Or: Put all of Windows inside of a VM, within a host that uses disk encryption -- and let it run amok inside of its sandbox.
I did this myself for about 8 years, from 2016-2024. During that time my desktop system at home was running Linux with ZFS and libvirt, with Windows in a VM. That Windows VM was my usual day-to-day interface for the entire system. It was rocky at first, but things did get substantially better as time moved on. I'll do it again if I have a compelling reason to.
With a VM running on an encrypted file system, whatever a warrant for a bitlocker key might normally provide will be hidden behind an additional layer that Microsoft does not hold the keys to.
(Determining whether that is useful or not is an exercise for the person who believes that they have something to hide.)
It's not just Teams. You need to be constantly vigilant not to make any change that would let them link your MS account to Windows. And they make it more and more difficult not only to install but also use Windows without a Microsoft account. I think they'll also enforce it on everybody eventually.
You need to just stop using windows and that's it.
The only windows I am using is the one my company makes me use but I don't do anything personal on it. I have my personal computer next to it in my office running on linux.
Or: Put all of Windows inside of a VM, within a host that uses disk encryption -- and let it run amok inside of its sandbox.
I did this myself for about 8 years, from 2016-2024. During that time my desktop system at home was running Linux with ZFS and libvirt, with Windows in a VM. That Windows VM was my usual day-to-day interface for the entire system. It was rocky at first, but things did get substantially better as time moved on. I'll do it again if I have a compelling reason to.
If you’re doing your work inside the windows machine, what protection does Linux as a host get you?
The topic is bitlocker, and Microsoft, and keys.
With a VM running on an encrypted file system, whatever a warrant for a bitlocker key might normally provide will be hidden behind an additional layer that Microsoft does not hold the keys to.
(Determining whether that is useful or not is an exercise for the person who believes that they have something to hide.)
1 reply →
It's not just Teams. You need to be constantly vigilant not to make any change that would let them link your MS account to Windows. And they make it more and more difficult not only to install but also use Windows without a Microsoft account. I think they'll also enforce it on everybody eventually.
You need to just stop using windows and that's it.
The only windows I am using is the one my company makes me use but I don't do anything personal on it. I have my personal computer next to it in my office running on linux.