OK. What I'm trying to say is that backing up to OneDrive is optional. You get the choice. You can protect the key with a TPM or a smart card...It's not an all or nothing thing. You have options there, if you are interested.
The other thing is that it sounds like a lot of privacy minded people can't trust BitLocker despite any number of assurances from MS or code reviews by third parties. AND THAT'S OK. Use something else.
EDIT: I forgot to mention that if you are an admin or just operate your own AD installation you can store the key in Active Directory. The behavior is version specific, I think.
EDIT EDIT: I believe that the TOS you are talking about is specifically referring to online services. I don't have time to stop and read it right now, but I think that you are misconstruing the intent.
> OK. What I'm trying to say is that backing up to OneDrive is optional. You get the choice. You can protect the key with a TPM or a smart card...It's not an all or nothing thing. You have options there, if you are interested.
Except that the default is both insecure and privacy-violating.
It's insecure by a standard that you are setting. If they can demonstrate an audit log of every admin who has escalated their permission to logon to the container of your data and access it, including the files they accessed, would that be good? (Because they do that.)
Again privacy-violating by your, arguably, very narrow standard. I'm sorry friend, but you are stating these things as if there's no question as to what you say.
More accurately, you might say that there are higher privacy and audit-ability standards that you would require for your given situation or application. I wouldn't be able to argue with that at all.
If they can demonstrate an audit log of every admin who has escalated their permission to logon to the container of your data and access it, including the files they accessed, would that be good? (Because they do that.)
They are legally prevented from showing you such an audit log if a National Security Letter is involved.
And -unless there have recently been great strides in the NSL gag order battle- they are legally prevented from indicating to you that you or your data has been targeted by an NSL.
The other thing is that it sounds like a lot of privacy minded people can't trust BitLocker despite any number of assurances from MS or code reviews by third parties. AND THAT'S OK. Use something else.
EDIT: I forgot to mention that if you are an admin or just operate your own AD installation you can store the key in Active Directory. The behavior is version specific, I think.
EDIT EDIT: I believe that the TOS you are talking about is specifically referring to online services. I don't have time to stop and read it right now, but I think that you are misconstruing the intent.