back to article Upset Microsoft stashes hard drive encryption keys in OneDrive cloud?

El Reg, some friends of mine have been showing me blog posts about Microsoft keeping secret copies of all our encryption keys. What's going on? Since Windows 8, Microsoft has built drive encryption into its operating system, so none of this should really be a shock. And this encryption feature shouldn't be confused with …

  1. Huw D
    Thumb Up

    How dare you...

    ... post a sensible argument!

    What are people going to fly off the handle about now?

    1. Franco

      Re: How dare you...

      Maybe there's a seasonal moratorium on opprobrium, but I'm pretty sure the lack of transparency from MS will be the answer to your question.

      On one hand, you don't have to log in to a machine with a Microsoft Account. On the other Windows 8 didn't exactly make it easy not to though........

    2. P. Lee

      Re: How dare you...

      Quite sensible, but not that useful.

      Hard-drive encryption is only useful when transitioning from unmounted->mounted/logged in.

      Is "switching your computer on" still a thing?

      If you want to improve security, chroot/jail those browser tabs to stub directories. Otherwise, that flash flaw Is going to provide malware with access to to your onedrive and its game over.

      It is a modest improvement. It may defeat the casual disk-swiper and help when you ebay the thing and forget to wipe it properly.

      1. Amorous Cowherder

        Re: How dare you...

        'Is "switching your computer on" still a thing? '

        I assume kicking it awake from the sleep state is included in that statement.

        1. Thought About IT

          Re: How dare you...

          ... not credit The Intercept for this article.

          1. Crazy Operations Guy

            Re: How dare you...

            Because why should they? Would I have to credit CNN if I read a story about a terrorist attack then right my own digest of the situation using a different point of view?

            This article deals with the actual ramifications of uploading the recovery key in a rational matter. The Intercept article said that the encryption key (Which is technically false) was being uploaded to Microsoft and was attempting to play on the reader's fears to infer the ramifications.

            Really, I'd have a stronger complaint as this article more closely resembles my digest of The Intercept's article rather than the article itself. ( https://forums.theregister.co.uk/forum/containing/2733126 )

        2. Duffaboy
          Facepalm

          Re: How dare you...

          I will tell you why. They didn't ask that's why.

          1. Anonymous Coward
            Anonymous Coward

            Re: How dare you...

            "I will tell you why. They didn't ask that's why."

            EXACTLY.

            So we have a corporate apologist commentator giving a 'high five' to a corporate apologist writer's article. Surprise!

            Let's repeat this truth for all that missed it (like the first commentator):

            Microsoft failed to ask for permission to share a private, secure datagram via the Internet, before doing so.

            Period. Dot at end of sentence. No arguments, either from Microsoft nor from the writer.

            Yet ANOTHER completely inexcusable violation of personal privacy by a corporation, with yet another pandering reply by the pro-corporate apologists to try to smooth over the violation. If you want to offer a service, fine. But this modern stance of "voluntary" 'opt out', where a user must first discover what is happening behind their backs and THEN find out how to turn it off, rather than 'opt in' where full disclosure is a given in order to entice the opt-in process, is BULLSHIT. UTTER, COMPLETE, BULLSHIT.

            End of discussion.

    3. Anonymous Coward
      Anonymous Coward

      Re: How dare you...

      Agreed by itself this is hardly earth shattering but added on to the mountain of ways Microsoft is now trying to undermine your privacy and make money doing so (ala the Google biz model, embrace etc) its just another front to watch for what goes into their cloud (be careful for example of the Microsoft Outlook app on iOS and Android as it sucks your enterprise credentials (passwords, etc) into their cloud last I looked). Be sure today to check for more automatic updates (now you don't get much of a choice in win 10) that added yet more "telemetry" code that for some reason uses your Microsoft login information.

  2. kryptylomese

    Consumers do not get to decide how secure their product is when they purchase Microsoft software.

    Worse they still keep buying this crap when they have a choice!

    Only Microsoft employees down vote this comment!

    1. Dave 126 Silver badge

      >Consumers do not get to decide how secure their product is when they purchase Microsoft software.

      Eh? There is nothing stopping educated users from using encryption of their choice.

      For uneducated users, they now have encryption on by default (a step forward) AND have a means of recovering their data should they forget / lose their key (which let's face it, is going to happen to some people).

