this post was submitted on 08 Apr 2026
220 points (100.0% liked)

Technology

83672 readers
1238 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
220
Developer of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his account (techcrunch.com)
submitted 2 days ago by throws_lemy@reddthat.com to c/technology@lemmy.world
21 comments fedilink hide all child comments
top 21 comments
sorted by: hot top controversial new old
[–] saltnotsugar@lemmy.world 103 points 2 days ago

[–] yesman@lemmy.world 78 points 2 days ago (3 children)

I've never trusted full disk encryption because I understand the person most likely to get locked out of my data is me.

I can see the use case for laptops, but my security policy is "if you have physical access, you win".

[–] AnUnusualRelic@lemmy.world 30 points 2 days ago (1 children)

Same. I encrypt my laptop disks, but I never bothered with the home machines.

[–] hanrahan@slrpnk.net 8 points 2 days ago

yes, and then i forget the encryption password as i don't use the laptops that much these days and now have it written on the lid

kidding :) or am I :(

[–] peacefulpixel@lemmy.world 15 points 2 days ago

well i suppose it depends on how deep your personal security goes. are your passwords stored on your device? are they stored securely? do you have a password manager? do you have a standalone app for your password manager and not a browser extension? is the master password for your password manager stored on any of your devices? do you have any settings that automatically locks your PC upon inactivity? is the pin for your PC related to you personally in any way? i get what you're saying because at the end of the day physical access IS pretty hard to mitigate. but you'd be surprised how far simple steps can take you.

[–] Appoxo@lemmy.dbzer0.com 1 points 2 days ago

At best a virtual rncrypted disk on the unencrypted drive.
If you (not you OP) are doing that secretive work, maybe you shouldnt do that on this OS and instead on Tails or other temporary distros

[–] LodeMike@lemmy.today 59 points 2 days ago (1 children)

"I can't use Linux windows just works",

[–] frongt@lemmy.zip 29 points 2 days ago

Anyone who says that is not using veracrypt.

[–] BlackLaZoR@lemmy.world 4 points 2 days ago

Another reason to install Linux and be done with this shit.

I recommend starting with Fedora KDE, and delving to anything else later...

[–] krigo666@lemmy.world 17 points 2 days ago (2 children)

And this why Secure Boot can't be trusted. It is Micro$lop that signs and issues the keys.

[–] FauxLiving@lemmy.world 14 points 2 days ago (1 children)

Secure Boot has nothing to do with Microsoft, it's a UEFI feature.

You can enroll your own Platform Key and have complete control over the entire Secure Boot system.

https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot

I use a signed Unified Kernel Image to use Secure Boot and my machine has zero Microsoft software on it. (Arch, btw)

[–] Grass@sh.itjust.works 2 points 2 days ago (2 children)

wasn't there some dumb shit like every linux distro using fedora keys which were from microsoft?

[–] huggingstars@programming.dev 2 points 2 days ago

Microsoft signs Red Hat certs then Red Hat signs everyone's certs, so the only thing Microsoft can do is to revoke Linux as a whole.

It's the most feasible solution since most computers are designed for Windows.

[–] sorter_plainview@lemmy.today 1 points 2 days ago

I think it is just chain of trust. Many used Microslop as the trust authority (may be due to convenience? I have no idea). Debian has a nice page on Secure boot and how it works.

[–] 9tr6gyp3@lemmy.world 12 points 2 days ago* (last edited 2 days ago)

You can use custom keys with secure boot. Any PC newer than 2015 should give you that option.

You don't have to use Microsoft's keys.

This isn't a secure boot issue. This is a bootloader issue.

[–] homesweethomeMrL@lemmy.world 12 points 2 days ago (1 children)

In Idrassi’s case, he said he is able to push new updates to Linux and macOS users unhindered, but the majority of his users that run Windows cannot currently receive updates.

So, no problem then.

[–] defaultusername@lemmy.dbzer0.com 5 points 2 days ago (2 children)

Linux already has LUKS and dm-crypt, so VeraCrypt isn't really necessary.

[–] MalReynolds@slrpnk.net 2 points 2 days ago

Unless you want multiiplatform.

[–] BlackLaZoR@lemmy.world 1 points 2 days ago

It is if you want to move drive between windows and Linux machines

[–] Brkdncr@lemmy.world 10 points 2 days ago (1 children)

I’m not sure what the problem is. His account is locked, but it’s not like he can’t still sign code and distribute it even if that means using a new account.

[–] Voroxpete@sh.itjust.works 6 points 2 days ago

The answer to your question was in the article;

Because Microsoft requires developer accounts like his to re-verify the security of their software, Idrassi said that many devices running VeraCrypt will soon be unable to boot if the issue is not resolved.