Encryption doesn’t actually complete until you log in with a Microsoft account for Home Edition.
Anyways: Use Veracrypt.
Or just Linux + LUKS
They don’t have a copy of every single Bitlocker key. They do have a copy of your Bitlocker key if you are dumb enough to allow it to sync with your Microsoft account, you know, “for convenience.”
Don’t use a Microsoft account with Windows, even if you are forced to use Windows.
DeathByBigSad@sh.itjust.works 20 hours ago
lemmyout@lemmy.zip 19 hours ago
It’s a bit harsh and unfair to say “you are dumb enough to allow it”. Microsoft makes it damn near impossible to avoid this unless you are extremely particular and savvy about it, and never have an off day where you make a mistake while using your PC.
realitaetsverlust@piefed.zip 16 hours ago
Don’t use
a Microsoft account withWindowsFtfy
3laws@lemmy.world 15 hours ago
Don’t use
aMicrosoftaccount with WindowsFFTFY.
Bethesda anything, Azure, Outlook, GitHub, Visual Studio, Office, Bing, XBox, LinkedIn, SharePoint (so disgusting this is a given), fuck it not even Skype (lmao what year is it?)
realitaetsverlust@piefed.zip 13 hours ago
Still kinda hurts they own Bethesda now, but considering that company has only produced garbage since FO4 which only was kinda mid, I don’t even mind skipping them.
melfie@lemy.lol 2 hours ago
The Elder Scrolls VI with mandatory Copilot integration 💀
quips@slrpnk.net 12 hours ago
Literally fix the anticheat problem and I’ll uninstall.
realitaetsverlust@piefed.zip 3 hours ago
The anticheat problem already is fixed. It’s called “don’t play games that don’t support your choices”. These days, no game is worth being put through all that AI bullshit.
DeathByBigSad@sh.itjust.works 9 hours ago
Dualboot, don’t store sensitive files in windows?
(Although I’m having a bit of trouble trying to do dualboot myself so… idk lol)
goferking0@lemmy.sdf.org 14 hours ago
But, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes.
I mean it’s dumb to sync but at same time it’s not like MS isn’t great at either making it almost impossible to not sync it re-enable syncing for a bit after updates.
You can constantly tell it not to sync but all it takes is MS saying we want it now and they’ll get it
JustEnoughDucks@feddit.nl 7 hours ago
Are you naive enough to believe the surveillance OS that uploads literally all of your activity along with screenshots of your desktop doesn’t automatically upload you keys no matter what little box you tick on the installer?? 😂 there is absolutely not one single 3rd party auditing that they actually follow any of the options at all that they give.
empireOfLove2@lemmy.dbzer0.com 20 hours ago
They do have a copy of your Bitlocker key if you are dumb enough to allow it to sync with your Microsoft account, you know, “for convenience.”
Which I don’t believe is the only way it can leak. It’s well known Microsoft can access anything and everything on an internet connected Windows PC whether there’s a Microsoft account or not. If the nazi’s push for the device of someone on a local account only, you know they’ll magically find a way.
iterable@sh.itjust.works 18 hours ago
Save a copy of your bitlocker keys to a Veracrypt drive with a password no shorter then 15 mixed characters. Then upload that encrypted container to any free service. They wont be able to open it and now you have a remote backup copy.
dual_sport_dork@lemmy.world 17 hours ago
I employed the super secure expedient of never exporting my keys. I have no idea what they are, I never did, and I never will.
There’s really no irreplaceable data on my Windows machine. If I have to reformat it some day A) that’s no big deal, and B) it’s Windows, what else is new.
wischi@programming.dev 15 hours ago
Why not save a step, fuck bitlocker, and use veracrypt to encrypt your drive in the first place?
Nyx0r@discuss.online 15 hours ago
Why not save a step and don’t install Windows in the first place.
iterable@sh.itjust.works 12 hours ago
If you can have two computers one should always be Linux. But gaming and certain software just does not work on Linux yet sadly. Hoping steam can turn that around.
iterable@sh.itjust.works 12 hours ago
That is a option but it’s performance is bad and you need at least fifteen mix character password every time you boot. If you game you need to use bitlocker sadly or load times dive hard. Having a second drive in full Veracrypt is fine for things like basic documents but not to game on.
Wispy2891@lemmy.world 9 hours ago
If the password is long 15 characters that means you use a password manager. At that point just put the bitlocker password in the password manager
Tollana1234567@lemmy.today 9 hours ago
i heard win11 its automatically used online for home.
tabular@lemmy.world 20 hours ago
To use Windows without a Microsoft account requires tech literacy these days, I thought. I would not be suprised if users didn’t choose to sync with a MS account but it’s doing it anyway, if that’s what MS want.
dual_sport_dork@lemmy.world 20 hours ago
If you sign in with a Microsoft account at all I don’t believe there’s the capability to opt out.
I only use local accounts. I have never had a Microsoft account. I never will.
suicidaleggroll@lemmy.world 19 hours ago
You can’t do that anymore, at least not with a normal Windows installation. All of the tricks of forcing it offline, clicking cancel 10 times and jumping up and down don’t work anymore, they’ve disabled them all, the only way to install Windows 11 now (using the normal Microsoft installer) is by linking it to a Microsoft account.
dual_sport_dork@lemmy.world 19 hours ago
Using Rufus still works. I did it as recently as a couple of days ago.
CarbonatedPastaSauce@lemmy.world 18 hours ago
This is not true. There are several tools to create a bootable USB that uses a local account.
They just made it hard for Joe Schmoe to avoid it.
9tr6gyp3@lemmy.world 19 hours ago
You can still create a local account by setting the PC up as a “School or Business” PC and then choosing the local account option.
cley_faye@lemmy.world 14 hours ago
Just update a W10 local install. It won’t even try to ask you to add a microsoft account.
Feyd@programming.dev 19 hours ago
I’m not even sure if you can install without an MS account if you don’t use Rufus anymore. Rufus requires literacy for sure, and even if you can still do it without it is designed to make it impossible to know you can from within the installer itself.
conorab@lemmy.conorab.com 15 hours ago
Main issue with Rufus is secure boot unfortunately, otherwise Rufus is easy enough that I gave a couple “click here, then here, then here and here are some screenshots” to a friend they were able to navigate it just fine. At this point I swear Rufus is easier than using the official installer provided Secure Boot is off.
Wispy2891@lemmy.world 9 hours ago
Images patched by Rufus can definitely pass secureboot, as long the bootloader wasn’t touched. Secureboot only checks the signature of the bootloader, not every single file of the operating system, otherwise it will take hours to boot