Nice intel to have. Now, all that is needed for reasonable security is to avoid storing the key in the cloud. Duhhh.
Basic rule: Not your hardware (computer/drive), not your data.
Never store anything on someone else's hardware that you need to maintain full control over.
But, but, but encryption? It helps but encryption does not guarantee full access when you don't control the hardware.
You don't need to build backdoors when you store a copy of the key.
I don't use these. See post below.
You can go one step further. Encrypt your computer, store keys on the cloud, then encrypt your computer again but store keys into a file. You can see key ID on Microsoft Live account. Now you won't even look suspicious.
Privacy cannot come from human-made laws and regulations because they get abused on they change. Privacy comes from mathematics which do not care for laws and regulations.
You also do not have to backup keys in the cloud, however for most users it’s the best solution since for them data recovery in case of a hardware failure is more important than resiliency against state level adversaries.
Certainly, nation state actors could pursue those people to obtain access to key material, but that is a different hill to climb than simply sending requests to Apple, especially for contacts outside of the jurisdiction or nation state reach. Perhaps Shamir's secret sharing would be a component of such an option (you need X out of Y trusted contacts to recover, 2 out of 3 for easy mode, 3 out of 5 for hard mode).
With MSFT cloud backup of keys is an opt-in. With Apple it’s an opt-out.
For email each individual message should be encrypted if you want any confidentiality and even then the meta data is in the clear.
And this is because in order to send or receive an email the provider needs to access it. If they put it into a box later on to which they do not hold the key that is just security theater at that point.
A lot has changed since then and it is common knowledge that Apple regularly give government agencies access to their systems and hides it from the public until a whistleblower leaks it.
https://www.reuters.com/technology/cybersecurity/governments...
In a statement, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. "In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."
https://appleinsider.com/articles/22/11/12/apple-getting-sue...
https://slnt.com/blogs/insights/is-apple-selling-data-find-o...
Regarding my own encrypted backups, the choices there are so diverse that Apple doesn't factor in.
fuzzfactor•2w ago
jqpabc123•2w ago
josephcsible•2w ago
jqpabc123•2w ago
Download the Win11 Pro ISO, extract it to a USB drive and then execute the command below from it for a totally automated install that bypasses all the BS.
.\setup.exe /product server /auto upgrade /EULA accept /migratedrivers all /ShowOOBE none /Compat IgnoreWarning /Telemetry Disable
You're welcome!
PS: I know it says "server" but when upgrading a desktop machine, desktop is what you will get --- minus a lot of BS.
josephcsible•2w ago
jqpabc123•2w ago
It's unlikely it can be broken without totally abandoning the server market and disrupting a lot of existing installations --- which would be a marketing disaster.
alt227•2w ago
josephcsible•2w ago
alt227•1w ago
jmclnx•2w ago
We all know, if you want real security, there are much better OSs.
dagmx•2w ago
Good engineering practices say that you shouldn’t even find yourself in the position of having the keys.
And what “better OS” pushes you to encrypted drives on setup? Most Linux distros don’t.