Comment by vik0
1 day ago
You can always count on someone coming along and defending the multi-trillion dollar corporation that just so happens to take a screenshot of your screen every few seconds (among many, many - too many other things)
1 day ago
You can always count on someone coming along and defending the multi-trillion dollar corporation that just so happens to take a screenshot of your screen every few seconds (among many, many - too many other things)
I big demographic of HN users are people who want to be the multi-trillion dollar corporation so it’s not too surprising. In this case though I think they are right. And I’m a big time Microsoft hater.
The defenders of Microsoft are right?
How?
There is no point locking your laptop with a passphrase if that passphrase is thrown around.
Sure, maybe some thief can't get access, but they probably can if they can convince Microsoft to hand over the key.
Microsoft should not have the key, thats part of the whole point of FDE; nobody can access your drive except you.
The cost of this is that if you lose your key: you also lose the data.
We have trained users about this for a decade, there have been countless dialogues explaining this, even if we were dumber than we were (we're not, despite what we're being told: users just have fatigue from over stimulation due to shitty UX everywhere); then it's still a bad default.
Just to be clear: bitlocker is NOT encrypting with your login password! I could be a little fuzzy on the details but I believe how it works is that your TPM (Trusted Platform Module) is able to decrypt your laptop, but will only do so if there is a fully signed and trusted boot chain, so if somebody gains access to your laptop and attempts to boot into anything other than Windows, it will ask for the bitlocker key because the TPM won't play ball.
The important bit here is that ~*nobody* who is using Windows cares about encryption or even knows what it is! This is all on by default, which is a good thing, but also means that yes, of course Microsoft has to store the keys, because otherwise a regular user will happen to mess around with their bios one day and accidentally lock themselves permanently out of their computer.
If you want regular FDE without giving Microsoft the key you can go ahead and do it fairly easily! But realistically if the people in these cases were using Linux or something instead the police wouldn't have needed an encryption key because they would never have encrypted their laptop in the first place.
2 replies →
The vast, vast majority of Windows users don't know their laptops are encrypted, don't understand encryption, and don't know what bitlocker is. If their keys weren't stored in the cloud, these users could easily lose access to their data without understanding how or why. So for these users, which again is probably >99% of all windows users, storing their keys in the cloud makes sense and is a reasonable default. Not doing it would cause far more problems than it solves.
And the passphrase they log in to windows with is not the key, Microsoft is not storing their plain text passphrase in the cloud, just to be clear.
The only thing I would really fault Microsoft for here is making it overly difficult to disable the cloud storage for users who do understand all the implications.
1 reply →
This happens everywhere. There is a reason there are memes about people defending multi-billion dollar corporations.
Sorry to interrupt the daily rage session with some neutral facts about how Windows and the law work.
> that just so happens to take a screenshot of your screen every few seconds
Recall is off by default. You have to go turn it on if you want it.
It only became off by default after those "daily rage sessions" created sufficient public pressure to turn them off.
Microsoft also happens to own LinkedIn which conveniently "forgets" all of my privacy settings every time I decide to review them (about once a year) and discover that they had been toggled back to the privacy-invasive value without my knowledge. This has happened several times over the years.
> It only became off by default after those "daily rage sessions" created sufficient public pressure to turn them off.
99% of the daily rage sessions happened before it was even released
1 reply →
Daily rage is exactly what technology affine people need to direct at Microslop, while helping their loved ones and ideally businesses transition away from the vendor lockin onto free software.
Are you referring to Microsoft Recall? My understanding is that is opt-in and only stored locally.
Stored locally.. until it's uploaded by OneDrive or Windows Backup?
1) for now
2) according to Microsoft
So, trust is not zero. It's deeply negative.
https://en.wikipedia.org/wiki/Room_641A ... Then, years later every one acts like Snowden had some big reveal.
There is the old password for candy bar study: https://blog.tmb.co.uk/passwords-for-chocolate
Do users care? I would posit that the bulk of them do not, because they just dont see how it applies to them, till they run into some type of problem.
AI enshittification is irrelevant here. Why is someone pointing out that sensible secure defaults are a good thing suddenly defending the entire company?
Uploading your encryption keys up to someone else's machine is not a sensible default
It generally is, because in the vast majority of cases users will not keep a local copy and will lose their data.
Most (though not all) users are looking for encryption to protect their data from a thief who steals their laptop and who could extract their passwords, banking info, etc. Not from the government using a warrant in a criminal investigation.
If you're one of the subset of people worried about the government, you're generally not using default options.
17 replies →
[flagged]
This is ridiculous.
There are a lot of people here criticising MSFT for implementing a perfectly reasonable encryption scheme.
This isn’t some secret backdoor, but a huge security improvement for end-users. This mechanism is what allows FDE to be on by default, just like (unencrypted) iCloud backups do for Apple users.
Calling bs on people trying to paint this as something it’s not is not “whiteknighting”.
Yes, because object level facts matter, and it's intellectually dishonest to ignore the facts and go straight into analyzing which side is the most righteous, like:
>Microsoft is an evil corporation, so we must take all bad stories about them at face value. You're not some corpo bootlicker, now, are you? Now, in unrelated news, I heard Pfizer, another evil corporation with a dodgy history[1] is insisting their vaccines are safe...
[1] https://en.wikipedia.org/wiki/Pfizer#Legal_issues
Microsoft doesn't take the screenshot; their operating system does if Recall is enabled, and although the screenshots themselves are stored in an insecure format and location, Microsoft doesn't get them by default.
Is that last part even still true? When I played around with it they asked me to store a recovery pass phrase off device in case windows hello breaks