Aurornis
7 hours ago
FYI BitLocker is on by default in Windows 11. The defaults will also upload the BitLocker key to a Microsoft Account if available.
This is why the FBI can compel Microsoft to provide the keys. It's possible, perhaps even likely, that the suspect didn't even know they had an encrypted laptop. Journalists love the "Microsoft gave" framing because it makes Microsoft sound like they're handing these out because they like the cops, but that's not how it works. If your company has data that the police want and they can get a warrant, you have no choice but to give it to them.
This makes the privacy purists angry, but in my opinion it's the reasonable default for the average computer user. It protects their data in the event that someone steals the laptop, but still allows them to recover their own data later from the hard drive.
Any power users who prefer their own key management should follow the steps to enable Bitlocker without uploading keys to a connected Microsoft account.
thewebguyd
6 hours ago
> Any power users who prefer their own key management should follow the steps to enable Bitlocker without uploading keys to a connected Microsoft account.
Except the steps to to that are disable bitlocker, create a local user account (assuming you initially signed in with a Microsoft account because Ms now forces it on you for home editions of windows), delete your existing keys from OneDrive, then re-encrypt using your local account and make sure not to sign into your Microsoft account or link it to Windows again.
A much more sensible default would be to give the user a choice right from the beginning much like how Apple does it. When you go through set up assistant on mac, it doesn't assume you are an idiot and literally asks you up front "Do you want to store your recovery key in iCloud or not?"
dgrunwald
5 hours ago
> make sure not to sign into your Microsoft account or link it to Windows again
That's not so easy. Microsoft tries really hard to get you to use a Microsoft account. For example, logging into MS Teams will automatically link your local account with the Microsoft account, thus starting the automatic upload of all kinds of stuff unrelated to MS Teams.
In the past I also had Edge importing Firefox data (including stored passwords) without me agreeing to do so, and then uploading those into the Cloud.
Nowadays you just need to assume that all data on Windows computers is available to Microsoft; even if you temporarily find a way to keep your data out of their hands, an update will certainly change that.
theLiminator
5 hours ago
Yes, they push the MS account stuff very hard. I've found Windows so actively hostile to the user that I basically only use Linux now.
I used to be a windows user, it has really devolved to the point where it's easier for me to use Linux (though I'm technical). I really feel for the people who aren't technical and are forced to endure the crap that windows pushes on users now.
J_Shelby_J
4 hours ago
> actively hostile
That’s the real problem MS has. It’s becoming a meme how bad the relationship between the user and windows is. It’s going to cause generational damage to their company just so they can put ads in the start menu.
josephg
3 hours ago
It’s a pity for Apple that they keep making macOS worse with each major update. Modern Apple hardware running snow leopard would be a thing of beauty.
At this rate, my next laptop might end up being a framework running Linux.
seemaze
2 hours ago
I switched from Windows to Mac 15 years ago. It was a revelation when the terrible habits of verbally abusing my computer and anxiety saving files every 22 seconds just evaporated.
Those old habits have been creeping back lately through all the various *OS 26 updates. I too now have Linux on Framework. Not perfect, but so much better for my wellbeing.
heavyset_go
an hour ago
Buy a laptop with less problems on Linux if that's your intention.
gorbachev
6 minutes ago
They don't care. All of their money is on AI.
b112
3 hours ago
Maoboro cigarettes uaed to be for women, including red tipped filters to hide lipstick marks. Sales waned, so they actually rebranded the cigarette for men, and even succeeded in making it a definition of manliness.
Advertising stories like that, make sure M$ execs could care less about damage to their image.
Especially when profit leers its head.
(at least, I presume?!?)
to11mtm
2 hours ago
It is sad that we got to here from when the worst problem was a tile start menu (I liked 8.1 and it ran good on fairly trash hardware.)
RIMR
an hour ago
Linux is so much better than it used to be. You really don't need to be technical.
I have been recommending Kubuntu to Windows people. I find it's an easier bet than Linux Mint. You get the stability of Ubuntu, plus the guarantee of a Windows-like environment.
Yes, I know, Linux Mint supports Plasma, but I honestly think the "choose your desktop" part of the setup process is more confusing to a newbie than just recommending a distro with the most Windows-like UI and a straightforward installation.
dummydummy1234
34 minutes ago
Eh, not for laptops - I say as someone who switched to Linux from windows in past year.
I have spent a decent few days to get long battery life on Linux (fedora), with sleep hibernate + encryption. And I am still thinking that the Linux scheduler is not correctly using Intel's pcore/ecore on 13th gen correctly.
xp84
5 hours ago
Do we have confirmation that it’s a must to upload the key if you use an MS account with Windows? Is it proven that it's not possible to configure Windows to have an MS account linked, maybe even to use OneDrive, while not uploading the BitLocker key?
Btw - my definition of “possible” would include anything possible in the UI - but if you have to edit the registry or do shenanigans in the filesystem to disable the upload from happening, I would admit that it’s basically mandatory.
ls612
3 hours ago
I just checked on my personal desktop, which has Windows 11 installed using a local user account and is signed into my MS account for OneDrive and my account is listed as having no recovery codes in the cloud. I don’t recall editing anything in the registry to accomplish this it was the default behavior for having a local user account. I copied my recovery codes when I built the machine and pasted them into an E2EE iPhone note which should allow me to recover my machine if disaster strikes (also everything is backed up to Backblaze using their client side encryption).
LtdJorge
5 hours ago
Teams inside a VM it is, then.
ssl-3
4 hours ago
Or: Put all of Windows inside of a VM, within a host that uses disk encryption -- and let it run amok inside of its sandbox.
I did this myself for about 8 years, from 2016-2024. During that time my desktop system at home was running Linux with ZFS and libvirt, with Windows in a VM. That Windows VM was my usual day-to-day interface for the entire system. It was rocky at first, but things did get substantially better as time moved on. I'll do it again if I have a compelling reason to.
dvfjsdhgfv
5 hours ago
It's not just Teams. You need to be constantly vigilant not to make any change that would let them link your MS account to Windows. And they make it more and more difficult not only to install but also use Windows without a Microsoft account. I think they'll also enforce it on everybody eventually.
prmoustache
5 hours ago
You need to just stop using windows and that's it.
The only windows I am using is the one my company makes me use but I don't do anything personal on it. I have my personal computer next to it in my office running on linux.
replyifuagree
4 hours ago
> logging into MS Teams
I mean, this is one application nobody should ever log into!
IAmBroom
3 hours ago
That's nice.
I, however, like getting my paycheck, and so I have no choice.
spockz
3 hours ago
Of course. But I suppose you run Teams on a company provided/managed, or at least paid for by the company, device?
Just don’t use that machine for anything private.
Is anyone using their private devices for work? (Also there is teams for Linux and on the web, if that is not prevented by the policy of your org.)
klardotsh
3 hours ago
In the startup world, BYOD is/was exceedingly common. All but two jobs of my career were happy to allow me to use my own Linux laptop and eschew whatever they were otherwise going to give me.
Obviously enterprises aren’t commonly BYOD shops, but SMBs and startups certainly can be.
… whether the people who would do such BYOD things are at all likely to be Windows users who care about this Bitlocker issue, is a different debate entirely.
elzbardico
2 hours ago
Then the founders do something really stupid, and the law decides that your equipment may be evidence.
Unless you're a founder, you should always use company provided equipment.
plaguuuuuu
3 hours ago
teams works fine in website form for me because it IS a website (that uses an extra ~1gb of ram running as a desktop app because its also a separate browser)
layer8
3 hours ago
That means you’ll do that on the work machine provided by your employer, not on your personal machine.
