From Newsgroup: alt.comp.os.windows-11

<https://techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker- encryption-keys-to-unlock-suspects-laptops-reports/>

What is the point of encryption if Microsoft can unlock any of your
computers whenever it feels like it?

Microsoft provided the FBI with the recovery keys to unlock encrypted data
on the hard drives of three laptops as part of a federal investigation,
Forbes reported on Friday.

Many modern Windows computers rely on full-disk encryption, called
BitLocker, which is enabled by default. This type of technology should
prevent anyone except the device owner from accessing the data if the
computer is locked and powered off.

But, by default, BitLocker recovery keys are uploaded to Microsoft’s
cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker, as
with the case reported by Forbes.

The case involved several people suspected of fraud related to the
Pandemic Unemployment Assistance program in Guam, a U.S. island in the Pacific. Local news outlet Pacific Daily News covered the case last year, reporting that a warrant had been served to Microsoft in relation to the suspects’ hard drives. Kandit News, another local Guam news outlet, also reported in October that the FBI requested the warrant six months after seizing the three laptops encrypted with BitLocker.

A spokesperson for Microsoft did not immediately respond to a request for comment by TechCrunch. Microsoft told Forbes that the company sometimes provides BitLocker recovery keys to authorities, having received an
average of 20 such requests per year.

Apart from the privacy risks of handing recovery keys to a company, Johns Hopkins professor and cryptography expert Matthew Green raised the
potential scenario where malicious hackers compromise Microsoft’s cloud infrastructure — something that has happened several times in recent years — and get access to these recovery keys. The hackers would still need physical access to the hard drives to use the stolen recovery keys.

“It’s 2026 and these concerns have been known for years,” Green wrote in a
post on Bluesky. “Microsoft’s inability to secure critical customer keys is starting to make it an outlier from the rest of the industry.”
--
CrudeSausage
John 14:6
Isaiah 48:16
Pop_OS!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 24/1/2026 10:21 pm, CrudeSausage wrote:

What is the point of encryption if Microsoft can unlock any of your
computers whenever it feels like it?

Actually.... I always wonder:

1. Is Bitlocker just a password prompt? :)
2. Does Bitlocker really enecrypt the whole drive?
3. If (2) is true, is the encryption using user-supplied
passowrd as a mask? Or is it using a standard mask?

If the encryption is using a standard mask, not surprising that FBI can decrypt any Bitlocker drives. :)
--
@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 24/1/2026 10:58 pm, Mr. Man-wai Chang wrote:

On 24/1/2026 10:21 pm, CrudeSausage wrote:

What is the point of encryption if Microsoft can unlock any of your
computers whenever it feels like it?

Actually.... I always wonder:

1. Is Bitlocker just a password prompt? :)
2. Does Bitlocker really enecrypt the whole drive?
3. If (2) is true, is the encryption using user-supplied
passowrd as a mask? Or is it using a standard mask?

If the encryption is using a standard mask, not surprising that FBI can decrypt any Bitlocker drives. :)

And ....

4. Is the Bitlocker password stored in the drive?
And the receovery ley as well?
Both recoverable by Micro$oft? :)
--
@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 1/24/26 10:02 AM, Mr. Man-wai Chang wrote:

On 24/1/2026 10:58 pm, Mr. Man-wai Chang wrote:

On 24/1/2026 10:21 pm, CrudeSausage wrote:

What is the point of encryption if Microsoft can unlock any of your
computers whenever it feels like it?

Actually.... I always wonder:

1. Is Bitlocker just a password prompt? :)
2. Does Bitlocker really enecrypt the whole drive?
3. If (2) is true, is the encryption using user-supplied
passowrd as a mask? Or is it using a standard mask?

If the encryption is using a standard mask, not surprising that FBI can
decrypt any Bitlocker drives. :)

And ....

