Sooo… Is there an alternative to be secure other than switching to another OS? Not that I’m doing anything interesting but I would like to have at least a bit of privacy.
Yeah, just don’t enable key upload and this can’t happen. Don’t link your account either if you want to be more sure.
If your account has already been linked, unlink it and change the bitlocker keys, both regular and recovery. (Easiest way is to entirely decrypt and reencrypt the drive.)
Home edition has this “please sign in to microsoft account to ‘finish encryption’” text with a exclamation mark which implies the key is available on the drive unencrypted if you don’t sign in, meaning anyone could just access your drive with physical access.
There is no “turning off” the key upload, once you sign in, the upload happens immediately, you can “delete” it later, but like nobody really knows if they ever delete it once they have it.
Sooo… Is there an alternative to be secure other than switching to another OS? Not that I’m doing anything interesting but I would like to have at least a bit of privacy.
Veracrypt + LTSC
Yeah, just don’t enable key upload and this can’t happen. Don’t link your account either if you want to be more sure.
If your account has already been linked, unlink it and change the bitlocker keys, both regular and recovery. (Easiest way is to entirely decrypt and reencrypt the drive.)
Home edition has this “please sign in to microsoft account to ‘finish encryption’” text with a exclamation mark which implies the key is available on the drive unencrypted if you don’t sign in, meaning anyone could just access your drive with physical access.
There is no “turning off” the key upload, once you sign in, the upload happens immediately, you can “delete” it later, but like nobody really knows if they ever delete it once they have it.
I doubt that that’s actually required to finish encryption.