Krssst
an hour ago
Note that password-based Bitlocker requires Windows Pro which is quite a bit more expensive.
> sign into your Microsoft account or link it to Windows again.
For reference, I did accidentally login into my Microsoft account once on my local account (registered in the online accounts panel). While Edge automatically enabled synchronization without any form of consent from my part, it does not look like that my Bitlocker recovery key is listed on https://account.microsoft.com/devices/recoverykey. But since I unlinked my account, it could be that it was removed automatically (but possible still cached somewhere).
shawnz
5 hours ago
Why would you need to create a local account? You can just not choose to store the keys in your Microsoft account during BitLocker setup: https://www.diskpart.com/screenshot/en/others/windows-11/win...
Admittedly, the risks of choosing this option are not clearly laid out, but the way you are framing it also isn't accurate
shakna
5 hours ago
All "Global Reader" accounts have "microsoft.directory/bitlockerKeys/key/read" permission.
Whether you opt in, or not, if you connect your account to Microsoft, then they do have the ability fetch the bitlocker key, if the account is not local only. [0] Global Reader is builtin to everything +365.
[0] https://github.com/MicrosoftDocs/entra-docs/commit/2364d8da9...
crazygringo
4 hours ago
They're Microsoft and it's Windows. They always have the ability to fetch the key.
The question is do they ever fetch and transmit it if you opt out?
The expected answer would be no. Has anyone shown otherwise? Because hypotheticals that they could are not useful.
lazide
4 hours ago
Considering all the shenanigans Microsoft has been up to with windows 11 and various privacy, advertising, etc. stuff?
Hell, all the times they keep enabling one drive despite it being really clear I don’t want it, and then uploading stuff to the cloud that I don’t want?
I have zero trust for Microsoft now, and not much better for them in the past either.
cyberax
4 hours ago
This is for the _ActiveDirectory_. If your machine is joined into a domain, the keys will be stored in the AD.
This does not apply to standalone devices. MS doesn't have a magic way to reach into your laptop and pluck the keys.
riskable
4 hours ago
> MS doesn't have a magic way to reach into your laptop and pluck the keys.
Of course they do! They can just create a Windows Update that does it. They have full administrative access to every single PC running Windows in this way.
g-b-r
an hour ago
People really pay too little attention to this attack avenue.
It's both extremely convenient and very unlikely to be detected; especially given that most current systems are associated to an account.
I'd be surprised if it's not widely used by law enforcement, when it's not possible to hack a device in more obvious ways.
Please check theupdateframework.io if you have a say in an update system.
shawnz
4 hours ago
Furthermore it seems like it's specific to Azure AD, and I'm guessing it probably only has effect if you enable to option to back up the keys to AD in the first place, which is not mandatory
I'd be curious to see a conclusive piece of documentation about this, though
cyberax
2 hours ago
Regular AD also has this feature, you can store the encryption keys in the domain controller. I don't think it's turned on by default, but you can do that with a group policy update.
pnw
3 hours ago
You can turn it off without resorting to a local account, although it's non-obvious.
GPEdit -> Computer Configuration → Administrative Templates → Windows Components → BitLocker Drive Encryption → Operating System Drives → “Choose how BitLocker-protected operating system drives can be recovered”
Repeat for other drives.
g-b-r
2 hours ago
I imagine you have to re-encrypt the drive after that, though, for it to have some real effect
modeless
5 hours ago
They don't do that for iMessage though... https://james.darpinian.com/blog/apple-imessage-encryption
thewebguyd
5 hours ago
Only because others you communicate with may not have ADP turned on, which is a flaw with any service that you cannot control what the other end does or does not do, not unique to Apple/iMessage outside of using something like Signal.
modeless
4 hours ago
Most other E2EE messaging services do not break their own E2EE by intentionally uploading messages or encryption keys to servers owned by the same company in a form that they can read. For example, Google's Messages app does not do this for E2EE conversations. This isn't something that only Signal cares about.
fpoling
4 hours ago
With Bitlocker it is still possible to have single password-based key. But enabling that requires to enter a few commands on the command line.
gruez
5 hours ago
>Except the steps to to that are disable bitlocker, create a local user account (assuming you initially signed in with a Microsoft account because Ms now forces it on you for home editions of windows), delete your existing keys from OneDrive, then re-encrypt using your local account and make sure not to sign into your Microsoft account or link it to Windows again.
1. Is there any indication it forcibly uploads your recovery keys to microsoft if you're signed into a microsoft account? Looking at random screenshots, it looks like it presents you an option https://helpdeskgeek.com/wp-content/pictures/2022/12/how-to-...
2. I'm pretty sure you don't have to decrypt and rencrypt the entire drive. The actual key used for encrypting data is never revealed, even if you print or save a recovery key. Instead, it generates a "protectors", which encrypts the actual key using the recovery key, then stores the encrypted version on the drive. If you remove a recovery method (ie. protector), the associated recovery key becomes immediately useless. Therefore if your recovery keys were backed up to microsoft and you want to opt out, all you have to do is remove the protector.
cesarb
7 hours ago
> Any power users who prefer their own key management should follow the steps to enable Bitlocker without uploading keys to a connected Microsoft account.
Once the feature exists, it's much easier to use it by accident. A finger slip, a bug in a Windows update, or even a cosmic ray flipping the "do not upload" bit in memory, could all lead to the key being accidentally uploaded. And it's a silent failure: the security properties of the system have changed without any visible indication that it happened.
jollyllama
6 hours ago
There's a lot of sibling comments to mine here that are reading this literally, but instead, I would suggest the following reading: "I never selected that option!" "Huh, must have been a cosmic ray that uploaded your keys ;) Modern OS updates never obliterate user-chosen configurations"
hparadiz
4 hours ago
They just entirely ignore them instead.
bobbob1921
6 hours ago
This is correct, I also discovered while preparing several ThinkPads for a customer based on a Windows 11 image i made, that even if you have bitlocker disabled you may also need to check that hardware disk encryption is disabled as well (was enabled by default in my case). Although this is different from bitlocker in that the encryption key is stored in the TPM, it is something to be aware of as it may be unexpected.
Aurornis
6 hours ago
If users are so paranoid that they worry about a cosmic ray bit flipping their computer into betraying them, they're probably not using a Microsoft account at all with their Windows PC.
SoftTalker
6 hours ago
If your security requirements are such that you need to worry about legally-issued search warrants, you should not connect your computer to the internet. Especially if it's running Windows.
zhengyi13
5 hours ago
Right, this is just a variation on "If you have nothing to hide..."
ETA: You're not wrong; folk who have specific, legitimate opsec concerns shouldn't be using certain tools. I just initially read your post a certain way. Apologies if it feels like I put words in your mouth.
direwolf20
6 hours ago
In the modern political environment, everyone should be worried about that.
fc417fc802
5 hours ago
In all political environments everyone should be worried about that. The social temperature can change rapidly and you generally can't force a third party to destroy copies of your things in a reliable manner.
oskarw85
6 hours ago
Because all cops are honest, all warrants are lawful and nothing worrying happens in the land of freedom right now.
Terr_
3 hours ago
And what's more, that perfect situation could never change in the future.
Me-30-years-ago would have called today's government crimes and corruption an implausible fever dream.
qmr
5 hours ago
Appeal to the law fallacy.
spixy
5 hours ago
and use ECC memory
egorfine
6 hours ago
Oh, no accidents needed. Microsoft will soon forcibly extract and upload keys to their servers.
Before you downvote, please entertain this one question: have you been able to predict that mandatory identification of online users under the guise of protecting children would literally be implemented in leading western countries in such a quick fashion? If you were, then upvote my comment instead because you know that will happen. If you couldn't even imagine this say in 2023 - then upvote my comment instead because neither you can imagine mandatory key extraction.
zdragnar
6 hours ago
I can't believe it took this long.