      The real paranoid are going top use some specialist Linux dstro anyway. People with jobs that require they safeguard their clients data (doctors, lawyers etc) will find this MS system good enough (since they are complying with the data protection laws to avoid a fine in case they lose a laptop.... they aren't in fear of the NSA. )

      I think this article is spot on, and its main criticism of MS is in their communication.

      1. Justicesays
        Big Brother

        Actually...

        I wouldn't rely on this if you were a lawyer and want your case preparation to remain confidential if you deal with any notable clients or cases.

        https://www.rt.com/news/nsa-us-lawyers-indonesia-spying-229/

    2. kryptylomese

      Sorry, when I said Microsoft employees, I meant morons....

      1. Stoneshop
        Windows

        It takes one to know one

    3. Blitterbug
      Meh

      Re: Only Microsoft employees down vote this comment!

      Wow. And I didn't even know I worked for Microsoft.

  3. Duncan Macdonald
    Thumb Down

    Making data recovery difficult

    If Windows 10 automatically encrypts the internal storage then data recovery tools such as PhotoRec are likely to be useless. Windows 10 SHOULD ask if encryption is wanted and show the pro's and con's before enabling encryption. (Encryption will also slow down lower performance systems and ones with SandForce based SSDs.)

    Also if someone manages to hack into your Microsoft account and change the password then you could be locked out of your files.

    Not a good idea.

    1. Dave 126 Silver badge

      Re: Making data recovery difficult

      >Also if someone manages to hack into your Microsoft account and change the password then you could be locked out of your files.

      Could you provide more detail? I'd assume that the encrypted data on your local machine would keep the same key - the data would still be accessible if the machine owner had the encryption key, which is not the same as the MS Account login details.

      For the user to be locked out of their data, the data would have to re-encrypted.

    2. Anonymous Coward
      Anonymous Coward

      Re: Making data recovery difficult

      @Duncan: I'm wondering what the Hell lame processor running Windows 8 or higher that person is running. Even a slow Core2 Duo here sees only a few percentage points of a hit probably due to the fact that it's spending time twiddling bits waiting on the hard drive. [Probably time to redo that benchmark for SSDs.] True, that initial drive format is bit (okay, looonnnggg) wait....

      1. Tom 38

        Re: Making data recovery difficult

        Twiddling bits in the CPU is not the issue, it is that some flash memory controllers in older SSDs (notably older SandForce SF-2281) are dependent upon it being able to compress the content that is being sent to it to achieve high read/write speeds. Encrypted data should be largely indistinguishable from noise and thus be very poor to compress, resulting in a lower disk performance than if the content was being loaded in the clear.

        CPU speed doesn't come into it.

    3. Crazy Operations Guy

      "data recovery tools such as PhotoRec are likely to be useless."

      And that would be the point of cloud services. On Windows 8 and beyond, if you log in with a Microsoft Account, the default location to open and save files is reset to OneDrive rather than the Documents folder. While users should be doing regular backups for their data, OneDrive is a workable substitute for the average user.

      That seems to be what Microsoft is going for: build things to be sufficient for the vast majority of home users but allow people with other needs to add things in to supplement or replace the built-in stuff.

      1. James 51

        Re: "data recovery tools such as PhotoRec are likely to be useless."

        You can't replace one drive, it's baked in at an OS level. Best you can do is disable it till the next update turns it on again (much like Facebook's tweaks to privacy settings reset my privacy settings to flasher). In five or ten years hopefully the EU will smack them around again but till then we have to put up with this.

        I'm going to buy an SSD, stick ubuntu in it and see how long I can go before booting into the other (Win 7) drive.

  4. ckdizz

    Pretty amazing how they appear to believe that the user who actually knows what encryption is and has a need for it wouldn't be using encryption anyway.

    Most people don't keep data on their devices that needs to be encrypted. People who do keep data on their devices that needs an encryption solution don't need Microsoft's lite version because they've already sorted out better solutions.

    So Microsoft have gone to the trouble and expense of providing a feature that isn't needed by the majority of users, and isn't wanted by the minority who would need it. Which is my biggest issue with this: a company whose software runs on the majority of the world's computers who doesn't have a clue about their market or how it's segmented, and throws money and time into features most people don't need and then enables them by default.