4. Is the Bitlocker password stored in the drive?
And the receovery ley as well?
Both recoverable by Micro$oft? :)

And ....
Is there a substitute for Bitlocker? What if I don't want to use it, but still want
encryption?
--
Linux Mint 22.3, Mozilla Thunderbird 140.7.0esr, Mozilla Firefox 147.0.1
Alan K.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Sat, 1/24/2026 12:20 PM, Alan K. wrote:

On 1/24/26 10:02 AM, Mr. Man-wai Chang wrote:

On 24/1/2026 10:58 pm, Mr. Man-wai Chang wrote:

On 24/1/2026 10:21 pm, CrudeSausage wrote:

What is the point of encryption if Microsoft can unlock any of your
computers whenever it feels like it?

Actually.... I always wonder:

1. Is Bitlocker just a password prompt? :)
2. Does Bitlocker really enecrypt the whole drive?
3. If (2) is true, is the encryption using user-supplied
      passowrd as a mask? Or is it using a standard mask?

If the encryption is using a standard mask, not surprising that FBI can
decrypt any Bitlocker drives. :)

And ....

4. Is the Bitlocker password stored in the drive?
     And the receovery ley as well?
     Both recoverable by Micro$oft? :)

And ....
Is there a substitute for Bitlocker?   What if I don't want to use it, but still want encryption?

That would be Veracrypt, the successor to the compromised Truecrypt.

https://en.wikipedia.org/wiki/VeraCrypt

https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

The Truecrypt dev signaled that law enforcement had been for
a visit, and not to use it.

The white space on C: has plaintext copies of things you have
been editing, so one option is to Veracrypt the entire C: .
That covers the leakage aspect of C: in Windows.

You should not keep, say, a single encrypted ZIP archive, because
when you work with it, you leave crap on the disk. An application
like Heidi Eraser can help with leakage, but C: leaks like a sieve
and you should be prepared to do experiments to see if an item has
leaked or not. Encrypting the entire C: is a bit better, in that
then you are not relying on Heidi Eraser to be a bulletproof solution.

You do not want the running OS to be watching you while you set
up the encryption, so you could do some of that offline. Test
with a separate HDD with the Windows cloned onto it, that your
knowledge of how to do these things, is solid, before doing it
to your daily driver. Maybe there is some way to use GRUB to
unlock the volume, then chain-boot the decrypted Windows.

When you boot, some partition has to be plaintext to support
the graphical dialog of the tool that will ask for the password.
But that partition is not for personal file storage, and that
partition really should not be getting modified all that often.

You can also encrypt the entire drive, but that requires
a prompt come from somewhere to unlock it. All storage
devices have FDE (Full Disk Encryption), but we do not
know the extent to which this is compromised for law enforcement.
The first generation of hard drive to have FDE, there was a problem
with the FDE, but any modern disks should be OK. Microsoft on Windows 11 Home, would be using FDE, rather than Bitlocker-without-Elephant-Diffuser.
In fact, your disk right now could already be encrypted with FDE.

manage-bde -status # Admin window

Encryption is a write-once read-never technology, so be absolutely
sure it is worth it to be doing this. You could get up tomorrow morning,
turn on the computer, enter the Veracrypt password and receive
"volume not found" or similar. Think about the enhanced failure
modes while using cryptography. Just turning off the power in the
middle of a session, could ruin it (Windows itself, can typically
survive that). Is it journaled ? Does it have
functional recovery ? And so on. Nothing here is encrypted :-)
I have enough trouble as it is. I don't even know how
to set these things up (you can tell from the text above :-) ).

Most of the lightweight methods, are for preventing casual snooping,
rather than for keeping out a policeman. You would need to read
the stories about journalists who worked with others via encrypted communications, as to how they protect their assets at home. A journalist
was in the news a couple days ago, for having all of their possessions
swept up in a witch hunt. And that will be a test of their cryptography
and their skill set.

Paul


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Alan K. wrote:

And ....
Is there a substitute for Bitlocker?   What if I don't want to use it,
but still want encryption?

