- I had a stroke reading the thread title. - The lost data is appearing inThe lost data is appearing in this thread. 
- @moe90@feddit.nl clearly doesn’t give a shit. They’re a serial poster. - lol @moe90@feddit.nl posted and logged off, they have a life! (I gotchu moe) - Mod coulda fixed fix huh or maybe that’s dangerous 
 
- It has too much data 
- deleted by creator 
- new form of encryption just dropped 
 
- Surprise, surprise. - Forcing security measures onto someone who doesn’t understand them or know how to recover their data if something goes wrong is a bad idea. 
- HEY, @moe90@feddit.nl - FIX YOUR FUCKING TITLE lazy ass - don’t you mean, “FIX YOUR FUCKING TITLEFIX YOUR TITLE FUCKING lazy ass” - 😂😂 
 
- Dude has a stutter be cool 
 
- Fix that title gore please - Windows 11 users reportedly losing data due to Microsoft’s forcedWindows 11 users reportedly losing data due to Microsoft’s forced BitLocker encryption- Tagging OP @moe90@feddit.nl until they quit being a lazy bitch and actually fix their title. 
- I mean, it’s kind of not incorrect: - Windows 11 users reportedly losing data due to Microsoft’s forced Windows 11 
 
- Windows is ransomware now - Nailed it, that is how ransomware works. - in Italian gangster voice “Hey Buddy, give me your information, fair price for security, eh?, What? Do you not trust me? Buddy, you may lose your information, we wouldn’t want that, right?, just make an account I’ll handle the rest” 
 
- The bot that posted this is not programmed to edit typos. - Really wish we didn’t have bots posting at all 
- really interesting to see that they have more posts than comments 
 
- Yeah it can happen, when you force people without their consent encrypting their data. - Isn’t that what Iphone and Android already do? - One major difference is that it is so much easier to lock yourself out of the desktop TPM chip compared to mobile device security chips because they’re not tightly coupled. - and phones make you use your unlock pin often, so people are forced to remember it. on the other hand windows lets you use a short pin instead of your full account password pretty much forever which results in people forgetting the password completely. - That isnt even the part it is encrypted, the TPM encryption is either “Automatic” or over a password (any length) on startup so far i know it from my work with Bitlocker (tpm 2.0) on windows 10. Idk if this is different on windows 11. 
 
 
- Huh … I never noticed. Probably because my phone OS never failed to boot, requiring me to pull data off the HDD directly. - Samsung is notorious for this. 
 
- Android I think just uses same credentials you use to unlock account, at least I am not aware of any recovery key. And you are prompted for credentials from time to time so it is harder to forget. I use fingerprint as main unlock + pattern and I have to enter pattern roughly once a week I think. - On Windows if you set up Windows Hello (fingerprint or PIN usually), you are not reminded to enter password afterwards so eventually you can forget it. And if you do not know your password and cannot recover account, you will not be able to retrieve BitLocker recovery key. So fix to this problem could be another annoyance to users if it would be implemented as Android does it. 
- The only phone manufacture that does that is Google with pixel. Any other phone is for my knowledge either “weakly” encrypted or not at all. - Still your Mobile OS isnt just upgrading and encrypting your SD card and main drive. Thats the point. - All devices launching with Android 10 and higher are required to use file-based encryption. - To use the AOSP implementation of FBE securely, a device needs to meet the following dependencies: - Kernel Support for Ext4 encryption or F2FS encryption.
- 
Keymaster Support with HAL version 1.0 or higher. There is no support for Keymaster 0.3 as that does not provide the necessary capabilities or assure sufficient protection for encryption keys.
- 
Keymaster/Keystore and Gatekeeper must be implemented in a Trusted Execution Environment (TEE) to provide protection for the DE keys so that an unauthorized OS (custom OS flashed onto the device) cannot simply request the DE keys.
- Hardware Root of Trust and Verified Boot bound to the Keymaster initialization is required to ensure that DE keys are not accessible by an unauthorized operating system.
 - https://source.android.com/docs/security/features/encryption/file-based?hl=en 
 
- Different threat model and usage scenario. See the spilled milk comment. 
- deleted by creator - For many, a mobile device is their sole computer, and things of importance to them are stored on it. - Le banking app. - But THAT is recoverable EASILY, not like lost forever if you dont recover data from that phones storage. - Something like OTP are rather more important. - Well, I wasn’t talking about recovery, but need for encryption. - I guess thats true. 
 
