➡ Microsoft is ending support for Windows 10 on October 14, 2025, which is causing concern for many users. The new Windows 11 requires a TPM chip, which older computers lack, forcing users to buy new computers. Microsoft’s push for cloud services, mandatory updates, and the need for a Microsoft ID are seen as invasions of privacy. The author suggests users should consider alternatives to Windows to maintain their privacy and control over their devices.
➡ Windows 11’s new security features, like the TPM chip and BitLocker, are causing concerns. These features, which are meant to protect your computer, are tied to your Microsoft ID and can lock you out of your own device. They also limit the ability to use other operating systems like Linux. This is part of Microsoft’s larger plan to control user data and integrate AI companions into their systems.
➡ Windows 11’s new feature, Windows Recall, records and analyzes your computer activity, creating a complete history of your life on your device. This requires strong cybersecurity measures to protect your data, but it also raises privacy concerns as your previously private information is now stored on your computer. The author suggests rejecting this feature and instead using Linux for better privacy. The author also invites viewers to join their privacy-focused community, Braxme, and mentions their privacy-oriented products and services.

Many of you who are users of Windows 10 are likely in panic since Windows 10 is about to be classified as End of Life by Microsoft. End of Life is today, October 14, 2025, a day that will live in tech infamy. Currently, still 40% of Windows users are still on Windows 10. Likely the main reason you have not updated to Windows 11 is because you cannot. Your old computer is considered junk now because it doesn’t have this thing called a TPM chip. You’re being pushed to get a co-pilot PC, one that is equipped to handle the AI companion, even though likely you have not come up with a reason to want to use some spying AI in your daily computer life.

So you don’t want this. But it’s worse. Microsoft has basically been systematically exerting dominance over its users to the point that you question now if your machine is yours or if it is Microsoft, and you’re just paying for it. Just to put some balance in this video, let me show you that I have a long career as a Windows developer. And I’ve had Bill Gates demonstrate my software at a keynote speech, and I’m a Windows expert. And for many years, even as a privacy guru, I had a tolerant approach to Windows since there were many ways I could configure it to avoid privacy dangers.

But in recent years with the advent of Windows 11, I have to say that Microsoft has truly gone crazy. In the current direction of Windows 11, tells me that it is time for all of you to go. You are not a Microsoft slave. You own your device, take your freedom back, dump Windows. Otherwise, it will own you. Microsoft has plans for you, and you will not like those plans. What I’m going to discuss here are the specific reasons that I have to part ways with Windows, and hopefully software developers make good versions of their products in Linux.

So we have little reason to use this Windows 11 garbage. And you will discover that it is garbage. Yes, this is a rant. So if you want to learn the specifics, stay right there. Windows 10 end of life. While it is definitely the right of a software company to classify their old software as end of life, especially after 10 years of release, one needs to ask why there’s so much resistance. I’ve never encountered so much resistance to moving to a newer version, likely since DOS 3.1 to Windows, and that was justifiable. Windows required new hardware since DOS 3.1 was text based, and Windows was graphical, and tons of software had to change to go to Windows, which took time.

But in theory, most apps that work in Windows 10 will still work in Windows 11. Yet there’s so much resistance. And much of it likely is because the users cannot upgrade to Windows 11. Microsoft itself is blocking them. In order for many users to move to Windows 11, they have to buy newer computers. And the justification for this on the Microsoft side is twofold. First is the push for the security chip called a TPM chip, which is lacking on old computers, and which I will tell you now is a huge risk to privacy.

And the second justification for Microsoft is to encourage more people to use Windows Copilot, which creates AI capable computers. Again, a massive risk to privacy. But there’s more. New computers using Windows 11 now turn on BitLocker, which is disk encryption, by default. You might think this is a good thing, but not really. Windows has been forcing us to use cloud services constantly with features like OneDrive to ensure that you keep your files on Microsoft servers, and now they’re pushing the new Windows backup. There’s the push for Office 365, again, to ensure that Microsoft keeps your documents.

Or how about the Microsoft ID and the constant battle to ensure that you have a computer free from a privacy invading identifier. Or how Microsoft keeps forcing updates that you cannot turn off. I’m going to cover all these approaches by Microsoft and explain to you why you don’t want them. Microsoft ID. I’m sure this irks a lot of people. Lately, it is extremely difficult to install Windows without a Microsoft ID. Basically, Microsoft wants you to log into them, just like Apple and Google requires you to, to ensure that the device is tied to an identity.

