Microsoft Has Your Encryption Key If You Use Windows 10

An anonymous reader writes with this bit of news from the Intercept. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers. From the article: "The fact that new Windows devices require users to backup their recovery key on Microsoft's servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they've already uploaded it to the cloud.....As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, 'Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'"

Can a corporate security officer comment

[RichMan]

I would like to know the opinion of large public corporations security officer on this feature of windows.

Re:

[Anonymous Coward]

I know the opinion of a couple of high security smaller companies, only 20,000 to 60,000 employees... they both say, "holy shit no. Windows 10 is not even being considered for corporate deployment"

speaking anon to not get in trouble with them.

Re:Can a corporate security officer comment

[JeffSh]

that is a totally out of context comment from an anonymous poster.

large corporate entities will not deploy windows 10 for years anyway due to incompatible or uncertified line of business software platforms. it has nothing to do with this particular feature.

moreover, this has to do with logging into your microsoft.com account, nothing to do with windows 10 pro joined to a domain.

Don't cherry pick

[s.petry]

While the main point of the article is about a Windows account there is an underlying discussion on overall privacy using Microsoft Windows. This is just the latest article discussing privacy and security concerns. Sure, "some" businesses are always years behind in releasing a new OS. Others are not so far behind, and are very concerned about security so not approving Win10.

For example, as soon as the OS was released we see how the OS will send your keystrokes to Microsoft. Not just what you type into Cortana, IE, or Edge but ALL keystrokes are recorded by the OS. You can disable sending the data to Microsoft, but we have yet to find a way of disabling the keylogger built in to the Kernel. (recorded does not necessarily mean stored long term, but long enough to evaluate in memory.)

Due to that lack of trust, I may have installed Win10 but never created a MS or Azure account. Anything I do on the device is treated as public knowledge because the OS is built to remove privacy from end users. I won't use online banking on the PC with Win10, and logging in to anything is assessed under the assumption that someone from MS and the Government will have full access to the account. When I'm working on sensitive stuff I use Linux.

Re:Don't cherry pick

[phantomfive]

we have yet to find a way of disabling the keylogger built in to the Kernel. (recorded does not necessarily mean stored long term, but long enough to evaluate in memory.)

Wait, what exactly does this mean? Even in Linux every keystroke goes through the kernel, it's kind of the purpose of the kernel to handle hardware stuff like that (of course Linux doesn't record it anywhere unless you want it to).

Re:

[AmiMoJo]

It means most of this stuff is bullshit. For example, Windows 10 only uploads your encryption key if you sign on to a Microsoft account and the machine came encrypted from the factory, in which case the manufacturer had ample opportunity to steal your keys too. This is actually a huge win for privacy, because devices encrypted by default with no effort on the part of the user are clearly better than devices with no encryption.

If you enable bitlocker manually you can optionally upload your key. For home user

Re:

[kimhanse]

There is a lot of NSA code in Linux.

http://git.kernel.org/cgit/lin... [kernel.org]

https://www.nsa.gov/research/s... [nsa.gov]

I am not saying that it causes the security problems the AC was writing about, but it is there.

Re:

[rubycodez]

and no one I know uses SELinux because it is bolt-on garbage. I've decades of experience in financial and healthcare systems, there are better ways to do things

Re:Don't cherry pick

[johnw]

That's not a low ID.

Re:

[phantomfive]

large corporate entities will not deploy windows 10 for years anyway due to incompatible or uncertified line of business software platforms.

Your post is good, and I understand why large corporations wait for software platforms to be certified, but my question is, are there known incompatibilities in Windows 10? OR is it still more of a theoretical thing?

Re:

[unixisc]

moreover, this has to do with logging into your microsoft.com account, nothing to do with windows 10 pro joined to a domain.

So this applies only to Microsoft employees, right? Or anyone with a hotmail, outlook.com or live.com account?

Re:

[Ubi_NL]

Thats what i thought as well. But i work for a fortune-100 company and we roll out win 10 at this moment (for new machines though).

