Microsoft Gave FBI Keys to Unlock Encrypted Data, Exposing Major Privacy Flaw(www.forbes.com)

38 pointsby _____k5 hours ago5 comments

cf100clunk19 minutes ago
https://archive.ph/0OaJ9
romanovcode4 hours ago
The flaw is that they had those keys to begin with. What's the point of encryption if key is available and free to use? Same with iCloud Email.
Privacy cannot come from human-made laws and regulations because they get abused on they change. Privacy comes from mathematics which do not care for laws and regulations.
jqpabc1234 hours ago
... does not possess the forensic tools to break into devices encrypted with Microsoft BitLocker
Nice intel to have. Now, all that is needed for reasonable security is to avoid storing the key in the cloud. Duhhh.
Basic rule: Not your hardware (computer/drive), not your data.
Never store anything on someone else's hardware that you need to maintain full control over.
But, but, but encryption? It helps but encryption does not guarantee full access when you don't control the hardware.
- general14657 minutes ago
  > Nice intel to have. Now, all that is needed for reasonable security is to avoid storing the key in the cloud. Duhhh.
  You can go one step further. Encrypt your computer, store keys on the cloud, then encrypt your computer again but store keys into a file. You can see key ID on Microsoft Live account. Now you won't even look suspicious.
- OptionOfT3 hours ago
  They don't have the tools but for 99% of the people who have laptop with device encryption, they mandate Microsoft Accounts, and guess where the keys are uploaded to? Thats right, https://aka.ms/recoverykey.
  You don't need to build backdoors when you store a copy of the key.
  - jqpabc123an hour ago
    they mandate Microsoft Accounts
    I don't use these. See post below.
fuzzfactor5 hours ago
You all did know that the idea of a Microsoft account was a security & privacy compromise from day zero of its conception, right?
- jmclnx3 hours ago
  Well I would say this should be true for most people here. I expect the same for Apple too. The big question is, when will these keys hit the wild ? Since they exist, eventually they will get out there.
  We all know, if you want real security, there are much better OSs.
  - dagmxan hour ago
    Why would you expect Apple to have the keys? They famously fought the FBI on the grounds of not having access to the keys themselves.
    Good engineering practices say that you shouldn’t even find yourself in the position of having the keys.
    And what “better OS” pushes you to encrypted drives on setup? Most Linux distros don’t.
- jqpabc1234 hours ago
  Yes; and none of my computers have one. Contrary to popular myth, it is relatively easy to install Win11 Pro without one.
  - josephcsible3 hours ago
    A constant cat-and-mouse game of Microsoft disabling every method to do so as soon as they become somewhat popular is not "relatively easy".
    jqpabc1232 hours ago
    Really? I haven't had any problems, even with computers that don't meet the official hardware requirements.
    Download the Win11 Pro ISO, extract it to a USB drive and then execute the command below from it for a totally automated install that bypasses all the BS.
    .\setup.exe /product server /auto upgrade /EULA accept /migratedrivers all /ShowOOBE none /Compat IgnoreWarning /Telemetry Disable
    You're welcome!
    PS: I know it says "server" but when upgrading a desktop machine, desktop is what you will get --- minus a lot of BS.
    josephcsible2 minutes ago
    I believe you that that command works today, but I expect Microsoft to break it soon, just like they previously broke Shift+F10 "oobe\bypassnro" and "start ms-cxh:localonly".
OutOfHere2 hours ago
The part that I was shocked to read is that Apple is equally unsafe.