The keys were very likely uploaded to the linked MS-account.
This is communicated as a backup in case you loose the key.
Breach of trust? Yep
Backdoor? Not very much.
Comment on Microsoft Gave FBI Keys to Unlock Encrypted Data, Exposing Major Privacy Flaw
kn0wmad1c@programming.dev 1 day ago
If they’re selling bitlocker as “full-disk encryption”, doesn’t that open them up to a class action since encryption with a backdoor isn’t encryption?
Appoxo@lemmy.dbzer0.com 12 hours ago
herseycokguzelolacak@lemmy.ml 12 hours ago
Uploading the key to the cloud is a backdoor. The encryption is only as secure as the your key.
Appoxo@lemmy.dbzer0.com 11 hours ago
Sure doesnt sound like that to me.
A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment
Source: en.wikipedia.org/wiki/Backdoor_(computing)
Not very covert if it is offered to a user.
If MS gives up the key that is stored plainly in their system, that is a problem. But not a backdoor.
This is quite literally the police knocking on the front door and demanding the key.herseycokguzelolacak@lemmy.ml 4 hours ago
This is a meaningless, pedantic argument. Call it backdoor or something else, it does not matter. What matters is that it renders the encryption worthless.
rumba@lemmy.zip 1 day ago
Grey area, user chose to store the private bitlocker key to their online Microsoft acct, it’s optional. It’s still a dirtbag move, but probably less illegal.
jj4211@lemmy.world 1 day ago
While optional, it is also the default behavior.
rumba@lemmy.zip 1 day ago
it’s default in that it’s the top item on the list, but I can’t actually fault them much here, that dialog is crystal clear and you have to log into a Microsoft account to save it there. They don’t really push you very hard to put the key into their cloud.
I fault them more for not using zero-knowledge encryption to protect the user’s key.
Epsilion@pawb.social 23 hours ago
the other options won’t let you continue without performing the actions in a way that windows likes. So for someone trying to set up their PC, only the first option has zero cost.
option two requires an external drive without encryption
option 3 requires setting up a printer from that screen, so you can print the page. it won’t let you continue otherwise.
if you want to back up in some other way, you just don’t (or use PDF conversion from the print dialog)
IhaveCrabs111@lemmy.world 1 day ago
lol. Last time I checked the rule of law in the US only matters if corporations want it to
DeathByBigSad@sh.itjust.works 1 day ago
Oh you can sue if you have Epic Games level of money and access to lawyers. Otherwise corporate says “fuck you”.
DeathByBigSad@sh.itjust.works 1 day ago
No they’re not really technically “selling” it. Its bundled with Windows.
Its the home edition thing where they require a microsoft account. Afaik, the Pro version doesn’t require a microsoft account.
TWeaK@lemmy.today 1 day ago
They’re selling Windows and one of the selling points is that it includes full disk encryption. Thus they are selling full disk encryption.
DeathByBigSad@sh.itjust.works 1 day ago
Most people have windows because of OEM keys, so you don’t really have a direct bussiness relationship with Windows so its kinda harder to sue.
If you build a pc then separately bought a key, then you might have a better case.
(Disclaimer: I am not a laywer)
TWeaK@lemmy.today 1 day ago
What if you downloaded an iso from Microsoft and typed a simple command into powershell to activate it? 🏴☠️
But yeah all I’m saying is Microsoft are definitely on shaky ground with their sales claim here. However it’s no less shaky than things they were already convicted of years ago yet seem to be doing yet again, eg bundling Internet Explorer/Edge as the default browser - which has now expanded into occassionally resetting your default apps to Microsoft ones with system updates.
roran@sh.itjust.works 1 day ago
Nah, it’s encryption all right, they just back up the key in case you lose it. Which is a feature. aka.ms/bitlockerrecovery
I hear iMessage e2e-encrypted messages are also backed up into cloud as plaintext…
m0stlyharmless@lemmy.zip 11 minutes ago
Apple did add a new feature to iCloud called Advanced Data Protection, which enables E2E encryption on iCloud contents, which includes message and device backups.
After enabling this, it is likely prudent to regenerate FileVault keys. It’s also notable that for the initial setup of macOS, it does offer you to forego uploading the recovery key to iCloud, but selecting this option presents a warning stating that Apple will be unable to help you retrieve your data if you lose it. Thus, I am certain most Mac users just upload them to iCloud, which opens them up to exactly the same issue as in the article, but does help protect against thieves or adversaries with brief device access.
I have tried to convince Apple I know to enable ADP, but I have been faced with the expected dismissal of it being unnecessary because they are not interesting, etc.
More people need to engage in a culture of security and privacy when it comes to their digital lives.