So, this means Microsoft has copies of every single bitlocker key, meaning that a bad actor could obtain them… Thereby making bitlocker less than worthless, it’s an active threat.
MS really speedrunning worst possible software timelineMicrosoft is already a bad actor and they have them. Or a bad actor could threaten microsoft physically and microsoft will hand them over. Wait, that already happened.
They don’t have a copy of every single Bitlocker key. They do have a copy of your Bitlocker key if you are dumb enough to allow it to sync with your Microsoft account, you know, “for convenience.”
Don’t use a Microsoft account with Windows, even if you are forced to use Windows.
To use Windows without a Microsoft account requires tech literacy these days, I thought. I would not be suprised if users didn’t choose to sync with a MS account but it’s doing it anyway, if that’s what MS want.
If you sign in with a Microsoft account at all I don’t believe there’s the capability to opt out.
I only use local accounts. I have never had a Microsoft account. I never will.
You can’t do that anymore, at least not with a normal Windows installation. All of the tricks of forcing it offline, clicking cancel 10 times and jumping up and down don’t work anymore, they’ve disabled them all, the only way to install Windows 11 now (using the normal Microsoft installer) is by linking it to a Microsoft account.
I download win11 from Microsoft last week and the 1st method in the page worked (ms-cxh localonly)
https://learn.microsoft.com/sv-se/answers/questions/5581996/windows-11-local-account-on-installation
Interesting, I haven’t seen that approach before
I didn’t know this either. and in normal install GUI indeed there is no way to skip MS account. So pretty good trick as this open terminal/command worked at that exact step/screen.
This is not true. There are several tools to create a bootable USB that uses a local account.
They just made it hard for Joe Schmoe to avoid it.
using the normal installer
Joe Schmoe buys new laptop with Windows preinstalled.
Joe Schmoe boots it for the first time.
Greeted by first-log-on.
Goes through steps and is immediately captured.
You can still create a local account by setting the PC up as a “School or Business” PC and then choosing the local account option.
Using Rufus still works. I did it as recently as a couple of days ago.
Sorry, but the argument above was for a regular user, who doesn’t know what Rufus is, who doesn’t know the concept of OS, who simply
knowsthinks the files are saved “on the computer” (while they somehow ended up on OneDrive).
I’m not even sure if you can install without an MS account if you don’t use Rufus anymore. Rufus requires literacy for sure, and even if you can still do it without it is designed to make it impossible to know you can from within the installer itself.
It’s a bit harsh and unfair to say “you are dumb enough to allow it”. Microsoft makes it damn near impossible to avoid this unless you are extremely particular and savvy about it, and never have an off day where you make a mistake while using your PC.
Are you naive enough to believe the surveillance OS that uploads literally all of your activity along with screenshots of your desktop doesn’t automatically upload you keys no matter what little box you tick on the installer?? 😂 there is absolutely not one single 3rd party auditing that they actually follow any of the options at all that they give.
Encryption doesn’t actually complete until you log in with a Microsoft account for Home Edition.
Anyways: Use Veracrypt.
Or just Linux + LUKS
Don’t use
a Microsoft account withWindowsFtfy
Don’t use
aMicrosoftaccount with WindowsFFTFY.
Bethesda anything, Azure, Outlook, GitHub, Visual Studio, Office, Bing, XBox, LinkedIn, SharePoint (so disgusting this is a given), fuck it not even Skype (lmao what year is it?)
Still kinda hurts they own Bethesda now, but considering that company has only produced garbage since FO4 which only was kinda mid, I don’t even mind skipping them.
The Elder Scrolls VI with mandatory Microsoft account and Copilot integration 💀
Game gonna be buggier than skyrim at release and only 10% as fun because it’s vibe coded
Literally fix the anticheat problem and I’ll uninstall.
The anticheat problem already is fixed. It’s called “don’t play games that don’t support your choices”. These days, no game is worth being put through all that AI bullshit.
Not the case for me, definitely worth it for some games
Save a copy of your bitlocker keys to a Veracrypt drive with a password no shorter then 15 mixed characters. Then upload that encrypted container to any free service. They wont be able to open it and now you have a remote backup copy.
