Everyone probably remembers Sir Newton’s 1st law – Inertia. An object at rest stays at rest, an object in motion stays in motion. There must be an outside force to deviate from either of these patterns.
I find this exactly parallels the state of many technologies today – specifically security. For many years, tech companies threw security by the wayside. Their products had lots of security inertia because they were at rest. You had to act with a large outside force (i.e. third-party encryption) if you wanted to protect your information. This took a lot of time and was very labor intensive.
Now, we’re in the second phase. Many tech companies are finally starting to act on security – they’re in motion. Here’s the problem though, they’re moving very quickly down the path they think is best for you. The law of inertia still applies, it will take a large outside force to deviate from the actions already in motion.
To apply this to a specific example: disk encryption. For years (since Windows XP) I was using TrueCrypt, and then VeraCrypt. Around Windows 7+, Disk Encryption became a real thing for Microsoft. However, their BitLocker has had many, many huge security flaws. I think in Windows 10 they have the security part down, but they twist your arm to operate the way they want you to.
Here’s the basic strategy Microsoft thinks is best for your data:
- You should encrypt your data with a strong password
- You should store your password on Microsoft’s Servers
I found out the hard way recently that my Surface Pro was actually encrypted with BitLocker without me knowing. This was a huge issue when a Windows 10 update caused my computer to become unbootable. Instead of being able to do the normal “boot into Linux and save my stuff” operation, I was stuck with an encrypted drive and no password.
Apparently Microsoft thought it was best to encrypt the drive for me, tie it to my Live account, and keep the backup password on their servers.
Is this raising any red-alerts for anyone? By default, your data is encrypted and you don’t have the password to decrypt it. For me, this inertia is not only really annoying, but also unacceptable. The reason I’m encrypting my data is because I don’t want other people having it. I especially don’t want my password backed up in the cloud when I have no idea who Microsoft will hand it over to.
So, I decrypted my disk and decided to deal with it later. There’s no point in having my disk encrypted if I’m not the one holding the keys to decrypt it.
Later has come and I am trying to re-enable BitLocker without giving them the password. In the process, it says I need to disable the WindowsRE environment. I clicked “OK, Next”, and it performed the action for me. I found out that by default, I can’t enter a password to unlock. I had to use gpedit.msc and change system policies JUST to allow a password. After doing this, BitLocker now tells me that I need to enable the WindowsRE environment in order to type a password to log in. This time it does not offer me a single “OK” button to re-enable it. I had to dig around for the command to re-enable it myself.
The inertia from Microsoft is sickening. If you want to follow the path they’ve set for you (which means giving them the password), they make it super easy. If you want to deviate and actually protect your own data (keep your password secret), they make it quite difficult.
I found this article helpful. I am happy though that there is Dislocker for Linux. It will make my move that much easier when I finally step away from Microsoft.