Re:

[fizzer06]

You called it a "feature". Just . . . damn.

Re:Can a corporate security officer comment

[ArmoredDragon]

Even if you do consider Windows 10 (or 8 for that matter) don't under ANY circumstances use a Microsoft account to log in. Recall not long ago during Microsoft's "Scroogled" campaign, they were promising account privacy and that they'd never look into your account at all. Well sometime during all of that, they broke into a blogger's hotmail account (read: he was their own customer) to identify his leak source for future MS products, right after saying that "oh, well now we really mean it this time."

The problem with a Microsoft account is that your computer now answers to Microsoft's authentication servers, which means they ultimately hold the keys to unlocking your computer. In scenarios such as the above, or a government request, or social engineering, practically anybody could unlock your computer.

As I've said elsewhere, there's no practical benefit to having one (you can still download apps and whatnot without using a Microsoft account to log in to your PC) so why needlessly expose yourself to the above risk?

Re:Can a corporate security officer comment

[Kjella]

Because they didn't by the pro version and have to use the Microsoft account.

This is simply false. So far, at least.

Re:

[myowntrueself]

Because they didn't by the pro version and have to use the Microsoft account.

This is simply false. So far, at least.

To the best of my knowledge...

If you don't have the pro version you can only set up a Windows 10 box without the Microsoft account if it isn't connected to the Internet at setup time. if its got internet connectivity you don't get an option to set up with only a local account.

Re:

[Dins]

Yep, I can confirm this. I have the Home version at home and I do not have to log in to a MS account.

I wouldn't be using Windows at all except I'm a gamer. Yes, Linux gaming is getting better all the time and that's great. But right now Windows is still the gaming OS. In retrospect, I wish I would have stuck with Win 7 as long as possible.

Re:

[will_die]

Unfortunately that is the skill level of the majority of the security people, and 98% of those with a CISSP. The rest say lets review the security policies and make sure those capability are turned off.

Re:Can a corporate security officer comment

[Anonymous Brave Guy]

It's certainly possible that you're right, but equally if the GP poster really does have insider knowledge and really does want to speak without betraying a confidence then surely they really would post anonymously.

In any case, I can tell you the answer to your follow-up questions for at least some small to medium-sized companies I work with: Windows 10's biggest competition is probably Windows 7, which is what the majority of these organisations are already running as their standard desktop.

The difficulty Microsoft has with these customers is that Windows 10 doesn't have a lot of big selling points. I watched and listened to some of the early promotional material, and the loudest message I heard was "it's not Windows 8". Obviously to business customers who standardised on Windows 7 anyway, that's not exactly a good reason to undertake an inevitably expensive and disruptive migration to a new OS.

Re:

[ADRA]

Windows 'OS' has had little new to give enterprises for a long time (For at least a decade). Why do you see basically all new enterprise offerings going multi-platform and open web / XML standards? The only enterprise areas Microsoft is dominating are Office / Exchange / SharePoint / SqlServer (though largely used by other MS products) / AD (though this seems more a dodo waiting for obsolescence).

Re:

[PCM2]

Besides, using Win 10 without a touch screen kinda defeats the point of having it at all.

You're thinking of Windows 8. Windows 10 tries to cater to desktop machines more, and in the process it actually degraded the experience on tablets in various ways (smaller onscreen controls, gesture actions removed, onscreen keyboard acts in unpredictable ways, etc.)

Re:

[armanox]

Actually, considering the way the industry has been going the past several versions of Windows, is this very surprising? XP still persists in a lot of organizations (sadly). Most places didn't deploy Vista, they waited until 7. And most places are still on 7, out of dissatisfaction with later releases (which also makes Windows 7 the standard, not Windows 10)

Re:

[interval1066]

dissatisfaction? I'll say. Windoiws 10 (or 10.1, or something) brings NO must-have features as far as I can tell. Still, I wanted to try it, so I bought a windows tablet, a cheap British-made "Jumpstreet" (something like that) that came with windows 8. Knowing I would get an icon at some point for the upgrade from 8 to 10, I played with 8 and bided my time. Quick impression of 8: its windiws with a touch screen interface. Completely inappropriate for a touch screen. Besides the small screen the objects on t

Re:

[epyT-R]

Windows 7, office 2013 probably.

