SoylentNews is people
SoylentNews
You can determine "if you're at risk and take action today:
If you think your Windows computer is safe from prying eyes, think again. A new report reveals that Microsoft has the encryption keys to your hard drive, and it can even give them out to law enforcement, including the FBI. Here's what you need to know and what you can do to stop it from happening to you.
In a stunning breach of personal privacy and security, Microsoft admitted in January that it provided the FBI with the BitLocker recovery keys to three different Windows PCs that were linked to suspected COVID unemployment assistance fraud in Guam. With these keys, the FBI was able to access the files on those devices as part of its investigation.
[...] The Redmond tech giant received its first request from a government official during the Obama administration in 2013. Although the engineer who spoke with the official reportedly declined to build a back door into Windows that would give the government unbridled access to user files, Microsoft still admits to turning over BitLocker recovery keys to law enforcement as recently as 2025. According to the report, Microsoft receives approximately 20 access requests from the FBI per year.
[...] You are not at risk if ...
- You use a Windows PC without a Microsoft account. (You haven't logged into the system with your Outlook email address.)
- You use a Windows PC with a Microsoft account but you chose a local recovery key backup option at activation.
- You disabled BitLocker encryption when you set up your PC.
You are at risk if ...
- You use a Windows PC with a Microsoft Outlook account and you chose to back up your BitLocker recovery key to your account.
- Your PC is a work machine that's managed by your employer.
For those at risk, Microsoft promises that it only gives out encryption keys to lawful requests from the government. That said, if Microsoft can access your encryption keys, what's stopping a hacker from getting them? The problem with storing security keys on cloud servers is that anyone can reach them with the right password, login information, or exploit.
Previously: Microsoft Gave FBI a Set of BitLocker Encryption Keys to Unlock Suspects' Laptops
Related: Over Half a Million Windows Users are Switching to Linux
(Score: 1, Informative) by Anonymous Coward on Tuesday February 03, @05:09AM (2 children)
Odd domain name for a "patriotic" website..
Anyway,
> WARNING: There isn’t a way to restore your recovery key once it is deleted.
Uhm.
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-protectors [microsoft.com]
Don't believe everything you read on the internet.
(Score: 5, Touché) by zocalo on Tuesday February 03, @07:31AM (1 child)
Wouldn't that mean your disk isn't encrypted, making it *much* easier to look at the data once the PC is seized or stolen? The Feds wouldn't even need to get Microsoft to send the keys, with or without a court order, if they didn't need them in the first place. You could presumably have other security/encryption systems in place other the BitLocker, but even so, a low bar is still better than no bar at all as a deterrant and that advice is only making life easier for those who would do you ill.
UNIX? They're not even circumcised! Savages!
(Score: 3, Touché) by Username on Tuesday February 03, @03:31PM
If it's unencrypted and nothing is there, they don't think you're hiding anything and you are not guilty. If it's encrypted, they think you're hiding something and guilty, they will dig further. It's the old, "OY VEY, SHUT IT DOWN AND HIDE EVERYTHING, hope they don't notice," concept.
(Score: 5, Insightful) by jb on Tuesday February 03, @07:14AM (10 children)
Don't run Windows in the first place.
As an added bonus, not only does it help stop prying government eyes (which you may or may not care about, depending on how you feel about your particular government at any point in time), it also stops Microsoft from seeing everything on your computer (which you absolutely should care about, all the time).
Note that whilst some countries sometimes do have benevolent governments, in its entire history Microsoft has never given a damn about anyone but itself.
(Score: 5, Funny) by aafcac on Tuesday February 03, @07:37AM (8 children)
I personally upgraded to FreeBSD and I'm noticing that I have to actually turn the heat on in my office room. Previously, the computer generated enough heat during the winter to not require the heater to be turned on.
(Score: 2) by JoeMerchant on Tuesday February 03, @02:42PM (7 children)
1988 I interviewed with an operation in Aiken, SC (which should tell you what operation it is, there is really only one there... anyway...) they had fairly extensive IT help for a diverse set of hardware and OSs, so the IT help guy had a sort of one-of-each collection in his office, it definitely kept the room warm.
🌻🌻🌻🌻 [google.com]
(Score: 2) by aafcac on Tuesday February 03, @07:06PM (6 children)
Definitely, I think the big difference is that modern desktops use very little power when idling and Windows does far more unnecessary work than it should. I've been migrating microservices to my BSD box from my Pi so that I can dedicate it to firewall, dhcp and adblocking.
(Score: 4, Interesting) by JoeMerchant on Tuesday February 03, @08:08PM (5 children)
>Windows does far more unnecessary work than it should.
I bought a new? Core i7-12something NUC sized thing. It has P cores and E cores, and Win 11... it will spin the fans, hard, at random times while 'doze does... things; random things I'm not asking it to do. Where is my "only use E cores for your stupid stuff" switch?
🌻🌻🌻🌻 [google.com]
(Score: 2) by aafcac on Tuesday February 03, @08:47PM (4 children)
While I don't think we need to go back to the way things were when I got into computing in the late '80s and early '90s, I do think that taking a few steps "backwards" towards asking more of the people using the computers as a ticket to entry wouldn't be the worst thing in the world. Way too much these days is automated, even stuff that would be better not done at all. And a lot of the stuff that does get automated would be better automated on purpose by the end users, even if that involves dragging and dropping a few fixed steps.
