Security stuff (was SAS HDD Drive)

[Geri]

its interesting to see how we reached from phisical protocols to logical protocols, storage driver mechanisms, file systems, and security, even if these topics does not really have any direct connection with each other

If you also have an encrypted filesystem (something any serious OS should support in 2017)

mallard: android and linux still does not even have it, only third party tools are available, such as truecrypt.
oh, and by the way, windows sends your encryption keys to microsoft (and russian/american national agencys, alongside with all of your pressed keys, passwords, browser data). so you dont really go far with your encryption aniway. if you want secure computing, first you must stop using software and hardware designed by the national surviellance and the oligarchic maffia (any software and hardware related to x86, arm, mips, any microsoft, google, ibm, oracle/sun, sap, telekom, usb, tcp/ip, internet, even a fucking DVD disk, etc).
we, the people, does not even have computers any more - we are only having strictly controlled telecommunicating devices with fast processors.

[iansjack]

Encryption of ext4 filesystems has been part of the Linux kernel since 2015. Hardly a third-party application.

[Geri]

Encryption of ext4 filesystems has been part of the Linux kernel since 2015. Hardly a third-party application.

ext4 encryption is more like a troll joke of softrwarecommunists than an actual encryption.

[LtG]

oh, and by the way, windows sends your encryption keys to microsoft (and russian/american national agencys, alongside with all of your pressed keys, passwords, browser data). so you dont really go far with your encryption aniway. if you want secure computing, first you must stop using software and hardware designed by the national surviellance and the oligarchic maffia (any software and hardware related to x86, arm, mips, any microsoft, google, ibm, oracle/sun, sap, telekom, usb, tcp/ip, internet, even a fucking DVD disk, etc).
we, the people, does not even have computers any more - we are only having strictly controlled telecommunicating devices with fast processors.

Since when does Windows send your keys to MS? Any proof? Is that some new encryption in Win10 that does that?

And You can easily use x86 without significant security concerns, but you might have to design your own MoBo and the rest of the system.

Note sure how TCP/IP is related here..

[Geri]

Since when does Windows send your keys to MS? Any proof?

http://www.thewindowsclub.com/microsoft ... yption-key

Microsoft automatically encrypts your new Windows device and stores the Windows 10 Device Encryption Key on OneDrive, when you sign in using your Microsoft Account

first result in google.

by the style of your question, i would say your attitude to security / privacy is questionable either by your naivity, or due to something else. in the first case, i must warn you: all of your encryption keys, passwords, login names, list of the all of the webpages you are visited, and the file list on your hard disk is copromised begining from three year ago. oh, by the way it also creates a picture from you at every boot, and sends it to microsoft. should i continue, or can you google the evidences alone?
greetings in 1984.


(yes, android does the same, with minor differences. no idea from apple os-es, as they are relatively unexist in my contry)

[simeonz]

Since when does Windows send your keys to MS? Any proof?

http://www.thewindowsclub.com/microsoft ... yption-key

C'mon. How is there no legal backlash over this. Have they put something in the EULA to make it stick? Or is "private key" only a figure of speech these days. Why don't they automatically tweet the keys then.

[LtG]

Since when does Windows send your keys to MS? Any proof?

http://www.thewindowsclub.com/microsoft ... yption-key

Microsoft automatically encrypts your new Windows device and stores the Windows 10 Device Encryption Key on OneDrive, when you sign in using your Microsoft Account

That's an improvement over previous state. Previously most "home users" didn't encrypt at all, if encryption is used by default (at least initially) I think it's a good idea to cover MS's back by having the ability to recover the keys.

Most companies have similar internal policy where the security department can recover employee laptops, for same reason.

If I were MS I wouldn't dare enable encryption on unsuspecting users by default without some form of actually functional recovery, and given that users don't even do proper backups, I'd probably follow similar/same path as they did.

The only problem I see is that they don't offer the home edition to do encryption without uploading the key. Though IIRC the Win8 home edition doesn't support encryption at all, so again at least there's some improvement there too. Of course it would be better if they offered encryption to all editions freely and gave all users the choice whether or not they want the key sent to MS.

Bottom line, I don't have much of a problem with what MS did, they improved security and those that care more about security (like me) can have it. Though I don't and am not planning to use bitlocker.

by the style of your question, i would say your attitude to security / privacy is questionable either by your naivity, or due to something else.

You're making a pretty massive assumption there, based on nothing factual.

in the first case, i must warn you: all of your encryption keys, passwords, login names, list of the all of the webpages you are visited, and the file list on your hard disk is copromised begining from three year ago. oh, by the way it also creates a picture from you at every boot, and sends it to microsoft. greetings in 1984.

All of _my_ keys are compromised three years ago?

Any proof of the encryption keys, passwords, etc..? Three years, what happened then? Is this some reference to Snowden? It would be more useful to be more explicit about what that three years refers to so I don't have to guess =)

I also asked specifically about TCP/IP, how that is related?

And my laptop has never taken a picture of me...

[LtG]

Since when does Windows send your keys to MS? Any proof?

http://www.thewindowsclub.com/microsoft ... yption-key

C'mon. How is there no legal backlash over this. Have they put something in the EULA to make it stick? Or is "private key" only a figure of speech these days. Why don't they automatically tweet the keys then.

Not too happy about that either, but what other practical choice is there?

Assume you by default enable encryption on hundreds of millions of devices (if not a billion), there's going to be huge amounts of people who will eventually need recovery. Not providing any recovery would be insane. It still protects normal end users from their biggest threat which is common theft, even if it doesn't protect them from government(s) and a few large corporations.