Re:

[PopeRatzo]

We're moving to TempleOS, not that it's any of your business.

I'll only work for companies that adopt enterprise BeOS.

Re:

[ArhcAngel]

Thanks for that. I had a good chuckle. [templeos.org]

Re:

[Anonymous Coward]

Large public corporations are going to be logging in using Active Directory credentials, not their Microsoft accounts. The article summary (which may be wrong, because they usually are) states that this behavior only happens when logging in with a Microsoft account.

Re:Can a corporate security officer comment

[Anonymous Coward]

CISO here, we haven't made the jump to 10 yet (85% of our workforce is on 7 with some 8.1 here and there), things like this are kinda non starters for us for any employee who even remotely has a chance at accessing PII or confidential information. It's not that I think Microsoft would act maliciously, but it would violate a ton of compliance documentation that we have, requiring re-audits of our policies and procedures. Hopefully this is one of those features Microsoft will allow you to turn off in the Enterprise SKU. We're honestly watching Windows 10 very closely, it has a lot of really nice improvements on the security front. But things like this, and the giant sweeping updates like the November update, make it very hard. Microsoft is trying to move closer to the Apple model, but the Apple model is a big departure for anyone who knows the pains of PCI, HIPAA, or SOC2 compliance.

Re:

[silas_moeckel]

Things like this do not affect the corp version at all. It's specific to people using MS not corp AD servers. We have had key escrow as an optional part of AD for a long time at least in relation to drive/file encryption.

Re:

[Grishnakh]

Hopefully this is one of those features Microsoft will allow you to turn off in the Enterprise SKU.

No, hopefully not. I'd rather see MS force their corporate customers to link their AD servers to MS's, and send all their encryption keys to MS's servers.

Re:

[epyT-R]

Why?

Re:

[epyT-R]

I figured that was the reason. Thanks.

Re:

[Grishnakh]

Thank you, that's pretty much what I had in mind, but a little more extreme: I *want* to see MS push their customers away so that they'll be finally forced to abandon MS, or get burnt so badly by sticking with them that their competition drives them out of business.

I'd rather see a world where all these "IT companies" as you put it are actually mostly in control over their own destinies (at least with the IT stuff), rather than all of them being on the MS bandwagon.

Re: Can a corporate security officer comment

[Billly Gates]

Windows 10 enterprise doesn't have spyware. Only the home and professional versions do so the point is mute. Great way too to enforce companies buy an expensive corporate blanket and not save with the pro version

Re: Can a corporate security officer comment

[Anonymous Coward]

The point is moot not mute.

Re:

[Cro Magnon]

Maybe the point can't talk.

Re: Can a corporate security officer comment

[GrantRobertson]

Well, the point doesn't "speak to me" because I won't be using an enterprise license or logging into AD.

Re:

[Archangel Michael]

The point is moo.

Re:

[Anonymous Coward]

Fun fact: telemetry cannot be disabled in the Enterprise version either.
Set it to "disabled" and it goes to the "Security" level. Source:
https://technet.microsoft.com/library/mt577208%28v=vs.85%29.aspx [microsoft.com]

Re:

[Opportunist]

Win10 is not even on the table. Far from it. And as long as there is support for Windows 8, it will not become an issue.

Seriously, most companies I deal with still use Win7. And they will do so until the final moment of its support.

