The FBI served Microsoft a warrant requesting encryption recovery keys to decrypt the hard drives of people involved in an alleged fraud case in Guam.
  • Zer0_F0x@lemmy.world
    21·
    3 个月前

    So basically the US government can unlock any BitLocker encrypted device, anywhere.

    Which is to say BitLocker isn’t really doing the thing it’s supposed to be doing.

    • neukenindekeuken@sh.itjust.works
      10·
      3 个月前

      If you have your bitlocker drive connected to an online Microsoft account: yes.

      If not, no, a local account is still technically safe. For now.

  • stoy@lemmy.zipEnglish
    10·
    3 个月前

    It is pretty terrifying that basically all major companies globally can have the keys to any of their computers supplied in secret to the FBI.

      • stoy@lemmy.zipEnglish
        6·
        3 个月前

        There is nothing to prevent MS from sending the keys from every intune instance.

        • wizardbeard@lemmy.dbzer0.comEnglish
          4·
          3 个月前

          You don’t have to store them in intune, as far as I know. I’m not a desktop engineer, but I know at my workplace they historically are stored in AD.

          • SpikesOtherDog@ani.socialEnglish
            3·
            3 个月前

            Here it depends. Is AD in Azure? This privacy statement seems to indicate that Microsoft has full access to your data and that it’s just company policy that keeps them out.

            If your servers are on site and firewalled, then Microsoft would need some sort of remote access tool that tracks each server. This means that on-site licensing and patching needs to be done. I can’t think of any other service off the top of my head, but I’m only a desktop engineer.

        • phil@lymme.dynv6.net
          1·
          3 个月前

          No such issue with end-to-end encryption, as only the end user devices have the keys. It’s used by Apple (that was the main argument in the FBI wanting to unlock iPhones), some messaging services like Signal and Whatsapp, only mentioning big tech. Of course, you have to trust them when it’s closed source. Here the story is that Microslop chose from the beginning centralized keys that they own and can share. It’ s all well known, but the news is that they really did it.

  • BassTurd@lemmy.world
    6·
    3 个月前

    LUKS is extremely easy to setup with a Linux install, and MS will never possess the key. Linux is free to try, can be ran from a USB stick without affecting any existing OS installs, and for most people will be a functional direct replacement with minimal effort to learn the basics.

  • starlight@lemmy.ca
    1·
    3 个月前

    Would an alternative to Bitlocker be to use VeraCrypt? Or is there another encryption software to use that I’m not aware of?