We have mandatory identification for all kinds of things that are illegal to purchase or engage in under a certain age. Nobody wants to prosecute 12 year old kids for lying when the clicked the "I am at least 13 years old" checkbox when registering an account. The only alternative is to do what we do with R-rated movies, alcohol, tobacco, firearms, risky physical activities (i.e. bungee jumping liability waiver) etc... we put the onus of verifying identification on the suppliers.
I've always imagined this was inevitable.
thewebguyd
5 hours ago
The problem is the implementation is hasty.
When I go buy a beer at the gas station, all I do is show my ID to the cashier. They look at it to verify DOB and then that's it. No information is stored permanently in some database that's going to get hacked and leaked.
We can't trust every private company that now has to verify age to not store that information with whatever questionable security.
If we aren't going to do a national registry that services can query to get back only a "yes or no" on whether a user is of age or not, then we need regulation to prevent the storage of ID information.
We should still be able to verify age while remaining psuedo-anonymous.
freedomben
2 hours ago
> When I go buy a beer at the gas station, all I do is show my ID to the cashier. They look at it to verify DOB and then that's it. No information is stored permanently in some database that's going to get hacked and leaked.
That's how it should be, but it's not how it is. Many places now scan your ID into their computer (the computer which, btw, tracks everything you buy). It may not go to a government database (yet) but it's most certainly being stored.
tzs
3 hours ago
> If we aren't going to do a national registry that services can query to get back only a "yes or no" on whether a user is of age or not, then we need regulation to prevent the storage of ID information.
Querying a national registry is not good because the timing of the queries could be matched up with the timing of site logins to possibly figure out the identities of anonymous site users.
A way to address this, at the cost of requiring the user to have secure hardware such as a smart phone or a smart card or a hardware security token or similar is for your government to issue you signed identity documents that you store and that are bound cryptographically to your secure hardware.
A zero knowledge protocol can later be used between your secure hardware and the site you are trying to use that proves to the site you have ID that says you are old enough and it is bound to your hardware without revealing anything else from your ID to the site.
This is what the EU had been developing for a few years. It is currently undergoing a series of large scale field trials, with release to the public later this year, with smart phones as the initial secure hardware. Member starts will be required to support it, and any mandatory age verification laws they pass will require sites to support it (they can also support other methods).
All the specs are open and the reference implementations are also open source, so other jurisdictions could adopt this.
Google has released an open source library for a similar system. I don't know if it is compatible with the EU system or not.
I think Apple's new Digital ID feature in Wallet is also similar.
We really need to get advocacy groups that are lobbying on age verification bills to try to make it so when the bills are passed (and they will be) they at least allow sites to support some method like those described above, and ideally require sites to do so.
egorfine
2 hours ago
> We should still be able to verify age while remaining psuedo-anonymous.
That would completely defeat the purpose. The goal is to identify online users, not protect children.
dragonwriter
4 hours ago
> If we aren't going to do a national registry that services can query to get back only a "yes or no" on whether a user is of age or not
And note that if we are, the records of the request to that database are an even bigger privacy timebomb than those of any given provider, just waiting for malicious actors with access to government records.
criddell
4 hours ago
> When I go buy a beer at the gas station, all I do is show my ID to the cashier. They look at it to verify DOB and then that's it. No information is stored permanently in some database that's going to get hacked and leaked.
Beer, sure. But if you buy certain decongestants, they do log your ID. At least that's the case in Texas.
trashface
3 hours ago
In PA they scan your ID if you buy beer. There could be a full digital record of all my beer purchases for past 15+ years, although I'm not aware of any aggregation of this data that is happening. Not that I expect anyone doing it would talk about it.
dragonwriter
4 hours ago
> But if you buy certain decongestants, they do log your ID.
Yeah, but many people don't actually think War on Drugs policies are a model for civil liberties that should be extended beyond that domain (or, in many cases, even tolerated in that domain.) That policy has been effective, I guess, in promoting the sales of alternative “decongestants” (that don't actually work), though it did little to curb use and harms from the drugs it was supposed to control by attacking supply.
teepo
3 hours ago
Depending on the gas station... I've been to at least a dozen in Texas where the clerk scanned the back of my DL for proof of age. I'm assuming that something is getting stored somewhere..
zdragnar
3 hours ago
I definitely don't disagree that the implementation is problematic, I'm just surprised it took this long for it to happen.
xp84
5 hours ago
We should easily be able to, but the problem of tech illiteracy is probably our main barrier. To build such a system you’d need to issue those credentials to the end users. Those users in turn would eagerly believe conspiracy theories that the digital ID system was actually stealing their data or making it available to MORE parties instead of fewer (compared to using those ID verification services we have today).
tavavex
5 hours ago
I don't think that's quite right. The age-gating of the internet is part of a brand new push, it's not just patching up a hole in an existing framework. At least in my Western country, all age-verified activities were things that could've put someone in direct, obvious danger - drugs, guns, licensing for something that could be dangerous, and so on. In the past, the 'control' of things that were just information was illusory. Movie theaters have policies not to let kids see high-rated movies, but they're not strictly legally required to do so. Video game stores may be bound by agreements or policy not to sell certain games to children, but these barriers were self-imposed, not driven by law. Pornography has really been the only exception I can think of. So, demanding age verification to be able to access large swaths of the internet (in some cases including things as broad as social media, and similar) is a huge expansion on what was in the past, instead of just them closing up some loopholes.
PunchyHamster
3 hours ago
The problem is that there is nothing done to protect privacy.
There is already plenty of entities that not only have reliable way of proving it's you that have access to account, but also enough info to return user's age without disclosing anything else, like banks or govt sites, they could (or better, be forced to) provide interface to that data.
Basically "pick your identity provider" -> "auth on their site" -> "step showing that only age will be shared" -> response with user's age and the query's unique ID that's not related to the user account id
zdragnar
3 hours ago
I don't disagree that the implementation is all kinds of wrong. I'm just surprised it took them this long to compel it.
tokyobreakfast
6 hours ago
>even a cosmic ray flipping the "do not upload" bit in memory
Stats on this very likely scenario?
strbean
6 hours ago
> IBM estimated in 1996 that one error per month per 256 MiB of RAM was expected for a desktop computer.
From the wikipedia article on "Soft error", if anyone wants to extrapolate.
d1sxeyes
6 hours ago
That makes it vanishingly unlikely. On a 16GB RAM computer with that rate, you can expect 64 random bit flips per month.
So roughly you could expect this happen roughly once every two hundred million years.
Assuming there are about 2 billion Windows computers in use, that’s about 10 computers a year that experience this bit flip.
eszed
6 hours ago
> 10 computers a year experience this bit flip
That's wildly more than I would have naively expected to experience a specific bit-flip. Wow!
mapontosevenths
5 hours ago
Scale makes the uncommon common. Remember kids, if she's one in a million that means there are 11 of her in Ohio alone.
d1sxeyes
2 hours ago
~800 bit flips per year per computer. 2 billion computers with 800 bit flips each is 1,600,000,000,000 (one point six trillion) bit flips.