Yes, lots. <https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software>


[Removed 张文尉's crosspost to alt.conspiracy]
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Paul wrote:

4. Is the Bitlocker password stored in the drive?
'''' And the receovery ley as well?
'''' Both recoverable by Micro$oft? :)

And ....
Is there a substitute for Bitlocker?'' What if I don't want to use it, but still want encryption?

That would be Veracrypt, the successor to the compromised Truecrypt.

I had this discussion in a similar sense with Frank recently where he
prefers full-disk encryption while I prefer encrypted containers, but where
we all have to think with respect to this particular topic is where the
keys are stored.

In my situation, my password is known to me but I "could" store it in
KeepassDX (the cross-platform successor to Keepass), but where do most
people store their FDE keys when they use the default Windows FDE tools?

AFAIK, the key used by Windows Home Device Encryption is a standard
BitLocker recovery key (which is a 48 digit numeric key). It is not a passphrase. You cannot replace it with a passphrase on Windows Home.

Meanwhile, Windows Pro is Full BitLocker, so no upload is required, and
either a passphrase or PIN is allowed with the full bitlocker product.

A. Windows Home
i. Windows Home does not include full BitLocker.
ii. It includes Device Encryption, which is a cut down version.
iii. Device Encryption requires a Microsoft account to store the
recovery key, so users who avoid MSA's cannot use it.
iv. Device Encryption cannot be managed with full BitLocker commands.
v. It has no Group Policy controls, no advanced protectors, and no
ability to encrypt only certain volumes.

B. Windows Pro
i. Windows Pro includes full BitLocker.
ii. BitLocker can encrypt OS drives, fixed data drives, and removable
drives.
iii. BitLocker can be used without a Microsoft account.
iv. BitLocker supports TPM, PIN, password, and recovery key options.
v. BitLocker has full command line control with manage-bde.

C. Summary
i. Windows Home = Device Encryption only, limited, account required.
ii. Windows Pro = Full BitLocker, full control, no account required.
iii. Device Encryption is sometimes called "BitLocker lite" because
it uses the same underlying driver but lacks the management
features.

Note this means that if we're worried about the topic of this thread, and
if we still wish to use bit locker, then we prolly' shouldn't be on Windows Home but on Windows Pro (or, as Paul & Bill suggested, use other tools).
--
On Usenet, we trade decades of lessons so nobody has to learn them twice.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Sat, 24 Jan 2026 19:56:25 -0000, Bill Brownley wrote:

Alan K. wrote:

And ....
Is there a substitute for Bitlocker?   What if I don't want to use it,
but still want encryption?

Yes, lots. <https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software>

[Removed 张文尉's crosspost to alt.conspiracy]

It seems that just about every solution there would be safer than
Microsoft's, but I imagine that VeraCrypt remains the most popular alternative. Does VeraCrypt work if you intend to use a storage device's
OPAL hardware encryption?
--
CrudeSausage
John 14:6
Isaiah 48:16
Pop_OS!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Sat, 24 Jan 2026 12:20:54 -0500, Alan K. wrote:

Is there a substitute for Bitlocker?

As I understand it, LVM whole-volume encryption uses a strong
encryption key, which is not the same as the user-entered password.
Instead, the encryption key is stored in a special area, encrypted
with the password.

This allows multiple copies of the key to be stored, encrypted with
different passwords, so different users can be granted access, and
this access can be selectively revoked (by simply deleting the
corresponding encrypted-key entry) without having to re-encrypt the
whole volume with a different key.

And no, those user passwords are not stored anywhere; it is up to the
users to keep a record of them.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Sat, 24 Jan 2026 12:20:54 -0500, "Alan K." <alan@invalid.com>
wrote:

On 1/24/26 10:02 AM, Mr. Man-wai Chang wrote:

On 24/1/2026 10:58 pm, Mr. Man-wai Chang wrote:

On 24/1/2026 10:21 pm, CrudeSausage wrote:

What is the point of encryption if Microsoft can unlock any of your
computers whenever it feels like it?

