Comment by ssl-3
1 day ago
Or: Put all of Windows inside of a VM, within a host that uses disk encryption -- and let it run amok inside of its sandbox.
I did this myself for about 8 years, from 2016-2024. During that time my desktop system at home was running Linux with ZFS and libvirt, with Windows in a VM. That Windows VM was my usual day-to-day interface for the entire system. It was rocky at first, but things did get substantially better as time moved on. I'll do it again if I have a compelling reason to.
If you’re doing your work inside the windows machine, what protection does Linux as a host get you?
The topic is bitlocker, and Microsoft, and keys.
With a VM running on an encrypted file system, whatever a warrant for a bitlocker key might normally provide will be hidden behind an additional layer that Microsoft does not hold the keys to.
(Determining whether that is useful or not is an exercise for the person who believes that they have something to hide.)
Isn’t it a pretty well-established fallacy that privacy only benefits those with something to hide?
Wouldn't it be easier to just use bitlocker and not back up your keys with microsoft?
4 replies →