Re:Can a corporate security officer comment

[Reginald Owens]

I find this to be rather difficult to properly converse about. While I'm not a CISO per say, I consult many CISO's regularly and this is one of the topics that have come up recently and has opened up a lot of interesting discussions. To clear the air, Windows 10 Enterprise (and Windows 10 Professional) do not give you the ability to store Bitlocker keys with Microsoft when joined to Active Directory, nor do they automatically upload the keys. When joined to Active Directory, you have 3 options for key backup: Printing a Copy, Saving it to a file, Saving it to a USB key. Behind the scenes (not visible to the end-user), there is a 4th option in which you can require that the joined computer store a backup copy of the key on the computer object within Active Directory. This must be configured in AD and deployed as a GPO to the computers otherwise this backup option will not take place. The option to backup to a MS account is not available, even if you add a MS Account to the workstation. Now, to be transparent, none of the large (Fortune 500 or bigger) companies that I consult are using Bitlocker (rather, they are using various third-party drive encryption systems). Now, that isn't to say that there aren't any, just not the ones that I consult. However, several of my medium enterprise clients are. All of the discussions have all been centered around where to store recovery keys for the purpose of the business being able to decrypt a system if needed by an authorized administrator. This has caused a lot of issue because for my clients that are using Bitlocker, a few of them have considered moving to Azure AD (Active Directory run by Microsoft in the Cloud). My concerns about this have been that if you are using AD as a recovery for Bitlocker and you move AD to the cloud, this effectively does exactly what a MS account does to the home computer... puts the encryption keys in the hands of Microsoft. Now, not all of my medium enterprise clients are considering this, but of the few that are, we haven't been able to get clear information from MS on who all would have access to Azure AD and what their policies are.

Re:Can a corporate security officer comment

[ray-auch]

Good summary - unfortunately I don't have mod points today

I would add that the likely reason we can't get clear info from MS about Azure AD is that Azure is international and located in multiple regions / jurisdictions and I think the court cases are still ongoing about whether or not the US can short-circuit international treaties and local laws elsewhere and force MS to hand over data located in other jurisdictions. So, MS basically don't know.

It's safest to assume that govts are always likely to be able to get hold of keys whether stored on your own recovery server or with MS, and the likelihood rises with size of govt concerned...

Re:

[phantomfive]

It's safest to assume that govts are always likely to be able to get hold of keys whether stored on your own recovery server or with MS, and the likelihood rises with size of govt concerned...

Indeed, MS is most likely obligated to turn those keys over.

Re:

[PCM2]

Indeed, MS is most likely obligated to turn those keys over.

Not in all cases. One particular one that I'm aware of was where a US court ordered Microsoft to turn over one of its customers' data, but Microsoft responded that the data in question was not hosted in the US and therefore the court had no jurisdiction to seize it. I think Microsoft is still battling it out with the US government on that one.

Re:

[mysidia]

As an IT technical admin of a non-public corporation; I will say that many of the cloud features of Windows 10 scare me greatly, and I would have many concerns to address moving forward.

I do not believe it is necessarily justifiable that they block all deployment, but we may add special in-house requirements and restrictions on deployment, as we see necessary.

For example: we may need to take steps to disable or interrupt features considered a risk.

We expect our endpoints to not upload sensitive encry

Re:

[epyT-R]

I love your detailed description of 'why' this is the case. May I subscribe to your newsletter?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[epyT-R]

If you're right, it sounds like people with half a brain should start removing every dependency their lives have on any sort of computer technology. The alternative is being owned (owned and pwned?) by a software company and/or their friends in government.

Sad.

Hmmmm

[Vintowin]

How about you don't login with a Microsoft account? That'll show them!

Re:

[Z00L00K]

And you think that actually helps? The key may already be uploaded and linked to your computer ID. The Microsoft account is just a decoy that they use to mislead and make you feel comfortable with getting some extras since they can confirm your identity even though they have statistically already determined your identity.

Re:

[MatthiasF]

Do you have any proof of this assertion?

Furthermore, how is this any worse than Google's password manager behavior?

Re:

[Z00L00K]

It's worse because it's the key to the operating system itself, which would allow random attacker to gain control over your computer and access your data, possible even if it's encrypted with bitlocker.

