SoylentNews is people
SoylentNews
You can determine "if you're at risk and take action today:
If you think your Windows computer is safe from prying eyes, think again. A new report reveals that Microsoft has the encryption keys to your hard drive, and it can even give them out to law enforcement, including the FBI. Here's what you need to know and what you can do to stop it from happening to you.
In a stunning breach of personal privacy and security, Microsoft admitted in January that it provided the FBI with the BitLocker recovery keys to three different Windows PCs that were linked to suspected COVID unemployment assistance fraud in Guam. With these keys, the FBI was able to access the files on those devices as part of its investigation.
[...] The Redmond tech giant received its first request from a government official during the Obama administration in 2013. Although the engineer who spoke with the official reportedly declined to build a back door into Windows that would give the government unbridled access to user files, Microsoft still admits to turning over BitLocker recovery keys to law enforcement as recently as 2025. According to the report, Microsoft receives approximately 20 access requests from the FBI per year.
[...] You are not at risk if ...
- You use a Windows PC without a Microsoft account. (You haven't logged into the system with your Outlook email address.)
- You use a Windows PC with a Microsoft account but you chose a local recovery key backup option at activation.
- You disabled BitLocker encryption when you set up your PC.
You are at risk if ...
- You use a Windows PC with a Microsoft Outlook account and you chose to back up your BitLocker recovery key to your account.
- Your PC is a work machine that's managed by your employer.
For those at risk, Microsoft promises that it only gives out encryption keys to lawful requests from the government. That said, if Microsoft can access your encryption keys, what's stopping a hacker from getting them? The problem with storing security keys on cloud servers is that anyone can reach them with the right password, login information, or exploit.
Previously: Microsoft Gave FBI a Set of BitLocker Encryption Keys to Unlock Suspects' Laptops
Related: Over Half a Million Windows Users are Switching to Linux
(Score: 5, Insightful) by JoeMerchant on Tuesday February 03, @02:14PM (2 children)
Cloud is a great place to store end-to-end encrypted data. Otherwise, consider it like a bulletin board at a laundrymat - anyone and everyone can see it, potentially mess with stuff you put there, most often delete things when you didn't want them to.
The illusion of privacy in the cloud is just that: empty promises from greedy vendors.
While cloud vendors, in practice, are probably better at backups than you are - when they screw up, what's your recourse? I doubt that payback of real damages is a common contract element.
🌻🌻🌻🌻 [google.com]
(Score: 3, Funny) by Thexalon on Tuesday February 03, @03:37PM (1 child)
It's also probably fine for data nobody really cares about, e.g. your slash fiction collection.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 3, Insightful) by JoeMerchant on Tuesday February 03, @04:03PM
Of course I'm overstating the actual situation, a little.
The cloud has been fine for my website for 30 years now - I want all that data publicly available anyway, I'm not keeping any secrets there.
Bigger corporate (non-secure) websites can reasonably use it too, and just monitor for unauthorized changes - and like backups, the cloud web presence providers are probably better at consistently applying security updates and running secure configurations than your in-house staff (except when they aren't: https://notepad-plus-plus.org/news/hijacked-incident-info-update/ [notepad-plus-plus.org] )
Control? The microsecond that data leaves your building, it's no longer in your control.
🌻🌻🌻🌻 [google.com]