Submitted 3 weeks ago by commander@lemmy.world to technology@lemmy.world
The word “Gave” is really doing some heavy lifting in that title. Microsoft produced the keys in response to a warrant as required by law.
If you don’t want a company, any company, to produce your data when given a warrant then you can’t give the company that data. At all. Ever.
Not fast food joints, not Uber, not YouTube, not even the grocery store.
Yes. But this completely invalidates the encryption. If anyone can decrypt your data without you giving the keys to them, it is not really encrypted.
The encryption key is data, don’t give it to ANYONE. “Two people can keep a secret if one of them is dead.”
Its not anyone though. Not anyone can get a warrant and demand the keys
If you can’t possess the keys, you can’t give them when there’s a warrant. Microsoft designed a system that could obtain and decrypt those keys on purpose.
I’m certainly not a microslop supporter, but…
They designed a system that recommended that the average user use full disk encryption as part of device setup, and then provided a way that Grandma could easily recover her family photos when she set it up with their cloud.
This was built by an engineer trying to prevent a foreseeable issue. The intent was not malicious. The intent was to get more people more secure by default, since random hacker couldn’t compell ms to give them keys, while still allowing low tech literacy people to not get fucked.
It’s been a while since I installed a new Windows OS, but I’m pretty sure it prompts you to allow uploading your bitlocker key. It probably defaults to yes, but I doubt you can’t say no, or reset the key post onboarding if you want the privacy, and now it’s on you to record your key. You do have to have some technical understanding of the process, though, which is true of just about everything.
That all said, if a company has your data, it can be demanded by the government. This is a cautionary tale about keeping your secrets secret. Don’t put them in GitHub, don’t put them in Chrome, don’t put them online anywhere because the Internet never forgets.
They’re doing this because there’s demand (with actually, non malicious genuine needs), and the feature is clearly advertised AFAIK.
It’s not some evil conspiracy. Microsoft does enough shitty things without us needing to blame them for their users’ shitty OpSec.
I’m stupid. How do thet even produce the keys?
Your computer generate a random key using (hopefully) a trusted PRNG with good enough sources. This key is then used to encrypt your data. This key is stored in your computer’s TPM module, and provided to the OS only if the chip approves all the checks in places. In addition, you get that key displayed to you, so you can write it down (or alternatively save the key file somewhere of your convenience). This is relatively good as far as security goes (unless the TPM is broken, which can happen).
And then, unless you jumped through hoops to disable it, your PC sends the key to Microsoft so they can just keep it linked to your account. That’s the part that sucks, because then, they have the key, can unlock your drive on your behalf, and have to produce it if asked by a judge or something.
Note that there are relatively safe way to protect these keys even if they are backed up in “the cloud”, by encrypting them beforehand using your actual password. It’s not absolutely perfect, but can make it very hard/costly/impossible to retrieve, depending on the resources of the attacker/government agency. But MS didn’t chose this way. I don’t know if it’s because of sheer incompetence, inattention, or because this feature is claimed to be here to “help” people that lose their key, and as such are likely to lose their password too, but it is what it is.
In Windows 11, if the main user logs in with a Microsoft account (which is mandatory unless you do some hacks during the install), it automatically encrypts the main drive by default without asking the user consent and uploads the decryption key to Microsoft servers (again, without user consent, but usually this is appreciated because sometimes automatic BIOS updates via windows update wipe the tpm and keep all your data at ransom.)
Microsoft built the encryption in Windows so know how to get around it. In theory that remains a closely guarded secret but there are the warrants and the NSA and…
Not true with E2EE, they can’t give over shit when they don’t have the keys
Bitlocker is computer drive encryption. On W11 it’s supposed to be tied to the motherboards TPM. End to end encryption is not really applicable in this scenario. That phrase is more applicable to cloud services or storage where a telecom or CSP hosts or transports your data but can’t see what the data is.
bonjour!
Can’t stop winning.
I wouldn’t be naive enough to believe there’s not a backdoor somewhere in LUKS.
Feel free to share any evidence or indication, otherwise I don’t think “naive” is the right word. Backdoors aren’t the issue here, even for MS Bitlocker. The issue, as stated in the article, is:
by default, BitLocker recovery keys are uploaded to Microsoft’s cloud
No need for a backdoor if you know you can get keys to the front door.
This is not a backdoor
This is the house rental company having a key to the front door
Linux. LUKS it yourself or it isn’t really encrypted.