There’s still a way to avoid the Microsoft ID, but it is not obvious and requires so much trial and error to figure out. But basically, most people will be forced to put an ID card on your computer, so whatever you do on the internet can be attributed to your particular machine. When Microsoft began pushing this heavily in later updates of Windows 10, and now locked in in Windows 11, for the most part, it was the first sign of a red flag. Microsoft became big all of a sudden, again, as a company. Once they moved their infrastructure to a cloud based one, this has guaranteed the income stream to Microsoft and raised their position as the number two company in valuation at $3.9 trillion.

This growth in the cloud is Satya Nadella’s claim to fame. So, the idea of the Microsoft ID is to tie you to the cloud. OneDrive means you store your data to the cloud. Lately, they’re pushing Windows back up and, of course, with Office 365, Xbox, and now with Copilot, your life will truly reside in Microsoft servers. This, of course, is the original Google formulas, so they’re keen to dominate that now, and as proof, Microsoft has surpassed even Google in valuation. As a privacy expert, one of the main goals I have is to ensure that devices have anonymity.

And you cannot do that if your devices currently logged into Microsoft or app and device telemetry ensures that they know everything you’re doing on your machine. And the Microsoft ID is a big and primary part of this. Since they don’t want you to have an anonymous device, then this is definitely a no-go for me. It’s my machine. I paid for it. Microsoft didn’t pay for it. So, as I will explain in many details here, Microsoft is definitely not interested in respecting your rights to have other things on your computer, even in separate partitions.

I have had multiple instances of Windows wiping out entire Linux partitions, and even a data-only partition, just because it didn’t recognize the format. This is extremely aggravating. I have lost so much data from unexpected events, like doing a Windows update and having it wipe the dual boot files, and then continuing on to overwriting partition data to wipe Linux completely. As an advanced user, even if I had no gripes with Microsoft, there are many reasons for me to have multiple operating systems on my machine. This is not that uncommon with software developers, yet they force updates on you, and you can’t stop it, and then they act like they’re the only users of the machine.

Now, over time, I’ve come up with workarounds to the stupidity of Windows and Windows policies, and I’ll discuss that in an upcoming dual boot video. But generally, this lack of certainty toward Windows will do is a dangerous roll of the dice for people who make a living off computers. TPM is for you, or for them. One of the biggest changes that Microsoft made is to not allow updates to Windows 11 from Windows 10 if your computer doesn’t have this security chip called a TPM, which is an acronym for Trusted Platform Module. You don’t need to worry about what it means.

It’s a security chip, and it has similar functions to the Titan M2 chip on pixels, or the Apple Secure Enclave on iPhones. The basic functionality of the TPM, as with all other security chips, is that cryptographic keys used for encryption are not kept in the open inaccessible memory or hard drive, where third parties can potentially have access to them. Instead, the keys are stored inside the TPM with inaccessible private keys. There’s no way to see the private keys. You present a public key to the TPM chip, and it can validate it via the chip by checking the private key internally.

This allows things like this encryption to be done without creating some loophole for some hacker to capture an encryption key. Because its processes are locked inside a separate chip, there’s theoretically no outside access to it. Sounds good in theory, right? Now let me tell you the multiple problems with this TPM module. As it turns out, Microsoft actually stores your Microsoft ID together with the device ID identifiers in the cloud tied to your Microsoft account. This will become important when we talk about BitLocker, which I’ll discuss next. But the main issue here is that the TPM module is a device identifier.

In fact, on most operating systems, whether it is Apple, Google, or Microsoft, the security chip actually announces a unique device identifier. Since each security chip is flashed with a unique value for each device, it is like an IMEI on a phone. It gives out a unique ID. The problem is that some specific Microsoft products and services validate you based on this unique ID, and because it is now connected to the cloud, added to your upcoming extreme relationship with the Windows Copilot AI companion, this is now going to be extra dangerous. What would have been a better option is to be able to insert your own security chip in your computer, similar to a UB key, where you can plug it or remove it at will depending on what you’re doing.

Then at least you’re given a choice. Now there’s no choice. Windows 11 requires a TPM, and Windows 11 will track your Microsoft ID together with your device ID based on the TPM. New software utilizes this now. Gamers are suddenly discovering that their device ID are known to Microsoft and didn’t know how. Yes, of course, there’s the Xbox ID for Xbox gamers, but now the device ID is specifically known and it’s pulled from the TPM. Third parties can access this now with no restriction via API. If you want to know how to check your TPM status, here are example commands on Windows.