 
 
- deleted by creator 
 
- No you’re right, nobody has precious photos or videos on their phone 🙄 - deleted by creator - You’re assuming they actually understand proper data protection procedures. You have a very misplaced amount of faith in the knowledge of the average person. Plenty of people just expect stuff to work and are horrified when they realize they’re not. - I saw that all the time when I worked in mobile phone sales/support. 
- This is a post about people who don’t understand encryption. 
- I backup my precious dick pics at several offsite locations by sending them to as many people as possible as often as possible. - 8- 
 
 
- Yeah, nothing important. Just your banking apps, personal documents, photos, government apps, emails, all the services linked to your phone via mobile number, personal chats, work chats, 2fa codes, some other not important stuff. But at least it doesn’t have your games. Unless you play games on your phone, then you are fucked. 
 
 
- Forcing people is one thing, not telling them its a thing is completely different. Most Windows users dont even know their Windows has bitlocker enabled and those keys are out of their sight 
 
- Your title is borked. Maybe edit that - It’s duplicated in case half of it is lost to Bitlocker 
 
 - You can merge the choices and resolve the conflict: Microsoft users are dumb. - Clearly you’ve never used a Mac. It wasn’t until 2024 that you could snap windows, they have a built in dark mode but the word processor that ships with their computer requires you to use a dark page template if you want black background/white text, and lord forgive you if you want to take a screenshot. - I think the vibe is kind of “works for grandma out of the box“, “someone in the small-but-mighty dev community made an [open-source] app for that” - Yeah frustrates me too but seeing it as a kind of culture would probably help me be less frustrated - Then Apple gets tiny bits of occasional flak for Sherlocking - Apple is almost the tale of two companies. - From the software usability perspective, they have the “it just works” reputation and that might be true if you’re doing really basic stuff. I’ve found both windows and Linux to be much more user friendly if you want to do mildly advanced things. - Their hardware is generally pretty solid but comes at a premium, especially once you start talking about increasing RAM/SSD capacity. I have both a MacBook pro M3 pro and a Snapdragon X Elite Lenovo Yoga slim 7x. The 7x can give great battery life, but is much more inconsistent in doing so. On the other hand, the 7x has an amszing 3k OLED screen, has a removable m3 SSD, and you can upgrade to 32 GB of RAM for around $100. - What I find interesting is that a large swath of developers have macs. I get it for some use cases (ARM emulation on ARM vs doing it on x86), but it seems like it’s a bit of a status symbol for others. 
 
 
- Thanks? 
- Found the Linux user. - Not Arc though, they would have said so - Maybe he uses a Mac? - (I use arch BTW) - No. - (I use Tumbleweed btw). 
 
 
 
 
- I’m of the opinion that encryption based security should be compartmentalized. IE, an encrypted folder, or “safe” app. Safes in housing are already a concept that is already commonly known so it would be natural to extend a safe into the digital realm. This would also help in the idea that safes are locked with a key, so if the user loses their keys, whatever is inside the safe, might as well be lost. - Now if EVERYTHING is a safe, (always on encryption). People will never known the difference. Its a dangerous type of security that is likely to be more a loss than a benefit. - You are arguing for selective encryption, but I can’t really find any technical argument in your comment. - Whether we are speaking of encryption at transit or rest, there’s a general consensus that encrypting everything is best in every way except possibly performance for select cases. - For example, it allows hiding (meta)data about the really important bits, and with computers it’s really difficult to tell which bits of (meta)data could be combined to abuse. Tampering is a consideration as well. 
- For most folks they could just write down their encryption passphrase in a secure location with the rest of their papers since 99.9% of the risk is thieves stealing their laptops. For most folks the biggest secure item they have is the one they use constantly their browser and all the passwords it stores to all their services. You know the thing they use constantly. - A compartmentalized approach makes sense when the laptop contains really vulnerable data like laptops which have been stolen with bunches of client data on it or a journalists communication with confidential sources etc etc. In that case you STILL want to encrypt the whole thing but you want to separately encrypt the really important stuff with a different key so that every time you open your laptop to watch cat videos on youtube you aren’t also unlocking all the data you will have to tell your companies users you lost. 
- But, houses have locks on the doors. The whole point of the house is to be a safe for people. Security is all about the threat model, your risk assessment should inform the security measures that make sense in the security/convenience continuum. Not everyone will be equally well served by the exact same risk mitigation methods. - The point of whole disk encryption is to delay or nullify physical device control. If your disk is not encrypted, but you have a single encrypted file a bad actor wants to access. If they get physical control, then it is game over. They have all the time and power in the world to crack down that one file. Now, most people don’t have any one file(s) like that, but instead are worried about their private life in general. Without encryption, physical access to the device means total access to their entire life, the house had no locks and the thieves just waltzed in and took everything of value. Whole disk encryption is opting for a sturdier door, with better locks. Physical control is still bad, but access is orders of magnitude harder. Sure, if you lose the only key to your house, you better be prepared to break windows or walls to get in, but that is a user responsibility. 
 
