That's exactly the kind of thing I was referring to when I wrote "memory isolation techniques." Even if you gate access with an API, you can still retrieve data from it and that's the problem.

Also, it should be clear by now that government agencies are going to demand access to this data once this becomes widespread. VMs aren't going to protect against further assault on our civil liberties.

How does that work? Can authorities compell Microsoft to surreptitiously have only my computer randomly unencrypt and submit stuff? If so, couldn't the authorities just tell MS to activate a tool like recall anyway?

Authorities compel tech companies to hand over data and place backdoors. They typically abuse secrecy laws to avoid public backlash, but their public demands have gotten bolder since the Snowden disclosures.

https://www.reuters.com/technology/cybersecurity/governments...

https://www.techdirt.com/2016/02/16/no-judge-did-not-just-or...

https://www.bloomberg.com/news/features/2021-09-02/juniper-m...

https://www.theguardian.com/world/2013/jun/06/us-tech-giants...

https://www.reuters.com/article/idUSKCN1241YV/

http://www.techdirt.com/articles/20130614/02110223467/micros...

https://hn.algolia.com/?q=encryption%20ban

They even also do it without the companies' knowledge too.

https://archive.is/2023.10.31-203648/https://www.washingtonp...

https://www.eff.org/deeplinks/2015/11/its-no-secret-governme...

Have you been living under a rock this past decade?

Also, Windows Store apps seem to have an identity and limited permissions, so you can probably have some kind of smartphone OS-like isolation.