Windows 11 has been announced

[Gadget]

They did say:

What may be most important about this latest desktop share milestone, though, is that it could be the last shift of this type. Windows OS migrations have been a staple project in the IT industry for decades -- Windows 95 to Windows 98, Windows 98 to Windows 2000, Windows 98 to Windows XP, and on and on and on. The project has come up like clockwork every three or four years. Windows 10 was famously called "the last version of Windows" by Microsoft developer evangelist Jerry Nixon. A better way to think of it may be as the "forever version of Windows."

https://redmondmag.com/blogs/scott-bekker/2019/01/windows-10-microsofts-forever-os.aspx

[Nick_Ips]

64-bit processor (Intel "I7" or the AMD equivalent), Secure Boot and TPM 2.0 are official requirements. Processors designed since 2018 are almost certain to incorporate TPM 2.0 features on the chip, even if there is a TPM 1.2 chip fitted on the board.

When Windows 10 came out sites like Freecycle were inundated with people disposing of peripherals like printers and scanners that no longer worked.

If MS follow through on the TPM 2.0 requirement it looks like this time there will be a plethora of 'useless' PCs being given away.

I hover between Linux (Lubuntu) and Windows.  Being forced to encrypt the data on my hard drive(s) would be the point where I made the switch to Linux complete.

With an unencrypted disk there is at least a fair chance of being able to recover some of the data with low-cost or free tools. And in my experience people are more likely to have a disk failure with bad sectors or an overwritten partition table, than they are to suffer a ransomware attack or a genuine attempt to remotely hack their computer for malicious purposes.  But I'm sure the data recovery specialists are going to be rubbing their hands at their future prospects. 

[Nick_Ips]

If everything is encrypted, what use would it be to Microsoft (or anyone else for that matter) if you put it in the cloud? Or are you saying that web-based storage and/or apps are essentially insecure and anything you do with them can be seen by whoever is hosting them?

They aren't so much interested in the content of your data, what they want is to take possession of it.

Because once it is on their servers the user has to keep coming back to their site to access the data.  And once you've gone to the effort of transferring all the files to their site it is a faff to move them to a different site, so the user is effectively captured.

Which means the user ends up with a "[Insert corporation name] account" which is likely permanently logged in, and will be for the foreseeable future.

And whilst logged in, the corporation will be hovering up all the information they can about where you are, what you are looking at, what you are buying, what you are doing etc etc.

Because who you are and what you do is the product the corporation is really interested in... not your pictures of sandy beaches and drunken nights out. (or gravestones in the case of many RootsChatters  )

[arthurk]

Thanks, Nick. I'd be interested in Andrew's take on this too, since he was the one who mentioned these issues.

Meanwhile...

And whilst logged in, the corporation will be hovering up all the information they can about where you are, what you are looking at, what you are buying, what you are doing etc etc.

Does this mean that so long as you are logged in only for as long as necessary, and don't do anything else on the computer at the same time, you're reasonably safe? Also, is this something that you could block with a firewall?

[Nick_Ips]

Does this mean that so long as you are logged in only for as long as necessary, and don't do anything else on the computer at the same time, you're reasonably safe? Also, is this something that you could block with a firewall?

It depends what you mean by 'safe'.

In terms of a corporation using the data you've uploaded for a purpose you wouldn't want them to, then my own view is the risk is low - not because I trust the corporations, but because of the vast quantity of data and the utter irrelevance of most of it to the corporations concerned means that the reward vs effort equation isn't that positive for them.

Nevertheless, I personally wouldn't upload anything containing my full name, phone numbers, email, or postal address. In fact nothing I wouldn't be comfortable putting in the recycling/rubbish bins outside my house.  The reason for that is that once something is out of your control, you have no control over what other people might do with it.

The second point is that what is 'safe' depends entirely on what permissions and cookies etc you have allowed on your computer and accounts.  Tracking and monitoring are now so pervasive that anything you do on an internet-connected computer could be recorded and (later) added to a corporate database, even if you are logged out / disconnected from the internet at the time you are doing it.

A firewall makes no difference if you have given consent (even unknowingly) to having your data and activity tracked and logged.

To be really 'safe' requires a level of knowledge and dedication that few of us have. That's why I gave up a long time ago, and have maintained a second (or more!) computer which contains all my 'personal' information, and which never goes online.  It also means I could stick with Windows XP on that machine without fearing the doomsday scenarios used to encourage us to update/upgrade yet again.

Without the option of a second computer, I think by now I'd be using only a version of Linux developed by people who do have the knowledge and dedication required to make life as difficult as possible for the corporations.  There is always a trade-off between security and convenience, but on balance I'd normally go for the security of Linux vs the convenience of MS or Apple products.

[andrewalston]

If everything is encrypted, what use would it be to Microsoft (or anyone else for that matter) if you put it in the cloud? Or are you saying that web-based storage and/or apps are essentially insecure and anything you do with them can be seen by whoever is hosting them?