Re:

[MatthiasF]

You're forgetting about the Google Update service for Windows and Mac, and the deep integration of Google services into most version of Android.

If anything, Google has had this very ability for years now and Microsoft is playing catch-up.

Re:

[Lunix Nutcase]

Furthermore, how is this any worse than Google's password manager behavior?

One is something you have to explicitly opt-in to use whereas the other is done without your consent?

Re:

[MatthiasF]

Using a Microsoft account on Windows 8 or 10 is not necessary either.

But I'm willing to bet a lot more people keep themselves logged in to Chrome all the time than use a Microsoft account on Windows 10.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[WaffleMonster]

Furthermore, how is this any worse than Google's password manager behavior?

Like a washed up dictator hauled in front of the hauge to answer for their crimes popping off "but Hitler did it too" ? Like that worse?

Please for the love of god enough bandwagon fallacies.

Re:

[Ol Olsoc]

And you think that actually helps? The key may already be uploaded and linked to your computer ID.

Their keylogger has already given it to them

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[myowntrueself]

Then you don't get encryption.

You can still create a local account only in Windows 8 and Windows 10. Next, turn on BitLocker and record your own recovery key. All of this can be done OFFLINE!

To the best of my knowledge it has to be done offline; if you have Internet connectivity you can't install 8 and 10 without a Microsoft account, it doesn't even give an option for local account unless you disconnect.

Re:

[epyT-R]

For now..

Re:Hmmmm

[Anonymous Coward]

When is this capability going to be added to systemd?

Re:Hmmmm

[Lunix Nutcase]

Then you don't get encryption.

Bitlocker works without a Microsoft account so this is patently false.

Re:

[interval1066]

There are native games for Linux, good ones too.

Re:

[unixisc]

That's why I have two PC's at home, one running Linux, and another running Windows 7. The Linux one is the one that I do all of my personal computing on: personal work, internet browsing, hobbies, reading, media consumption, etc. I demoted my Windows box to 'game console' and use it to play the games (usually via in-home streaming) that won't run in Linux Steam or Wine or Crossover for one reason or another. Nothing personal goes on it since Microsoft has repeatedly demonstrated that they cannot be trusted.

Similar to you, but one PC-BSD and another Windows 10 Bing (originally 8.1). The PC-BSd I do all my personal work on - banking, managing my credit card accounts and payments, internet browsing, media consumption, et al. The Windows box was what I bought b'cos my work required it for a Windows only application. That, and anytime I need to edit Office documents, or anything else that specifically needs Windows.

For games, I currently play Civ IV on the Windows box, but I'm waiting until PC-BSD 11 includes

Re:

[Grishnakh]

I thought "AAA" games were ones which were pretty cutting-edge and resource-intensive. As such, that's the last kind of application you want to run inside a VM; the performance will probably be crap.

If you just used Windows for some not-so-high-performance office applications or stuff like that, then yes, that's a good approach.

No they dont....

[Lumpy]

I dont have an encryption key! HA! Take that Microsoft!

Remember that it's a disk RECOVERY key

[CajunArson]

So one important thing to remember is that these keys don't give anyone a login or remote access to your box whatsoever. Instead, Windows 10 now turns on disk encryption by default. That's a good thing, but of only limited value since disk encryption really only helps if the disk is physically stolen from you.

So what we have here is a copy of the key that allows recovery of an encrypted disk being stored in the cloud unless you delete it. Not the greatest thing ever but it doesn't panic me all that much whe

Re:

[Jody Bruchon]

Windows 10 does not turn on disk encryption by default.

Re:

[sasparillascott]

But new systems are coming with it turned on by default (read the original linked article).

Re:Remember that it's a disk RECOVERY key

[Opportunist]

So one important thing to remember is that these keys don't give anyone a login or remote access to your box whatsoever. Instead, Windows 10 now turns on disk encryption by default. That's a good thing, but of only limited value since disk encryption really only helps if the disk is physically stolen from you.

Like, say, in a police raid.

