If you can’t possess the keys, you can’t give them when there’s a warrant. Microsoft designed a system that could obtain and decrypt those keys on purpose.
They designed a system that recommended that the average user use full disk encryption as part of device setup, and then provided a way that Grandma could easily recover her family photos when she set it up with their cloud.
This was built by an engineer trying to prevent a foreseeable issue. The intent was not malicious. The intent was to get more people more secure by default, since random hacker couldn’t compell ms to give them keys, while still allowing low tech literacy people to not get fucked.
It’s been a while since I installed a new Windows OS, but I’m pretty sure it prompts you to allow uploading your bitlocker key. It probably defaults to yes, but I doubt you can’t say no, or reset the key post onboarding if you want the privacy, and now it’s on you to record your key. You do have to have some technical understanding of the process, though, which is true of just about everything.
That all said, if a company has your data, it can be demanded by the government. This is a cautionary tale about keeping your secrets secret. Don’t put them in GitHub, don’t put them in Chrome, don’t put them online anywhere because the Internet never forgets.
It may seem that way but I’m really not. An encryption key is just data. It’s critical security data to be sure but it’s still data and like other data you shouldn’t share anything that you wouldn’t want made public.
Don’t want MS to cough up your data when asked? Then don’t give it to them. In regards to your BL key that means storing it another way, such as on a jump drive or printing it out.
In the end if you have data of any type that you absolutely DO NOT want made public then you need to retain that data locally. If that means leaving the Microsoft or any other ecosystem then that’s the price that needs paid for keeping your data under your control.
This is the foundation of the entire privacy movement.
No, you really are. If you’re in control of an encryption key, then it’s perfectly fine to “give Microsoft your data” that’s encrypted by that key. An encryption key isn’t “just data”, it’s data that’s used to encrypt other data.
The problem here is not that Microsoft has access to your data, it’s that Microsoft has access to your encryption key.
Wouldn’t the hacker then need to track down your physical computer…steal it…use the bitlocker key…look to see if you actually have any data worth taking etc…?
Sure. It’s not anyone. It’s anyone that can get a warrant. Or anyone that have enough power/underhanded influence to ask them nicely. Or any admin that have access to cloud storage at MS (remember they where caught with some exec having full access to that a while ago). Or any big leak that could exfiltrate these data. And probably a handful of other people, like, someone getting access to your MS account for whatever reason (which kinda happen, seeing how people lose their mail account to phishing/scams all the time) suddenly having access to your keys from there.
If your keys are in a DB somewhere, there’s a lot of way they could get out. Would these ways coincide with someone actually having your drive at hand? Probably not. Still, the key not existing in plaintext in some third party storage close all these holes.
Just to clarify… my question wasn’t “do sleepers exist” it was should we continue to call them sleepers when they have broad access to the administrative branch of the US government.
In Windows 11, if the main user logs in with a Microsoft account (which is mandatory unless you do some hacks during the install), it automatically encrypts the main drive by default without asking the user consent and uploads the decryption key to Microsoft servers (again, without user consent, but usually this is appreciated because sometimes automatic BIOS updates via windows update wipe the tpm and keep all your data at ransom.)
Your computer generate a random key using (hopefully) a trusted PRNG with good enough sources. This key is then used to encrypt your data. This key is stored in your computer’s TPM module, and provided to the OS only if the chip approves all the checks in places. In addition, you get that key displayed to you, so you can write it down (or alternatively save the key file somewhere of your convenience). This is relatively good as far as security goes (unless the TPM is broken, which can happen).
And then, unless you jumped through hoops to disable it, your PC sends the key to Microsoft so they can just keep it linked to your account. That’s the part that sucks, because then, they have the key, can unlock your drive on your behalf, and have to produce it if asked by a judge or something.
Note that there are relatively safe way to protect these keys even if they are backed up in “the cloud”, by encrypting them beforehand using your actual password. It’s not absolutely perfect, but can make it very hard/costly/impossible to retrieve, depending on the resources of the attacker/government agency. But MS didn’t chose this way. I don’t know if it’s because of sheer incompetence, inattention, or because this feature is claimed to be here to “help” people that lose their key, and as such are likely to lose their password too, but it is what it is.
