So, this means Microsoft has copies of every single bitlocker key, meaning that a bad actor could obtain them... Thereby making bitlocker less than worthless, it's an active threat.
MS really speedrunning worst possible software timeline
They don't have a copy of every single Bitlocker key. They do have a copy of your Bitlocker key if you are dumb enough to allow it to sync with your Microsoft account, you know, "for convenience."
Don't use a Microsoft account with Windows, even if you are forced to use Windows.
To use Windows without a Microsoft account requires tech literacy these days, I thought. I would not be suprised if users didn't choose to sync with a MS account but it's doing it anyway, if that's what MS want.
If you sign in with a Microsoft account at all I don't believe there's the capability to opt out.
I only use local accounts. I have never had a Microsoft account. I never will.
You can't do that anymore, at least not with a normal Windows installation. All of the tricks of forcing it offline, clicking cancel 10 times and jumping up and down don't work anymore, they've disabled them all, the only way to install Windows 11 now (using the normal Microsoft installer) is by linking it to a Microsoft account.
Using Rufus still works. I did it as recently as a couple of days ago.
Sorry, but the argument above was for a regular user, who doesn't know what Rufus is, who doesn't know the concept of OS, who simply ~~knows~~ thinks the files are saved "on the computer" (while they somehow ended up on OneDrive).
... and who doesn't know that you can even install an OS to begin with!
This is not true. There are several tools to create a bootable USB that uses a local account.
They just made it hard for Joe Schmoe to avoid it.
using the normal installer
Joe Schmoe buys new laptop with Windows preinstalled.
Joe Schmoe boots it for the first time.
Greeted by first-log-on.
Goes through steps and is immediately captured.
I'm not even sure if you can install without an MS account if you don't use Rufus anymore. Rufus requires literacy for sure, and even if you can still do it without it is designed to make it impossible to know you can from within the installer itself.
Encryption doesn't actually complete until you log in with a Microsoft account for Home Edition.
Anyways: Use Veracrypt.
Or just Linux + LUKS
But, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes.
I mean it's dumb to sync but at same time it's not like MS isn't great at either making it almost impossible to not sync it re-enable syncing for a bit after updates.
You can constantly tell it not to sync but all it takes is MS saying we want it now and they'll get it
It's a bit harsh and unfair to say "you are dumb enough to allow it". Microsoft makes it damn near impossible to avoid this unless you are extremely particular and savvy about it, and never have an off day where you make a mistake while using your PC.
Don't use ~~a Microsoft account with~~ Windows
Ftfy
Literally fix the anticheat problem and I’ll uninstall.
Don't use ~~a~~ Microsoft ~~account with Windows~~
FFTFY.
Bethesda anything, Azure, Outlook, GitHub, Visual Studio, Office, Bing, XBox, LinkedIn, SharePoint (so disgusting this is a given), fuck it not even Skype (lmao what year is it?)
No they do not have copies of every Bitlocker key.
Bitlocker by default creates a 48-bit recovery code that can be used to unlock an encrypted drive. If you run Windows with a personal Microsoft account it offers to backup that code into your Microsoft account in case your system needs recovered. The FBI submitted a supoena to request the code for a person's encrypted drive. Microsoft provided it, as required by law.
Bitlocker does not require that key be created, and you don't have to save it to Microsoft's cloud.
This is just a case of people not knowing how things work and getting surprised when the data they save in someone else's computer is accessed using the legal processes.
Except that Microsoft basically puts a gun to every users head to login with a Microsoft account which can/does backup the recovery keys.
Hey copilot, give me the bitlocker key to the nuclear football!
The word "Gave" is really doing some heavy lifting in that title. Microsoft produced the keys in response to a warrant as required by law.
If you don't want a company, any company, to produce your data when given a warrant then you can't give the company that data. At all. Ever.
Not fast food joints, not Uber, not YouTube, not even the grocery store.
Yes. But this completely invalidates the encryption. If anyone can decrypt your data without you giving the keys to them, it is not really encrypted.
The encryption key is data, don't give it to ANYONE. "Two people can keep a secret if one of them is dead."
Which means it's useless if always uploaded to MS
If you can't possess the keys, you can't give them when there's a warrant. Microsoft designed a system that could obtain and decrypt those keys on purpose.
People called me paranoid when I said this would happen someday...
What a slap to the faces of everyone who had been locked out of their data because they never knew about this crap and thus never saved their keys
Except their keys were saved but microsoft deemed that they cant "prove ownership" of the microsoft account, because they lack the credentials...
Why is anyone surprised by this? And what kind of imbecile commits crimes and uses windows? 🤣
Not just that but also uploads a copy of the key to their Microsoft Account...
Many modern Windows computers rely on full-disk encryption, called BitLocker, which is enabled by default. This type of technology should prevent anyone except the device owner from accessing the data if the computer is locked and powered off. But, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes.
Didn't Osama bin Laden use Windows? 😂
Just as I expected how security in Microsoft products works.
BitLocker provides for a recovery key. This is to allow someone to regain access to an encrypted device in the event that they lose their PIN, any one of these scenarios happen, OR when suspects do not want to cooperate with LEOs.
Find your BitLocker recovery key
If the target device is part of an enterprise and managed with EntraId/Intune this is the option. Escrowed keys.
So how did Microsoft have the keys in the first place? The article says they are automatically uploaded to the cloud. What does that mean? They're uploaded to the user's on drive or something else? Because whatever that user account is shouldn't be accessible by Microsoft, even if they run the service. I'm not saying aim surprised they do have it, but would be nice to be a little clearer about what features of Bitlocker to avoid. Is it the Microsoft account associated with the windows key? Probably.
Remember when Truecrypt got suspiciously terminated? That was the goal
What does Microsoft think the fucking point of encryption is? Do they think I am encrypting my data to protect it from my dog?
This is a most excellent place for technology news and articles.
