Skip to main content

lemmy - Link to source

How Microsoft stores and shares your encryption keys
Whit some tips for bringing devices when you travel to the US.

How Microsoft stores and shares your encryption keys

Microsoft gives U.S. authorities BitLocker keys, making local encryption useless if your device is seized at the border.
IO+
#privacy
in reply to merien

MolochHorridus
lemmy - Link to source
MolochHorridus
The best tip: don’t travel to the U.S.A.
“But my business…”
Tip number two: stop doing business with the U.S.A.
in reply to MolochHorridus

merien
lemmy - Link to source
merien
It could also be 'but my boss'. Convincing your boss to do otherwise or finding an other job is a solution, not always practical.
in reply to merien

hector
lemmy - Link to source
hector

Just write a diary on your way over about how swell the president is, and his appointees, finally, the good guys are in charge!

Even if they know you are playing them they would probably appreciate the effort. The president does he doesn't care if people believe it when he is praised. Somehow knowing they are just playing him and they hate him doesn't seem to matter.

in reply to merien

Jo Miran
lemmy - Link to source
Jo Miran
On a laptop it is relatively simple to maintain encrypted stealth "drives" within a logged in and decrypted system. Is there a way to "unlock" a phone that depending on the password given will present a true versus secretly sanitized version? For example if you login with password 1234 you get a sanitized version and if you log in with password xyz789 you get the full access. All of it done without a tell that the "full access" version exists.
This entry was edited (2 weeks ago)
in reply to Jo Miran

Coleslaw4145
lemmy - Link to source
Coleslaw4145

On Graphene OS there is a duress pin you can set which will wipe the phone immediately if it's entered. Although I haven't been able to get it to work in a way that i could open different profiles automatically by entering a different pin/fingerprint.

BUT.

My old Xiaomi Mi Mix 3 phone could do it. The phone had a "secure space" which was a separate environment with its own apps. I could assign different unlock fingerprints to it. So one finger would open the default environment and the other finger would open the "secure space", and it worked seamlessly without any delays in unlocking.

I wouldn't choose Xiaomi for privacy obviously but it's just an example that shows it's possible.

This entry was edited (2 weeks ago)
in reply to Coleslaw4145

Kristell
lemmy - Link to source
Kristell
Just note: Using the duress pin after you know the cops are after you could open you up to evidence tampering charges.
in reply to merien

aurelar
lemmy - Link to source
aurelar
I don't use Windows, except in a VM as absolutely necessary. Problem solved.
in reply to aurelar

somerandomperson
lemmy - Link to source
somerandomperson
Cut it's networking off (and only turn on when you absolutely need it) and use a big fat filter in hosts just in case.
A shared folder is good enough.
in reply to aurelar

airikr
lemmy - Link to source
airikr
Same here, but with Windows 10. Windows 11 is too bloated and too much of "we require you to".
in reply to merien

Armand1
lemmy - Link to source
Armand1
When you log into Windows with a Microsoft account, your recovery key is often automatically uploaded to Microsoft’s servers as a backup in case you forget your password. Legally, this means Microsoft owns the key and must surrender it under the U.S. CLOUD Act.


I find that really quite shocking, but I guess I shouldn't be surprised.

Given the legal and technical risks, the advice for business travelers is clear: do not carry data.


The US really is a hostile surveillance state.

in reply to Armand1

hector
lemmy - Link to source
hector

I had read like 15 years back the encryption was basically unbreakable absent password guessing. That like the password to open the computer was unbreakable almost, and princeton researchers found a way to break it by taking it apart and freezing it with some aerosol to super cold and reading it with a microscope.

I know next to nothing of it otherwise. But has it always been like this or is this a new thing with microsoft having your password?

in reply to hector

emotional_soup_88
lemmy - Link to source
emotional_soup_88
One could cool down system memory before power is cut to a point where it retains in-use plaintext encryption keys. One basically renders the otherwise volatile system memory temporarily nonvolatile. And if one manages to keep the temperatures low for long enough, one could swap those memory modules into one's own computer/motherboard and print the keys. As you can imagine, the resources needed for this type of attack makes the proposition of it infeasible. Then again, if your adversary is a nation state... Fingers crossed?