Comment by pohuing
11 hours ago
Let's be serious for a second and consider what's more useful based on the likelihood of these things actually happening.
You're saying it's likely to happen that a laptop thief also is capable to stealing the recovery key from Microsoft'servers?
So therefore it would be better that users lost all their data if - an update bungles the tpm trust - their laptop dies and they extract the hard drive - they try to install another OS alongside but fuck up the tpm trust along the way - they have to replace a Mainboard - they want to upgrade their pc ?
I know for a fact which has happened to me more often.
You've listed five scenarios where local recovery would help and concluded that cloud escrow is therefore necessary. The thing is every single one of those scenarios is solved by a local backup of your recovery key, not by uploading it to Microsoft's servers.
The question isn't "cloud escrow vs nothing". It's "cloud escrow vs local backup". One protects you from hardware failure. The other protects you from hardware failure whilst also making you vulnerable to data breaches, government requests, and corporate policy changes you have zero control over.
You've solved a technical problem by creating a political one. Great.