Bought A Windows Computer? Microsoft Probably Has Your Encryption Key

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Doesn't this totally defeat the purpose of using encryption? Now that Microsoft has your encryption key, would they have to turn it over to law enforcement or other agencies if requested?

ONE OF THE EXCELLENT FEATURES of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key — which can be used to unlock your encrypted disk — to Microsoft’s servers, probably without your knowledge and without an option to opt out.
 
I do not even have to read this article to know what is happening: It uploads a copy to your One Drive account just in case. No One Drive account, no uploading. Enjoy the freaking out folks. :)
 
This is, as noted above, all predicated on people having a Microsoft/OneDrive account and they actually use that info to set up Windows 10. While I have multiple Microsoft accounts, one with my real name and relevant info and several with nicknames over the past 20+ years, none of them are ever tied directly to my Windows installations. I don't use IE to log into Microsoft accounts either but I suspect somewhere down the line they'll pull a Google and have the information linked regardless so whatever, nothing I can do about it now.

I like most people am not trying to specifically hide myself but privacy must be protected at all costs if possible, there's just no getting around that.

But then again, nothing is secure anymore and encryption, please, don't even get me started. I don't trust any encryption and honestly neither should anyone else, just my personal opinion on the matter.
 
Ars - Link Here has a good explaination on how those who are running Windows 10 Home and may fall into this scenario can generate a new key that only they have (at which point even if the backup on OneDrive is not eliminated, it is rendered useless and as such is technically 'removed').

If I understood it correctly, you must be domain joined or using an MSA to do encryption at all - so using a local account is not an exception to the Bitlocker key behavior - it would make you decrypt your drive if you unlink the MSA from your account.

IMHO, on the whole, this is actually a useful behavior for home users who would encrypt their drives and then get locked out for some reason - just go to OneDrive to recover (or 'opt-out' and put your recovery key on a USB or write it down (because we all know how well that usually works :rolleyes:). I've been through this on enterprise level with 8/8.1 and having the recovery key in AD (or very abstracted, simply in another location) is a huge deal to your sanity.
 
People bother to encrypt their home machines? They must have some sensitive stuff there lol.
 
Good link G-money, I came here to say the same thing and how it isn't an issue.

I don't trust any public company to encrypt me from the Gov, not that it's right but anyway. You NEED to have a copy of this key in case you just want to loose all your data. If you were in a business environment the Directory would have a copy, even back in the EFS days this was true.
 
Yup, you must feel kinda guilty about those girls beach volleyball games on your PC if you're like trying to encrypt your home PC. ^^
 
I guess privacy is an antiquated pre-1980's concept.
 
I am pretty sure that is a yes. Most people don't and won't care. I have an encrypted drive on my machine but not with bitlocker...

I always run FDE on laptops as everyone with a brain should. Veracrypt is what I use on family machines.
 
Yakk said:
I guess privacy is an antiquated pre-1980's concept.
Click to expand...

I know I'm supposed to be outraged, but outside of some far flung Hollywood movie type shit, I'm not seeing how this could be used against any one particular person.

You're talking a lot of things would have to line up.
 
Yakk said:
I guess privacy is an antiquated pre-1980's concept.
Click to expand...

Privacy from whom ... we should have some level of privacy from the government in private spaces (according to the Constitution) but in public spaces a right to privacy makes little legal sense ... also, privacy from private corporations should vary based on your relationship with them (if you work for them or do business with them you have a much lower right to privacy than if you have no transactional relationship with them)
 
I would never use shitlocker, slow software encryption. Just buy a Samsung SSD and mobo that supports ATA password. The drive is already encrypted on the fly with no speed decrease and if you set a password for it no one is getting your data unlike bitlocker. I only use this for laptop as I don't see a need to encrypt unless from theft. And yeah my house can get broken into and someone could lug off my computer, but I doubt it, and if that happened I would have more to worry about than my passwords to financial sites.
 
And this is yet one more reason not to really like W10.

And, specifically, if you do use W10 (or W8.1), then don't use a connected Microsoft account to login.
In other words, always use a local account for everything -- and if you actually use the Microsoft Store, pick the "sign into each application individually option".
 
Storing encryption keys on a internet based a highly publicized cloud service sounds perfectly fine to me I think its pretty much essential to the notion of encryption.

wtf....
 
This was in Windows 8. The key is useless without physical access to the machine. And it can save your bacon if you ever need the key and had no idea where it is.
 
ManofGod said:
I do not even have to read this article to know what is happening: It uploads a copy to your One Drive account just in case. No One Drive account, no uploading. :)
Click to expand...

BitLocker was hacked long ago, and MS has back doors anyway without using your keys.
 
You must log in or register to reply here.
Back
Top