Hard drive encryption has been with us for quite some time. It is commonly used in commercial organisations, though apparently the MOD are less than keen, leading to embarrassing leaks of information. It should be seen as a positive security item, stopping all but the originating user being able to get at a document on a hard drive. Home users, though, are unlikely to understand its importance, or the requirement for backup.

Microsoft want you to store your documents on their cloud environment - OneDrive - rather than locally. The "free" version of Office will do nothing else. Rent Office 365, and MS throw in some OneDrive space. They let you have a little space for "free", but charge a monthly fee for sensible amounts. They used to have an "unlimited" option, but chopped this drastically about 5 years ago.

Documents on OneDrive are NOT encrypted, but passed across the internet in their native form, so if you don't want MS looking inside them, you'll need to encrypt them manually first with something like PGP. Just copying from an encrypted hard drive would decrypt it automatically before it left your machine.

Once the data is on their servers, Microsoft can analyse it at leisure, just as Google do with their Google Docs, Gmail, Android and Chromebook environments. They sell you and your information to advertisers. If you have spreadsheets of marriages and burials, as many of us do, expect to see more adverts for wedding venues and funeral directors. It doesn't matter whether you use Microsoft's browser or not, because they know the machine you are using and your identity.

Nevertheless, I personally wouldn't upload anything containing my full name, phone numbers, email, or postal address.

No need. They already HAVE all that. You ticked the box when you installed Microsoft software years ago.

It is in their financial interest to collect all this stuff, because advertisers pay them for it. They paid good money to have politicians sign your rights away, and they won't give up their main revenue stream.

By the way, the MS website now officially states "Microsoft account and internet connectivity required for setup for Windows 11 Home".

[andrewalston]

Andrew,

I understand & agree with your comments.

Just for general info, despite having been in mechanical engineering rather than the computer industry I have been part of the Windows insider programme since the first test issue of Win 7 when it was just the front page without any other content - through Win 8 during its pre-release testing to the preview versions of Win 10 since 2014 up to the present.

Michael.

It seems that from today, the Win11 preview will be downloaded to Insiders just like other Insider builds, EVEN IF THE HARDWARE REQUIREMENTS ARE NOT MET.

That proves that there is no technical reason for the hardware requirements.

Once Win11 is actually released, if your box does not meet the requirements, you will have to reinstall Win10 (or something else).


Edit:
The first Insider build I tried failed claiming that Secure Boot was unavailable, which was true, but annoying.

[Nick_Ips]

Hard drive encryption has been with us for quite some time. It is commonly used in commercial organisations, though apparently the MOD are less than keen, leading to embarrassing leaks of information. It should be seen as a positive security item, stopping all but the originating user being able to get at a document on a hard drive. Home users, though, are unlikely to understand its importance, or the requirement for backup.

I'm not sure it is a lack of understanding, more a case of not seeing the relevance. For business/work purposes, or where you otherwise take a laptop out and about with you, then it makes a lot of sense to password protect and encrypt everything in case the device is lost or stolen.  But for home laptops or desktops that rarely (or never) leave the house then encryption doesn't really add a great deal.

If someone has broken into your home and has physical access to the device then they are very likely to have free access to many other items in the home thah are more valuable or sensitive than the contents of your hard disk.  If the device is switched on and connected to the internet, and is vulnerable to remote access, then encryption is not going to stop people accessing your information because, as you also pointed out, just copying from an encrypted hard drive would decrypt it automatically before it left your machine.

Meanwhile there is not just the issue I mentioned already about data recovery, but also an overhead (however small) in operating the encryption/decryption function.  Given Window's penchant for slowing computers down until they are unusable, that overhead is just one more thing than many users could do without. 

The need to back up is of course not well followed by many people.  Whilst I use a batch file on my family history/personal finance PC to do regular backups of working files and folders through the day, and always before shutting down (in case of grinding crunching noises when starting up next time ), I would see that as being highly atypical... possibly to the point of obsessive. 

For those people who aren't so diligent when it comes to backing up, encryption of their disks will add a further barrier to the chances of them being able to recover their precious data when something goes wrong.

There should at least be an option to switch encryption off, even if it defaults to 'on' during installation.

Nevertheless, I personally wouldn't upload anything containing my full name, phone numbers, email, or postal address.

No need. They already HAVE all that. You ticked the box when you installed Microsoft software years ago.

Oh no they don't. 

[Michael J]

Andrew,

According to the MS blog it's only TPM 2.0 and the CPU family model that are not being enforced for insiders and warn that if you have any problems you will be moved to the release preview channel & have to re-install Win 10.

MS tell me 'your PC does not meet the minimum hardware requirements' and 'there may be issues & bugs that impact your experience'  so as I moved to the release preview channel some time ago I think I will not be trying Win 11 just yet.

Michael.

Added: My cpu is Intel 6th generation; the preview could run on Intel 7th generation but 8th generation is better.

Also, MS have acknowledged the feedback that the Health check doesn't give enough information so are looking into improving it.