Actually.... I always wonder:

1. Is Bitlocker just a password prompt? :)
2. Does Bitlocker really enecrypt the whole drive?
3. If (2) is true, is the encryption using user-supplied
passowrd as a mask? Or is it using a standard mask?

If the encryption is using a standard mask, not surprising that FBI can
decrypt any Bitlocker drives. :)

And ....

4. Is the Bitlocker password stored in the drive?
And the receovery ley as well?
Both recoverable by Micro$oft? :)

And ....
Is there a substitute for Bitlocker? What if I don't want to use it, but still want
encryption?

There are third party programs/apps that will work. Blowfish
Advance CS is freeware. Use your favorite search engine to find it and
see if it's what you want/need.
While I've not used it to do an entire drive, I expect it could
be done. You can encrypt files and directories you want kept private
with ease. And there are a few encryption methods to choose from.
--
My opinions have changed, but I'm still right and you're still wrong.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Sat, 1/24/2026 6:39 PM, CrudeSausage wrote:

On Sat, 24 Jan 2026 19:56:25 -0000, Bill Brownley wrote:

Alan K. wrote:

And ....
Is there a substitute for Bitlocker?   What if I don't want to use it, >>> but still want encryption?

Yes, lots.
<https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software>


[Removed 张文尉's crosspost to alt.conspiracy]

It seems that just about every solution there would be safer than Microsoft's, but I imagine that VeraCrypt remains the most popular alternative. Does VeraCrypt work if you intend to use a storage device's OPAL hardware encryption?

There is no mention of that topic here.

https://en.wikipedia.org/wiki/VeraCrypt

You will find in the software world, a general distrust of "punting"
to someone elses implementation :-) "What would Linux Torvalds say?" :-)

https://en.wikipedia.org/wiki/Opal_Storage_Specification

"Radboud University researchers indicated in November 2018 that some
hardware-encrypted SSDs, including some Opal implementations,
had security vulnerabilities.[5]

[5] Meijer, Carlo; van Gastel, Bernard (19–23 May 2019).
Self-Encrypting Deception: Weaknesses in the Encryption of
Solid State Drives. 2019 IEEE Symposium on Security and Privacy (SP).
San Francisco, CA, USA: IEEE. pp. 72–87.
"

The advantage of software based methods, is that, as they are
cracked, you can just toss them out of the crypto-suite. There
is fast turnaround for correcting a situation.

Just as right now, SHA-512 is being popularized, as quantum computer chill appears on the horizon. Like MD5, the warnings appear ahead of the actual attack. And while you sit there sipping a coffee, there are people
beavering away on hardened algorithms to withstand quantum attack.

Paul
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Maria Sophia wrote:

Note this means that if we're worried about the topic of this thread, and
if we still wish to use bit locker, then we prolly' shouldn't be on Windows Home but on Windows Pro (or, as Paul & Bill suggested, use other tools).

In looking up what it meant to "use other tools", I wrote this PSA to help people understand why Veracrypt is, in almost all situations, better'n Bitlocker (but maybe some of my assumptions are wrong, so take a look)...

Winston wrote:

In summary, I think that Windows Home users do not have the same kind of
control over key storage that Windows Pro users have.

At least, you're getting closer to the entire picture(Bitlocker
Encryption is fully supported on Enterprise and Edu editions, too)

Thanks for the clarification, where I just opened a separate thread on why,
in my case of an older machine, and for consistency & greater protection
even on current Windows 11 Home versus Pro machines, Veracrypt has some decisive FDE advantages over anything Microsoft marketing has provided us.