Funny enough, people have lost access to their bitlocker encrypted drive because of some weird issues that triggered the windows intallation to revert to asking for the full bitlocker encryption key (I think if you disable secure boot or mess with CPU upgrades or the TPM, or some weird update broke, that can happen), which they didn’t have and forgot the microsoft account. But microsoft can’t help because they forgot about their acount credentials.
I don’t know about intentionally designing that. It would violate contracts and have to be a hidden, but broadly conspiratorial activity. I have some professional experience in consumer electronics, and I remember when TPMs started becoming a required component for CE. It took several years to become commonplace; a slow transition from security by obscurity to sensible practices when devices started to be internet connected.
Nevertheless, from my experience, I’d say the TPMs aren’t there for user security, they are there to keep Hollywood movies safe.
Microsoft built the encryption in Windows so know how to get around it. In theory that remains a closely guarded secret but there are the warrants and the NSA and…
Nope, this isn’t even a “backdoor”. The key itself was automatically uploaded to your microsoft account, so they can just take the key from the microsoft servers and walk right in. This isn’t some secret, a quick online search will reveal this as public information. They literally tell you the key will get uploaded.
I’d go as far as to say it’s similar to a landlord requiring a key to access the apartment your renting from them. Sure, they probably won’t abuse that power, most don’t, but the doesn’t mean they can’t.
The bigger picture to me is it’s pretty clear then internally, Microsoft views you as a “tenant” of THEIR OS. Not a purchaser. This is why they use the words “This PC” in replace of “My PC”.
Yes, I think we can absolutely say that companies are pushing for consumers to use the cloud instead of their own hardware, but in this context, I’d say it’s more egregious showing their mindset that you’re just renting their software from them.
Nah, a landlord cannot legally deny access to an apartment/house you paid for, like you can literally call the cops (make sure you have a copy of the lease safely stored on your phone or something) and get let back in. They need a court case to evict you.
But microsoft can deny access your OS, and with the manatory full disk encryption implemented, you can’t even get back in to retrieve your data. (kinda like WannaCrypt) And this would be all legal since ToS and mandatory arbittation bs. No court case needed to hold your files hostage.
So I’d say Microsoft is like 10x worse than a landlord
Bitlocker is computer drive encryption. On W11 it’s supposed to be tied to the motherboards TPM. End to end encryption is not really applicable in this scenario. That phrase is more applicable to cloud services or storage where a telecom or CSP hosts or transports your data but can’t see what the data is.
Microsoft should not have the keys to decrypt Bitlocker ever.
Microsoft should not have the keys to decrypt Bitlocker ever.
Windows is a closed source and proprietary commercial Operating System. Microsoft is going to do whatever they like with it. If enough people get angry about an issue they may change their mind but that doesn’t change the nature of Microsoft’s ownership over their products.
I’ve been participating in discussion about what Microsoft should and shouldn’t do since the late 80s and it pretty much boils down to this: You need to select and use software that works the way you want it to. So if you don’t want MS to have your disk encryption key then don’t use Windows. If you don’t want MS to have access to your documents then don’t put them on any system that MS has control over.
It can be terrible inconvenient to protect your data in this way but this part and parcel of the privacy movement.
The word “Gave” is really doing some heavy lifting in that title. Microsoft produced the keys in response to a warrant as required by law.
If you don’t want a company, any company, to produce your data when given a warrant then you can’t give the company that data. At all. Ever.
Not fast food joints, not Uber, not YouTube, not even the grocery store.
If you can’t possess the keys, you can’t give them when there’s a warrant. Microsoft designed a system that could obtain and decrypt those keys on purpose.
They’re doing this because there’s demand (with actually, non malicious genuine needs), and the feature is clearly advertised AFAIK.
It’s not some evil conspiracy. Microsoft does enough shitty things without us needing to blame them for their users’ shitty OpSec.
Here’s Microsoft’s overview page of bitlocker. Show me where it clearly says they can decrypt your drive.
https://support.microsoft.com/en-us/windows/bitlocker-overview-44c0c61c-989d-4a69-8822-b95cd49b1bbf
I’m certainly not a microslop supporter, but…
They designed a system that recommended that the average user use full disk encryption as part of device setup, and then provided a way that Grandma could easily recover her family photos when she set it up with their cloud.