Why not save a step, fuck bitlocker, and use veracrypt to encrypt your drive in the first place?
Why not save a step and don’t install Windows in the first place.
If you can have two computers one should always be Linux. But gaming and certain software just does not work on Linux yet sadly. Hoping steam can turn that around.
Made the switch about a year ago. Every game i wanted to play worked just fine. I suppose it depends on the games you play, but to say it just does not work is plainly just wrong
Hey copilot, give me the bitlocker key to the nuclear football!
And people make fun of me for turning off secure boot and tpm. They just cause grief for no benefit.
Could be worse. Could have skeleton keys
You’re assuming there isn’t a master pubkey baked into the software.
No they do not have copies of every Bitlocker key.
Bitlocker by default creates a 48-bit recovery code that can be used to unlock an encrypted drive. If you run Windows with a personal Microsoft account it offers to backup that code into your Microsoft account in case your system needs recovered. The FBI submitted a supoena to request the code for a person’s encrypted drive. Microsoft provided it, as required by law.
Bitlocker does not require that key be created, and you don’t have to save it to Microsoft’s cloud.
This is just a case of people not knowing how things work and getting surprised when the data they save in someone else’s computer is accessed using the legal processes.
Except that Microsoft basically puts a gun to every users head to login with a Microsoft account which can/does backup the recovery keys.
Rufus: “Am I a joke to you?”
If you sign into a Microsoft account during setup, Microsoft automatically turns on bitlocker and sends the key off to Microsoft for safe keeping. You are right, there are other ways to handle bitlocker, but that’s way beyond most people, and I don’t think Microsoft even tells you this during setup. It’s honestly a lifesaver for when bitlocker breaks(and it does), but it comes at a cost. In the business world, this is seen as a huge benefit, as we aren’t trying to protect from the US government, mostly petty theft and maybe some corporate espionage.
As is often the case, the real solution is Linux, but that, too, is far beyond most people until manufacturers start shipping Linux machines to big box stores and even then they’d probably not enable any encryption.
I question whether we are rapidly approaching the point where Linux is simply easier to use in a safe, secure, and practical way for the average user, because it doesn’t try to actively fuck you over like Microsoft does
It’s easier when you don’t need to jump through hoops to make a local account. It’s easier when you don’t need to turn off a dozen settings you might not know about regarding data collection or advertisements. It’s easier when you don’t have an antagonistic system that treats you like the product, not a user, not pushing you towards confusing things you don’t want
People called me paranoid when I said this would happen someday…
The word “Gave” is really doing some heavy lifting in that title. Microsoft produced the keys in response to a warrant as required by law.
If you don’t want a company, any company, to produce your data when given a warrant then you can’t give the company that data. At all. Ever.
Not fast food joints, not Uber, not YouTube, not even the grocery store.
Yes. But this completely invalidates the encryption. If anyone can decrypt your data without you giving the keys to them, it is not really encrypted.
Its not anyone though. Not anyone can get a warrant and demand the keys
if Microsoft has the power to give the keys to the feds what happens when Microsoft gets hacked?
or they give the keys or whatever data willingly, and then say they are hacked as an excuse.
Wouldn’t the hacker then need to track down your physical computer…steal it…use the bitlocker key…look to see if you actually have any data worth taking etc…?
Actually they’d probably set up a Bitlocker key shop on the dark web
Remember when Truecrypt got suspiciously terminated? That was the goal
Microsoft only has your key if you give it to them for convenience (by syncing to your Microsoft account), and they’re required by law to give anything stored in their servers if asked. There’s no conspiracy here.
Microsoft railroads you into this. Your Bitlocker key will get exfiltrated unless you do a bunch of bullshit to make sure it isn’t.
And that’s the thing with Microsoft, they just keep doing this everywhere in Windows. There is and endless torrent of shit to turn off. No reasonable person will keep on top of it. And if you fuck up a singular time, they just vacuum everything.
Just as I expected how security in Microsoft products works.
