1282
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Jan 2026
1282 points (100.0% liked)
Technology
82070 readers
2962 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
The word "Gave" is really doing some heavy lifting in that title. Microsoft produced the keys in response to a warrant as required by law.
If you don't want a company, any company, to produce your data when given a warrant then you can't give the company that data. At all. Ever.
Not fast food joints, not Uber, not YouTube, not even the grocery store.
I'm stupid. How do thet even produce the keys?
Your computer generate a random key using (hopefully) a trusted PRNG with good enough sources. This key is then used to encrypt your data. This key is stored in your computer's TPM module, and provided to the OS only if the chip approves all the checks in places. In addition, you get that key displayed to you, so you can write it down (or alternatively save the key file somewhere of your convenience). This is relatively good as far as security goes (unless the TPM is broken, which can happen).
And then, unless you jumped through hoops to disable it, your PC sends the key to Microsoft so they can just keep it linked to your account. That's the part that sucks, because then, they have the key, can unlock your drive on your behalf, and have to produce it if asked by a judge or something.
Note that there are relatively safe way to protect these keys even if they are backed up in "the cloud", by encrypting them beforehand using your actual password. It's not absolutely perfect, but can make it very hard/costly/impossible to retrieve, depending on the resources of the attacker/government agency. But MS didn't chose this way. I don't know if it's because of sheer incompetence, inattention, or because this feature is claimed to be here to "help" people that lose their key, and as such are likely to lose their password too, but it is what it is.
Funny enough, people have lost access to their bitlocker encrypted drive because of some weird issues that triggered the windows intallation to revert to asking for the full bitlocker encryption key (I think if you disable secure boot or mess with CPU upgrades or the TPM, or some weird update broke, that can happen), which they didn't have and forgot the microsoft account. But microsoft can't help because they forgot about their acount credentials.
They should've asked the FBI for help lolz
It happened TWICE on my Lenovo laptop, when it automatically installed a firmware update from windows update
I'm pretty sure all tpms can be read with an electric interference reader when they're probed, as an intended loophole
I don't know about intentionally designing that. It would violate contracts and have to be a hidden, but broadly conspiratorial activity. I have some professional experience in consumer electronics, and I remember when TPMs started becoming a required component for CE. It took several years to become commonplace; a slow transition from security by obscurity to sensible practices when devices started to be internet connected.
Nevertheless, from my experience, I'd say the TPMs aren't there for user security, they are there to keep Hollywood movies safe.
You'd probably also have to jump through the hoops to disable windows recall too.
In Windows 11, if the main user logs in with a Microsoft account (which is mandatory unless you do some hacks during the install), it automatically encrypts the main drive by default without asking the user consent and uploads the decryption key to Microsoft servers (again, without user consent, but usually this is appreciated because sometimes automatic BIOS updates via windows update wipe the tpm and keep all your data at ransom.)
Microsoft built the encryption in Windows so know how to get around it. In theory that remains a closely guarded secret but there are the warrants and the NSA and...
Nope, this isn't even a "backdoor". The key itself was automatically uploaded to your microsoft account, so they can just take the key from the microsoft servers and walk right in. This isn't some secret, a quick online search will reveal this as public information. They literally tell you the key will get uploaded.
I’d go as far as to say it’s similar to a landlord requiring a key to access the apartment your renting from them. Sure, they probably won’t abuse that power, most don’t, but the doesn’t mean they can’t.
The bigger picture to me is it’s pretty clear then internally, Microsoft views you as a “tenant” of THEIR OS. Not a purchaser. This is why they use the words “This PC” in replace of “My PC”.
Yes, I think we can absolutely say that companies are pushing for consumers to use the cloud instead of their own hardware, but in this context, I’d say it’s more egregious showing their mindset that you’re just renting their software from them.
Nah, a landlord cannot legally deny access to an apartment/house you paid for, like you can literally call the cops (make sure you have a copy of the lease safely stored on your phone or something) and get let back in. They need a court case to evict you.
But microsoft can deny access your OS, and with the manatory full disk encryption implemented, you can't even get back in to retrieve your data. (kinda like WannaCrypt) And this would be all legal since ToS and mandatory arbittation bs. No court case needed to hold your files hostage.
So I'd say Microsoft is like 10x worse than a landlord
Not true with E2EE, they can’t give over shit when they don’t have the keys
Bitlocker is computer drive encryption. On W11 it’s supposed to be tied to the motherboards TPM. End to end encryption is not really applicable in this scenario. That phrase is more applicable to cloud services or storage where a telecom or CSP hosts or transports your data but can’t see what the data is.
Microsoft should not have the keys to decrypt Bitlocker ever.
Ofc its not applicable in that one scenario
Windows is a closed source and proprietary commercial Operating System. Microsoft is going to do whatever they like with it. If enough people get angry about an issue they may change their mind but that doesn't change the nature of Microsoft's ownership over their products.
I've been participating in discussion about what Microsoft should and shouldn't do since the late 80s and it pretty much boils down to this: You need to select and use software that works the way you want it to. So if you don't want MS to have your disk encryption key then don't use Windows. If you don't want MS to have access to your documents then don't put them on any system that MS has control over.
It can be terrible inconvenient to protect your data in this way but this part and parcel of the privacy movement.