It's not that they subvert FDE in a provable manner (indeed, the manner of such a subversion would make it almost impossible to prove anyways..), it's that they eagerly cooperate with certain agencies. Microsoft is documented to have given zero-days to government agencies before patching them.
They may or may not be subverted, but why take the risk when you can use something that has a greatly reduced chance of that risk and works cross-platform?
>[Apple & Red Hat] eagerly cooperate with certain agencies
Last I heard on Apple was that their system is perfect, as long as they don't add another key to your iMessages which you'd never know of. So not perfect, but only if you are chosen to be inspected. It can't be part of a dragnet collection unlike say https if the NSA have the private key.
For Red Hat the best I can find in your favour is that some of them have NDAs on their conversations with the NSA.
My SSBN used at least two separate subsystems running Red Hat-based servers as a part of their functionality. Yet another separate system used X11. Thanks, FOSS devs! :)
When ever there have been a dispute regarding export control of crypto and microsoft, they have opted to exclude encryption or use something like DES with low keysize. Microsoft has also sold exploit tools for windows, which is serious regardless if FDE software was one of the exploits targets.
So, given their history, has they done anything to actually earn our trust?
What are you talking about? Microsoft doesn't source even an appreciable fraction of the exploits for exploitable bugs in Microsoft products. There is a 9-figure business in reversing WinAPI software, discovering vulnerabilities in it, and weaponizing them with exploit code. Microsoft is a bystander to that industry.
I would not call Computer Online Forensic Evidence Extractor (COFEE) to be a bystander. Might be small in the grand scheme of things, but password decryption, data and volatile memory extraction is commonly associated with exploit kits for a reason. It uses vulnerabilities in windows in order to bypass the need to ask for permission.
If a company develop a kit that exploits the internal design of their own product, you are not a bystander. Bystanders do not sell exploit kits.
In what way is The Coroner's Toolkit using postfix vulnerabilities?
The only relationship those two project has is that they share the same developer. COFEE however exploit microsoft own products.
It seems you are arguing that trust is not effected if companies first sells a product, then sells exploits for that product in secret. It may be small, or unimportant, or old product, but it doesn't really matter to me. Trust is not something that should be given out lightly.
It's a perfectly reasonable feature. For one, it's not just for Microsoft servers -- in an enterprise environment you can just have it stored on your companies AD servers, so if for any reason an employee forgets or loses their key the company can recover the data.
However, you're still missing a fundamental aspect of security, which is that it's targeted, not universal. Your system is not 'secure', it's 'secure against x', where x is your adversary. If your set of adversaries includes, say, someone losing their laptop at the airport, but not Microsoft, then storing your keys on MS servers loses you nothing and gains you ease of use.
A BitLocker's "feature" is that you can recover your key! So can Microsoft, NSA, etc. See: https://twitter.com/TheBlogPirate/status/471759810644283392