So what we have here is a copy of the key that allows recovery of an encrypted disk being stored in the cloud unless you delete it.

Like, say, to gain access to the data after the raid.

Not the greatest thing ever but it doesn't panic me all that much when the same people who scream about not upgrading to Windows 10 because OMG NSA are also running old systems without any disk encryption whatsoever.

To put it another way: The vast VAST majority of Linux systems in operation that don't use full disk encryption are actually LESS secure than this setup simply because there's no need to get your hands on a recovery key to decrypt anything. Yes, I'm well aware that Linux systems with full-disk encryption exist. So what, they did (and still do) on Windows too.

With the difference that I can actually create encryption on Linux with a chance that nobody but me gains access to the key.

Re:

[Perky_Goth]

Like, say, in a police raid.

See, that's not how you should put, because people will think you want to break the law free of charge.
You should say corporate espionage helped by the US government and have a few links ready. That'll get their attention.

Re:Remember that it's a disk RECOVERY key

[Opportunist]

Look at your laws. Then tell me with a straight face that you have not broken one of them today. Or in the last 60 minutes.

Re:

[Sloppy]

Raids schmaids. In my experience, the most common case of data leaving the building are failing drives RMAed to manufacturer. I don't remember ever being raided but I have RMAed quite a few drives.

That is why everyone should always be encrypting. So that the drive (which is different from the boot SSD which has the key file pointed at by /etc/crypttab) is just noise. Worrying about the feds is like worrying that you're going to be killed by a terrorist, when you ought to be getting more exercise and drivin

Dovetails with new surveillance legislation

[sasparillascott]

Good to remember, that Congress just passed new (clearing companies to share any data with the NSA directly without liability) surveillance legislation tucked into the 2015 budget bill:

http://arstechnica.com/tech-po... [arstechnica.com]

The way this (and the data uploading with Windows 10) dovetails with the budget spy bill just passed you'd think it was hatched out in a back room - in D.C.. Obviously don't use Windows 10 if possible (you can still get 7 or 8.1 on most systems) and don't use Microsoft's built in encryption option (which Microsoft kneecapped starting with Windows Version 8 by removing the elephant diffusor making it more vulnerable to brute force attacks), there are other options for Windows Encryption.

Re:Dovetails with new surveillance legislation

[Holi]

"you can still get 7 or 8.1 on most systems"
You haven't heard? Windows 10 Telemetry and spyware have been backported to Windows 7 and 8.
http://www.extremetech.com/com... [extremetech.com]

Re:

[jez9999]

Only if you install those particular updates. Set the update system NOT to auto-install and vet the updates every time.

Duh, that's how encryption works

[iamacat]

Consider the alternative:

1. Encrypt the disk and login with Microsoft account
2. Forget the password, reset it from the web
3. Poof! You data is gone!

Maintaining strong security is not a joke. You have to memorize multiple long passphrases for different domains of protected data and never access stuff on devices that have ever left your custody. Like a laptop that has been left at home for NSA keylogger installation convenience. Be prepared to lose data and toss hardware on regular basis. I don't blame Micros

Re:

[iamacat]

I don't know how strong is your safe or how resistant it might be to thieves or cops. Microsoft data centers are likely to have security guards and require some due process before handing out the key to authorities. Admittedly they are more vulnerable to massive theft of keys from many users at once through software or insider attacks. On the other hand, you are keeping key and lock in the same house.

Regardless, you can switch to Win10 and NOT login with windows account. I think group a) just needs to be aw

A bit of a pain in arse

[MarkH]

But you can setup a windows 10 machine with all local accounts and all updates, traffic disabled.

Good guide here http://www.rockpapershotgun.com/2015/07/30/windows-10-privacy-settings/

Looking at wireshark it does seem to work

Primer version anyone

[RubberDogBone]

Can someone explain what all this actually means? Why should I care about this recovery key? I back up my own data so... if I had to do a recovery, I can certainly do that.