What does Microsoft think the fucking point of encryption is? Do they think I am encrypting my data to protect it from my dog?
As someone who used windows for way too long: they just simply don’t give a shit. Like at all
i saw your dog using arch linux
Don’t be silly, the dog uses Puppy Linux.
btw……
If you’re not the only one with the keys, is it really encrypted?
Why do you think the encryption capabilities on your PC are there for your sake? They might have sold them to you on that, but they are really there to protect copyright data because TPM allows encryption/decryption that is completely hidden from the rest of your system. Like an encrypted handshake that then transfers an encrypted key to decrypt the video stream. But it doesn’t save the decrypted data, it immediately re-encrypts it using your display’s private key (or whatever device is next in the chain, maybe your GPU). They can make it so that the unencrypted stream never touches your RAM or travels on any wire, which means you can’t pirate shows as you watch them unless you point a camera at your screen.
Obviously if they just said that was one of the main points, no one would want it and media companies couldn’t benefit from it because they’d have to compromise to sell content.
The other point was so that they could build a system where they hold the encryption keys and get to choose whose data is actually private. Obviously that’s an even harder sell.
So they did what marketers always do and lied by omission about what it was for and just outright lied if they ever said they’d never give the keys to law enforcement (did they ever even say that?).
Let go of the idea that someone selling something to you implies any kind of loyalty, especially when either party is a large corporation.
Just use Linux.
I’ve read someone blabbering how BitLocker is better than FDE on Linux or BSDs just recently. I didn’t do fact checking, but honestly just uploading keys to MS wasn’t something I expected even from them.
Not even from the company that tried to provide you with windows recall? 🤣
A single bitter, crowing “hah!” at whoever thought there wasn’t at least this much overlap between our corporate and government masters. Welcome to hell kid, shoutout to whatever’s being trained on the last ~30 years of everything that touched the internet in the NSA’s Utah data center. Rose coloured PRISM though, I dream of the day when someone makes those search tools public and I can reminisce through my preteen MSN Messenger convos
What a slap to the faces of everyone who had been locked out of their data because they never knew about this crap and thus never saved their keys
Except their keys were saved but they don’t have the credentials to “prove ownership” of the microsoft account.
People called me paranoid when I said this would happen someday…
if theres money to be made it will happen one day
Daily reminder that verified boot is objectively superior to “secure boot”, once again a common Linux W and another example of Google actually promoting some good security practices
Same thing?
You can add custom keys to secure boot.
That doesn’t make it the same thing
Bitlocker? More like Shitlocker. Thanks, but I’ll stick with LUKS.
Wasn’t this by design? Otherwise why keeping the decryption keys on servers located in the united states’?
It’s a consequence of the design.
I certainly wouldn’t want end users calling me because they lost their recovery keys and consequently all their data. So I can understand offering or even recommending fallbacks.
The real solution would be clear and obvious documented choice for an informed decision. Online backup for fallback but meaning possibility of court order compromise and other external management risks, or self-managed with no recovery in case of loss.
Indeed. I think that you have to remember that the vast majority of BitLocker users would go from no encryption to encryption with your key in the Cloud. Given the he risk of complete data loss this is imo a decent risk/reward in most cases. You need both the physical computer and the MS account login, and the US government also has the latter.
If you want to make an active and informed decision there is of course much better option s, but know that you would be responsible to keep the unlock key safe or risk total data loss.
Why is anyone surprised by this? And what kind of imbecile commits crimes and uses windows? 🤣
Not just that but also uploads a copy to their Microsoft Account
Many modern Windows computers rely on full-disk encryption, called BitLocker, which is enabled by default. This type of technology should prevent anyone except the device owner from accessing the data if the computer is locked and powered off. But, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes.
Didn’t Osama bin Laden use Windows? 😂
BitLocker provides for a recovery key. This is to allow someone to regain access to an encrypted device in the event that they lose their PIN, any one of these scenarios happen, OR when suspects do not want to cooperate with LEOs.
Find your BitLocker recovery key
If the target device is part of an enterprise and managed with EntraId/Intune this is the option. Escrowed keys.
Is anyone shocked by this? With everything that DHS, FBI, ICE, military, elected representatives, etc. are all doing without any concern or care for laws, civil rights, human rights, the Constitution, this should not be a shock to anyone. Corporations are bending over backwards to appease the talking orange and make more money. They do not care as long as profits are up and the shareholders are happy. A companies primary legal responsibility is to the shareholders, not the customers.
