@obucate @pluralistic of course, the "warrant" can be an "administrative" one, just penned in by any random "federal" agent.

@obucate @pluralistic It is very naive to think that they will only do so when shown a search warrant. It is entirely plausible that US inteligence services have ready access to those keys, even those of American citizens (although they may pretend to abide by the law, hence this "warrant" thing)

@obucate :

This is really true of any cloud provider. If your data can be decrypted on the server side, then US law enforcement can force the server owner to hand over your data without telling you. it isn't enough just to trust the server owner. There must be no physical way for them to access the data.

It also isn't enough to use non-US cloud providers. The US has agreements with many other countries.

If the app isn't open source, end to end encrypted and audited, assume that the US government can get it whenever they want.

@obucate@bildung.social @pluralistic@mamot.fr

Do, if you have Windows and your key was previously uploaded:

1. Disable BitLocker
2. Disconnect your network
3. Re-enable BitLocker
4. Save the key somewhere you trust
5. Ensure your admin account can't connect to MS services
6. Turn networking back on
?