Thank you for finding that.

I got lucky, I bought a quest around July/August and needed to do the mandatory/initial OS install.

I ended up with v78 (August 3, 2025) release.

I didn’t realize there was a WiP announced in July 2025.

… makes the latest headset with a rather recent update (but NOT the very last ones, so be cautious!) rootable.

Any ideas which version(s) are susceptible? I couldn’t find it mentioned.

Actually, those steps are the ones necessary to recover from a hard brick (re: the device is unusable because you did something you shouldn’t have as root).

The actual process to root the device is simply running a few adb commands (so a prereq is having Developer Mode enabled).

Once you have ran the exploit, your root escalation is temporary until the device is rebooted or you take additional steps to persists your root privileges (thus, potentially leading you towards a hard brick).

source: The docs

How do you think this technology would be abused?

If the device included full audio and video surveillance - I’d totally agree. However, the device does not include video (and it would be a real hard sell to include that).

If all parties are aware that monitoring will occur (maybe include a sign in the door), I’d argue that minors are aware of what this means.

Perhaps, it would mean that students “finish up” faster, rather than loitering and vaping (or bullying, etc)… and if that’s the case, I guess the device has fulfilled it’s purpose.

The article did mention how a hacked device could be used to “play sounds” or trigger false calls for “help”, or gunshots. But I’d argue this would be the modern day equivalent of falsely pulling the fire alarm.

An interesting article and tbh, I’d actually support the device (… and I’m usually very privacy focused).

According to the article the purpose of the microphone is to listen for certain keywords (ie: “help”, “call 911”, gunshots, etc) and to detect when people are vaping, etc.

I mean, I would never install one in my home, due to privacy and security concerns. But if you’re in a public place, like a school such features make sense.

If you’re being bullied or need help, having a facility member “hanging out” in the schools public bathroom would be weird, creepy, and more of an invasion of privacy than a mic in a smoke detector.

That said, students and facility should be aware of what this device is doing and why. However, this article does a very good job of summarizing that.

Yes, the devices security is rubbish, but was patched. It’s not the first IoT device to do that and it won’t be the last (unfortunately).

Thanks for sharing the article OP.

Thanks for recommending Navidrome. It looks really interesting.

I was using Spotify, but switched to Spotube. After Spotube was crippled, I was kind of aimless. I really liked having my music available on my cellphone and desktop. It looks like Navidrome will fill the gap perfectly.

You’d mentioned ripping CDs. Would you have some software, you’d recommend (Windows or Linux)? Preferably in FLAC.

I haven’t looked at ripping software in a few years, but it was kind of tedious to set up and very manual to get the proper metadata, genres, and cover art. I’ve got a hundred CDs and that’ll take awhile…

It could be the quality of your headphones.

I’m not an audiophile, but back-in-the-day I bought some analog “sennheiser studio monitors” as opposed to “just headphones”.

I actually returned the first one and exchanged them, because when I listened to a live recorded CD, I kept hearing loud “pops” that I didn’t hear with my “regular headphones”. I assumed they were defective.

The exchanged sennheiser had the same “pop” in this CD. It turns out, most “regular headphones” didn’t have the same depth in sound frequency as studio monitors and the “pops” were accidental artifacts that were mixed into the CD.

For other CD’s, I’d hear telephones ringing and sirens in the background.

Eventually, I got use to it. Then after a few years, I replaced my CD collection with mp3’s… and I could tell a different in songs/albums I was really familiar with. The base wasn’t as deep, the high sounds weren’t as high, I didn’t hear telephones ringing in the background.

I had the same sennheiser, it was just that the nature of mp3’s “flattened” the music.

Now, with Bluetooth and the disappearance of 3.5 mm jacks, there are too many layers of digital conversion happening. I’ve given up… and now just have some cheap ear buds I listen to.

… and I want my headphone jack, back.

My uncle had a pitbull named “kitty kitty”.

Atleast that’s what he dog thought, as when my uncle would feed the cats and dog, he’d always call the cats by saying "here, kitty, kitty… ".

There was another thread (which I cannot find atm), which said that the author cannot make an Android port, because due to the nature of android (or Google?) the android app would not get the same level of privacy as in the iOS version.

edit: I found the link.

I hope that it’s fear-mongering.

I tried to justify the technical reasons here, but the tl;dr is it possible for windows 11 to verify that the OS and hardware are “unmodified” (aka “attestation”).

They tried to do this in the past, arguing that anything that wanted kernel-level access had to Windows API calls instead, however Windows Defender which was bundled with the OS was exempt from this restriction.

True but attestation is a different beast. It’s just a hardware check that “everything is unmodified”. Any/all software vendors can use it. Windows Defender was a “duplication” of functionality (hence the EU smackdown).

However, as Microsoft has already integrated attention into Windows 11 (restricted to verifying security patches, for the moment) - it’ll be easier for them to repackage attestation into a simple API that software vendors (games/apps/even websites) and use (if attestation.check('basic') == true; then run; else exit).

This “simple” check is what software companies have been wanting for years: a way to guarantee that users are running their software in the way that the software companies want you to be running it (meaning unmodified).

The OPs original question was about removing anti-cheat - which I’m confident will happen and will be replaced with attention (as it already exists for android, John deere, iphones, etc).

Your points about virus scanners is different: I think virus scanners, although technically not necessary (after attestation is mandatory) - they will still exist, simply because virus scanners is a 40+ Billion Dollar industry. Microsoft cannot/will not piss of those companies “just because they can” - it would be in the shareholders best interests for Microsoft to throw the virus scanner companies a bone, allow them an isolated space to do their thing, charge them for the privilege, and require that Microsoft verifies that the virus scanner is untampered.

Thanks for the well thought response, you made quite a few points, but let me try to clarify where I’m coming from:

Windows 11 requires all computers to have TPM 2.0. It’s a crypto chip used for allowing vendors (re: Microsoft) to add secure keys at a hardware level, which will then allow software to verify that the software, operating system, and hardware are “unmodified”.

In a nutshell this process for allowing software to ensure that the OS and hardware are not compromised nor modified is called “attestation”.

And it’s something Google has (successfully) introduced into Android and they’re now “turning the screws” .

This means that the Windows of the near future, will begin to “limit access” to the OS (ie: kick people out of the kernel), only allowed signed device drivers, etc.

The next step will be restricting “sideloaded apps” and funnel people through the “officially supported apps store”. Once that happens, sideloading will either be removed or crippled.

When it comes to gaming: there won’t be any need for anti-cheat measures, because Microsoft will know (and will disable itself or the app) if you’ve modified the OS or any app/game (this could include installing a game on a newer or older version of Windows)

This is the future of computing. It’s already happening to cellphones. I’d read a great article (that I, sadly, cannot find) that talks about how technology like attestation have software vendors treat the user as an untrustworthy person. The upshot, for the user, is that if they get infected will malware or a virus the OS will know and will react accordingly. The downside, for the user, is that the freedom we have today - to install or configure our OS to our liking will be a thing of the past.

These changes won’t happen overnight, but it has and will be a slow boil.

You realize this’ll occur at the expense of Microsoft treating the user as an untrustworthy enemy.

This means modding (even for offline play) will not be allowed. Heck, even modify ini files might be viewed as “hacking”.

I agree removing the need for anti-cheat in principal sounds nice, but this means archiving games or porting them to “unsupported platforms” will be relics of the past.

… "For English, say ‘God bless Trump’ …”

Fixed that for you /s (… I really want off this apocalyptic ride)