By the way, you can restrict access to the TPM in Linux, and I’ll make a separate TPM video in the future to manage all this. There’s a deliberate purpose to all this madness, and it’s all tied to the AI. So don’t think this is some random choice by Microsoft, but I’ll get to that. In the meantime, let’s go to the next level, which is BitLocker. BitLocker. BitLocker is new. If you buy a new Windows computer, you will have this shock when you try to install Linux on it, or if you try to turn off secure boot.

BitLocker is a new Microsoft drive encryption. It is a Microsoft only product. It is tied to the full hard drive, so you cannot, for example, have a Linux partition freely. It will also be subject to BitLocker. Yes, I’ll discuss secure boot later as well. I just got myself a new laptop. It’s a brand new Lenovo ThinkPad X1 Carbon, and as usual, as the first step to installing Linux, I would typically go to BIOS and turn off secure boot. Was I in for a shock? First Windows 11 BitLocker was enabled by default, so the moment I turned off secure boot, without warning, the drive locked up, and I basically had no access to the SSD drive.

The lockup is at the BIOS level, so basically it will refuse to boot the hard drive. Now, I can, of course, reformat the hard drive some other way, or insert a different SSD drive, but unlike older versions of Windows, on my particular computer, there is no longer a recovery partition, so you can’t just boot to recovery. I had to find a custom boot image from Lenovo, and flash it to a USB. I spent an entire day making a boot partition, copying all my data, and I lost it all, and had to start from scratch.

Now, here’s the kicker. When you lose access because of BitLocker, it revealed some interesting things. Apparently, when you log in using your Microsoft ID, the recovery key for your hard drive, as stored in the TPM, and the device ID, are all now stored at Microsoft, and tied to your Microsoft ID. So, basically, while you think your BitLocker is tied to just your TPM chip, in reality, it’s tied to Microsoft, and someone with access to your Microsoft ID can basically recover your BitLocker encrypted drive recovery key. In my case, and maybe because I turned off my Microsoft ID, I actually could not unlock my BitLocker lock drive.

I had to start from scratch. However, this exposes how this supposed security protection is fundamentally tied to Microsoft control. The thing that angers me the most is that this is a drive where I, as the owner, decided to make a separate partition for another operating system, and yet Microsoft decides that it will override that and take control of the entire drive. Linux, of course, does not have rights to BitLocker. It is not some open-source software, so Microsoft here decided that it owned your computer, not you. Secure Boot Secure Boot is a BIOS setting, and if enabled, anytime you boot an operating system like Windows or a distro like Ubuntu, the UE4 boot software will check the signing key of the product and see if it is an approved OS, meaning it is signed using Microsoft keys.

That alone is problematic, but we’ll ignore that for now. In some ways, Secure Boot was a waste of time because for the average person, it did not offer any kind of security, at least until BitLocker and TPM happened. All you had to do was turn Secure Boot off. There’s no security whatsoever required in turning off Secure Boot in BIOS. You could do this to any computer, but this was only an inconvenience as it potentially delayed a hacker by maybe only two minutes. However, what I didn’t realize is that since distros like Ubuntu are actually signed using Microsoft keys, that they don’t need Secure Boot to be turned off.

It does bother me that Microsoft inserts themselves into security features of the bootloader, but at least popular distros are exempt. Special distros will require Secure Boot to be turned off though. But the worst part about Secure Boot is that it totally messes up using virtual machines. If you’re going to use any virtual machine like AVM or VirtualBox, it’s actually going to use the same bootloader programs with Secure Boot, and it will cause the VM to fail. So you have to run a bunch of command line instructions to sign the virtual machine software itself, again using the same Microsoft keys.

I mean, it’s really hard to get Microsoft away from anything. The tendrils of control are just everywhere. And again, to remind you of what I just said, Secure Boot is now tied to BitLocker. If you turn off Secure Boot, BitLocker will lock up, and there’s no direct recovery by turning Secure Boot back on. And in case you’re wondering, yes, Secure Boot is another Microsoft invention. Force updates. Just to make sure that they have full control over your machine, Microsoft, of course, forces updates on you. All these are under the guise of cyber security, of course, and I’m sure all these cyber security experts will all chime in and say that, I need all this.

Yeah, right. Why not let me decide that? You don’t know what I want or need. And in any case, I’ve limited use of Windows, extremely limited, like 1% usage. So I don’t want an OS I use 1% of the time to dictate my use of the computer 100% of the time. You want to hack my Windows installation? Go ahead. I have nothing on it. It just bugs me that someone else decides what I need and choices are kept from me. And these force updates have caused me massive problems. One of the well-known incidents was when Microsoft overrode the boot instructions, which in my case is set up to be dual boot.

