Even if you don’t care that MS and the federal government can decrypt your data, when Bitlocker is enabled your MS account becomes cryptographically linked to your identity and machine, making it a powerful tool for surveillance, identification, and DRM.
Expect nothing else from any corporation for your own safety.
A single bitter, crowing "hah!" at whoever thought there wasn't at least this much overlap between our corporate and government masters. Welcome to hell kid, shoutout to whatever's being trained on the last ~30 years of everything that touched the internet in the NSA's Utah data center. Rose coloured PRISM though, I dream of the day when someone makes those search tools public and I can reminisce through my preteen MSN Messenger convos
What does Microsoft think the fucking point of encryption is? Do they think I am encrypting my data to protect it from my dog?
i saw your dog using arch linux
Why do you think the encryption capabilities on your PC are there for your sake? They might have sold them to you on that, but they are really there to protect copyright data because TPM allows encryption/decryption that is completely hidden from the rest of your system. Like an encrypted handshake that then transfers an encrypted key to decrypt the video stream. But it doesn't save the decrypted data, it immediately re-encrypts it using your display's private key (or whatever device is next in the chain, maybe your GPU). They can make it so that the unencrypted stream never touches your RAM or travels on any wire, which means you can't pirate shows as you watch them unless you point a camera at your screen.
Obviously if they just said that was one of the main points, no one would want it and media companies couldn't benefit from it because they'd have to compromise to sell content.
The other point was so that they could build a system where they hold the encryption keys and get to choose whose data is actually private. Obviously that's an even harder sell.
So they did what marketers always do and lied by omission about what it was for and just outright lied if they ever said they'd never give the keys to law enforcement (did they ever even say that?).
Let go of the idea that someone selling something to you implies any kind of loyalty, especially when either party is a large corporation.
Regular old ZIP with AES-256 should do the trick for anything truly important you want to keep locked down.
You could always do sly stuff like Hidden volumes with Veracrypt as well. Leave the crumb trail for the low key shit or old nudes of gfs you have permission to keep.
Or don’t use an operating system that uploads your encryption keys to their corporate servers for “backup”.
Ya'll know Veracrypt isn't Bitlocker right?
IIRC am pretty sure they have been doing this for years(since Windows 8).
There was an MS tool named COFEE for forensic of Windows machines that’s exclusive to national security agencies, which eventually leaked to What.CD like back in 2009. So I’m pretty sure this predates even Windows 8.
Everyone here (exceptions apply) being soo linux friendly and so tech literate that they don't know jack shit about both sides and jump to assumptions.
Microshit has no access to your key unless you upload it.
Well DUH!
A microsoft accpunt is now mandatory for windows. Your bitlocker keys are automatically uploaded to your account
Sooo... Is there an alternative to be secure other than switching to another OS? Not that I'm doing anything interesting but I would like to have at least a bit of privacy.
Yeah, just don't enable key upload and this can't happen. Don't link your account either if you want to be more sure.
If your account has already been linked, unlink it and change the bitlocker keys, both regular and recovery. (Easiest way is to entirely decrypt and reencrypt the drive.)
Home edition has this "please sign in to microsoft account to 'finish encryption'" text with a exclamation mark which implies the key is available on the drive unencrypted if you don't sign in, meaning anyone could just access your drive with physical access.
There is no "turning off" the key upload, once you sign in, the upload happens immediately, you can "delete" it later, but like nobody really knows if they ever delete it once they have it.
Veracrypt + LTSC
This is a most excellent place for technology news and articles.
