I believe Yahoo pulled out of China a few years ago. Some things like Yahoo Mail can still be accessed, but everything else just shows a message from Yahoo saying they've discontinued their services in the country.

I also forgot about Mile High Club... which has regulations too.

Most likely employer rules about who can be in the crew bunk.

Trusted Platform Module is what it stands for. It's a security device which can be used to store secrets like encryption keys, and other keys to verify whether a computer is running trustworthy code.

Not configurable in the Home edition, but it's there. Microsoft calls it "Device Encryption" under the Settings menu. Only appears if you have a computer which is a candidate for what they call "Automatic Encryption."

https://support.microsoft.com/en-us/windows/device-encryption-in-windows-ad5dcf4b-dbe0-2331-228f-7925c2a3012d

Difference between Home and Pro is Home doesn't give you the option to save the key or use USB Authentication. Must go to the Microsoft account.

Maybe. I've seen BitLocker enable on the BYOC Framework laptops and an Acer laptop I have at home with fresh Windows installs. The Frameworks came without OEM editions of Windows, and unbundled keys. The only device I'd think would have BitLocker enabled by default would be the NuVision 8" Signature tablet, which shipped with Windows 10 originally.

The systems without BitLocker enabling automatically would be my desktops.

They should definitely prompt for it like Apple does/did on macOS. It can help consumers too, since computers do get stolen from homes all the time.

Haha, yeah I completely forgot about the housing values. I was looking at real estate in the Bay Area a few years ago when colleagues were trying to get me to move out there. I immediately noped out, and said those prices need to have a massive crash and come back to Earth before I consider something like that.

Beats me. The reasons I hear are because their home environment is set up the way they like and they don't want to recreate it. Or the work hardware is loaded with too much "spyware" / software which bloats it. Or they don't like the forced software updates. Or the hardware is too slow (when I usually argue within me that the software being written is inefficient), and so on, and so forth. Or they don't want to deal with two computers. I see it whether the work computer is some high end workstation or MacBook Pro, or some craptop.

Yep you're not wrong. I've had a few of those come through where people ask me to clear the password from a computer they haven't used for months and forgot, only for me to find it's tied to a Microsoft account. I simply tell them they can go to <insert link here> to reset their password. Usually when I say that, it becomes dead air / Deer in headlights look, and they just seem to not want to reset their Microsoft account password. Maybe Microsoft could make it more obvious, or challenge people weekly for the password in order to sign in. I can remove the Microsoft account link, of course. It's just a big pain to do.

And yeah, for data recovery on a drive, have to get into the Microsoft account to retrieve the key. Return to above where the user forgot their credentials. Of course Microsoft doesn't tell people to back up their key before they encrypt the drive automatically so, yep.

Yeah, the return to office part is a bit different from the situation of using a computer. Office space usage has to do more with companies looking at the finances, and asking why they're paying a lot of money for corporate real estate that isn't being used. Companies sometimes are bound by very long leases, legal agreements between a government and a company in exchange for tax breaks, and so on, and they would want to make sure those buildings are being used to the fullest extent possible. They have to maintain the buildings whether or not people use them, so that's a loss center. I'm certainly no expert in corporate real estate, so there may be a lot more tied into that.

At least from an IT perspective, it's easier to support someone in person if they have a hardware problem. Especially with the way modern premium laptops like Macs are built, where simplicity in design clashes with troubleshooting, and where tool requirements reach into the "probably not available at home" set. From an information security perspective, one can be more sure that information isn't being looked at by others when they're working at a secured office versus, say, a coffee shop across town.

Companies have their reasons at least. Some are dumb. Some are valid. Mandating work at an office and not providing a fixed desk to go to, pretty dumb in my opinion.

They only encrypt the internal hard drive by default. Anything more requires paying for Windows Pro editions. At the point of auto encryption, it should only be a matter of them remembering the password to their Microsoft account.

That part I know can be challenging for many. They forget they even had an account!

Pretty much... I hear it all the time when consulting.

The issue is with the way the program is handled on the computer side. For example if you have tattleware installed for malicious purposes, a keylogger, or something else of the sort, your SSH session may be secure going over the pipe, but information is being lifted from the computer through screen reading or keylogging, or clipboard reading. Just to give an example. SSH is also capable of a lot more than command line access - it allows networked file system access at a host to host level. Socket tunneling (you can use it as a TCP/IP proxy). It allows for remote execution of GUI programs through techniques like X11 forwarding. It also allows SSH proxying and bastion hopping as part of a connection sequence. All of this can allow for information to be copied and sent off to places it shouldn't be, and provide a hidden conduit to the corporate network. I've also seen malware on home systems used for ad injection which configures a SOCKS proxy on the system, installs a root certificate and other high trust files, and perform man in the middle interception of all traffic, including SSH. Unless the computer has a host fingerprint bundle being seeded and managed (which a corporate MDM could do), most people will blindly accept the malicious connection set by the malware's proxy, and now your SSH session is being intercepted.

What companies do to protect against both is use a program like Citrix, where you can see and use applications running on a remote system from any computer, but the software employs protections like the same DRM used to protect streaming video from screen recording and snooping by software. The software can be configured to prevent copy and paste clipboard data from crossing beyond Citrix. It can be configured to allow or deny access to certain file system resources or to prevent interactions with the program from devices which aren't directly attached. Lots of things, but companies find Citrix to be slow or rather high maintenance compared to issuing a laptop. For example, video meetings through Citrix would be a painful experience, and the video calling system might be guarded as a corporate secured resource, so the laptop ends up being a better solution. Software development, you can probably forget about that on Citrix because of how locked down the environment tends to be.

Actually, you'd be surprised how often people try to use their home computer. Either because it's slightly faster, it's a nicer (more expensive) machine, or because to them, a computer is a computer.

It's an argument I've had many, many, many times with people in the corporate world. Technical controls and strong corporate policy go hand in hand to stopping that.

>NO YOU CANT WORK FROM YOUR COMPUTER AT HOME YOU HAVE TO USE OURS FOR SOME REASON!

It's a compliance thing. Google can get into serious trouble with many governments for people using un-managed home computers. SOX, PCI, GDPR, you name it. Home computers are an excellent conduit for data breaches. From a legal standpoint, your home computer automatically becomes part of evidence collection if there is ever an investigation by the company. Sure there are resources like Citrix Google could use to let home computers be used... but maybe Google doesn't use that for reasons.

Feel free to disagree, but Google has their reasons. Forcing people to work at an office while taking away their desk is dumb. Forcing people to use company hardware, no.

It sort-of does, actually. Windows 10 is the transition OS between not having a TPM, and having a TPM. Any computer shipping with Windows 10 is supposed to have TPM Capabilities. It just wasn't mandated to install and run the OS. However, if you did have a TPM enabled and happened to be using a laptop or tablet, and had a Microsoft account signed in, BitLocker would enable for free.

Sure. Taking a play book from what tech companies have been doing the last several years in general, and having it with a coincidentally timed motive. The modern thing to do today is to take away all of the APIs. All of them! Useful third party application? Banned. Try to work around it? Account / IP ban. Want to archive the site contents? Banned. Want to view public posts first party or third party? Nope, need an account for that - banned if you do anything which steps out of line.

What are these companies trying to hide? This one is at least, fairly self explanatory.

Tomorrow: NY AG banned from MSG.

I remember Louis Rossmann going through something similar with his eBike, where the manufacturer of one battery company was found cutting corners and not being up front about it. He went as far as demonstrating the protections of another battery on live stream, and explaining the situation which caused his battery set to go on fire.

Lithium batteries are no joke.