Subject: PSA: Veracrypt has pre boot authentication (& why it's better for older PCs)
Newsgroups: alt.comp.os.windows-10,alt.comp.os.windows-11,alt.comp.microsoft.windows
Date: Sat, 24 Jan 2026 21:51:50 -0500
Message-ID: <10l40g6$12r7$1@nnrp.usenet.blueworldhosting.com>

BitLocker Enterprise and Education editions work like BitLocker Pro because they support pre boot PINs and full management of recovery keys. They still depend on TPM features, so protection varies with the hardware. VeraCrypt
does not change across editions. It works the same on Home, Pro, Enterprise
and Education because it does not rely on Windows features and always uses
a password at boot.

Hence, there are security advantages of Veracrypt FDE for older PCs & for consistency in mixed Windows environments even on the newer machines.

Older machines:
VeraCrypt is often a better fit for older desktops because it does
not need a TPM and always uses a password at boot, while BitLocker
Home and Pro rely on TPM features that many older machines do not have.

Mixed Home & Pro environments:
VeraCrypt full disk encryption is more consistent across mixed Windows
highly-marketed systems because it works the same on all hardware and
does not depend on TPM features. The more highly marketed BitLocker
arbitrarily behaves differently on Home and Pro, so protection varies
by edition, while VeraCrypt gives the same pre-boot password-based
security everywhere despite Microsoft's desperate marketing hype.
--
My reasoning favors simple models that account for all data points.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Paul wrote:

On Sat, 1/24/2026 6:39 PM, CrudeSausage wrote:

On Sat, 24 Jan 2026 19:56:25 -0000, Bill Brownley wrote:

Alan K. wrote:

And ....
Is there a substitute for Bitlocker?   What if I don't want to use it, >>>> but still want encryption?

Yes, lots.
<https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software>


[Removed 张文尉's crosspost to alt.conspiracy]

It seems that just about every solution there would be safer than
Microsoft's, but I imagine that VeraCrypt remains the most popular
alternative. Does VeraCrypt work if you intend to use a storage device's
OPAL hardware encryption?

There is no mention of that topic here.

https://en.wikipedia.org/wiki/VeraCrypt

You will find in the software world, a general distrust of "punting"
to someone elses implementation :-) "What would Linux Torvalds say?" :-)

https://en.wikipedia.org/wiki/Opal_Storage_Specification

"Radboud University researchers indicated in November 2018 that some
hardware-encrypted SSDs, including some Opal implementations,
had security vulnerabilities.[5]

[5] Meijer, Carlo; van Gastel, Bernard (19–23 May 2019).
Self-Encrypting Deception: Weaknesses in the Encryption of
Solid State Drives. 2019 IEEE Symposium on Security and Privacy (SP).
San Francisco, CA, USA: IEEE. pp. 72–87.
"

The advantage of software based methods, is that, as they are
cracked, you can just toss them out of the crypto-suite. There
is fast turnaround for correcting a situation.

Just as right now, SHA-512 is being popularized, as quantum computer chill appears on the horizon. Like MD5, the warnings appear ahead of the actual attack. And while you sit there sipping a coffee, there are people
beavering away on hardened algorithms to withstand quantum attack.

Drat. I had to look up what the heck OPAL is. OPAL is a standard from the Trusted Computing Group for self encrypting drives. An OPAL capable SSD encrypts all data internally and stores the encryption keys inside the
drive firmware.

The idea is that the drive can lock itself and only unlock after a
hardware based authentication step. In practice some OPAL implementations
have had serious weaknesses, so many people prefer software encryption
where the user controls the keys instead of the drive firmware.

However, VeraCrypt does not integrate with OPAL hardware encryption.

If OPAL is enabled, then the SSD is already encrypting itself at the
hardware layer and VeraCrypt only sees an already encrypted block device.

In that setup VeraCrypt cannot manage the OPAL keys or verify how the
hardware encryption is implemented.

Most people who use VeraCrypt with an OPAL capable SSD simply disable OPAL
in the drive firmware and let VeraCrypt handle all encryption in software.

