• Miller@lemmy.world
    link
    fedilink
    English
    arrow-up
    120
    arrow-down
    7
    ·
    2 months ago

    You mean that thing everyone knew about since the authorities derailed open-source TrueCrypt and forced them to message their users that they should migrate to BitLocker?

    • WesternInfidels@feddit.online
      link
      fedilink
      English
      arrow-up
      62
      arrow-down
      2
      ·
      edit-2
      2 months ago

      There’s an open-source successor to TrueCrypt called VeraCrypt. For that matter, as far as I know, one can still download the last version of TrueCrypt. It hasn’t been disappeared.

      It’s true that the TrueCrypt developers retired and said that commercial packages like BitLocker were finally good enough and available enough that they didn’t feel compelled to maintain TrueCrypt. I remember that. I think it’s plausible that Microsoft has (or has provided to someone) back-door access to BitLocker, but I don’t remember any hint that the TrueCrypt developers had been coerced; have you got something you can link to?

      • Miller@lemmy.world
        link
        fedilink
        English
        arrow-up
        28
        arrow-down
        3
        ·
        2 months ago

        Certainly at the time there was talk of coercion, there was talk the developers had been asked to put in a backdoor, had refused and then been encouraged to cease and desist their work on TrueCrypt and provide written recommendation of BitLocker, the wording of which did not seem to be their own. But people like conspiracies, maybe the authors did just move on, and if that was encouraged it probably was not as sinister as suggested. Security and privacy will always be duking it out.

        • tomiant@piefed.social
          link
          fedilink
          English
          arrow-up
          17
          arrow-down
          3
          ·
          edit-2
          2 months ago

          But people like conspiracies,

          In spite of the fact that they never happen and that government mass surveillance isn’t a thing and hasn’t been exposed repeatedly for decades and that we all know they have not been aiming to do this exact thing for the better part of a century and that they are genuinely evil and literally never prove themselves to be over and over and over.

          • Miller@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            2 months ago

            There is that, but in a more general sense I think people like conspiracies because they have a deep need to believe that there is an intelligent direction to human affairs, even if it is malign, and that the world is not actually chaotic and uncontrolled at the largest scale. It stems I suppose from infancy when even while we pushed at them we needed to know the unfathomable rules our parents set came from a better understanding of things than was available to us.

            • tomiant@piefed.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 months ago

              This take I buy. My grievance is like, with people who lambast “conspiracy theorists” (because apparently that’s a term for a fucking social identity we actually have to use in 2026) fall in the same trap as those who drop Dunning-Kruger effect- as we all know we all think we are smarter than average, and dumb people especially believe this, alas, just because you think you’re smarter than the average doesn’t necessarily mean you’re wrong.

              Just because you believe in a conspiracy doesn’t mean there isn’t one. There are informed opinions. They are rare, and hard to come by, but still. Technically correct = best correct.

      • Creat@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        6
        ·
        2 months ago

        These days, if you’re not on Windows you can use luks or just zfs with encryption enabled. Code is open and can be audited by anyone. But yes, VeraCrypt to my knowledge is also still a viable option.

  • Dalraz@lemmy.ca
    link
    fedilink
    English
    arrow-up
    72
    arrow-down
    1
    ·
    2 months ago

    Seems like every week there is another reason why I’m thankful I switched to Linux a few years ago.

    • tomiant@piefed.social
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      edit-2
      2 months ago

      Only thing I find annoying with full volume LUKS encryption is that it makes it difficult to resize partitions, it’s a whole thing, but it’s a minor hassle and not something I’d do every day anyway.

        • statelesz@slrpnk.net
          link
          fedilink
          English
          arrow-up
          6
          ·
          2 months ago

          What? Btrfs subvolumes are basically the same as logical volumes. That’s somewhat redundant.

          • slowbyrne@lemmy.zip
            link
            fedilink
            English
            arrow-up
            4
            ·
            2 months ago

            Your correct. It is redundant. I think I needed the lvm layer to get an installer to recognize the luks partition. Can’t remember if it’s Pop or Fedora. That installer bug might be fixed now though. One day I’ll check and update my drive so its just using btrfs on luks.