This was built by an engineer trying to prevent a foreseeable issue. The intent was not malicious. The intent was to get more people more secure by default, since random hacker couldn’t compell ms to give them keys, while still allowing low tech literacy people to not get fucked.
It’s been a while since I installed a new Windows OS, but I’m pretty sure it prompts you to allow uploading your bitlocker key. It probably defaults to yes, but I doubt you can’t say no, or reset the key post onboarding if you want the privacy, and now it’s on you to record your key. You do have to have some technical understanding of the process, though, which is true of just about everything.
That all said, if a company has your data, it can be demanded by the government. This is a cautionary tale about keeping your secrets secret. Don’t put them in GitHub, don’t put them in Chrome, don’t put them online anywhere because the Internet never forgets.
Yes. But this completely invalidates the encryption. If anyone can decrypt your data without you giving the keys to them, it is not really encrypted.
The encryption key is data, don’t give it to ANYONE. “Two people can keep a secret if one of them is dead.”
Which means it’s useless if always uploaded to MS
You’re confusing two different things here, in a really weirdly obtuse way.
It may seem that way but I’m really not. An encryption key is just data. It’s critical security data to be sure but it’s still data and like other data you shouldn’t share anything that you wouldn’t want made public.
Don’t want MS to cough up your data when asked? Then don’t give it to them. In regards to your BL key that means storing it another way, such as on a jump drive or printing it out.
In the end if you have data of any type that you absolutely DO NOT want made public then you need to retain that data locally. If that means leaving the Microsoft or any other ecosystem then that’s the price that needs paid for keeping your data under your control.
This is the foundation of the entire privacy movement.
No, you really are. If you’re in control of an encryption key, then it’s perfectly fine to “give Microsoft your data” that’s encrypted by that key. An encryption key isn’t “just data”, it’s data that’s used to encrypt other data.
The problem here is not that Microsoft has access to your data, it’s that Microsoft has access to your encryption key.
Its not anyone though. Not anyone can get a warrant and demand the keys
Anyone included Microsoft. You’re thinking of the word “everyone”
if Microsoft has the power to give the keys to the feds what happens when Microsoft gets hacked?
or they give the keys or whatever data willingly, and then say they are hacked as an excuse.
Wouldn’t the hacker then need to track down your physical computer…steal it…use the bitlocker key…look to see if you actually have any data worth taking etc…?
Actually they’d probably set up a Bitlocker key shop on the dark web
Anyone as in “a single person”. They don’t mean everyone has access.
Sure. It’s not anyone. It’s anyone that can get a warrant. Or anyone that have enough power/underhanded influence to ask them nicely. Or any admin that have access to cloud storage at MS (remember they where caught with some exec having full access to that a while ago). Or any big leak that could exfiltrate these data. And probably a handful of other people, like, someone getting access to your MS account for whatever reason (which kinda happen, seeing how people lose their mail account to phishing/scams all the time) suddenly having access to your keys from there.
If your keys are in a DB somewhere, there’s a lot of way they could get out. Would these ways coincide with someone actually having your drive at hand? Probably not. Still, the key not existing in plaintext in some third party storage close all these holes.
what happens when fydor monikov the sleeper agent from the kgb working at the fbi gets a copy of these master keys
KGB is inside the oval office 💀
(I mean they literally deported a Russian dissident back to russia… need say more?)
Are they really sleepers any more?
Yes, according to whistleblowers from the CIA. Russia and China are regularly doing this
Just to clarify… my question wasn’t “do sleepers exist” it was should we continue to call them sleepers when they have broad access to the administrative branch of the US government.
I’m stupid. How do thet even produce the keys?
In Windows 11, if the main user logs in with a Microsoft account (which is mandatory unless you do some hacks during the install), it automatically encrypts the main drive by default without asking the user consent and uploads the decryption key to Microsoft servers (again, without user consent, but usually this is appreciated because sometimes automatic BIOS updates via windows update wipe the tpm and keep all your data at ransom.)
Your computer generate a random key using (hopefully) a trusted PRNG with good enough sources. This key is then used to encrypt your data. This key is stored in your computer’s TPM module, and provided to the OS only if the chip approves all the checks in places. In addition, you get that key displayed to you, so you can write it down (or alternatively save the key file somewhere of your convenience). This is relatively good as far as security goes (unless the TPM is broken, which can happen).