    1. The Real SteveP

      "Most people don't keep data on their devices that needs to be encrypted."

      WOW! That's a pretty sweeping statement; and one that I believe is totally the reverse of reality!

      Most people don't realise that all the personal data that they DO keep on their devises SHOULD be encrypted but isn't, or that they should always protect their data from the bad guys!

    2. TeeCee Gold badge
      Meh

      Nice obfuscation of the neat bullet points in the article there!

      ....throws money and time into features most people don't need and then enables them by default.

      MS, Oracle, Adobe, IBM, Google, Mozilla........etc ad bloody nauseum are guilty of that one. I suspect that the idea here is twofold.

      First is that they think that if they add everything including the kitchen sink, they can please all the people all the time.

      Second it gives the development team something to do in the absence of any better ideas....

      1. Dave 126 Silver badge

        Okay, most people might have data that is potentially socially embarrassing - pictures from Bob's party that got out of hand, or a catty email about Aunt Clara. You don't want it made public, but no-one is going to any great lengths to get at it.

        A significant chunk of users are required by law to ensure the data on their machines is safe from 3rd parties, or else face fines. Y'know, professionals like doctors, researchers or lawyers - anyone who has information about other people, basically. Laptops do get left on trains and in pubs, or stolen from cars, so encryption that is safe from thieves and blackmailers is a must. To comply with the law they do not need to think about the resources of Nation State security agencies.

        Then you get people who have commercially sensitive information, trade secrets and the like, and are a real target for industrial espionage. In a larger organisation, these users will have their machines administered by professionals.

        Then you have journalists, civil rights activists and the like. Not only do they need the right hardware and software, but they need be educated and apply what they have learnt consistently. That's the hard bit.

        1. Tabor

          @Dave 126

          " You don't want it made public, but no-one is going to any great lengths to get at it."

          Have ever bought a hard drive from eBay ? Plug in, browse contents, ocassionally grin when naughty pics are found. No great lengths needed. At least in those cases Joe User will be better off with what MS is doing.

    3. David T-Rex

      My take on this is its better than nothing and if someone steals your hard disk they would not get access to the files - whereas if the hard disk was not encrypted in any way they would just need to plug it into another computer and everything would be available.

      So in a sense some encryption is better than none as they would need both your account details (or the key) plus physical access to the disk - without both they cant get at the data. I am happy to be corrected on this if I am not correct.

      1. tom dial Silver badge

        A case in point is the Clipper Chip of Infamy. After considerable push back about possible government abuse or loss of the escrowed key information (and finding of implementation flaws) it was discarded along with the very real privacy and security benefits that it would have offered in well over 99% of all cases. Even if the entire escrow database had been published the result would not be inferior to what we have, which is that most telephony is done in the clear. The same is true of the related Capstone, intended for use with communications other than telephony, although much of the benefit was recovered through use of SSL and TLS.

    4. Monkey Face

      RE: Most people don't keep data on their devices that needs to be encrypted

      I'm sorry but I'm calling out the statement "Most people don't keep data on their devices that needs to be encrypted" as utter horseshit.

      Most people keep all sorts of things on their computers that should be encrypted, bank statements, utility bills along with all sorts of other personal information in documents and things that have been emailed. Also things like family photos are something that I would not want someone getting hold of, simply because they could contain a lot of incidental information such as where expensive items in your house are. Your internet history can cause you problems ranging from someone discovering who you do online banking with to a range of other details that can be gleaned from what is now commonly referred to under the catch all term of "metadata" that our governments seem so keen to get hold of, but is of no real importance...

      I have always encrypted my machines, previously with TrueCrypt and more recently with Bitlocker, the storage of the recovery keys in OneDrive is not too much of an issue to me as if someone has my windows password and physical access to my machine then I have bigger problems. But as is pointed out in the article, you have the option to move it somewhere else or keep a hardcopy. Would I want my non-IT parents or family members doing that, no, simply then I would get a phone call asking me to fix their PC so it makes sense. Those who are more IT-savvy then yes, fill your boots.

      1. inmypjs Silver badge

        Re: RE: Most people don't keep data on their devices that needs to be encrypted

        "Most people keep all sorts of things on their computers that should be encrypted, bank statements, utility bills"

        You mean the sort of things they have been keeping on paper for decades and how many of them feel the need to keep bank statements or utility bills in a locked safe?

