830
AFAIK Microsoft gave the keys for Bitlocker to goverments before,So Classic Microsoft.
Microsoft is a malware developer, plain and simple.
ig "Proprietary software is often malware" is kinda not a exaggeration.
If you're running Windows, always assume that if the US Authorities or Microsoft itself want to spy on you as an individual or on do a little industrial espionage on your company (which US agencies also do), they'll just use a backdoor already present or at worse push an update to your machines(s) to create said backdoor.
Treat any and all software made by US companies as a foreign agent.
All the shit that the US Government and companies say about China, is pure Projection - the result of a mental process of "what would we do if we were the ones making those devices". (And, yeah, China probably does that shit too)
If it ain't Open Source, you got it as a binary or it can self-update, that software is somebody else's agent and you're trusting their ethics and goodwill when you have it running in your system outside a sandbox.
What's unfortunate is a significant number of people don't like hearing this and instead choose to project onto other countries. Most of our governments aren't our friends, regardless if you're American or not.
I was pumped to finally get decent Internet in the US, until I saw my ISP's router appears as a device on the LAN. Luckily I'm savvy enough to put the whole local network behind a firewall on a different subnet, since there's no other way of fixing this.
Same. My housemates called the ISP for support once when they couldn't wait literally 15 minutes for me to check out why their Internet was down (router just needed a restart) and the first thing out of the ISP dudes mouth was "with the way your network is configured I can't see anything on your side" (which yeah, that's the fucking point) he was in the middle of walking them through resetting the ISP router back to defaults when I arrived and put a stop to it. Why the fact that he was able to connect to their endpoint wasn't sufficient to indicate to them that the Internet connection was not the issue I do not know.
Why the fact that he was able to connect to their endpoint wasn't sufficient to indicate to them that the Internet connection was not the issue I do not know.
L1 isn't there to think, they're there to read from their script.
I mean yeah, but I was hoping the people I share living space with would have at least been smart enough to work that out.
It's not just US ISPs, this is worldwide behavior. Good on you to put a firewall between your network and your ISP's gateway.
I don't know if you went further than that, but in my case, once I had my OPNSense deployed, I went ahead and disabled all the radios of the ISP's ONT gateway, changed it's DNS server to Mullvad, and only left 1 LAN IP address to the OPNSense.
If you are aware of more things that can be done to give the ISP modem even less room to move around inside, I would appreciate you sharing it as well.
I wish more people would take the time to learn a bit about securing their home networks. What I do is that I offer my knowledge for free to neighbors, friends and family. Some actually want it and act on it, but the sad truth is that the vast majority still has this 'I have nothing to hide' mentality, and I'm not explaining how much marketing BS that is to them for the 100th time.
As someone with a basic background in IT, nothing advanced, but enough to be the “family tech guy”, I just bought my router(mesh network) what can I do? Where do I start? I think I may have messed up with my brand choice, being EERO, as they seem to have things locked into their proprietary app. I was sorta desperate for a quick fix at the time, didn’t do the due diligence I should have.
Edit: preemptive thank you if you take the time to reply. As I am not “friends or family to you”. I do appreciate the expertise!
i'm sure that's a fine setup for the average home user but devices that use proprietary firmware like that aren't conducive to a security-first design where you hold all the keys. because it's designed to be secure, even from you, it always has an asterisk on it (network is secure* according to eero). that and you have no way of verifying what data it's phoning home (and a lot of devices soft brick themselves if you cut their connection to the cloud).
the most useful advice i can generally offer is to add a proper network security device running pfSense or OpenWRT to seize some control over internet access and DNS resolution and to implement VLAN segmentation to keep trusted devices secure from trusted* and untrusted devices.
Just adding if you have any resources about how to go about this i would more than appreciate any nuggets you can share. I have a some networking background from college but its been about a decade since I used any of it so any help to point me in the right direction of hardening my network like this would be extremely appreciated. Thanks!
No Shit Sherlock. Not as if it would be required by US law to have a backdoor or anything…
No no, PatriotACT, CloudACT and stuff like PRISM just do not exist…
Yeah, the NSA proved that when their exploits leaked. Eternal blue and I'm sure they have a much more stuff we can only guess at.
Yet another reason to switch to Linux.
So glad I switched to proton and so glad my previous workplace uses BitLocker 🙌🏻
Yeah, Copy Fail, Dirty Frag and Fragnesia are bad but holy fuck.
This Chaotic Eclipse/Nightmare Eclipse is the same one whose opening post read:
I never wanted to reopen a blog and a new github account to drop code...