Big numbers are crazy.
justsomehnguy
2 hours ago
I saw a computer with 'system33', 'system34' folders personally. Also you would never actually know it happened because... it's not ECC. And with ECC memory we replace a RAM stick every two-three months explicitly because ECC error count is too high.
homebrewer
6 hours ago
Given enough computers, anything will happen. Apparently enough bit flips happen in domains (or their DNS resolution) that registering domains one bit away from the most popular ones (e.g. something like gnogle.com for google.com) might be worth it for bad actors. There was a story a few years ago, but I can't find it right now; perhaps someone will link it.
pixl97
6 hours ago
https://www.youtube.com/watch?v=aT7mnSstKGs
Was in DEFCON19.
homebrewer
6 hours ago
Great, thanks. Here's a discussion on this site:
lanyard-textile
6 hours ago
A very old game speedrun -- of the era that speedruns weren't really a "thing" like they are today -- apparently greatly benefited from a hardware bit flip, and it was only recently discovered.
Can't find an explanatory video though :(
direwolf20
6 hours ago
The Tick Tock Clock upwarp in Super Mario 64. All evidence that exists of it happening is a video recording. The most similar recording was generated by flipping a single bit in Mario's Y position, compared to other possibilities that were tested, such as warping Mario up to the closest ceiling directly above him.
tavavex
5 hours ago
I'm pretty sure that while no one knows the cause definitively, many people agreed that the far more likely explanation for the bit change was a hardware fault (memory error, bad cartridge connection or something similar) or other, more powerful sources of interference. The player that recorded the upwarp had stated that they often needed to tilt the cartridge to get the game to run, showing that the connection had already degraded. The odds of it being caused by a cosmic ray single-event upset seem to be vanishingly low, especially since similar (but not identical) errors have already been recorded on the N64.
drysine
6 hours ago
At google "more than 8% of DIMM memory modules were affected by errors per year" [0]
More on the topic: Single-event upset[1]
monocasa
an hour ago
At the time Google was taking RAM that had failed manufacturer QA that they had gotten for cheap and sticking it on DIMMs themselves and trying to self certify them.
Aloisius
2 hours ago
> At google "more than 8% of DIMM memory modules were affected by errors per year"
That's all errors including permanent hardware failure, not just transient bit flips or from cosmic rays.
halfmatthalfcat
6 hours ago
It's "HN-likely" which translates to "almost never" in reality.
Supermancho
5 hours ago
Happens all the time, in reality (even on the darkside). When the atmosphere fails (again, happening all the time), error correction usually handles the errant bits.
patja
6 hours ago
Especially since HN readers are more likely to be using ECC memory
smegger001
6 hours ago
if cosmic ray bit flips were so rare then ecc ram wouldn't be a thing.
Sayrus
6 hours ago
ECC protects against more events than cosmic rays. Those events are much more likely, for instance magnetic/electric interferences or chip issues.
direwolf20
6 hours ago
Those random unexplainable events are also referred to casually as "cosmic rays"
wang_li
6 hours ago
In the 2010 era of RAM density, random bit flips were really uncommon. I worked with over a thousand systems which would report ECC errors when they happen and the only memorable events at all were actual DIMM failures.
Also, around 1999-2000, Sun blamed cosmic rays for bit flips for random crashes with their UltraSPARC II CPU modules.
mapontosevenths
5 hours ago
> actual DIMM failures.
Yep, hardware failures, electrical glitches, EM interference... All things that actually happen to actual people every single day in truly enormous numbers.
It ain't cosmic rays, but the consequences are still flipped bits.
gruez
6 hours ago
>A finger slip, a bug in a Windows update, or even a cosmic ray flipping the "do not upload" bit in memory, could all lead to the key being accidentally uploaded.
This is absurd, because it's basically a generic argument about any sort of feature that vaguely reduces privacy. Sorry guys, we can't have automated backups in windows (even opt in!), because if the feature exists, a random bitflip can cause everything to be uploaded to microsoft against the user's will.
redox99
6 hours ago
Uploading your encryption keys is not just "any sort of feature".
gruez
6 hours ago
You're right, it's less intrusive than uploading your files directly, like a backup does.
JoshTriplett
3 hours ago
On the contrary: a backup can be fully encrypted by a key under the user's control that isn't available to the storage provider.
lazide
4 hours ago
I’m still pissed about the third+ time one drive ‘helpfully’ backed up all my files after I disabled it.
So that may not be a great example of you’re trying to make people like Microsoft.
salawat
6 hours ago
What part of "We can't have nice things" do you not understand?
gruez
6 hours ago
The part where you're asking me about the phrase when it's not been used anywhere in this thread prior to your comment.
vik0
6 hours ago
You can always count on someone coming along and defending the multi-trillion dollar corporation that just so happens to take a screenshot of your screen every few seconds (among many, many - too many other things)
Aurornis
6 hours ago
Sorry to interrupt the daily rage session with some neutral facts about how Windows and the law work.
> that just so happens to take a screenshot of your screen every few seconds
Recall is off by default. You have to go turn it on if you want it.
dns_snek
6 hours ago
It only became off by default after those "daily rage sessions" created sufficient public pressure to turn them off.
Microsoft also happens to own LinkedIn which conveniently "forgets" all of my privacy settings every time I decide to review them (about once a year) and discover that they had been toggled back to the privacy-invasive value without my knowledge. This has happened several times over the years.
yoyohello13
6 hours ago
I big demographic of HN users are people who want to be the multi-trillion dollar corporation so it’s not too surprising. In this case though I think they are right. And I’m a big time Microsoft hater.
dijit
4 hours ago
The defenders of Microsoft are right?
How?
There is no point locking your laptop with a passphrase if that passphrase is thrown around.
Sure, maybe some thief can't get access, but they probably can if they can convince Microsoft to hand over the key.
Microsoft should not have the key, thats part of the whole point of FDE; nobody can access your drive except you.
The cost of this is that if you lose your key: you also lose the data.
We have trained users about this for a decade, there have been countless dialogues explaining this, even if we were dumber than we were (we're not, despite what we're being told: users just have fatigue from over stimulation due to shitty UX everywhere); then it's still a bad default.
nitwit005
2 hours ago
This happens everywhere. There is a reason there are memes about people defending multi-billion dollar corporations.
patja
6 hours ago
Are you referring to Microsoft Recall? My understanding is that is opt-in and only stored locally.
parliament32
6 hours ago
Stored locally.. until it's uploaded by OneDrive or Windows Backup?
egorfine
2 hours ago
1) for now
2) according to Microsoft
So, trust is not zero. It's deeply negative.
zer00eyz
6 hours ago
https://en.wikipedia.org/wiki/Room_641A ... Then, years later every one acts like Snowden had some big reveal.
There is the old password for candy bar study: https://blog.tmb.co.uk/passwords-for-chocolate
Do users care? I would posit that the bulk of them do not, because they just dont see how it applies to them, till they run into some type of problem.
mcmcmc
6 hours ago
AI enshittification is irrelevant here. Why is someone pointing out that sensible secure defaults are a good thing suddenly defending the entire company?
ChromaticPanic
5 hours ago
Uploading your encryption keys up to someone else's machine is not a sensible default
crazygringo
4 hours ago
It generally is, because in the vast majority of cases users will not keep a local copy and will lose their data.
Most (though not all) users are looking for encryption to protect their data from a thief who steals their laptop and who could extract their passwords, banking info, etc. Not from the government using a warrant in a criminal investigation.
If you're one of the subset of people worried about the government, you're generally not using default options.
ChromaticPanic
3 hours ago
For laptops sure, but then those are not reasons for it to be default on desktops too. Are most Windows users on laptops? I highly doubt that. So it is not a sensible default.
Xss3
3 hours ago
Most pc users are using laptops, yes. Above 60%.
Even offices usually give people laptops over desktops so that they can bring it to meetings.
dijit
3 hours ago
> It generally is, because in the vast majority of cases users will not keep a local copy and will lose their data.
What's the equivalent of thinking users are this stupid?
I seem to recall that the banks repeatedly tell me not to share my PIN number with anyone, including (and especially) bank staff.