So much of the lock in and lack of progress towards meaningful results comes from the fact that hardly anybody on the net is computer literate.
(Score: 3, Insightful) by JoeMerchant on Tuesday February 03, @09:25PM (3 children)
I swear, the world of viruses and worms and all such things would be 90% less dangerous if only manufacturers would implement a single pushbutton switch on "all the things" - and the function of that pushbutton switch is: software updates shall not initiate unless the button is pressed. Add whatever user interface you want to go with it, but don't let the thing auto-update without an actual human pushing the button (sure, home automation nerds will add these: https://www.walmart.com/ip/Fingerbot-Plus-Smart-Button-Pusher-No-Wiring-Switch-zigb-ee-with-touch-control/2304307741 [walmart.com] that's their problem.) Let the button push "allow" the current update(s) to self install anytime in the (user selectable) next 7 days, let the device refuse to function until the software is updated (PS3 style), but for doG's sake don't just let billions of devices completely reprogram themselves based on remotely transmitted network messages.
🌻🌻🌻🌻 [google.com]
(Score: 3, Interesting) by aafcac on Tuesday February 03, @10:29PM
I've said it before and I'll say it again, there really should be some chip in a computer where you can store a few files related to verifying the integrity of key installed software that can only be written to if you've pushed a button or temporarily flipped a switch. Even just the kernel and a few other key pieces of software related to the firewall and drivers could make a significant difference in terms of how hard it is to break in and do damage.
(Score: 1, Interesting) by Anonymous Coward on Wednesday February 04, @12:24AM (1 child)
> sure, home automation nerds will add these: [remote button pusher]
Cool, had no idea that this existed. Does anyone know if it can pull (lift) as hard as it can push down?
My potential application is for a gas hot water heater. It came with a very wide deadband on the thermostat. Haven't measured it, but perhaps more than 20 deg F (some bureaucrat thought this was a good idea?) The result is I get up and it's been cooling off all night...but not quite enough to trip the burner on. So I get a short shower before the warm water runs out.
Setting the dial any higher gives scalding temps at the top end of the dead band.
I'd attach a small lever somehow to the temp dial and have the button pusher turn it to a hotter setting (which trips the burner on), and then pull the dial back to my desired setting.
(Score: 2) by canopic jug on Wednesday February 04, @11:48AM
I'd attach a small lever somehow to the temp dial and have the button pusher turn it to a hotter setting (which trips the burner on), and then pull the dial back to my desired setting.
You could go as simple as an Arduino for that but escalating to a Raspberry Pi will give you a full, general purpose server with all the flexibility that entails. There are no shortage of servos and stepper motors for either. The Raspberry Pi also supports a variety of cameras and machine learning modules so that is one way of several that you could confirm what the stepper motor has set.
Money is not free speech. Elections should not be auctions.
(Score: 2) by cereal_burpist on Sunday February 08, @04:43AM
Running "uname -a" returns anything besides "Bad command or file name"
(Score: 5, Insightful) by ledow on Tuesday February 03, @08:22AM (5 children)
Are we only now learning that 3rd-party controlled encryption is worthless?
Especially if that 3rd-party is legally compelled to comply?
There's a reason that cloud, etc. is a really, really, really dumb idea and one day it will come home to roost.
(Score: 5, Insightful) by Thexalon on Tuesday February 03, @12:23PM (3 children)
Cloud isn't "worthless" as long as you understand it's somebody else's computer, and that somebody else can do whatever they want with your data including give it away.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 5, Insightful) by JoeMerchant on Tuesday February 03, @02:14PM (2 children)
Cloud is a great place to store end-to-end encrypted data. Otherwise, consider it like a bulletin board at a laundrymat - anyone and everyone can see it, potentially mess with stuff you put there, most often delete things when you didn't want them to.
The illusion of privacy in the cloud is just that: empty promises from greedy vendors.
While cloud vendors, in practice, are probably better at backups than you are - when they screw up, what's your recourse? I doubt that payback of real damages is a common contract element.
🌻🌻🌻🌻 [google.com]
(Score: 3, Funny) by Thexalon on Tuesday February 03, @03:37PM (1 child)
It's also probably fine for data nobody really cares about, e.g. your slash fiction collection.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 3, Insightful) by JoeMerchant on Tuesday February 03, @04:03PM
Of course I'm overstating the actual situation, a little.
The cloud has been fine for my website for 30 years now - I want all that data publicly available anyway, I'm not keeping any secrets there.
Bigger corporate (non-secure) websites can reasonably use it too, and just monitor for unauthorized changes - and like backups, the cloud web presence providers are probably better at consistently applying security updates and running secure configurations than your in-house staff (except when they aren't: https://notepad-plus-plus.org/news/hijacked-incident-info-update/ [notepad-plus-plus.org] )
Control? The microsecond that data leaves your building, it's no longer in your control.
🌻🌻🌻🌻 [google.com]
(Score: 2) by Username on Tuesday February 03, @03:22PM
Yeah, it's nothing new. I assume the article is either clickbait for gen z or just some kind of propaganda.