I can choose to boot Linux or Windows. I’m primarily a Linux user. Then it completely overrides the boot instructions, so now I can’t boot to Linux. So usually, I have to always put a delay on Windows updates, which you can only delay up to two weeks. This gives me an allowance to prepare for a catastrophe. But that’s the limit, two weeks. So I have to find some time within a two week window to do an update. I don’t want to be in the middle of an important project and be shut down just because I booted to docking Windows.

For my specific use, I rarely want a Windows update. If some specific major security thing is announced, I would like to be given the choice. Tell me the risk and I’ll decide. But I guess it is no longer your computer when you run Windows 11. Overriding partitions. Again, similar to the updates overriding the boot instructions, you have some dangerous utilities like Windows Disk Management Utility. Again, one that was designed to prevent other operating systems from running. If you accidentally go into Disk Management and decide to view a Linux partition, which it will not recognize, you might accidentally overwrite the entire partition and lose everything.

And this is something that already happened to me. At the very least, it should recognize a foreign partition and not allow write, at least without a ton of warnings. But there’s no warning. It just overwrites and your Linux partition with all your data is suddenly wiped out just because you decided to have Linux coexist with Windows because, you know, you think it’s your own computer. A Linux partition is formatted using EX-T4. You think in this day and age that Windows with its resources could recognize an EX-T4 partition, especially since it is zucking open source.

But of course, they do this intentionally. The real objective is AI. Like I said, there’s a reason to all this madness, and it is the control that Microsoft wants to put on us. So let me show you this again, in case you forgot. Well, I mean, I guess the first thing to say is that we are on a mission to create a true AI companion. And to me, an AI companion is one that can hear what you hear and see what you see and live life essentially alongside you. You know, your AI companion will be able to remember everything that you’ve talked about session to session, understand the content of the web pages that you browse, and be able to talk to you just like I’m talking to you now.

So it’s going to have this seamless, fluid, very, very smooth conversational interaction. Yes, the purpose of this is to immerse yourself in the see what you see technology for the computer to get to know you intimately, for the computer to be a copy of your brain. So the way this is intended to work, the vast majority of you have to be running on a Windows co-pilot PC with Windows 11. And if you have this setup, then Windows Recall starts recording all your activity by screenshots every few seconds, then the AI analyzes what’s happening on screen, and notates it and stores that information on the hard drive, in which case Windows 11 will have a complete history of your life.

Now, of course, philosophically speaking, putting your entire life on a computer changes the way you use a computer. Suddenly, you have to be super interested in cybersecurity, because you need to protect your device in ways you didn’t have to do before. Makes sense. This information used to be private in your brain. Now it is on your computer. And now you have to lock it up with all the security BS. Did you need this? If you’re like me, where you partition what you do in your life, you don’t need to put your entire life on display in social media.

Just like I don’t need my computer to know everything. But they’re not making it a choice. It is a crazy decision, but it comes with all the baggage of requiring BitLocker, Secure Boot, and a TPM. And I’m sure they’ll add more in the future. Because without all this, someone could hack your computer and read all your data. Of course, no one tells you that HQ could just ask the AI what it knows about you. And it is able to summarize that for someone without having to do any special decryption. This is the stupidity of all this.

This is the purpose of all this BS. The answer, of course, is just to say, no, thank you. We’re not given a choice. So make the choice and not use Windows 11 unless you believe in this AI companion BS. People often argue with me about issues related to cybersecurity versus privacy. This is a clear explanation of the difference. All the cybersecurity protections put in by Microsoft are here to take away all your privacy. If you’re a follower of mine, you are at odds with this reasoning. So install Linux and tell Microsoft to go zuck themselves.

Folks, thank you for watching my videos. As many of you know, this channel does not have sponsors and we primarily sustain ourselves by just creating products and services that we use to defend our privacy posture. I’d like to invite you to visit our community site Braxme, which has a growing community of privacy enthusiasts. There are people from various walks of life and beliefs and they converge together in the mutual support of privacy issues. We have a store there with products ranging from the Brax virtual phone service, Brax mail, Bites VPN, and other services like Flashing NOS.

All these are tools used by the privacy aware and you can even talk to the actual users of the products directly. Join us. We’d love to have you there and you don’t even have to identify yourself to be part of the community. The very successful Brax 3 phone is also available for pre-order on its second batch. The first batch has been sold out. Information about that is on Braxtech.net. Thanks also to those who donate to us on Patreon, locals, and YouTube memberships. You are all appreciated. See you next time. [tr:trw].

See more of Rob Braxman Tech on their Public Channel and the MPN Rob Braxman Tech channel.