> 00:19:36,160 since it is zucking open source, but of 456 00:19:36,160 --> 00:19:40,760 course they do this intentionally. 457 00:19:41,120 --> 00:19:45,039 The real objective is AI. Like I said, 458 00:19:45,039 --> 00:19:46,640 there's a reason to all this madness, 459 00:19:46,640 --> 00:19:48,720 and it is the control that Microsoft 460 00:19:48,720 --> 00:19:51,440 wants to put on us. So, let me show you 461 00:19:51,440 --> 00:19:54,400 this again in case you forgot. Well, I 462 00:19:54,400 --> 00:19:55,840 mean, I guess the first thing to say is 463 00:19:55,840 --> 00:19:58,160 that we are on a mission to create a 464 00:19:58,160 --> 00:20:01,440 true AI companion. And to me, an AI 465 00:20:01,440 --> 00:20:04,480 companion is one that can hear what you 466 00:20:04,480 --> 00:20:08,640 hear um and see what you see and live 467 00:20:08,640 --> 00:20:11,840 life essentially alongside you. um you 468 00:20:11,840 --> 00:20:14,400 know your AI companion will be able to 469 00:20:14,400 --> 00:20:16,240 remember uh everything that you've 470 00:20:16,240 --> 00:20:18,240 talked about session to session 471 00:20:18,240 --> 00:20:20,240 understand the content of the web pages 472 00:20:20,240 --> 00:20:23,360 that you browse um and be able to talk 473 00:20:23,360 --> 00:20:24,960 to you just like I'm talking to you now 474 00:20:24,960 --> 00:20:27,679 so it's going to have this seamless 475 00:20:27,679 --> 00:20:30,559 fluid very very smooth conversational 476 00:20:30,559 --> 00:20:33,679 interaction yes the purpose of this is 477 00:20:33,679 --> 00:20:36,400 to immerse yourself in the see what you 478 00:20:36,400 --> 00:20:38,880 see technology for the computer to get 479 00:20:38,880 --> 00:20:41,440 to know you intimately ly for the 480 00:20:41,440 --> 00:20:44,000 computer to be a copy of your brain. So 481 00:20:44,000 --> 00:20:45,919 the way this is intended to work, the 482 00:20:45,919 --> 00:20:48,159 vast majority of you have to be running 483 00:20:48,159 --> 00:20:51,440 on a Windows Copilot PC with Windows 11. 484 00:20:51,440 --> 00:20:53,280 And if you have this setup, then Windows 485 00:20:53,280 --> 00:20:54,880 recall starts recording all your 486 00:20:54,880 --> 00:20:57,200 activity by screenshots every few 487 00:20:57,200 --> 00:21:00,400 seconds. Then the AI analyzes what's 488 00:21:00,400 --> 00:21:02,960 happening on screen and notates it and 489 00:21:02,960 --> 00:21:05,280 stores that information on the hard 490 00:21:05,280 --> 00:21:08,000 drive. in which case Windows 11 will 491 00:21:08,000 --> 00:21:10,400 have a complete history of your life. 492 00:21:10,400 --> 00:21:12,320 Now, of course, philosophically 493 00:21:12,320 --> 00:21:14,480 speaking, putting your entire life on a 494 00:21:14,480 --> 00:21:16,799 computer changes the way you use a 495 00:21:16,799 --> 00:21:19,679 computer. Suddenly, you have to be super 496 00:21:19,679 --> 00:21:22,159 interested in cyber security because you 497 00:21:22,159 --> 00:21:24,799 need to protect your device in ways you 498 00:21:24,799 --> 00:21:28,000 didn't have to do before. Makes sense. 499 00:21:28,000 --> 00:21:30,640 This information used to be private in 500 00:21:30,640 --> 00:21:32,159 your brain. and now it is on your 501 00:21:32,159 --> 00:21:34,320 computer and now you have to lock it up 502 00:21:34,320 --> 00:21:37,120 with all the security BS. Did you need 503 00:21:37,120 --> 00:21:38,960 this? If you're like me where you 504 00:21:38,960 --> 00:21:40,559 partition what you do in your life, you 505 00:21:40,559 --> 00:21:42,159 don't need to put your entire life on 506 00:21:42,159 --> 00:21:45,039 display in social media. Just like I 507 00:21:45,039 --> 00:21:46,799 don't need my computer to know 508 00:21:46,799 --> 00:21:49,120 everything, but they're not making it a 509 00:21:49,120 --> 00:21:51,200 choice. It is a crazy decision, but it 510 00:21:51,200 --> 00:21:53,679 