I'm told not to share images of my house keys on the internet, let alone handing them to the government or whathaveyou.
Yet for some unknown reason everyone should send their disk encryption keys to one of the largest companies in the world (largely outside of legal jurisdiction), because they themselves can't be trusted.
Bear in mind that with a(ny) TPM chip, you don't need to remember anything.
Come off it mate. You're having a laugh aren't you?
gruez
6 hours ago
Yes, because object level facts matter, and it's intellectually dishonest to ignore the facts and go straight into analyzing which side is the most righteous, like:
>Microsoft is an evil corporation, so we must take all bad stories about them at face value. You're not some corpo bootlicker, now, are you? Now, in unrelated news, I heard Pfizer, another evil corporation with a dodgy history[1] is insisting their vaccines are safe...
LoganDark
6 hours ago
Microsoft doesn't take the screenshot; their operating system does if Recall is enabled, and although the screenshots themselves are stored in an insecure format and location, Microsoft doesn't get them by default.
hshdhdhj4444
11 minutes ago
> Journalists love the "Microsoft gave" framing because it makes Microsoft sound like they're handing these out because they like the cops, but that's not how it works. If your company has data that the police want and they can get a warrant, you have no choice but to give it to them.
I’m not sure how you’re criticizing the “gave” framing when you’re describing and stating Microsoft literally giving the keys to the FBI.
parl_match
2 minutes ago
Because "gave" implies a favor or a one sided exchange. It implies that Microsoft is just giving away keys for no reason!
Better, and more accurate wording, would be that "Microsoft surrendered keys" or "Microsoft ceded keys". Or "Microsoft legally compelled to give the keys". If Microsoft did so without a warrant, then "gave" would be more tonally accurate.
In addition, none of this is new. They've been turning over keys when legally compelled to, for many years.
Fun fact: Apple does this too. https://support.apple.com/en-us/108756
michaelt
5 hours ago
> If your company has data that the police want and they can get a warrant, you have no choice but to give it to them.
Yes. The thing is: Microsoft made the design decision to copy the keys to the cloud, in plaintext. And they made this decision with the full knowledge that the cops could ask for the data.
You can encrypt secrets end-to-end - just look at how password managers work - and it means the cops can only subpoena the useless ciphertext. But Microsoft decided not to do that.
I dread to think how their passkeys implementation works.
kenjackson
an hour ago
Where did you get that they are stored in plaintext?
j_maffe
24 minutes ago
It doesn't matter how it's stored. So long as it isn't E2EE, they (and anyone who can ask for it) will be able to access the drives
drnick1
6 hours ago
> Any power users who prefer their own key management should follow the steps to enable Bitlocker without uploading keys to a connected Microsoft account.
The real issue is that you can't be sure that the keys aren't uploaded even if you opt out.
At this point, the only thing that can restore trust in Microsoft is open sourcing Windows.
Aurornis
6 hours ago
> The real issue is that you can't be sure that the keys aren't uploaded even if you opt out.
The fully security conscious option is to not link a Microsoft account at all.
I just did a Windows 11 install on a workstation (Windows mandatory for some software) and it was really easy to set up without a Microsoft account.
MereInterest
6 hours ago
Last time I needed to install Windows 11, avoiding making a Microsoft account required (1) opening a command line to run `oobe/bypassnro`, and (2) skipping past the wifi config screen. While these are quick steps, neither of those are at all "easy", since they require a user to first know that it is an option in the first place.
And newer builds of Windows 11 are removing these methods, to force use of a Microsoft account. [0]
[0] https://www.windowslatest.com/2025/10/07/microsoft-confirms-...
zyx321
4 hours ago
By selecting Domain Join, which is available on Professional edition and above.
epistasis
6 hours ago
> it was really easy to set up without a Microsoft account.
By "really easy" do you mean you had a checkbox? Or "really easy" in that there's a secret sequence of key presses at one point during setup? Or was it the domain join method?
Googling around, I'm not sure any of the methods could be described as "really easy" since it takes a lot of knowledge to do it.
catchmost
3 hours ago
I recently had to install Windows for the first time in ages because reasons, and it really wasn’t very hard. The setup really just presents two options at a time: the cloudy option, and the other option. If in doubt, the flashy one is the cloudy one. I kept selecting the non cloudy option and got to the desktop without signing up for anything. Sure it took more clicking than last time I went through this, but really wasn’t nearly as bad as people say and didn’t take any windows know-how or googling. Might be very different between editions and regions though…
Edit: ofc we all agree local accounts needs to be a supported option, but perhaps we should be more careful about yelling from the rooftops that it’s practically impossible. I’ve been told for years now that it’s really hard or impossible, and it really was not that hard (yet…)
epistasis
2 hours ago
You're a bit vague here, but I'm 99% sure such options were not available when I installed Win 11 a few months ago.
Chastising people about "yelling" is not really an appropriate thing to say here.
vanviegen
6 hours ago
And how do you know the keys are never uploaded if you don't have an account?
jjnoakes
6 hours ago
The same way you know that your browser session secrets, bank account information, crypto private keys, and other sensitive information is never uploaded. That is to say, you don't, really - you have to partially trust Microsoft and partially rely on folks that do black-box testing, network analysis, decompilation, and other investigative techniques on closed-source software.
criddell
4 hours ago
Air gap the machine.
matheusmoreira
6 hours ago
Power users should stop bothering with Windows nonsense and install Linux instead so that they can actually have control over their system.
It's 2026. The abuses of corporations are well documented. Anyone who still chooses Windows of their own volition is quite literally asking for it and they deserve everything that happens to them.
jbstack
5 hours ago
You only have to run through a modern Windows installer to understand how screwed you are if you install it. Last time I did this for a disposable Windows VM (a couple of years ago) I remember having to click through a whole bunch of prompts asking about all the different types of data Microsoft wanted my computer to send them. Often the available answers weren't "yes" or "no" but more like "share all data" vs "share just some data". After that I recall being forced to sign up for an outlook account just to create a local login unless I unplugged my network cable during the install. I've heard they have closed that loophole in recent installers.
I'd already long since migrated away from Windows but if I'd been harbouring any lingering doubts, that was enough to remove them.
SmellTheGlove
6 hours ago
I’ll bite. What Linux distro currently has the nicest desktop experience? I work on a MacBook but my desktop is a windows PC that I use for gaming and personal projects. I hear Proton has made the former pretty good now, and the latter is mostly in WSL for me anyway. Maybe a good time to try.
What do you suggest? I’ll try it in a VM or live usb.
jbstack
5 hours ago
There are so many distros that it really depends on your use-case and it's hard to make a generic suggestion. Ubuntu is a common recommendation for first timers, mainly because as the most popular distro you'll easily be able to Google when you need help with something, and it also uses the most popular package format (.deb). There's also Linux Mint which is basically Ubuntu but with some of the latter's more questionable choices removed (e.g. snaps) and minus the big corp owner. By using one of these you'll also be learning skills relevant to Debian (which Ubuntu is derived from) which is a solid choice for servers.
Regardless of which distro you choose, your "desktop experience" will be mostly based on what desktop environment you pick, and you are free to switch between them regardless of distro. Ubuntu for example provides various installers that come with different DEs installed by default (they call them "flavours": https://ubuntu.com/desktop/flavors), but you can also just switch them after installation. I say "mostly" because some distros will also customise the DE a bit, so you might find some differences.
"Nicest desktop experience" is also too generic to really give a proper suggestion. There are DEs which aim to be modern and slick (e.g. GNOME, KDE Plasma, Cinnamon), lightweight (LXQt), or somewhere in between (Xfce). For power users there's a multitude of tiling window managers (where you control windows with a keyboard). Popular choices there are i3/sway or, lately, Niri. All of these are just examples, there are plenty more DEs / WMs to pick from.
Overall my suggestion would be to start with something straightforward (Mint would probably be my first choice here), try all the most popular DEs and pick the one you like, then eventually (months or years later) switch to a more advanced distro once you know more what your goals are and how you want to use the system. For example I'm in the middle of migrating to NixOS because I want a fully declarative system which gives the freedom to experiment without breaking your system because you can switch between different temporary environments or just rollback to previous generations. But I definitely wouldn't have been ready for that at the outset as it's way more complex than a more traditional distro.
amitav1
5 hours ago
Something with KDE. Never used KDE extensively because I hate non-tiling WMs, but something like Kubuntu would give you a more windows-esque experience by default. Here's the download link:
Bon appetit!
andai
5 hours ago
I don't use KDE either, but it does seem to be the most Windows adjacent choice. Unless you like very old versions of Windows in which case you may prefer XFCE like me (Xubuntu or the xfce variant of Linux mint).
I heard Kubuntu is not a great distro for KDE, but I can't comment on that personally.
amlib
4 hours ago
If you want maximum commodity and as many things to "just work" as possible out of the box, go for good old plain Ubuntu.
If you care a little more about your privacy and is willing to sacrifice some commodity, go for Fedora. It's community run and fairly robust. You may have issues with media codecs, nvidia drivers and few other wrinkles though. The "workstation" flavor is the most mature, but you may want to give the KDE version a try.
If you want an adventure, try everything else people are recommending here :)
mmh0000
5 hours ago
That's literally like asking "What car has the best driving experience?". There is no one answer.
If you want something that "just works," Linux Mint[1] is a great starting point. That gets you into Linux without any headache. Then, later when bored, you can branch out into the thousands[2] of Linux distributions that fill every possible niche
PlatoIsADisease
3 hours ago
I would never, recommend anything from Debian-family for consumer use. Its literally outdated linux, under the marketing 'stable'.
Fedora is so significantly better.
I wouldn't confuse popularity for good. Ubuntu gave away free CDs in the 2000s and are living off old marketing.
Debian family is so bad. You will be in the terminal constantly just trying to get stuff to work. Stick to a well maintained, up to date, consumer distro, Fedora.
(reminder that Fedora is Not Arch)
matheusmoreira
3 hours ago
For gaming I suggest a Steam Deck. I love mine, it's an awesome Linux device. Not locked down either.
taberiand
4 hours ago
If you're a developer, try NixOS. The code based configuration can be daunting but LLMs are very good at writing it.
jbstack
4 hours ago
Not sure it's good as a starter distro, but other than that I agree. I was put off NixOS for a long time despite loving the principles behind it. Then a few weeks ago I had ChatGPT give me a short course on it, including flakes and the basics of the Nix language. I completed that in a few hours and achieved more than I ever had reading the Nix docs and blogs etc. Now I'm able to use an LLM to help me write flakes while also understanding what it is doing (I'm not a fan of blindly using AI generated code).
taberiand
2 hours ago
That's what I'm getting at - the nixos learning curve is flattened out completely with LLMs to the point that I do recommend it as a starter distro for anyone technically competent (as it's still crucial to actually read and understand what the LLM produces)
heavyset_go
an hour ago
> Journalists love the "Microsoft gave" framing because it makes Microsoft sound like they're handing these out because they like the cops, but that's not how it works. If your company has data that the police want and they can get a warrant, you have no choice but to give it to them.
Often it is the case that companies hand over private data to law enforcement just by being asked for it nicely, no warrant needed.
postalcoder
6 hours ago
I'm not sure how to do this on Windows, but to disable FileVault cloud key backup on Mac, go to `Settings > Users & Groups > click on the (i) tooltip next to your account` and uncheck "Allow user to reset password using Apple Account".
This is a part of Settings that you will never see at a passing glance, so it's easy to forget that you may have it on.
I'd also like to gently push back against the cynicism expressed about having a feature like this. There are more people who benefit from a feature like this than not. They're more likely thinking "I forgot my password and I want to get the pictures of my family back" than fully internalizing the principles and practices of self custody - one of which is that if you lose your keys, you lose everything.
Melatonic
6 hours ago
Or use a local account to login ?
dcrazy
6 hours ago
I’m not sure if you misunderstand how macOS accounts work or how FileVault works.
There are two ways to log into macOS: a local user account or an LDAP (e.g. OpenDirectory, Active Directory) account. Either of these types of accounts may be associated with an iCloud account. macOS doesn’t work like Windows where your Microsoft account is your login credential for the local machine.
FileVault key escrow is something you can enable when enabling FileVault, usually during initial machine setup. You must be logged into iCloud (which happens in a previous step of the Setup Assistant) and have iCloud Keychain enabled. The key that wraps the FileVault volume encryption key will be stored in your iCloud Keychain, which is end-to-end encrypted with a key that Apple does not have access to.
If you are locked out of your FileVault-encrypted laptop (e.g. your local user account has been deleted or its password has been changed, and therefore you cannot provide the key to decrypt the volume encryption key), you can instead provide your iCloud credentials, which will use the wrapping key stored in escrow to decrypt the volume encryption key. This will get you access to the drive so you can copy data off or restore your local account credentials.
duskwuff
6 hours ago
> There are two ways to log into macOS: a local user account or an LDAP (e.g. OpenDirectory, Active Directory) account.
And just in case it wasn't clear enough, I'd add: a local user account is standard. The only way you'd end up with an LDAP account is if you're in an organization that deliberately set your computer up for networked login; it's not a typical configuration, nor is it a component used by iCloud.
g947o
6 hours ago
> It protects their data in the event that someone steals the laptop, but still allows them to recover their own data later from the hard drive.
False. If you only put the keys on the Microsoft account, and Microsoft closes your account for whatever reason, you are done.
Centigonal
4 hours ago
MacOS has this feature as well. It used to be called "Allow my iCloud account to unlock my disk," but it keeps getting renamed and moved around in new MacOS versions. I think it's now tied together with remote password resets into one option called "allow user to reset password using Apple Account."
armada651
6 hours ago
> If your company has data that the police want and they can get a warrant, you have no choice but to give it to them.
They can fight the warrant, if you don't at least object to it then "giving the keys away" is not an incorrect characterization.
plagiarist
4 hours ago
This is my thought also. So they're only holding the keys to prevent anyone from whining about lost data, they don't actually want to be responsible.
Melatonic
6 hours ago
Exactly. And any halfway decent corporate IT setup would be managing the keys themselves as well (although I would imagine many third party tools could also be compelled to do this with a proper warrant)
Bitlocker on by default (even if Microsoft does have the keys and complies with warrants) is still a hell if a lot better than the old default of no encryption. At least some rando can't steal your laptop, pop out the HDD, and take whatever data they want.
Hizonner
6 hours ago
The "reasonable default" is to force the user to actually make the choice, probably after forcing the user to prove they understand the implications.
x0x0
6 hours ago
I don't think there's a good answer here.
Users absolutely 100% will lose their password and recovery key and not understand that even if the bytes are on a desk physically next to you, they are gone. Gone baby gone.
In university, I helped a friend set up encryption on a drive w/ his work after a pen drive with work on it was stolen. He insisted he would not lose the password. We went through the discussion of "this is real encryption. If you lose the password, you may as well have wiped the files. It is not in any way recoverable. I need you to understand this."
6 weeks is all it took him.
nitwit005
2 hours ago
Some people will hurt themselves if given dangerous tools, but if you take all the dangerous items out of the tool shop, there won't be any tools left.
Microsoft seems to feel constant pressure to dumb Windows down, but if you look at the reasons people state when switching to Linux, control is a frequent theme. People want the dangerous power tools.
briHass
36 minutes ago
Tool manufacturers include all kinds of annoying safety devices to attempt to prevent injury, or at least to give them some cover in a lawsuit.
Table saw blade guards and riving knives are an ironic example here: I've yet to hear a story of a woodworker that lost a finger on a table saw that wouldn't have been able to avoid that injury if they kept one of those safety devices on the saw. Everyone thinks the annoyance isn't worth it, since they are an 'expert', yet it happens frequently.
direwolf20
2 hours ago
Then you don't want encrypt by default and anyone who goes out of their way knows what they're doing
toraway
an hour ago
Okay, so then the default for 95% of users is no encryption at all and police (or the far more likely thief, roommate, etc) don't even have to bother with a warrant to get all your data.
Improving the situation ... how exactly?
thewebguyd
6 hours ago
Apple gives users the choice during set up assistant, no reason Microsoft can't.
knollimar
5 hours ago
I bet he learned a valuable lesson
giancarlostoro
6 hours ago
To be fair, if they didn't have BitLocker enabled at all, the FBI would have just scanned the hard-drive as-is. The only usefulness of BitLocker is if a stranger steals your laptop, assuming Microsoft doesn't hand out the keys to just anybody, your files should be safe, in theory.
mattmaroon
7 hours ago
It’s definitely better than no encryption at all, which would be what most people would have otherwise.
wing-_-nuts
5 hours ago
>Any power users who prefer their own key management should follow the steps to enable Bitlocker without uploading keys to a connected Microsoft account.
I have W11 w a local account and no bitlocker on my desktop computer, but the sheer amount of nonsense MS has been doing these days has really made me question if 'easy modding*' is really enough of a benefit for me to not just nuke it and install linux yet again
* You can get the MO2 mod manager running under linux, but it's a pain, much like you can also supposedly run executable mods (downgraders, engine patches, etc) in the game's context, but again, pain
PunchyHamster
3 hours ago
> Any power users who prefer their own key management should follow the steps to enable Bitlocker without uploading keys to a connected Microsoft account.
You mean "Install Linux",because that's easier than dealing with the steps required to do that on Windows
themafia
4 hours ago
Hacker News defending corporate key escrow. Wow.
> It protects their data in the event that someone steals the laptop, but still allows them to recover their own data later from the hard drive.
It allows /anyone/ to recover their data later. You don't have to be a "purist" to hate this.
Spivak
4 hours ago
There is no other way for this to work that won't result in an absolutely massive number of people losing their data permanently who had no idea their drive was encrypted. Well there is, leave BitLocker disabled by default and the drive unencrypted. Now the police don't even have to ask!
With this scheme the drive is recoverable by the user and unreadable to everyone except you, Microsoft, and the police. Surely that's a massive improvement over sitting in plaintext readable by the world. The people who are prepared to do proper key management will know how to do it themselves.
Apple does the same thing with FileVault when you set up with your iCloud account where, again, previously your disk was just left unencrypted.
throwway120385
6 hours ago
Correct me if I'm wrong, but isn't forcing you to divulge your encryption password compelled speech? So the police can crack my phone but they can't force me to tell them my PIN.
thewebguyd
6 hours ago
Yes, you cannot be compelled to testify against yourself, but Microsoft is under no such obligation when served a warrant because of third party doctrine. Microsoft holding bitlocker recovery keys is considered you voluntarily giving the information to a third party, so the warrant isn't compelling you to do anything, so not a rights violation.
But, the 5th amendment is also why its important to not rely on biometrics. Generally (there are some gray areas) in the US you cannot be compelled to give up your password, but biometrics are viewed as physical evidence and not protected by the 5th.
dcrazy
6 hours ago
Warrants are a mechanism by which speech is legally compelled.
The 5th Amendment gives you the right to refuse speech that might implicate you in a crime. It doesn’t protect Microsoft from being compelled to provide information that may implicate one of its customers in a crime.
salawat
6 hours ago
Indeed. Third Party Doctrine has undermined 4th/5th Amendment protections due to the hair brained power grab that was "if you share info with a third party as art of the only way of doing business, you waive 4th Amendment protections. I ironically, Boomers basically knee-capped Constitutional protections for the very data most critically in need of protection in a network state.
Only fix is apparently waiting until enough for to cram through an Amendment/set a precedent to fix it.
qingcharles
5 hours ago
Well, SCOTUS has ummed and erred over several cases about whether to extend the 4th Amend to third party data in some scenarios. IIRC there is an online email case working up through 9th Cir right now?
One of the reasons giving for (usually) now requiring a warrant to open your phone they grab from you is because of the amount of third-party data you can access through it, although IIRC they framed is a regular 4th Amend issue by saying if you had a security camera inside your house the police would be bypassing the warrant requirement by seeing directly into your abode.
mmh0000
5 hours ago
In theory...
In practice: https://en.wikipedia.org/wiki/In_re_Boucher
The government gets what the government wants.
nly
5 hours ago
In the UK they can jail you just for not providing an encryption key
paulpauper
26 minutes ago
yeah but it's the UK ...prison is a joke there
matja
3 hours ago
RIPA 2000 part III section 49
direwolf20
6 hours ago
They can't force you to tell them your PIN in some countries, but they can try all PINs, and they can search your desk drawer to find the post-it where you wrote your PIN.
kstrauser
5 hours ago
Good PINs are ones you're not allowed to brute force. You can easily configure an iPhone to wipe itself after too many wrong guesses. There's a single checkbox labeled "Erase Data", saying "Erase all data on this iPhone after 10 failed passcode attempts."
You bet I have that enabled.
qingcharles
5 hours ago
They can also hold you in a jail cell until the end of time until you give it up, in many places.
fn-mote
6 hours ago
In the US.
But this is irrelevant to the argument made above, right?
BLKNSLVR
3 hours ago
So long as Microsoft also "give customer set of BitLocker encryption keys to unlock their own laptop" in the right set of conditions.
knallfrosch
4 hours ago
20 requests per year also doesn't sound like a privacy problem. These are people where the police got a search warrant for the hard drives.
I'd be more concerned about access to cloud data (emails, photos, files.)
Retr0id
5 hours ago
At Microsoft-scale, data requests from law enforcement are an inevitability. Designing a system such that their requests are answerable is a choice. Signal's cloud backup system is an example of a different choice being made.
throwawayqqq11
5 hours ago
The reasonable default is transparency about it and 2FA for recovery scenarios. MS does not have to have the keys in the clear, as it is reasonable for any secrets you store.
throwaway85825
6 hours ago
That would be all well and good if any of this was communicated to the user.
morshu9001
4 hours ago
The problem is they don't make this clear to the user or make it easy to opt out. Contrast with how Apple does it.
kermatt
5 hours ago
If you are super concerned about their privacy, should you be using Windows anyway? Or any commercial OS for that matter?
knowitnone3
4 hours ago
So you're saying Microsoft gave the FBI the key?
elzbardico
3 hours ago
And the only reason windows uploads the keys is that Microsoft wants to help the government while fucking you.
bilekas
5 hours ago
There needs to be more awareness into setting up W11 install ISO's which can be modified to disable bitlocker by default, disable the online account requirement.
I recently needed to make a bootable key and found that Rufus out of the box allows you to modify the installer, game changer.
RIMR
an hour ago
> This makes the privacy purists angry, but in my opinion it's the reasonable default for the average computer user.
Absolutely not. If my laptop tells me that it is encrypted by default, I don't like that the default is to also hold a copy of the keys in case big brother wants them.