        For me the utility of being able to take a drive out of one computer and read it in another outweighs the benefit of drive encryption which doesn't really make a shit of difference until the computer or drive is stolen.

    5. ckdizz

      The responses to this are typical of a segment of IT professionals whose idea of what ordinary users want and do with their technology is way out of line with those ordinary users. And who, I strongly suspect, don't actually have much of an idea where data gets stolen from and how it gets stolen.

      Just to be clear, we're excluding businesses here and people who are required by law to maintain a level of security: doctors who use specialist patient management software, businesses who have secured databases of customer information, governments who use bespoke file management and email systems. These are obviously not the target of Microsoft's encryption, just in case you didn't understand the meaning of the phrase "People who do keep data on their devices that needs an encryption solution don't need Microsoft's lite version because they've already sorted out better solutions" and just in case you didn't realise how much of a blunt tool this is.

      Encryption != good by default. You would be hard pushed to find even 2% of ordinary, personal Windows users who understand what local drive encryption is, who would actually need it in their personal lives, and who could utilise it and maintain that level of encryption and security at the actual points of intrusion: iCloud, Facebook, OneDrive, Gmail. These are the users it's targeted at. All the local encryption in the world wouldn't help someone with a weak password or who falls victim to a vulnerability in someone else's service. And most leaks that involve personal information don't come from local devices.

  5. Timmy B

    Some simple improvements,,,,

    I like the idea of MS adding a far more in depth wizard on installation of Windows. A whole page on data sharing with pros and cons for each thing shared. In fact this is a must and I would suggest that they retro-fit it to Windows 10 a bit like the browser choice they had to before.

    As for drive encryption a section of a screen saying "Do you want to encrypt your drive? It'll make it more secure but a tiny bit slower and if you forget your password you could lose access to your files". And if they say yes then a bit that says "You will need a recovery file in case you forget your password - do you want to a: print it, b: save it to usb or c: store it on a Microsoft server".

    How easy would that be? In fact I don't see why they didn't do it. If you phrase something well then 99% of users can understand it. MS even have the resources to do a little explanatory video on all these things.

    Now I think about it - why not add in options for accepting updates or not - just give people the option and explain the consequences of not accepting them.

    I like Windows 10 - I really do - but a little spit and polish is needed.

    1. Trigonoceps occipitalis

      Re: Some simple improvements,,,,

      Clippy will help:

      "It looks like you are trying to lose your data - do you want help with that?"

  6. Anonymous Coward
    Anonymous Coward

    All your keys belong to China

    "If the Feds are in your threat model, shouldn't you try something a little stiffer than the default encryption tool?"

    Actually by taking the keys, Microsofts holds the keys, and others can get the keys. You mention Feds, but this also means that China can demand the keys from Microsoft.

    If Microsoft hadn't grabbed the key, then China would have nothing to require MS to hand over.

    Either way, since when has Microsoft unlocked your PC remotely for you when you forget the password??? I searched their Windows 10 help and it offers no such service!

    1. Anonymous Coward
      Anonymous Coward

      Re: All your keys belong to China

      "China can demand the keys"

      Well if you have the previous default installation then your drive is not encrypted so China does not need anything from Microsoft to access your data. The new arrangement means they need your machine and they need the recovery key from Microsoft. So it is not perfect security but it is an improvement.

      "I searched their Windows 10 help and it offers no such service!"

      It's not essential with an unencrypted drive, as forgetting your password does not stop you from recovering your data. An admin account can be used to modify permissions or you can boot the machine from another drive to recover the data.

      What this encryption does do is make it much more difficult for someone who recovers your hard drive from the garbage or finds your lost computer from accessing your data.

  7. Novex

    As kind of said in the article...

    ...the issues this highlights are of transparency and choice. Transparency is about letting us know that something is going to happen before it happens, and the choice is letting us choose from reasonable options what to do about the 'thing' being done, one of those options being to not allow the 'thing' to be done. It seems that Microsoft** thinks that it doesn't need to ask us what we want to do any more, and is going all Auntie* on us...

    *which basically means making decisions for us like we're children rather than treating us as independent adults who can make our own minds up, even if that means we might screw things up.

