Comment by crazygringo
1 day ago
It generally is, because in the vast majority of cases users will not keep a local copy and will lose their data.
Most (though not all) users are looking for encryption to protect their data from a thief who steals their laptop and who could extract their passwords, banking info, etc. Not from the government using a warrant in a criminal investigation.
If you're one of the subset of people worried about the government, you're generally not using default options.
For laptops sure, but then those are not reasons for it to be default on desktops too. Are most Windows users on laptops? I highly doubt that. So it is not a sensible default.
Most pc users are using laptops, yes. Above 60%.
Even offices usually give people laptops over desktops so that they can bring it to meetings.
Then don't enable encryption? Basically I cannot rescue the files on my own disk but the police can?
> Basically I cannot rescue the files on my own disk but the police can?
I think you're misunderstanding. You can rescue the files on your own disk when you place the key in your MS account.
There's no scenario where you can't but the police can.
If I happen to know that my key is there.
1 reply →
> It generally is, because in the vast majority of cases users will not keep a local copy and will lose their data.
What's the equivalent of thinking users are this stupid?
I seem to recall that the banks repeatedly tell me not to share my PIN number with anyone, including (and especially) bank staff.
I'm told not to share images of my house keys on the internet, let alone handing them to the government or whathaveyou.
Yet for some unknown reason everyone should send their disk encryption keys to one of the largest companies in the world (largely outside of legal jurisdiction), because they themselves can't be trusted.
Bear in mind that with a(ny) TPM chip, you don't need to remember anything.
Come off it mate. You're having a laugh aren't you?
> What's the equivalent of thinking users are this stupid?
What's the equivalent of thinking security aficionados are clueless?
Security advice is dumb and detached from life, and puts ubdue burden on people that's not like anything else in life.
Sharing passwords is a feature, or rather a workaround because this industry doesn't recognize the concept of temporary delegation of authority, even though it's the basics of everyday life and work. That's what you do when you e.g. send your kid on a grocery run with your credit card.
Asking users to keep their 2FA recovery keys or disk encryption keys safe on their own - that's beyond ridiculous. Nothing else in life works that way. Not your government ID, not your bank account, not your password, not even the nuclear launch codes. Everything people are used to is fixable; there's always a recovery path for losing access to accounts or data. It may take time and might involve paying a notary or a court case, but there is always a way. But not so with encryption keys to your shitposts and vacation pictures in the cloud.
Why would you expect people to follow security advice correctly? It's detached from reality, dumb, and as Bitcoin showed, even having millions of dollars on the line doesn't make regular people capable of being responsible with encryption keys.
Your credit card analogy is doing a lot of heavy lifting here, but it's carrying the wrong cargo. Sending your kid to the shops with your card is temporary delegation, not permanent key escrow to a third party you don't control. It's the difference between lending someone your house key for the weekend and posting a copy to the council "just in case you lose yours". And; you know that you've done it, you have personally weighed the risks and if something happens with your card/key in that window: you can hold them to account. (granted, keys can be copied)
> Nothing else in life works that way. Not your government ID, not your bank account, not your password, not even the nuclear launch codes.
Brilliant examples of why you're wrong:
Government IDs have recovery because the government is the trusted authority that verified you exist in the first place. Microsoft didn't issue your birth certificate.
Nuclear launch codes are literally designed around not giving any single entity complete access, hence the two-person rule and multiple independent key holders. You've just argued for my position.
Banks can reset your PIN because they're heavily regulated entities with legal obligations and actual consequences for breaching trust. Microsoft's legal department is larger than most countries' regulators.
> even having millions of dollars on the line doesn't make regular people capable of being responsible with encryption keys.
Right, so the solution is clearly to hand those keys to a corporation that's subject to government data requests, has been breached multiple times, and whose interests fundamentally don't align with yours? The problem with Bitcoin isn't that keys are hard - it's that the UX is atrocious. The solution is better tooling, not surveillance capitalism with extra steps.
You're not arguing for usability. You're arguing that we should trust a massive corporation more than we trust ourselves, whilst simultaneously claiming users are too thick to keep a recovery key in a drawer. Pick a lane.
4 replies →
So what happens if your motherboard gets fried and you don’t have backups of your recovery key or your data? TPMs do fail on occasion. A bank PIN you can call and reset, they can already verify your identity through other means.
> So what happens if your motherboard gets fried and you don't have backups of your recovery key or your data?
If you don't have backups of your data, you've already lost regardless of where your recovery key lives. That's not an encryption problem, that's a "you didn't do backups" problem, which, I'll agree is a common issue. I wonder if the largest software company on the planet (with an operating system in practically every home) can help with making that better. Seems like Apple can, weird.
> TPMs do fail on occasion.
So do Microsoft's servers. Except Microsoft's servers are a target worth attacking, whereas your TPM isn't. When was the last time you heard about a targeted nation-state attack on someone's motherboard TPM versus a data breach at a cloud provider?
> A bank PIN you can call and reset, they can already verify your identity through other means.
Banks can do that because they're regulated financial institutions with actual legal obligations and consequences for getting it wrong. They also verified your identity when you opened the account, using government ID and proof of address.
Microsoft is not your bank, not your government, and has no such obligations. When they hand your keys to law enforcement, which they're legally compelled to do, you don't get a phone call asking if that's alright.
The solution to TPM failure is a local backup of your recovery key, stored securely. Not uploading it to someone else's computer and hoping for the best.
2 replies →