- It tech here. Yup sure does. For enterprise customers it gets saved in active directory anyway. But for home users, no way. For new devices I always create a local account and turn off bitlocker if it happens to be enabled. Most people don’t remember their email password, some don’t even remember their email address. So many times I’ve had to remove the drive of a dead PC or laptop and copy all their files off of it, because people just don’t make backups. But already happenend a few times now that a private customer got suckered into making a Microsoft account by one of those full screen pop ups. Probably set it up with an E-Mail some relative of theirs created just so they can download stuff of their Phones App store. And all their stuff just gets automatically encrypted. Bye Bye all the photos you had taken for the last 10 years. Thanks Microsoft. - Why isn’t this a thing for me? Because I skipped MS account creation? So many Win11 issues I read about on here and I get almost none with my vanilla ISO install. - Maybe it’s a home vs. pro thing? On the pro version you don’t even to do any trickery in the command prompt or the registry. You just choose “join a domain”, create a local account. You don’t actually have to join a domain. 
 
- I just got bit in the ass by bitlocker when my laptop motherboard died. I had to do the unsafe bootloader hack to get back into the drive. 
 
- What a stinker of an OS. Linux never looked so good - Its why I switched to Linux. - I’ve been a Linux user since 2010 and I’m glad I developed that skillset - Same. Except my first pc was running DOS on a black and amber CRT…so switching to Linux even part time in 2010 was pretty easy for me to wrap my head around in terms of CLI stuff. 
 
- We use Linux by the way. - But I use arch BTW 
 
 
 
 
- That’s extraordinary, even for Microsoft. - If you’re on Win 11 Pro, up to 23H2, follow these steps to prevent 24H2: - win+R, type GPEDIT.MSC, press enter Locate “Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Update\Select the target feature update version” - Now click the “Enabled” button, type “Windows 11” in the first prompt and “23H2” in the second prompt and click “Apply” - That will prevent 24H2 from being downloaded and installed. When they’ve fixed this and the “Recall” mess, you can go back and undo the setting. - You can still do the “bypassnro” thing, it’s just a script that’s been removed. All it did was write a registry entry and reboot. This is the registry key entry - you can still press shift-F10 at the same point and type this manually: - reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f shutdown /r /t 0- another method to try is this, instead of the registry entry: - start ms-cxh:localonly- but I haven’t tried that one yet. - I love how Windows fix has terminal and GUI configurations mixed as an unholy concoction directly from the HQ. 
- I’ve fixed it by axing my bitlocker encrypted partition that contained my Pro version OS and just installed arch. 
 
- I am LITERALLY in the process of migrating my servers to my new NixOS server after months of prep work. This couldn’t have been more timely lol Funniest part is, I just did my own TPM based encryption on my drives. - SERVERS??? - Just one server, but multiple “services” (i.e. Jellyfin, Minecraft, Discord bots, Wordpress, etc). Server is kind of a misnomer there 
 
 
- Windows is malware. - I remember when Linux users used to say that, but it turns out they were right. - I’m glad I leaved that cursed OS behind. 


