+100. People forget, or chose not to pay attention to the fact that Google sensor vault data was key evidence in convicting the January 6 insurrectionists (who were exonerated to become ICE). Surveillance capitalism doesn’t care which side you are on.
Microslop is openly anti consumer. Why would you hand them your encryption keys?
winds 11 home forces it apparently, when you have to use it.
Remember when Truecrypt got suspiciously terminated? That was the goal
Microsoft only has your key if you give it to them for convenience (by syncing to your Microsoft account), and they’re required by law to give anything stored in their servers if asked. There’s no conspiracy here.
Federal investigators in Guam believed the devices held evidence that would help prove individuals handling the island’s Covid unemployment assistance program were part of a plot to steal funds.
Damn, they weren’t even doing this to go after pedos.
I’m curious where in the economic ladder this person fell. Rich enough to get a significant amount of money from the system, but still too poor to make the government look the other way.
IIRC am pretty sure they have been doing this for years(since Windows 8).
Even if you don’t care that MS and the federal government can decrypt your data, when Bitlocker is enabled your MS account becomes cryptographically linked to your identity and machine, making it a powerful tool for surveillance, identification, and DRM.
Amazing how every time you think they’ve finally stopped digging… they whip out the steam shovel and go “Hey y’all, watch this!”
Well, storing the key in the specific provider‘s cloud isn‘t a good idea anyway - the same counts for iCloud as well. There are things that should be separated from each other because of reasons, this one is just another proof for the need to do so.
Not your keys ? Not your data !
Microslop’s OS is evidently untrustworthy and should not be used. I would recommend replacing it with a Linux distribution.
This is why I don’t use bit locker, nothing microslop controls secure in any way.
I was summoned to help eject a CD today.
I’m out.
So how did Microsoft have the keys in the first place? The article says they are automatically uploaded to the cloud. What does that mean? They’re uploaded to the user’s on drive or something else? Because whatever that user account is shouldn’t be accessible by Microsoft, even if they run the service. I’m not saying aim surprised they do have it, but would be nice to be a little clearer about what features of Bitlocker to avoid. Is it the Microsoft account associated with the windows key? Probably.
Expect nothing else from any corporation for your own safety.
empireOfLove2@lemmy.dbzer0.com 3 weeks ago
So, this means Microsoft has copies of every single bitlocker key, meaning that a bad actor could obtain them… Thereby making bitlocker less than worthless, it’s an active threat.
MS really speedrunning worst possible software timeline
dual_sport_dork@lemmy.world 3 weeks ago
They don’t have a copy of every single Bitlocker key. They do have a copy of your Bitlocker key if you are dumb enough to allow it to sync with your Microsoft account, you know, “for convenience.”
Don’t use a Microsoft account with Windows, even if you are forced to use Windows.
tabular@lemmy.world 3 weeks ago
To use Windows without a Microsoft account requires tech literacy these days, I thought. I would not be suprised if users didn’t choose to sync with a MS account but it’s doing it anyway, if that’s what MS want.
DeathByBigSad@sh.itjust.works 3 weeks ago
Encryption doesn’t actually complete until you log in with a Microsoft account for Home Edition.
Anyways: Use Veracrypt.
Or just Linux + LUKS
lemmyout@lemmy.zip 3 weeks ago
It’s a bit harsh and unfair to say “you are dumb enough to allow it”. Microsoft makes it damn near impossible to avoid this unless you are extremely particular and savvy about it, and never have an off day where you make a mistake while using your PC.
realitaetsverlust@piefed.zip 3 weeks ago
Ftfy
empireOfLove2@lemmy.dbzer0.com 3 weeks ago
Which I don’t believe is the only way it can leak. It’s well known Microsoft can access anything and everything on an internet connected Windows PC whether there’s a Microsoft account or not. If the nazi’s push for the device of someone on a local account only, you know they’ll magically find a way.
goferking0@lemmy.sdf.org 3 weeks ago
I mean it’s dumb to sync but at same time it’s not like MS isn’t great at either making it almost impossible to not sync it re-enable syncing for a bit after updates.
You can constantly tell it not to sync but all it takes is MS saying we want it now and they’ll get it
iterable@sh.itjust.works 3 weeks ago
Save a copy of your bitlocker keys to a Veracrypt drive with a password no shorter then 15 mixed characters. Then upload that encrypted container to any free service. They wont be able to open it and now you have a remote backup copy.
