Iznogoud
Miguel de Icaza ᯅ🍉Turns out that Microsoft's BitLocker security for the data stored on your hard drive is just a placebo.
Might as well give your password to everyone:
Scott Michaud@Migueldeicaza Ahhh the good ole (U)sing (T)rueCrypt (i)s (n)ot (s)ecure (a)s (i)t (m)ay (c)ontain (u)nfixed (s)ecurity (i)ssues.
MrCopilot@Migueldeicaza Hunh, turns out those folks are less than trustworthy.
Reay
Rosyna Keller@Migueldeicaza Also, Microsoft’s opportunistic uploading of everything to OneDrive without permitting a true E2EE option…
@rosyna Joke is on us E2EE at Microsoft really means "End to End to Everyone [who asks politely]"
HP van Braam@Migueldeicaza wait a hot second
Isn't TPM2 "required for Windows 11" to prevent exactly this thing from happening?
Are you implying that Microsoft sent 100s of millions of perfectly fine PCs to a farm upstate just because they want to sell more Windows?!
einfach nur menschlichNo TPM2 locked by MS can be used by MS to block you or software you installed from other sources.
(Not used today - just prepared).
Jernej Simončič �@hp @Migueldeicaza Windows 10 and 11 always encrypt the disk, but leave BitLocker suspended until you either enable it manually and save a recovery key (only on Pro) or log in to a MS account, where the recovery key is automatically put in escrow, and TPM is set up to unlock the drive automatically. This works well for most users – they get the benefit of drive encryption (so the data is safe if somebody steals their device), while recovery (needed if something prevents TPM from releasing the key) is possible by logging in to MS account on another device.
If your threat model includes state actors, simply don't rely on automatically enabled BitLocker.
Rairii 
@jernej__s @hp @Migueldeicaza i don't like automatic bitlocker personally, there have been several cases of actual data loss even with the recovery key escrowing...
@jernej__s @Migueldeicaza That explanation assumes that the TPM1 is insufficient to protect against a stolen device, it is not.
It is obviously not. The TPM2's improved security *only* offers protection against state actors or actors with state-level access to compute resources compared to the TPM1.
The weak link in all of this is whatever security MS has on their escrow service, not whether the PC has TPM1 or TPM2.
Rob Ricci@Migueldeicaza Cryptography works. Trusting giant corporations doesn't.
Mieszko Ślusarczyk@ricci @Migueldeicaza some giant corporations implement cryptography correctly, so they aren’t able to do this.
Klarname 🌈@spitfire @ricci @Migueldeicaza which is proven by a Group of independent scientists who were given full access to the source Code of the Software encrypting, decrypting and storing the data who have published a publicly available article with their methodogy...
Correct?
edafe@strigga_ @spitfire @ricci @Migueldeicaza
I am absolutely certain of this. And why wouldn't they?
https://9to5mac.com/2019/01/05/apple-privacy-billboard-vegas-ces/
Michael Labowicz@Migueldeicaza yet another reason to avoid windows
Longhorn@Migueldeicaza Windows home editions only come with the Device Encryption feature with mandatory key escrow to OneDrive.
The BitLocker feature for local or on-prem AD backup of the keys is only on Pro SKUs onwards
Standa LukešWow. This should be the outrage
It's not surprising that a corporation must hand over data to the government, but why make the upload mandatory?
dark_stang@Migueldeicaza bitlocker? More like bootlicker 🥁
niconiconi@Migueldeicaza Reminds me of those "Is Windows 7 BitLocker backdoored" debates. In hindsight, it was the most secure version in history because it didn't use cloud accounts.
@niconiconi @Migueldeicaza (various windows boot environment bugs notwithstanding)
François @JuraIt reminded me of my Windows 95: the login window asked for a password, but started up anyway even if the password field was left blank.
Ю ⁂@Migueldeicaza Who tf does store BitLocker keys at Microsoft?
Ozzelot 
@yuliyan @Migueldeicaza If it's a default setting, an awful lot of people.
@ozzelot @Migueldeicaza I just figured. This is all online MS accounts which is the default on Windows 11 Home.
@yuliyan @Migueldeicaza Many conveniences have the potential to be a security compromise, but this one is particularly egregious.
@ozzelot @Migueldeicaza That's why autounattend.xml the shit out of Windows installations.
abon999@Migueldeicaza Understand : it's not your computer anymore. Your datas is owned by microslop.
The Typist
dxzdb@Migueldeicaza
https://veracrypt.io/en/Home.html
Veracrypt Is a great alternative
VeraCrypt - Free Open source disk encryption with strong security for the Paranoid
VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files.
Dr. Eric J. Fielding, PhD@Migueldeicaza Wow! That is sad but believable from Microsoft