But someone violated our agreement and left me homeless with nothing. They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine.
I'm guessing there's plenty more to come.
Kinda funny that they're targeting Microsoft and yet using GitHub to share the PoCs.
Kinda funny that they’re targeting Microsoft and yet using GitHub to share the PoCs.
This is the part I don't get either. Although - maybe it is because it protects other platforms from legal action by microSLOP? Also, it adds to the Streisand effect should microSLOP remove the proof of concept from its own platform.
Seems. Like bløgspot is a banned word..
Isn’t this the blue hammer guy?
Yup: https://deadeclipse666.removed/2026/04/public-disclosure.html
I guess anyone who uses ShitLocker is shit out of LUKS.
i dont so im not
Bitlocker is TEMU encryption
It really isn’t. The encryption itself still hasn’t been defeated. The implementation is the problem. Microsoft just can’t get out of their own way. If they ignored all the business majors, nobody would be able to stop them.
Lol, if they ignored that they would have gone extinct in the 90's
Install Linux, Problem Solved.
More than ever.
more evidence that michaelslop binbows is trash
linux is better
luks wouldnt do this to u
any alternative OS is probably better then Windows.
Of course they did. They have no interest in protecting your privacy and every interest in making you think they do. I would’ve been way more surprised to learn there wasn’t a backdoor.
I'm left puzzed as to how this works ...like.. the data on the disk should be encrypted sector by sector...it takes forever to encrypt or decrypt a disk which is consistent with that understanding.
When you boot into PE, I don't understand how that OS can read anything off the disk, yellowkey or not, without knowing the encryption key..so how does it get that key. Is the vulnerability here that the key is stored in the TPM and win PE can be convinced to retrieve it without the proper credentials being provided ?
If that's the case, and the TPM can just provide the key on request...then... where is the security here ?
My guess is that the key to decrypt the disk is stored on the disk, encrypted by a Microsoft-known key. This seems to unlock that copy of the key rather than the copy encrypted by your own key.
Though he did say to put the disk back in the original system in part of the instructions, so it might be TPM based. The way to check would be to try this on a system with a disk from another system, or with a wiped TPM.
TPM is not security, it’s security theatre. If you don’t need to type a password in or insert a device with a key on it during boot, then it’s not secure, period.
The entire Microsoft, Apple and Google ecosystem is USA backdoors. That's why I call it American spyware.
You mean that thing everyone knew about since the authorities derailed open-source TrueCrypt and forced them to message their users that they should migrate to BitLocker?
Well, there's a big difference between "knowing" something and knowing something (i.e proof your intuition is right).
There's an open-source successor to TrueCrypt called VeraCrypt. For that matter, as far as I know, one can still download the last version of TrueCrypt. It hasn't been disappeared.
It's true that the TrueCrypt developers retired and said that commercial packages like BitLocker were finally good enough and available enough that they didn't feel compelled to maintain TrueCrypt. I remember that. I think it's plausible that Microsoft has (or has provided to someone) back-door access to BitLocker, but I don't remember any hint that the TrueCrypt developers had been coerced; have you got something you can link to?
load more comments
(2 replies)
Seems like every week there is another reason why I'm thankful I switched to Linux a few years ago.
Copy Fail in Linux sounds similar.
One is a backdoor, another is a bug. How are they similar?
Both allow access to secure systems both were introduced years ago. I don’t know the Linux developer so I have no access to as to what was influencing so it can be just a bug, however it the type of bug that a lot of people would like to introduce into the kernel. Given that, they look very similar to me.
Why are you lying? One is a privilege exploit that has been patched. It lets someone who can already run software on your machine do more. This is a backdoor that could allow hostile governments or thieves to steal your files from any machine in their possession. Things what would always have been secure on any Linux machine from the last 20 years.
Lying? Copy Fail is big news and was introduced into the kernel years ago. Sounds very similar in the way it was introduced and the ease of exploitation if you have access to a machine.
It does not.
It’s very similar in that it was introduced years ago, requires access to a machine, allows privileged access and is easy to exploit. There are a lot of people that would love it.
Good.
We always knew it was there. They sold their soul to the NSA decades ago.
Tech megacorps are the fifth estate of their home countries, trusting your data to Microsoft or Google is essentially the same as handing it directly to the FBI and CIA.
view more: next ›
this post was submitted on 17 May 2026
830 points (100.0% liked)
Technology
84734 readers
3327 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS