So, this means Microsoft has copies of every single bitlocker key, meaning that a bad actor could obtain them... Thereby making bitlocker less than worthless, it's an active threat.
MS really speedrunning worst possible software timeline
this post was submitted on 23 Jan 2026
1232 points (99.6% liked)
Technology
79355 readers
4240 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
They don't have a copy of every single Bitlocker key. They do have a copy of your Bitlocker key if you are dumb enough to allow it to sync with your Microsoft account, you know, "for convenience."
Don't use a Microsoft account with Windows, even if you are forced to use Windows.
To use Windows without a Microsoft account requires tech literacy these days, I thought. I would not be suprised if users didn't choose to sync with a MS account but it's doing it anyway, if that's what MS want.
If you sign in with a Microsoft account at all I don't believe there's the capability to opt out.
I only use local accounts. I have never had a Microsoft account. I never will.
You can't do that anymore, at least not with a normal Windows installation. All of the tricks of forcing it offline, clicking cancel 10 times and jumping up and down don't work anymore, they've disabled them all, the only way to install Windows 11 now (using the normal Microsoft installer) is by linking it to a Microsoft account.
Using Rufus still works. I did it as recently as a couple of days ago.
Sorry, but the argument above was for a regular user, who doesn't know what Rufus is, who doesn't know the concept of OS, who simply ~~knows~~ thinks the files are saved "on the computer" (while they somehow ended up on OneDrive).
load more comments
(1 replies)
load more comments
(6 replies)
load more comments
(3 replies)
It's a bit harsh and unfair to say "you are dumb enough to allow it". Microsoft makes it damn near impossible to avoid this unless you are extremely particular and savvy about it, and never have an off day where you make a mistake while using your PC.
Encryption doesn't actually complete until you log in with a Microsoft account for Home Edition.
Anyways: Use Veracrypt.
Or just Linux + LUKS
load more comments
(27 replies)
No they do not have copies of every Bitlocker key.
Bitlocker by default creates a 48-bit recovery code that can be used to unlock an encrypted drive. If you run Windows with a personal Microsoft account it offers to backup that code into your Microsoft account in case your system needs recovered. The FBI submitted a supoena to request the code for a person's encrypted drive. Microsoft provided it, as required by law.
Bitlocker does not require that key be created, and you don't have to save it to Microsoft's cloud.
This is just a case of people not knowing how things work and getting surprised when the data they save in someone else's computer is accessed using the legal processes.
Except that Microsoft basically puts a gun to every users head to login with a Microsoft account which can/does backup the recovery keys.
load more comments
(4 replies)
load more comments
(2 replies)
load more comments
(10 replies)
What a slap to the faces of everyone who had been locked out of their data because they never knew about this crap and thus never saved their keys
Except their keys were saved but microsoft deemed that they cant "prove ownership" of the microsoft account, because they lack the credentials...
What does Microsoft think the fucking point of encryption is? Do they think I am encrypting my data to protect it from my dog?
As someone who used windows for way too long: they just simply don't give a shit. Like at all
i saw your dog using arch linux
Don't be silly, the dog uses Puppy Linux.
Mines uses Yellow Dog Linux.
btw……
If you're not the only one with the keys, is it really encrypted?
load more comments
(2 replies)
People called me paranoid when I said this would happen someday...
if theres money to be made it will happen one day
The word "Gave" is really doing some heavy lifting in that title. Microsoft produced the keys in response to a warrant as required by law.
If you don't want a company, any company, to produce your data when given a warrant then you can't give the company that data. At all. Ever.
Not fast food joints, not Uber, not YouTube, not even the grocery store.
Yes. But this completely invalidates the encryption. If anyone can decrypt your data without you giving the keys to them, it is not really encrypted.
The encryption key is data, don't give it to ANYONE. "Two people can keep a secret if one of them is dead."
Which means it's useless if always uploaded to MS
load more comments
(3 replies)
load more comments
(13 replies)
If you can't possess the keys, you can't give them when there's a warrant. Microsoft designed a system that could obtain and decrypt those keys on purpose.
load more comments
(3 replies)
load more comments
(16 replies)
Why is anyone surprised by this? And what kind of imbecile commits crimes and uses windows? 🤣
Not just that but also uploads a copy of the key to their Microsoft Account...
Many modern Windows computers rely on full-disk encryption, called BitLocker, which is enabled by default. This type of technology should prevent anyone except the device owner from accessing the data if the computer is locked and powered off. But, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes.
uploads a copy of the key to their Microsoft Account
Microsoft added that feature because people kept losing their encryption keys and thus losing all their files if they need to have their computer replaced. They get complaints either way - privacy advocates complain when the key is backed up, and sysadmins/users complain when the key isn't backed up.
I think in cases like this, I'd rather the responsibility of burden be shifted towards individuals with autonomy than to large corporations. But I suppose in that case (reductionism warning) people might as well just use Linux.
load more comments
(3 replies)
Is anyone shocked by this? With everything that DHS, FBI, ICE, military, elected representatives, etc. are all doing without any concern or care for laws, civil rights, human rights, the Constitution, this should not be a shock to anyone. Corporations are bending over backwards to appease the talking orange and make more money. They do not care as long as profits are up and the shareholders are happy. A companies primary legal responsibility is to the shareholders, not the customers.
load more comments
(3 replies)
Daily reminder that verified boot is objectively superior to "secure boot", once again a common Linux W and another example of Google actually promoting some good security practices
load more comments
(4 replies)
Linux. LUKS it yourself or it isn't really encrypted.
Wasn't this by design? Otherwise why keeping the decryption keys on servers located in the united states'?
load more comments
(2 replies)
Amazing how every time you think they've finally stopped digging.. they whip out the steam shovel and go "Hey y'all, watch this!"
Federal investigators in Guam believed the devices held evidence that would help prove individuals handling the island’s Covid unemployment assistance program were part of a plot to steal funds.
Damn, they weren't even doing this to go after pedos.
I'm curious where in the economic ladder this person fell. Rich enough to get a significant amount of money from the system, but still too poor to make the government look the other way.
A single bitter, crowing "hah!" at whoever thought there wasn't at least this much overlap between our corporate and government masters. Welcome to hell kid, shoutout to whatever's being trained on the last ~30 years of everything that touched the internet in the NSA's Utah data center. Rose coloured PRISM though, I dream of the day when someone makes those search tools public and I can reminisce through my preteen MSN Messenger convos
Well, storing the key in the specific provider‘s cloud isn‘t a good idea anyway - the same counts for iCloud as well. There are things that should be separated from each other because of reasons, this one is just another proof for the need to do so.
Microslop's OS is evidently untrustworthy and should not be used. I recommend replacing it with a Linux distribution.
Not your keys ? Not your data !
view more: next ›