JustEnoughDucks@feddit.nl 3 weeks ago
Are you naive enough to believe the surveillance OS that uploads literally all of your activity along with screenshots of your desktop doesn’t automatically upload you keys no matter what little box you tick on the installer?? 😂 there is absolutely not one single 3rd party auditing that they actually follow any of the options at all that they give.
obinice@lemmy.world 3 weeks ago
Why is that dumb?
I encrypt my drive to protect my data from burglars and thieves who might steal my laptop, how would they obtain the recovery key from Microsoft? O_o
Tollana1234567@lemmy.today 3 weeks ago
i heard win11 its automatically used online for home.
bw42@lemmy.world 3 weeks ago
No they do not have copies of every Bitlocker key.
Bitlocker by default creates a 48-bit recovery code that can be used to unlock an encrypted drive. If you run Windows with a personal Microsoft account it offers to backup that code into your Microsoft account in case your system needs recovered. The FBI submitted a supoena to request the code for a person’s encrypted drive. Microsoft provided it, as required by law.
Bitlocker does not require that key be created, and you don’t have to save it to Microsoft’s cloud.
This is just a case of people not knowing how things work and getting surprised when the data they save in someone else’s computer is accessed using the legal processes.
user28282912@piefed.social 3 weeks ago
Except that Microsoft basically puts a gun to every users head to login with a Microsoft account which can/does backup the recovery keys.
greybeard@feddit.online 3 weeks ago
If you sign into a Microsoft account during setup, Microsoft automatically turns on bitlocker and sends the key off to Microsoft for safe keeping. You are right, there are other ways to handle bitlocker, but that’s way beyond most people, and I don’t think Microsoft even tells you this during setup. It’s honestly a lifesaver for when bitlocker breaks(and it does), but it comes at a cost. In the business world, this is seen as a huge benefit, as we aren’t trying to protect from the US government, mostly petty theft and maybe some corporate espionage.
As is often the case, the real solution is Linux, but that, too, is far beyond most people until manufacturers start shipping Linux machines to big box stores and even then they’d probably not enable any encryption.
NatakuNox@lemmy.world 3 weeks ago
Hey copilot, give me the bitlocker key to the nuclear football!
x0x7@piefed.social 3 weeks ago
Microsoft is already a bad actor and they have them. Or a bad actor could threaten microsoft physically and microsoft will hand them over. Wait, that already happened.
Kongar@lemmy.dbzer0.com 3 weeks ago
And people make fun of me for turning off secure boot and tpm. They just cause grief for no benefit.
frongt@lemmy.zip 3 weeks ago
Well this isn’t directly related to those, so maybe some derision is warranted.
partial_accumen@lemmy.world 3 weeks ago
As long as you’re doing your own whole disk encryption, you have a valid path to still be secure. However, if you’re running an unencrypted disk, you’re much more likely to lose your data to a non-state actor.
cley_faye@lemmy.world 3 weeks ago
Both are completely unrelated to the discussion. TPM sometimes have issues regarding their security, but you can certainly use Secure Boot with your own signing keys to ensure the kernel you run is one you installed, which improves security. And you can use TPM to either keep your FDE keys, or only part of them combined with a PIN if you don’t fully trust them to be secure, so you keep strong encryption but with a bit of convenience.
Without a (properly configured) Secure Boot startup, anyone could just put a malware between the actual boot and your first kernel. If the first thing that happens when you boot is something asking for a password to be able to decrypt your storage, then an attacker can just put something here, grab your password, and let you proceed while storing in a a place it can be retrieved.
Is this scenario a concern for most people? That’s unlikely. But every computer sold these last five years (at least!) can be setup to reduce this risk, so why not take advantage of it.
Kissaki@feddit.org 3 weeks ago
Not everyone follows the default. So no, it doesn’t mean Microsoft has copies of every single BitLocker key.
Appoxo@lemmy.dbzer0.com 3 weeks ago
More likely stupid users storing their bitlocker key in the microsoft account instead of printing it out or storing it somewhere not owned by MS lol
Arcane2077@sh.itjust.works 3 weeks ago
Could be worse. Could have skeleton keys
corsicanguppy@lemmy.ca 3 weeks ago
You’re assuming there isn’t a master pubkey baked into the software.