    **I have to declare a conflict of interest here - I now mostly use Linux Mint for regular stuff, so it's something of a non-issue for me. However, I do occasionally drop back to Win7 for less regular programs that don't have Linux equivalents.

  8. Alan Sharkey

    Are you sure it's the default?

    Are you sure this is on by default? I have had Windows 10 machines, removed the boot drive, stuck it in another PC and was able to read the data. So, where did the encryption come in?

    Alan

    1. Novex

      Re: Are you sure it's the default?

      I think the suggestion is it's only on by default if there is a TPM on the motherboard. It may be that many mobos don't have TPMs, so the encryption isn't enabled.

    2. Alan Sharkey

      Re: Are you sure it's the default?

      How does one check for a TPM?

      1. Norphy

        Re: Are you sure it's the default?

        Look in your device manager. If a TPM is present, there will be a device listed in there for it.

      2. Anonymous Coward
        Anonymous Coward

        Re: How does one check for a TPM?

        In some better class PCs I think there used to be a BIOS option to enable/disable the TPM. I haven't been close to a new PC for several years so don't know about current stuff.

      3. Adam 1

        Re: Are you sure it's the default?

        > How does one check for a TPM?

        Remove the HD, then set fire to the rest of the PC. Once extinguished, you can try to recover the files on another PC. If not, the melted mess of metals and silicon had a TPM module.

  9. Robert Helpmann??
    Childcatcher

    An Alternative Answer

    What if I'm using Windows 10 Pro or Enterprise?

    Either you are an admin and should be able to track this answer down yourself or you have no business making any changes in which case you should go back to looking at cat videos on company time.

  10. Mark 65

    Ignorance is bliss

    Fine. If you're a Windows Home user, click here, save a copy of the recovery key just in case, and then delete it from OneDrive. Microsoft promises to eventually scrub it from its cloud servers and backups.

    ...and naivety is costly. You dismiss the NSA question as tinfoil hat wearing buffoonery but, in the post Snowden revelation era where reality was worse than conspiracy, it is plain to see that this is MS yet again leaving the keys to your front door on their mantelpiece so the authorities can sweep them up. You think it matters whether they promise to eventually scrub them (time-frame anyone?)? Once they left your system and crossed the wire the game is over. It's true ignorance like this that makes the World a much less safer place and allows the idiocracy of modern politics to gain traction. Stop excusing this bullshit and call it for what it is.

    I eagerly await the first dismissal using the "nothing to hide" straw man.

    1. Roo
      Windows

      Re: Ignorance is bliss

      "I eagerly await the first dismissal using the "nothing to hide" straw man."

      In addition to the nothing to hide bollocks, there is a problem with the spooks & cops having back doors for everything and their usage without any kind of transparency is accepted (and lawful) practice. Essentially the press, a Judge, or a Jury are expected to trust such "covertly" obtained "evidence" without question, and the defendant is unable to challenge the evidence lawfully either so anyone can be locked up or libelled by some faceless apparatchik with zero opportunity for redress. It makes it far too easy to eliminate any challenges to a corrupt or unjust system. Systems that don't have any kind of negative feedback are almost always unstable and self-destructive, so It will end badly, it's just a matter of when not if.

      1. Dan 55 Silver badge

        Re: Ignorance is bliss

        Multiply that by four - the US, UK, China, and possibly France too appear to have claimed ownership to MS' servers wherever they are in the world.

        There'll be more countries to add to that list, I'm sure.

        So Windows 10's default of "upload everything" is the height of folly.

    2. tom dial Silver badge

      Re: Ignorance is bliss

      The real problem with "nothing to hide, nothing to fear" relative to their domestic, and even foreign, TLAs is that for the overwhelming majority, nearly all the time, it is a factually correct statement. While this statement varies in accuracy depending on the government under which one lives, even the most oppressive regimes have resource limitations that require them to manage surveillance and focus on those who appear likely to cause trouble, and rely on much more pervasive means of surveillance than mere access to storage encryption keys will provide. At bottom, though, most people go about their lives following governmentally and socially approved paths and do not have to be particularly concerned, on a personal basis, about vulnerability to law enforcement activity.

      That is not an argument against encrypting data to provide a degree of privacy and security, but surely it is unreasonable and simply incorrect to argue that Microsoft's storage of recovery keys reduces privacy security below what plain text storage provides.