Call me a "privacy purist" all you want, but it shouldn't be normal to expect the government to have access to a key to your house.
lrvick
3 hours ago
Microsoft could have done key backups to secure enclaves that will only return them to a user able to produce valid signatures using a backup code or otherwise they hold. Hell they were the ones that normalized remote attestation.
But Microsoft chose to keep them plain text, and thus they are, and will continue to be abused.
We must not victim blame. This is absolutely corruption on microsofts part.
wolvoleo
6 hours ago
It would make me a lot less angry if Microsoft didn't go out of their way to force people to use a Microsoft account of course.
Noaidi
4 hours ago
The same is true for Apple laptops! Take a look in your Passwords app and you will see it automatically saves and syncs your laptop decryption key into the cloud.
So all the state needs to get into your laptop is to get access from Apple to your iCloud account.
Aloisius
2 hours ago
The iCloud Keychain is end-to-end encrypted.[0] Apple can't decrypt it.
That said, when setting up FileVault, you have the option to escrow your recovery key with Apple. If you enable that, Apple can get the recovery key.
Noaidi
an hour ago
It does it without asking! Not opt in! It is put in your password keychain automatically.
lokar
2 hours ago
This is a really bad take
The choice is not between honoring the warrant and breaking the law.
They can go to a judge and fight the warrant. Other companies have done this.
Microsoft won’t, one more reason I will never use anything from them.
kypro
6 hours ago
I think this is a fair position and believe you're making it in good faith, but I can't help but disagree.
I think the reasonable default here would be to not upload to MS severs without explicit consent about what that means in practise. I suspect if you actually asked the average person if they're okay with MS having access to all of the data on their device (including browser history, emails, photos) they'd probably say no if they could.
Maybe I'm wrong though... I admit I have a bad theory of mind when it comes to this stuff because I struggle to understand why people don't value privacy more.
ratelimitsteve
3 hours ago
>can compel Microsoft to provide the keys
can they compel testimony? keys, passcodes and the like are usually considered testimony. did they try? the usual story here is that they don't have to, that the big corporations will turn over any info they have on request because they can and the government makes a better friend than a single user. the article mentions 20 "requests" per year on average but doesn't say anything about the government using force.
I agree with your conclusion though: data you share with anyone is data you've shared with everyone and that includes your encryption keys. if that matters to you, then you need to take active steps to ensure your own security because compelled or not, the cloud providers aren't here to help keep you safe.
jajuuka
3 hours ago
Similar case with Apple devices. They default to backing up to Apple servers where they are unencrypted. So they can provide data to police if requested. But for anyone concerned about privacy they can use Advanced Data Protection which encrypts all their data and prevents Apple from reading it or recovering it.
Definitely agree that choices like these are the most sane for the default user experience and that having these advanced options for power users to do with it what they want is a fair compromise. Wish more people were open to designing software for the average person and compromising on a middle ground the benefits both kinds of users.
whalesalad
7 hours ago
Any power users should avoid Windows entirely.
drnick1
6 hours ago
This. Real "power users" (as opposed to people who aren't completely computer-illiterate) use the likes of Arch Linux and Gentoo and self-host whatever "cloud" services they need, they aren't running Windows and paying for Copilot 365 subscriptions.
bigyabai
7 hours ago
If by "power user" you mean "enemy of the state", there's a lot of software you'd be better-off avoiding.
wolvoleo
6 hours ago
"enemy of the state" depends a lot on the current state of the state.
Eg in England you're already an enemy of the state when you protest against Israel's actions in Gaza. In America if you don't like civilians being executed by ICE.
This is really a bad time to throw "enemy of the state" around as if this only applies to the worst people.
Current developments are the ideal time to show that these powers can be abused.
blipvert
4 hours ago
Very much hyperbolic about the UK. You’re fine protesting against Israel, but Palestine Action is a proscribed group (not that I agree with that!) and that will land you in trouble.
phanimahesh
7 hours ago
That is a strange viewpoint. Are we calling everyone who wants some control over their computers enemies of the state?
WarOnPrivacy
6 hours ago
> Are we calling everyone who wants some control over their computers enemies of the state?
As of today at 00:00 UTC, no.
But there's an increasingly possible future
where authoritarian governments will brand users
who practice 'non-prescribed use' as enemies of the state.
And when we have a government who's leader
openly gifts deep, direct access to federal power
to unethical tech leaders who've funded elections (ex:Thiel),
that branding would be a powerful perk to have access to
(even if indirectly).bigyabai
6 hours ago
It's holistic philosophy. You're not going to save yourself from FBI surveillance by avoiding Windows, I guarantee that to you.
thewebguyd
6 hours ago
You're not going to avoid any state surveillance if the state is really interested in you specifically.
But you can still help prevent abuses of mass surveillance without probable cause by making such surveillance as expensive and difficult as possible for the state
pawelduda
6 hours ago
Maybe he's just trying to avoid Candy Crush Saga
amitav1
5 hours ago
I can't think of anybody apart from Osama bin Laden who wouldn't want to play Candy Crush. \s
anonym29
6 hours ago
https://news.ycombinator.com/item?id=46700219
Criticizing the current administration? That sounds like something an enemy of the state would do!
Prepare yourself for the 3am FBI raid, evildoer! You're an enemy of the state, after all, that means you deserve it! /s
orthecreedence
30 minutes ago
This is a great reminder: if your device doesn't ask you for a pin/passphrase every time it turns on, it's not actually encrypted.
estimator7292
5 hours ago
> Journalists love the "Microsoft gave" framing because it makes Microsoft sound like they're handing these out because they like the cops, but that's not how it works. If your company has data that the police want and they can get a warrant, you have no choice but to give it to them.
These two statements are in no way mutually exclusive. Microsoft is gobbling up your supposedly private encryption keys because they love cops and want an excuse to give your supposedly private data to cops.
Microsoft could simply not collect your keys and then would have no reason or excuse to hand them to cops.
Microsoft chose to do this.
Do not be charitable to fascists.
SilverElfin
5 hours ago
Doesn’t windows 11 force you to use a Microsoft account
joering2
6 hours ago
> you have no choice but to give it to them
Will they shoot me in head?
What if I truly forgot the password to my encrypted drive? Will they also shoot me in the head?
qingcharles
5 hours ago
Do they need to actually shoot you? Have you had a loaded gun pressed to your head and asked for your password?
What about your wife's head? Your kids' heads?
mistercheph
6 hours ago
Yeah guys, if it's encrypted by default, it's not a violation of user security or privacy expectations to have a set of master keys that you hold onto and give to third parties to decrypt user devices. I mean it was just encrypted by default... by default...
paulpauper
6 hours ago
VeraCrypt exists for this reason or other open source programs. Why would you ever trust encryption to closed source?
alephnerd
4 hours ago
Also, this essay by Mickens at USENIX over a decade ago - https://www.usenix.org/system/files/1401_08-12_mickens.pdf
Tl;dr - "Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@ virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT" (Mickens, 2014)
citizenpaul
2 hours ago
None of this matters. XKCD. Hit him with this $5 wrench until he gives you the keys.
beeflet
2 hours ago
Mass surveillance through $5 wrench (and massive thug salary) attacks do not scale, but mass surveillance through turn-key decryption does.
riversflow
6 hours ago
> you have no choice but to give it to them
There is always a choice.
coderatlarge
3 hours ago
user notification is another major litmus test.
b65e8bee43c2ed0
4 hours ago
>The defaults will also upload the BitLocker key to a Microsoft Account if available.
>This is why the FBI can compel Microsoft to provide the keys.
>in my opinion it's the reasonable default
I really can't imagine what kind of person would say that with a straight face. Hanlon's razor be damned, I have to ask: are you a Microsoft employee or investor?