comes with all the baggage of requiring 511 00:21:53,679 --> 00:21:56,080 Bit Locker, Secure Boot, and a TPM. And 512 00:21:56,080 --> 00:21:58,559 I'm sure they'll add more in the future 513 00:21:58,559 --> 00:22:00,880 because without all this, someone could 514 00:22:00,880 --> 00:22:03,440 hack your computer and read all your 515 00:22:03,440 --> 00:22:05,520 data. Of course, no one tells you that 516 00:22:05,520 --> 00:22:08,000 HQ could just ask the AI what it knows 517 00:22:08,000 --> 00:22:10,559 about you and it is able to summarize 518 00:22:10,559 --> 00:22:13,200 that for someone without having to do 519 00:22:13,200 --> 00:22:15,919 any special decryption. This is the 520 00:22:15,919 --> 00:22:18,640 stupidity of all this. This is the 521 00:22:18,640 --> 00:22:22,000 purpose of all this BS. The answer, of 522 00:22:22,000 --> 00:22:25,679 course, is just to say no. Thank you. 523 00:22:25,679 --> 00:22:28,720 We're not given a choice. So, make the 524 00:22:28,720 --> 00:22:32,240 choice and not use Windows 11 unless you 525 00:22:32,240 --> 00:22:36,000 believe in this AI companion BS. People 526 00:22:36,000 --> 00:22:38,400 often argue with me about issues related 527 00:22:38,400 --> 00:22:41,360 to cyber security versus privacy. This 528 00:22:41,360 --> 00:22:43,600 is a clear explanation of the 529 00:22:43,600 --> 00:22:46,080 difference. All the cyber security 530 00:22:46,080 --> 00:22:48,559 protections put in by Microsoft are here 531 00:22:48,559 --> 00:22:51,440 to take away all your privacy. If you're 532 00:22:51,440 --> 00:22:54,159 a follower of mine, you are at odds with 533 00:22:54,159 --> 00:22:56,480 this reasoning. So, install Linux and 534 00:22:56,480 --> 00:23:01,400 tell Microsoft to go zuck themselves. 535 00:23:03,360 --> 00:23:05,600 Folks, thank you for watching my videos. 536 00:23:05,600 --> 00:23:07,440 As many of you know, this channel does 537 00:23:07,440 --> 00:23:09,520 not have sponsors and we primarily 538 00:23:09,520 --> 00:23:11,360 sustain ourselves by just creating 539 00:23:11,360 --> 00:23:13,600 products and services that we use to 540 00:23:13,600 --> 00:23:16,720 defend our privacy posture. I'd like to 541 00:23:16,720 --> 00:23:18,880 invite you to visit our community site 542 00:23:18,880 --> 00:23:21,360 Braxme which has a growing community of 543 00:23:21,360 --> 00:23:23,840 privacy enthusiasts. There are people 544 00:23:23,840 --> 00:23:26,240 from various walks of life and beliefs 545 00:23:26,240 --> 00:23:28,880 and they converge together in the mutual 546 00:23:28,880 --> 00:23:31,520 support of privacy issues. We have a 547 00:23:31,520 --> 00:23:33,600 store there with products ranging from 548 00:23:33,600 --> 00:23:36,640 the Bra virtual phone service, 549 00:23:36,640 --> 00:23:38,640 Braxmail, 550 00:23:38,640 --> 00:23:41,120 BytesVPN 551 00:23:41,120 --> 00:23:43,840 and other services like flashing an OS. 552 00:23:43,840 --> 00:23:46,080 All these are tools used by the privacy 553 00:23:46,080 --> 00:23:47,679 aware and you can even talk to the 554 00:23:47,679 --> 00:23:50,880 actual users of the products directly. 555 00:23:50,880 --> 00:23:53,360 Join us. We'd love to have you there and 556 00:23:53,360 --> 00:23:55,440 you don't even have to identify yourself 557 00:23:55,440 --> 00:23:57,679 to be part of the community. The very 558 00:23:57,679 --> 00:24:00,240 successful Bra 3 phone is also available 559 00:24:00,240 --> 00:24:02,720 for pre-order on a second batch. The 560 00:24:02,720 --> 00:24:04,720 first batch has been sold out. 561 00:24:04,720 --> 00:24:06,400 Information about that is on 562 00:24:06,400 --> 00:24:08,960 bratech.net. 563 00:24:08,960 --> 00:24:11,600 Thanks also to those who donate to us on 564 00:24:11,600 --> 00:24:13,120 Patreon, locals, and YouTube 565 00:24:13,120 --> 00:24:16,640 memberships. You are all appreciated. 566 00:24:16,640 --> 00:24:20,120 See you next time.40893