So for 99.99% of the cases it provides the security needed and for the rest, well they should probably know better. This is a significant improvement over the previous state of affairs.

[simeonz]

Assume you by default enable encryption on hundreds of millions of devices (if not a billion), there's going to be huge amounts of people who will eventually need recovery. Not providing any recovery would be insane. It still protects normal end users from their biggest threat which is common theft, even if it doesn't protect them from government(s) and a few large corporations.

You are basically approaching this from the point of view that this is not encryption in the enterprise sense, but some extra security mitigation in the Windows OS. I see your point. However, I will not condone this. According to this article, "Windows Home devices do not allow users to opt out of having the encryption keys uploaded", etc. The idea that you transfer encryption keys from the user's administrative domain and infrastructure into your administrative domain and infrastructure, without explicit forewarning about this, with big neon letters, is simply criminal. Criminal, not in the metaphoric sense.

I am not hardcore anti-MS guy, but recently they are becoming too confident with their practices. Shouldn't the government itself initiate legal action in the name of the people. Aren't there some sort of privacy protection laws in place about this?

[LtG]

That's an improvement over previous state.

i blocked all of your comments in the forum. its an improvement over previous state. people like you should not even be allowed to step into forums like this.

Seriously, lol.

[simeonz]

I think I know what has happened. Probably the OneDrive EULA contains something in the spirit of "this service will create copies of the user data" (my legal lingo is poor, I know). So, this probably gives Microsoft the right to store any information they choose there.

[LtG]

Assume you by default enable encryption on hundreds of millions of devices (if not a billion), there's going to be huge amounts of people who will eventually need recovery. Not providing any recovery would be insane. It still protects normal end users from their biggest threat which is common theft, even if it doesn't protect them from government(s) and a few large corporations.

You are basically approaching this from the point of view that this is not encryption in the enterprise sense, but some extra security mitigation in the Windows OS. I see your point. However, I will not condone this. According to this article, "Windows Home devices do not allow users to opt out of having the encryption keys uploaded", etc. The idea that you transfer encryption keys from the user's administrative domain and infrastructure into your administrative domain and infrastructure, without explicit forewarning about this, with big neon letters, is simply criminal. Criminal, not in the metaphoric sense.

I am not hardcore anti-MS guy, but recently they are becoming too confident with their practices. Shouldn't the government itself initiate legal action in the name of the people. Aren't there some sort of privacy protection laws in place about this?

How about smart phones automatically uploading your pictures, messages, etc to the cloud? I'm not sure what every phone out there does, but I thought the default behavior is to upload to cloud? If that's acceptable, then why isn't keys (which protect the data on the device, which is already uploaded to cloud anyway)?

I don't like phones uploading everything to the cloud, and I'd prefer to be able to change the cloud to use my personal cloud, but unfortunately I don't always get what I want. So the first thing I do with a new device is to disconnect it from the cloud as much as possible and enable all the privacy settings. One of the reasons I haven't migrated to Win10 is because of the deteriorating privacy..

Encryption can be used for many reasons, two of the potential threats I listed, common thieves and governments. Realistically you don't have much chance against governments and you do have in some other cases (piracy, etc). Enabling Win10 home edition encryption by default kills off the thief scenario almost completely and I think that's a good thing. I'd prefer something better, but I still that's an improvement.

Practically speaking I'm not sure what else MS could have done that wasn't going to generate massive problems, except that they could have made the home edition cloud recovery optional, it seems they want to charge money for that --> buy pro, so at least you do have a choice. If you don't want to pay, then that's a completely different problem, then don't use MS products.

So the Win10 home edition encryption should only be considered as preventing thieves access and not as proper "encryption"...

[LtG]

i blocked all of your comments in the forum. its an improvement over previous state. people like you should not even be allowed to step into forums like this.

Seriously, lol.

actually, i didnt.
i just wanted to show how i feel about your attitude about the topic.

Fair enough, but I fully disagree with your assessment of _my_ attitude wrt to this topic. And so I asked for some reasons why you have such an assessment.

All I really said about Win10 home edition that covering significant part of the threat scenarios is better than not covering any of them, not that MS having keys is a good thing. However in practice there aren't really that many options for recovery..

And unlike your home keys, which if you lose they can break the lock and let you in your home, with encryption keys your screwed if you ever lose the key (by misplacing, having it break, etc.. and having a 100 duplicate keys to protect you from all realistic problems you expose yourself to having way too many keys floating around). At least for me, a huge part of what I have created lives in my own computers and as such represents a huge part of me (or my time spent) so I take very good care of my keys so I don't lose everything I've done.. But it's not easy to realistically ensure the safety of the keys.

How would you suggest the key management should be imposed on normal end users who probably don't fully understand what encryption even means? Which means there's two options:
- Use encryption, if the users messes up they lose all of the digital life.. prepare to face the consequences
- Disable encryption --> certainly not an improvement

[Geri]

How would you suggest the key management should be imposed on normal end users

anything. for example: generate it from the user password, and do not upload it anywhere. you may dont want your house to be robbed, but you will not install a camera on your toilet. microsoft is not our friend.

[simeonz]

Practically speaking I'm not sure what else MS could have done that wasn't going to generate massive problems, except that they could have made the home edition cloud recovery optional, it seems they want to charge money for that --> buy pro, so at least you do have a choice. If you don't want to pay, then that's a completely different problem, then don't use MS products.

Its all about choice and transparency. If someone is ok with having their keys stored, I'm ok with that. If someone is clearly informed of the consequences, and they are casual user that has little interest in having their security decoupled from the MS administration, then fine. But the user must always be kept informed of the consequences of their choices and must always have the final word. Everything else should be outright criminalized. At least this is my opinion.