Riot Will Use Windows 11’s TPM 2.0 Requirement to Ban Cheaters From Valorant
(Image: IGN)Riot’s new game, Valorant, has already come under criticism for its anti-cheating methods, but the company plans to further tighten its requirements. According to the Twitter account @AntiCheatPD, Valorant now requires a TPM to be installed if a player is running Windows 11:
Valorant has started to enforce both TPM and Secure boot if YOU are playing on Windows 11 to ensure a trusted platform when playing Valorant. @RiotVanguard team yet again leading the anti-cheat industry in the right direction for competitive integrity pic.twitter.com/qgTM1yNqdA
— Anti-Cheat Police Department 🕵️ (@AntiCheatPD) September 3, 2021
Using TPM to enforce anti-cheating provisions is an interesting idea, but it could come with some significant downsides for user privacy and anonymity. Riot can do more than ban a user’s account or IP address. It can ban the actual, physical PC. Each TPM has a burned-in RSA key that cannot be changed. Ban the RSA key, and you ban the entire machine. Riot also requires Secure Boot to be enabled on all Windows 11 installations.
In theory, some desktop systems could avoid this problem by swapping out the physical TPM module. It might still be possible for some desktop users and enthusiasts to regain access to the game by decrypting their drives, disabling Secure Boot, replacing the TPM module, and then re-enabling Secure Boot and the new TPM module, but this exercise must be approached with care.
While disabling Secure Boot will not wipe a PC, removing an existing TPM module will make a drive unreadable unless it is decrypted first. Additionally, this “workaround” is only possible on motherboards that support a separate TPM header/module. If the end-user’s TPM support is built directly into the UEFI, as is typical, you’d need a new physical UEFI chip (assuming it can be swapped) or an entirely new motherboard.
We’re no fans of online cheating, but cheaters are not the only people potentially being watched here. Forcing every computer to authenticate through a hardware module whose authentication key cannot be changed may stop cheaters, but it also provides a much more effective method of monitoring what people say and do online. China, for example, is now heavily restricting the amount of time children can game in part by requiring game developers to implement facial recognition software. It’s implemented a social credit spying system that monitors and grades what citizens do and say online.
Microsoft’s TPM 2.0 requirement in Windows 11 ties your system to a single encryption key that can be read to identify that PC, specifically. It can theoretically be used as part of a DRM authentication scheme to confirm you have the right to access content. While a TPM module is not DRM in and of itself, it can absolutely be used as part of DRM systems. A TPM module is not the only way to track a machine’s activity online — MAC addresses can also be used for this purpose — but companies like Apple have implemented MAC address randomization in iOS devices when they scan for networks. It’s not clear a TPM 2.0 key can be obfuscated in a similar way.
This scheme hearkens back to Intel’s decision to include a unique identifier flag inside the Pentium III or Microsoft’s proposals for Palladium nearly 20 years ago. The problem is made more complicated by the fact that TPM modules and Secure Boot both have legitimate security uses. It would be easier to declare this a unilaterally bad development if MS didn’t have a cogent security argument to make.
But just because a company has an argument doesn’t mean end users are required to accept it. Our concern at this point isn’t for cheaters who get banned from games they cheat in. It’s for the way this capability will likely be abused by corporations and governments in the future. It would be naive to pretend this will not happen.
As the 2016 paper “Privacy Concerns of TPM 2.0” discusses, the Trusted Computing Group that created the TPM 2.0 standard has attempted to address privacy concerns around the technology, but it has done so in a way that may exacerbate future problems. The authors note:
The privacy concerns of TPM 2.0 are due to the way privacy is defined by TCG. In the specifications of trust requirements for TPM 2.0, TCG excludes the manufacturers of TPM chips and computing platforms from the set of potential privacy threats. This assumption is unrealistic for corporate and private users of computing platforms especially in the post-Snowdon [sic] world we live in, where we know that (secret) state sponsored tracking and mass surveillance is a reality. (Emphasis Original)
The paper claims that the TCG’s privacy model for TPM 2.0 “models remote transaction parties as the sole potential threat to end users’ privacy. It remains silent about potential threats from TPM manufacturers and law enforcement entities.” The authors also note that privacy is supposed to be central to the goals of the TCG and TPM 2.0, writing, “It is therefore surprising to read in the TPM 2.0 specifications that end-user privacy has been partially traded off to give TPM manufacturers the power to identify and trace end-user computing platforms.”
TPM 2.0 is good for companies and governments that want more control over how someone can use their own hardware and what services they’re allowed to access. It’s hard to argue with the idea that manufacturers should crack down harder on cheating in video games if it guarantees a better experience for their players. Just be aware that the same technology that protects the system also functions to control it. This control will be abused by some governments and corporations and it’ll be used to justify yet more data gathering.
How one feels about Microsoft requiring a TPM 2.0 chip in Windows 11 is a matter of personal opinion, but be aware that the company’s talk of improved security comes at the cost of decreased user control. TPM 2.0 doesn’t just provide increased security, it also exposes every PC to potentially increased surveillance.
Microsoft has announced it will support Windows 10 until October 15, 2025. Hat-tip to THG for surfacing this one.