It's the same playbook every company uses, who want to feed us something we don't like. They'll try again and again. Maybe they'll add sugar to the medicine, maybe they'll wave the spoon around and make airplane noises, maybe they'll distract us with a toy and jam the spoon in when we aren't expecting it, maybe they'll hold us down and give it as a suppository. One way or another, the baby is going to take the medicine. That's how these companies think about their customers.

Another example comes from Facebook/Meta.

When WhatsApp forced accepting terms that affect privacy, they faced huge backlash and many were migrating to alternatives like signal & telegram. In response WhatsApp didn't backout of new the policy but just removed the enforcement deadline.

Now they silently and randomly show an annoying popup asking users to agree to the new privacy terms. The dialog is strategically placed and designed to collect as many accidental as clicks possible.

Sadly, the strategy worked for them and nobody cares about the new terms any more.

I remember back in the 90's when MS started making noises about leasing software.

Has TPM been a net positive or negative for users / enterprises / the industry?

TPM protects against two main threat models:

1. You don't trust people with physical access to the computer. For the average home user, this means you consider the hardware owner a threat.

2. You want to protect against malware that has already taken complete control over the OS at runtime, and that wants to write itself to disk or the BIOS so that it survives a reboot. At this point, the attacker has already won, so... This might make sense on a stateless appliance like a Chromebook where you do factory wipes a lot.

So TPM mostly "protects" against the hardware owner, or against malware that already has 100% access to all user data, and just wants to stick around a bit longer.

Personally, I'd go with TPM being net negative, because the primary threat model it "protects" against is the actual hardware owner.

For a mobile device, such as a laptop, lots of people other than the device owner will have physical access.

The useful use-case of a TPM to me is the ability to encrypt my disk without having to type a decryption password each time I use it.

It does require someone to steal the entire laptop rather than just the hard drive, but… I don’t think that this was an actual worry, and the security result of encrypting to a device with the key stored in the same device is much like not encrypting.

It also makes it a lot harder to bypass the login screen, even if someone takes the whole laptop.

In case you weren't aware, the ability to do a passwordless unseal can be tied to not tampering with the bootchain. It's not entirely bulletproof, but it's beyond the abilities of most thieves to bypass this (versus just popping the drive in another machine).

I think you are missing some parts in the industrial use.

The TPM is also used for device authentication. It prevents the leakage of certificates that are used to ensure that you are using the device you claim to be using. This is highly relevant when having remote access from users and one would like to enforce tiering rules together with privileged access workstations.

Furthermore, the second example in which "the attacker already won" is missing the context. The attacker does not want to access the computer (in the industrial example), it wants to use to escalate access within its organization. The TPM can be used for remote attestation, that is, a remote server can verify the integrity of the boot process of the device before giving access to remote resources. In other words, it can be used to check for device compliance.

It is definitely a positive for enterprise security.

Verifying the integrity of the boot process is irrelevant. Nobody actually cares about this.

So, like he said, the hardware owner is the threat being protected against.

Interesting perspective. While I know secure boot has some downsides, on the whole I think it’s a pretty good thing.

I guess you’re looking at it as a freedom for gramps to dual boot a homebrew OS, and I’m looking at it as taking away gramps’ freedom to install persistent malware that requires buying new hardware to get rid of.

Smartphone encryption uses TPMs to keep keys out of RAM and to limit thieves/police to 9 PIN attempts before wipe on failed attempt 10. If you care about your phone being encrypted you benefit. If you wipe a phone with just a few taps thanks to key destruction instead of waiting for a full TRIM run you benefit.

On the negative side requiring TPM to install Windows 11 is planned obsolescence that greatly outweighs any perceived platform level security Microsoft promises. A lot of e-waste will be generated ahead of the Oct 2025 sunset of Windows 10. Who really believes Microsoft is fighting for user security like Google did when they proactively sunset SHA-1? Platform security also means bank apps refuse to run on rooted phones. Some online games have metastasized from kernel extensions to TPM verified hardware IDs.

No