This avoids the known weaknesses in some OPAL implementations and keeps the threat model simple because the only keys that matter are the ones
VeraCrypt controls.

So the short summary, from what I've been able to ascertain, is that
VeraCrypt works on OPAL-capable drives, but not with OPAL. We pick one
system or the other, where most security guides I've seen recommend
software encryption unless we fully trust the hardware vendor.
--
On Usenet, shared knowledge keeps the confusion to a minimum.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Sat, 24 Jan 2026 22:06:54 -0500, Paul wrote:

On Sat, 1/24/2026 6:39 PM, CrudeSausage wrote:

On Sat, 24 Jan 2026 19:56:25 -0000, Bill Brownley wrote:

Alan K. wrote:

And ....
Is there a substitute for Bitlocker?   What if I don't want to use
it,
but still want encryption?

Yes, lots.
<https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software>


[Removed 张文尉's crosspost to alt.conspiracy]

It seems that just about every solution there would be safer than
Microsoft's, but I imagine that VeraCrypt remains the most popular
alternative. Does VeraCrypt work if you intend to use a storage
device's OPAL hardware encryption?

There is no mention of that topic here.

https://en.wikipedia.org/wiki/VeraCrypt

You will find in the software world, a general distrust of "punting"
to someone elses implementation :-) "What would Linux Torvalds say?" :-)

https://en.wikipedia.org/wiki/Opal_Storage_Specification

"Radboud University researchers indicated in November 2018 that some
hardware-encrypted SSDs, including some Opal implementations,
had security vulnerabilities.[5]

[5] Meijer, Carlo; van Gastel, Bernard (19–23 May 2019).
Self-Encrypting Deception: Weaknesses in the Encryption of Solid
State Drives. 2019 IEEE Symposium on Security and Privacy (SP).
San Francisco, CA, USA: IEEE. pp. 72–87.
"

It's an old matter. There don't seem to be such vulnerabilities in the
devices released since then.

The advantage of software based methods, is that, as they are cracked,
you can just toss them out of the crypto-suite. There is fast turnaround
for correcting a situation.

Just as right now, SHA-512 is being popularized, as quantum computer
chill appears on the horizon. Like MD5, the warnings appear ahead of the actual attack. And while you sit there sipping a coffee, there are
people beavering away on hardened algorithms to withstand quantum
attack.

For the time being, I'm relying on Linux's built-in encryption. I used it because the hardware encryption is known to cause issues with waking from sleep in Linux.
--
CrudeSausage
John 14:6
Isaiah 48:16
Pop_OS!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Paul wrote:

The Truecrypt dev signaled that law enforcement had been for
a visit,

Can you post the evidence for the above, or a link to the evidence?

and not to use it.

This much is true, but apparently for other reasons. <https://web.archive.org/web/20140531203620/http://steve.grc.com/2014/05/30/yes-virginia-truecrypt-is-still-safe-to-use/>


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Bill Brownley wrote:

Paul wrote:

The Truecrypt dev signaled that law enforcement had been for
a visit,

Can you post the evidence for the above, or a link to the evidence?

and not to use it.

This much is true, but apparently for other reasons. <https://web.archive.org/web/20140531203620/http://steve.grc.com/2014/05/30/yes-virginia-truecrypt-is-still-safe-to-use/>

I remember when TrueCrypt signalled "something was amiss" way back when,
but none of us actually knew what it was (as I recall) so I hate to
contradict Paul who is very knowledgeable and extremely helpful, but I know
of no public evidence that the TrueCrypt developers ever said 'law
enforcement visited us' or anything close to that.

