Microsoft gives U.S. authorities BitLocker keys, making local encryption useless if your device is seized at the border.

Whit some tips for bringing devices when you travel to the US.

  • Armand1@lemmy.world
    5·
    2 hours ago

    When you log into Windows with a Microsoft account, your recovery key is often automatically uploaded to Microsoft’s servers as a backup in case you forget your password. Legally, this means Microsoft owns the key and must surrender it under the U.S. CLOUD Act.

    I find that really quite shocking, but I guess I shouldn’t be surprised.

    Given the legal and technical risks, the advice for business travelers is clear: do not carry data.

    The US really is a hostile surveillance state.

  • MolochHorridus@lemmy.ml
    21·
    5 hours ago

    The best tip: don’t travel to the U.S.A. “But my business…” Tip number two: stop doing business with the U.S.A.

    • merien@lemmy.worldOP
      8·
      5 hours ago

      It could also be ‘but my boss’. Convincing your boss to do otherwise or finding an other job is a solution, not always practical.

  • aurelar@lemmy.ml
    4·
    4 hours ago

    I don’t use Windows, except in a VM as absolutely necessary. Problem solved.

  • Jo Miran@lemmy.ml
    4·
    4 hours ago

    On a laptop it is relatively simple to maintain encrypted stealth “drives” within a logged in and decrypted system. If there a way to “unlock” a phone that depending on the password given will present a true versus secretly sanitized version? For example if you login with password 1234 you get a sanitized version and if you log in with password xyz789 you get the full access. All of it done without a tell that the “full access” version exists.

    • Coleslaw4145@lemmy.world
      6·
      3 hours ago

      On Graphene OS there us a duress pin you can set which will wipe the phone immediately if it’s entered. Although I haven’t been able to get it to work in a way that i could open different profiles automatically by entering a different pin/fingerprint.

      BUT.

      My old Xiaomi Mi Mix 3 phone could do it. The phone had a “secure space” which was a separate environment with its own apps. I could assign different unlock fingerprints to it. So one finger would open the default environment and the other finger would open the “secure space”, and it worked seamlessly without any delays in unlocking.

      I wouldn’t choose Xiaomi for privacy obviously but it’s just an example that shows it’s possible.