A single bitter, crowing “hah!” at whoever thought there wasn’t at least this much overlap between our corporate and government masters. Welcome to hell kid, shoutout to whatever’s being trained on the last ~30 years of everything that touched the internet in the NSA’s Utah data center. Rose coloured PRISM though, I dream of the day when someone makes those search tools public and I can reminisce through my preteen MSN Messenger convos
Federal investigators in Guam believed the devices held evidence that would help prove individuals handling the island’s Covid unemployment assistance program were part of a plot to steal funds.
Damn, they weren’t even doing this to go after pedos.
I’m curious where in the economic ladder this person fell. Rich enough to get a significant amount of money from the system, but still too poor to make the government look the other way.
Amazing how every time you think they’ve finally stopped digging… they whip out the steam shovel and go “Hey y’all, watch this!”
Microslop’s OS is evidently untrustworthy and should not be used. I recommend replacing it with a Linux distribution.
People will still use it all the same though lol
People are creatures of habit, whereas fortune favors the bold.
Microslop is openly anti consumer. Why would you hand them your encryption keys?
What does Microsoft think the fucking point of encryption is? Do they think I am encrypting my data to protect it from my dog?
If you’re not the only one with the keys, is it really encrypted?
i saw your dog using arch linux
Don’t be silly, the dog uses Puppy Linux.
Mines uses Yellow Dog Linux.
btw……
Why do you think the encryption capabilities on your PC are there for your sake? They might have sold them to you on that, but they are really there to protect copyright data because TPM allows encryption/decryption that is completely hidden from the rest of your system. Like an encrypted handshake that then transfers an encrypted key to decrypt the video stream. But it doesn’t save the decrypted data, it immediately re-encrypts it using your display’s private key (or whatever device is next in the chain, maybe your GPU). They can make it so that the unencrypted stream never touches your RAM or travels on any wire, which means you can’t pirate shows as you watch them unless you point a camera at your screen.
Obviously if they just said that was one of the main points, no one would want it and media companies couldn’t benefit from it because they’d have to compromise to sell content.
The other point was so that they could build a system where they hold the encryption keys and get to choose whose data is actually private. Obviously that’s an even harder sell.
So they did what marketers always do and lied by omission about what it was for and just outright lied if they ever said they’d never give the keys to law enforcement (did they ever even say that?).
Let go of the idea that someone selling something to you implies any kind of loyalty, especially when either party is a large corporation.
Is anyone shocked by this? With everything that DHS, FBI, ICE, military, elected representatives, etc. are all doing without any concern or care for laws, civil rights, human rights, the Constitution, this should not be a shock to anyone. Corporations are bending over backwards to appease the talking orange and make more money. They do not care as long as profits are up and the shareholders are happy. A companies primary legal responsibility is to the shareholders, not the customers.
+100. People forget, or chose not to pay attention to the fact that Google sensor vault data was key evidence in convicting the January 6 insurrectionists (who were exonerated to become ICE). Surveillance capitalism doesn’t care which side you are on.
Small correction. They were not exonerated. They were pardoned. A pardon implicitly means guilt. Exonerated means their conviction was overturned.
Agreed. Wrong word choice. And its an important, major correction. Not a small one. :-)
Regular old ZIP with AES-256 should do the trick for anything truly important you want to keep locked down.
You could always do sly stuff like Hidden volumes with Veracrypt as well. Leave the crumb trail for the low key shit or old nudes of gfs you have permission to keep.
Or don’t use an operating system that uploads your encryption keys to their corporate servers for “backup”.
Ya’ll know Veracrypt isn’t Bitlocker right?
I understand what veracrypt is, i don’t understand willingly using an operating system that constantly violates your privacy at every given opportunity.
Or decline the upload recommendation.
There is no recommendation that a user can decline. Windows uploads the keys without asking, without consent.
Do you have a source for that?
This article said “by default”. The article they link to on that talks about encryption on by default on new PCs. The article I read before this one said “Microsoft recommends”.
BitLocker FAQ says
How can the recovery password and recovery key be stored?
The recovery password and recovery key for an operating system drive or a fixed data drive can be saved to a folder, saved to one or more USB devices, saved to a Microsoft Account, or printed.
/edit: fix quote