Not really any scenario where I would think of going to Microsoft to recover anything. What am I missing?

Re:Primer version anyone

[wbr1]

It means MS has a copy of the keys to your bitlocker encrypted data. And by inference anyone with access to MS, hackers, government, disgruntled employees.. any could log into your computer and use the keys to unlock what you thought was encrypted and safe.

Re:

[pr100]

You have a laptop running windows 10. The hdd is encrypted with bitlocker. MS have a copy of the recovery key.

That means that, in theory, MS and anyone they're prepared to share the key with can decrypt the contents of your HDD.

Presumably there was a reason that you encrypted your hdd in the first place, so there at least some people that you don't want to be able to decrypt it (otherwise encrypting it was a waste of time).

One difficulty is that you can't know for sure who really can get hold of that recove

End-to-end encryption and "normal" users

[GuB-42]

If encryption is turned on by default for normal users, there must be a way for the provider to recover the data.
People lose their passwords all the time, and don't want to lose all their data if that happens. For these people, disk encryption is just a way to prevent regular laptop thieves from accessing their data, not to protect them from the NSA and criminals who can hack Microsoft. They don't want end-to-end encryption.
If you need high level security even against Microsoft, then don't use your MS account, or better yet, don't use Windows.

My favorite version of Windows?

[globaljustin]

Yours :P

TrueCrypt

[duke_cheetah2003]

Should be noted, TrueCrypt 7.1a (last full version) works fine with Windows 10 if you're really concerned about someone thieving your data. I highly doubt the OS has your TrueCrypt keys if you use this solution, Microsoft account or not.

Re:

[cfalcon]

Veracrypt as well. I'm not sure about Ciphershed, but probably. These are the forks of Truecrypt once the Truecrypt devs gave their warnings and went away.

The keylogger's transmission can be disabled, and I'm not 100% sure if the fact that the data is in the kernel is inherently flawed. It's definitely highly suspicious, however.

Don't use Microsoft account

[sigmabody]

I mean, this should be pretty old news by now, but the moral of the story is the same as the previous N stories where using a Microsoft account uploads your personal information to Microsoft's (and the government's) servers: don't use a Microsoft account. At least this is a relatively easy fix which avoids a lot of the badness of Windows 10. I view it like running an ad blocker: yeah, it's kinda bad for convenience sometimes, but it's a small price to pay to avoid malware I know about, and other malicious t

Preferable != ideal and wrong conclusions

[drolli]

The conclusion in the article was that everybody who manages to hack the MS database or extorts an employee there would get access to my data. While i severely doubt that accessing the key is easily possible for an employee (i would not think so) without being noticed, there is another important point: Whoever steals my key, still needs access to my physical access to the HD (an that is the only situation in which stealing the key makes a difference: physical access, but no possibility to manipulate the OS

Re:

[The-Ixian]

I could not agree with you more.

The encryption keys are only useful to decrypt your hard drive once your computer has been turned off.

There are much easier ways for hackers to get your data which do not require decryption at all (because that has already been or is being done once the computer is booted).

This is a perfectly reasonable trade off in usability without a huge hit to security.

It is not a "TNO" (trust no one) solution. But if you need that, you probably should not be running anything but a Linux

I knew it!

[MagickalMyst]

Microsoft doesn't give anything away for free without a catch.

In this instance, the catch is your encryption key.

The acknowledgement does not look good

[140Mandak262Jamuna]

Not only you have to upload your recovery key to microsoft, the response you get after you upload from their servers does not bode well.

It says "all your base are belong to us".

HIPPA Compliance

[ITRambo]

Does MS having a copy of a WIndows 10 Pro bitlocker key for a PC in a small medical office violate HIPPA or is the issue moot?

Does this include dev accounts

[fredrated]

like Microsoft developers forums?

Headline is a *tad* FUDdy, but article is accurate

[cfalcon]

Bitlocker lets you have the option to save your "recovery key" to USB, or to print it. In both cases, you can destroy the key effectively (note that you'll have to take care to ensure that the USB device is physically destroyed or secured in a manner secure against attackers you are concerned about, and that your printer doesn't keep a recoverable copy somewhere).