      • Quetzalcutlass@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 months ago

        I have the page with instructions for this prominently bookmarked because it was such a nightmare to figure out the last time I migrated my OS to a differently sized drive.

  • Carmakazi@piefed.social
    link
    fedilink
    English
    arrow-up
    58
    ·
    2 months ago

    Tech megacorps are the fifth estate of their home countries, trusting your data to Microsoft or Google is essentially the same as handing it directly to the FBI and CIA.

  • Aceticon@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    57
    arrow-down
    2
    ·
    2 months ago

    If you’re running Windows, always assume that if the US Authorities or Microsoft itself want to spy on you as an individual or on do a little industrial espionage on your company (which US agencies also do), they’ll just use a backdoor already present or at worse push an update to your machines(s) to create said backdoor.

    Treat any and all software made by US companies as a foreign agent.

    All the shit that the US Government and companies say about China, is pure Projection - the result of a mental process of “what would we do if we were the ones making those devices”. (And, yeah, China probably does that shit too)

    If it ain’t Open Source, you got it as a binary or it can self-update, that software is somebody else’s agent and you’re trusting their ethics and goodwill when you have it running in your system outside a sandbox.

    • dread@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      2 months ago

      What’s unfortunate is a significant number of people don’t like hearing this and instead choose to project onto other countries. Most of our governments aren’t our friends, regardless if you’re American or not.

    • phutatorius@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Most likely, it’s Microsoft doing it, and if the Feds ask them nicely, they’ll happily share the intel.

      • Aceticon@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        Any company based in or with operations in American can receive a Foreign Intelligence Surveillance Court (FISC, aka FISA Court) order to allow mass access to data in systems they control (which definitelly includes networked machines running Windows for Microsoft ever since Microsoft has been able to push software to them - in the form of updates - to do anything they want in that machine).

        These orders cannot be legally divulged by the recipient and can only be disputed in FISA Courts, the proceedings of which are themselves not public and cannot be divulged unless the side fighting the Authorities wins.

        In other words, companies based in or with operations in the US can receive secret orders from an American Foreign Surveillance court which they must comply with without divulging them and which they cannot dispute elsewhere but that court, which has many special rules making it different from a normal Court, with for example the proceedings being secret.

        The Surveillance System in the US is far more powerful, systematic and well entrenched than that idea you have that “companies do favors for the Feds” - that shit hasn’t been true since at least the Patriot Act.

    • tomiant@piefed.social
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      6
      ·
      2 months ago

      I remember the day I saw the “Intel! Inside” commercial and the logo, and I thought, I don’t fucking trust this company.

      Yeah no shit Intel inside, you’ve got every fucking three letter agency inside.

      I knew it was over the day they introduced UEFI and TPM.

  • Deebster@infosec.pub
    link
    fedilink
    English
    arrow-up
    40
    ·
    2 months ago

    This Chaotic Eclipse/Nightmare Eclipse is the same one whose opening post read:

    I never wanted to reopen a blog and a new github account to drop code…

    But someone violated our agreement and left me homeless with nothing. They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine.

    I’m guessing there’s plenty more to come.

    Kinda funny that they’re targeting Microsoft and yet using GitHub to share the PoCs.

  • Mwa@thelemmy.club
    link
    fedilink
    English
    arrow-up
    27
    ·
    2 months ago

    AFAIK Microsoft gave the keys for Bitlocker to goverments before,So Classic Microsoft.

    • vandsjov@feddit.dk
      link
      fedilink
      English
      arrow-up
      9
      ·
      2 months ago

      That is true. When people have saved them to their Microsoft account, then Microsoft has access to them.

  • an0nym0us_dr0ne@europe.pub
    link
    fedilink
    English
    arrow-up
    21
    ·
    2 months ago

    No Shit Sherlock. Not as if it would be required by US law to have a backdoor or anything…

    No no, PatriotACT, CloudACT and stuff like PRISM just do not exist…

    • muusemuuse@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      2 months ago

      It really isn’t. The encryption itself still hasn’t been defeated. The implementation is the problem. Microsoft just can’t get out of their own way. If they ignored all the business majors, nobody would be able to stop them.

      • 0x0@infosec.pub
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        8
        ·
        2 months ago

        Lol, if they ignored that they would have gone extinct in the 90’s