XPost: alt.comp.os.windows-10   
   From: this@ddress.is.invalid   
      
   Maria Sophia  wrote:   
   > Frank Slootweg wrote:   
   > >> What is your recommendation for privacy on a computer, Frank?   
   [...]   
   > >   To answer your question: You probably mean measures to limit the   
   > > consequences of bad actors having physical access to your (Windows)   
   > > computer or stealing it, as that's the context of this thread. "privacy   
   > > on a computer" is *way* too wide/unspecific/ambiguous/.   
   >   
   > You are correct. We're assuming a daily boot of a Windows PC with a local   
   > account (whether Windows 11 or Windows 10) and people you trust in the home   
   > and we're assuming the rare happenstance of a burglar with physical access.   
      
     You're making a number of essential mistakes.   
      
     For sensible people, there *is* no such thing as "a daily boot". The   
   system is active or sleeps (Modern Standby) or is hibernated. A 'boot',   
   actually a 'Restart' is only needed once a month at Windows Update time,   
   if that often.   
      
   > Note: Windows FDE is Bitlocker, so that is the default interpretation.   
      
     No, Windows FDE is only Bitlocker on Windows Professional, etc. On   
   Windows Home, it's (Settings -> Privacy & Security ->) 'Device   
   encryption', sort of Bitlocker Lite.   
      
   > >   That said, my - rather obvious - recommendations are: A boot password,   
   > > sign-in protection (password or/and other) and - if needed/practical -   
   > > Windows' FDE or similar.   
   >   
   > Thank you for outlining your model to contrast with mine, where we each   
   > optimized the threat protection in reasonably different manners.   
   >   
   > I. Frank's proposed security model is system centric & labor intensive.   
      
     Nope, it's not "labor intensive" at all. Set up once and forget.   
      
   > II. The model I suggest is data centric & optimized for convenience.   
      
     Yes, it's data centric, but anything *but* convenient, for reasons   
   others have already pointed out. More below.   
      
   > Since the goal is for others to learn from our technical conversation   
   > here is a point-by-point summary of the two threat models we proposed.   
   >   
   > A. Threat model   
   >    1. FS assumes OS level FDE (Bitlocker) protection is required.   
      
     No, I said as needed/practical and *if* used, it's 'Device encryption'   
   not full Bitlocker.   
      
   >    2. MS assume only specific data stores need protection.   
   >   
   > B. Boot process   
   >    1. FS uses a boot password and sign in protection.   
   >    2. MS uses no boot password and no sign in password.   
   >   
   > C. Disk protection   
   >    1. FS uses Windows FDE so the entire volume is encrypted at rest.   
   >    2. MS uses Veracrypt for financial data & KeePassDX for passwords.   
   >   
   > D. Forensic residue   
   >    1. FS's model encrypts swap, temp files, hibernation files & caches.   
   >    2. MS's model protects encrypted containers leaving OS residue readable.   
   >   
   > E. Convenience   
   >    1. FS accepts daily friction at boot & sign in.   
      
     No, no daily bootup and no, no 'friction'. See what the (Settings ->   
   Accounts ->) 'Sign-in options' *really* offer. It can be as little as   
   absolutely no action, or just one tap.   
      
   >    2. MS eliminates friction at boot & sign in by only unlocking   
   >       containers when needed (which the user may unlock only occasionally).   
      
     Which is much, much more 'work' than my setup would ever require.   
      
   > F. Cloud identity   
   >    1. FS's model can run without a Microsoft account but if Windows FDE   
   >       is used then recovery material must be stored offline by the user.   
      
     No, Windows' 'Device encryption' doesn't require the user to keep a   
   recovery key. The user *can* do so, to protect against a computer   
   hardware failure.   
      
   >    2. MS's model uses no OS level encryption so no recovery keys exist   
   >       and no cloud identity is ever needed at any time (by design).   
      
     Then where *do* you keep your passwords to unlock your containers?   
      
   > G. Physical theft   
   >    1. FS's model forces the attacker to defeat FDE for all access.   
   >    2. MS's model exposes OS data but protects financial & passwd data.   
   >   
   > H. Family access   
   >    1. FS's model blocks family members without credentials.   
      
     True, but, as explained above, those 'credentials' are a non-issue.   
      
   >    2. MS's model allows family access but keeps sensitive data encrypted.   
   >   
   > Summary   
   >    1. FS's model maximizes system level protection & minimizes leakage.   
   >       But at the cost of daily convenience.   
      
     No, as explained, when properly set up, there is very little to no   
   inconvience.   
      
   >    2. Ms's model maximizes daily convenience by protecting data chosen   
   >       to encrypt (which the user may unlock only occasionally).   
      
     My summary: You're of course entitled to use your system as you see   
   fit and so do I/others. But you methods are not 'better', i.e. have only   
   advantages and not a single disadavantage, nor are mine. They just are   
   different, that's all. 'Better' does not exist, not in this case and not   
   in any other case.   
      
   > --   
   > On Usenet, old men discuss topics that they've thought about for decades.   
      
     Well, it didn't take *me* all that long, a few hours perhaps! :-)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)