So Bitlocker is (in theory) safe and secure. Personally, I wouldn't trust this- it's proprietary, it's Microsoft, and there's every motivation to either make the key recoverable or disclose it for uses Microsoft deems useful (for instance, a future tyrannical government might be able to threaten them in such a way as to produce the keys). But by their claims, it should be.

The article distinguishes this from "device encryption", a gimped form of Bitlocker present in the "Home" edition that they give for free (or cheap or whatever- once I did even the first amount of research into Windows 10 I decided to avoid it entirely). If you pay for Professional, you get access to "Bitlocker", which has configuration options, including the print-out and USB options, which can result in NO recovery key- the generally desired state from a security perspective.

The headline of the article truthfully states that Microsoft "probably" has your recovery key, and the slashdot headline leaves that out totally. Both leave out the important fact that you have to be using the "device encryption" version of Bitlocker in the shit-tier version of Windows 10.

There's other posts talking about the keylogger, or kernel keylogging. I'm not sure the fact that the kernel keeps your keystrokes for awhile is inherently vulnerable, but it is suspicious.

In any event, the fact that you must be an expert user to get anything that MIGHT be security out of Windows 10 is absolutely disgusting. The Home version will be the most common by far, and the average user will not be aware of the default settings where keys are sent (along with a ton of other things) upstream, nor will he be aware of the fact that his supposed device encryption is recoverable by any hacker or bad actor in the future. The level of drama required to do anything in Windows 10 is massive. It's a real nightmare.

Anyone notice how oddly hard it is to set up anything but straight AES in almost all places? There's a shocking lack of user exposed options even in Linux (and Linux can be configured to extremely high levels of redundancy or security). Name a distro that lets you full disk encrypt with AES-Twofish-Serpent from a GUI, for instance (again, you can absolutely configure this, but it seems hard to get anything but straight AES). I know AES is trusted, but I'd trust it more if there were ways more ways to opt out of it and use either another block cipher, or it WITH another block cipher.

Re:

[Farmer Tim]

Hey, at least it can't be shortened further to "Windows fixed that for you".

RE: I am 6 x 2

[davidwr]

"I am not a number. I am a free man."

Well, I was a free man until I logged in with my Microsoft account on my Windows 10 PC.

Re:did we forget the edward snowden stuff already?

[strstr]

here's a few ways NSA is intercepting it.

1. all data over the internet is being saved so they nab the key as it's being uploaded plus any other data communicated with Microsoft transparently as you use the net. ; if they want to gain legal authority to use the snoop'd data they go for a warrant and get it 'lawfully' from Microsoft, parallel constructing how their case was built. even if Microsoft encrypts the signal communications between their server and the end-user, the data is nabbed, and most definitely all of the encryption codes for end-user and Microsoft server software is de-decryptable by NSA because NSA has all of Microsoft's encryption certificates and has broken most encryption.
2. alt method is Microsoft just gives them all the encryption certificates secretly even without a warrant.

This has been explained before. Check out the Whistleblowers Websites on the issue.

williambinney.com [williambinney.com] thomasdrake.xyz [thomasdrake.xyz] russelltice.com [russelltice.com] drrobertduncan.com [drrobertduncan.com]

Re:

[rubycodez]

nonsense, instead use a distro (or other open source operating system for that matter) that is actually built for privacy and security as a prime consideration. There are Linux distros like that, and there is a BSD that is extremely like that

Re:

[brix]

This.

If Microsoft was forcing full-disk encryption on Windows 10 Home users (and I'm not convinced that they are), then it's still better than the alternative of having no encryption, right? Someone might argue that it's a "false sense of security" since you really don't know where the recovery keys could have gone, but I seriously doubt that most of these users would even know that they had encryption on anyway, so it can't be a false sense of security if you never knew you had the security in the firs