Digging deeper, apparently in May 2014, the official TrueCrypt site
abruptly changed to say that "using TrueCrypt is not secure as it may
contain unfixed security issues" and recommended switching to BitLocker. A final crippled version (7.2) was posted that could only decrypt, not create
new volumes.
<https://news.softpedia.com/news/TrueCrypt-Not-Dead-Forked-and-Relocated-to-Switzerland-444447.shtml>

May 28, 2014:
Using TrueCrypt is not secure as it may contain unfixed security issues

External efforts (like the TrueCrypt audit and commentary from people such
as Steve Gibson) generally concluded that TrueCrypt 7.1a did not appear to
have intentional backdoors and was reasonably safe when used correctly,
though it is not perfect software.
<https://www.reddit.com/r/privacy/comments/26q1qm/what_happened_to_truecrypt_notice_on_site_warns/>

As for me, I simply switched to VeraCrypt and that has been my DD for a
decade, so that's why I wrote up this recent thread about using VeraCrypt
to replace Bitlocker given there are definitely technical advantages.
Newsgroups: alt.comp.os.windows-10,alt.comp.os.windows-11,alt.comp.microsoft.windows
Subject: PSA: Veracrypt has pre boot authentication (& why it's better for older PCs)
Date: Sat, 24 Jan 2026 21:51:50 -0500
Message-ID: <10l40g6$12r7$1@nnrp.usenet.blueworldhosting.com>

As far as I can tell, VeraCrypt has useful advantages over BitLocker.
1. It works the same on all Windows editions
2. It works even when TPM doesn't exist

But the most important advantage over BitLocker, in my opinion, is that
3. VeraCrypt always uses pre-boot authentication
So the encryption key is never released until the user enters a password.

This protects the drive even if it is removed & attached to another
machine, so my summary of why Veracrypt is better than Bitlocker is...
a. VeraCrypt works on all Windows editions
b. VeraCrypt doesn't require TPM
c. VeraCrypt always uses pre-boot authentication
d. VeraCrypt keeps the key out of RAM until the user authenticates
e. VeraCrypt protects the disk even if physically removed
--
On Usenet, we help each other understand what the OEM does not explain.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Sun, 1/25/2026 3:59 PM, Maria Sophia wrote:

Bill Brownley wrote:

Paul wrote:

The Truecrypt dev signaled that law enforcement had been for
a visit,

Can you post the evidence for the above, or a link to the evidence?

and not to use it.

This much is true, but apparently for other reasons.
<https://web.archive.org/web/20140531203620/http://steve.grc.com/2014/05/30/yes-virginia-truecrypt-is-still-safe-to-use/>

I remember when TrueCrypt signalled "something was amiss" way back when,
but none of us actually knew what it was (as I recall) so I hate to contradict Paul who is very knowledgeable and extremely helpful, but I know of no public evidence that the TrueCrypt developers ever said 'law enforcement visited us' or anything close to that.

If an NSL was used, then the evidence of necessity, has to be
an antipattern. Notice that the switch pull, was rather haphazard.
Like, running for the hills, when you discover you cut the
wrong wire while working as the bomb squad. Normally, when
a developer has put a lot of effort into a project, the
shutdown would be more gradual and organized.

https://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/comment-page-2/

Paul


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 24/01/2026 15:02, Mr. Man-wai Chang wrote:

4. Is the Bitlocker password stored in the drive?
   And the receovery ley as well?
   Both recoverable by Micro$oft? :)

AIUI the hashed password should only be stored in the TPA.
--
Brian Gregory (in England).
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 24/01/2026 14:58, Mr. Man-wai Chang wrote:

On 24/1/2026 10:21 pm, CrudeSausage wrote:

What is the point of encryption if Microsoft can unlock any of your
computers whenever it feels like it?

Actually.... I always wonder:

1. Is Bitlocker just a password prompt? :)
2. Does Bitlocker really enecrypt the whole drive?
3. If (2) is true, is the encryption using user-supplied
   passowrd as a mask? Or is it using a standard mask?

If the encryption is using a standard mask, not surprising that FBI can decrypt any Bitlocker drives. :)

<https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/>
--
Brian Gregory (in England).
--- Synchronet 3.21a-Linux NewsLink 1.2