And then, unless you jumped through hoops to disable it, your PC sends the key to Microsoft so they can just keep it linked to your account. That’s the part that sucks, because then, they have the key, can unlock your drive on your behalf, and have to produce it if asked by a judge or something.
Note that there are relatively safe way to protect these keys even if they are backed up in “the cloud”, by encrypting them beforehand using your actual password. It’s not absolutely perfect, but can make it very hard/costly/impossible to retrieve, depending on the resources of the attacker/government agency. But MS didn’t chose this way. I don’t know if it’s because of sheer incompetence, inattention, or because this feature is claimed to be here to “help” people that lose their key, and as such are likely to lose their password too, but it is what it is.
Funny enough, people have lost access to their bitlocker encrypted drive because of some weird issues that triggered the windows intallation to revert to asking for the full bitlocker encryption key (I think if you disable secure boot or mess with CPU upgrades or the TPM, or some weird update broke, that can happen), which they didn’t have and forgot the microsoft account. But microsoft can’t help because they forgot about their acount credentials.
They should’ve asked the FBI for help lolz
It happened TWICE on my Lenovo laptop, when it automatically installed a firmware update from windows update
You’d probably also have to jump through the hoops to disable windows recall too.
I’m pretty sure all tpms can be read with an electric interference reader when they’re probed, as an intended loophole
I don’t know about intentionally designing that. It would violate contracts and have to be a hidden, but broadly conspiratorial activity. I have some professional experience in consumer electronics, and I remember when TPMs started becoming a required component for CE. It took several years to become commonplace; a slow transition from security by obscurity to sensible practices when devices started to be internet connected.
Nevertheless, from my experience, I’d say the TPMs aren’t there for user security, they are there to keep Hollywood movies safe.
deleted by creator
Microsoft built the encryption in Windows so know how to get around it. In theory that remains a closely guarded secret but there are the warrants and the NSA and…
Nope, this isn’t even a “backdoor”. The key itself was automatically uploaded to your microsoft account, so they can just take the key from the microsoft servers and walk right in. This isn’t some secret, a quick online search will reveal this as public information. They literally tell you the key will get uploaded.
I’d go as far as to say it’s similar to a landlord requiring a key to access the apartment your renting from them. Sure, they probably won’t abuse that power, most don’t, but the doesn’t mean they can’t.
The bigger picture to me is it’s pretty clear then internally, Microsoft views you as a “tenant” of THEIR OS. Not a purchaser. This is why they use the words “This PC” in replace of “My PC”.
Yes, I think we can absolutely say that companies are pushing for consumers to use the cloud instead of their own hardware, but in this context, I’d say it’s more egregious showing their mindset that you’re just renting their software from them.
Nah, a landlord cannot legally deny access to an apartment/house you paid for, like you can literally call the cops (make sure you have a copy of the lease safely stored on your phone or something) and get let back in. They need a court case to evict you.
But microsoft can deny access your OS, and with the manatory full disk encryption implemented, you can’t even get back in to retrieve your data. (kinda like WannaCrypt) And this would be all legal since ToS and mandatory arbittation bs. No court case needed to hold your files hostage.
So I’d say Microsoft is like 10x worse than a landlord
Not true with E2EE, they can’t give over shit when they don’t have the keys
Bitlocker is computer drive encryption. On W11 it’s supposed to be tied to the motherboards TPM. End to end encryption is not really applicable in this scenario. That phrase is more applicable to cloud services or storage where a telecom or CSP hosts or transports your data but can’t see what the data is.
Microsoft should not have the keys to decrypt Bitlocker ever.
Windows is a closed source and proprietary commercial Operating System. Microsoft is going to do whatever they like with it. If enough people get angry about an issue they may change their mind but that doesn’t change the nature of Microsoft’s ownership over their products.
I’ve been participating in discussion about what Microsoft should and shouldn’t do since the late 80s and it pretty much boils down to this: You need to select and use software that works the way you want it to. So if you don’t want MS to have your disk encryption key then don’t use Windows. If you don’t want MS to have access to your documents then don’t put them on any system that MS has control over.
It can be terrible inconvenient to protect your data in this way but this part and parcel of the privacy movement.