      1. Anonymous Coward
        Anonymous Coward

        Re: resource limitations (vs proper supervision)

        "even the most oppressive regimes have resource limitations that require them to manage surveillance and focus on those who appear likely to cause trouble"

        Do you actually believe that farcical claim?

        You might want to read about Mark Kennedy, aka Mark Stone, an undercover cop who for multiple years was infiltrating a legitimate peaceful protest organisation.

        http://www.bbc.co.uk/news/uk-16842478

        He's far from the only example, just the best known.

        The idea that the security services "focus on those who appear likely to cause trouble" is farcical.

        Unless by "cause trouble" you don't mean "trouble for the public" you mean "trouble for the powers that be and their friends". In which case you might have a point.

        The establishment's solution to avoiding a repeat of cases like Kennedy/Stone is to put the Metropolitan Police in charge of supervising the whole country's undercover operations. Well that should work shouldn't it.

  11. chivo243 Silver badge

    Loaded guns

    I am starting to wonder if we need a Computer Operating License? A lot of things we do need a license/permit/permission. Driving a motor vehicle, getting married, owning a dog, putting a string in the water to catch a fish etc or building a garage in your backyard. The software today is sufficiently advanced, that only a small percentage of professionals know enough to operate it all properly.

    I read an earlier post talking about a configuration page defining what encryption is and why it's good. If implemented, I hope there is a "yes, I'm a n00b" button for skipping it. The amount of IT Knowledge in the universe is constant, but there are more and more users everyday.

    1. Destroy All Monsters Silver badge

      Re: Loaded guns

      Please explain how a "license" is supposed to fix anything.

      Maybe one needs a license to read books, because there is lots of dangerous and sexual stuff in there that could lead to emotional instability? Plus, it would bring in the monies and provide bureaucratic jobs.

      1. chivo243 Silver badge
        Happy

        Re: Loaded guns

        "Please explain how a "license" is supposed to fix anything.'

        Agreed totally. But some sort of introduction to a computer may help some people. We (commentards on El Reg) have all read/heard the horror stories of the cup holder cd optical drive, finding the any key etc

        Try driving and getting pulled over without a drivers license, with stringer full of fish without a fishing license, and a 6 point buck strapped to your truck without a hunting license or that .30/30 you just bought to kill the buck without a license.

        You need a license to get married, but you can have a kid out of wedlock or in it without a license...

        There are plenty of things you can do yourself without a license:

        Your own taxes

        Represent yourself in court

        Pull your own teeth

        Perform your own circumcision

        I was just pointing out the disparity in how we regulate our lives. So, I guess you're right, what does a stupid piece of paper really mean anyway?

    2. Dave 126 Silver badge

      Re: Loaded guns

      chivo243 has a point, if your replace Computer Operator Licence with Computer Proficiency Test, much like the Bicycle Proficiency Test some children take. It is not mandatory, but generally it's a good thing.

      Please do add ideas for included lessons below!

      - Back up on to multiple redundant drives / media

      - CAPS LOCK IS RARELY A GOOD IDEA

      etc

      Of course, my designer side feels that this could be made easier for inexperienced users, so:

      - Every computer should be sold with removable media of equal size to its HDD, unless the buyer signs the 'I know what I'm doing, seriously' release form.

      - Caps Lock should be placed by keyboard manufacturers in a different location, perhaps next to Esc.

    3. Danny 2

      Re: Loaded guns

      "I am starting to wonder if we need a Computer Operating License?"

      Oh, they have that. They used to dole them out on the New Deal, and the recipient doley considered it superior to Microsoft or Cisco accreditation.

      https://en.wikipedia.org/wiki/European_Computer_Driving_Licence

  12. Anonymous Coward
    Facepalm

    My gf is going to love this!

    "While you're logged into your machine, your data is decrypted and accessible. If someone steals your PC or tablet, and they don't know your password, they shouldn't be able to get at your files because they can't decrypt them."

    At this moment my Windows 7 PC has 3 main accounts: my own; passwordless and all, the 'root' account; renamed and password protected, and finally my girlfriends; she likes some kind of dynamic theme and different icons on the desktop. She doesn't use it often (when she's over she usually has her laptop with her and uses that) but even so...

    Am I right to assume that in a regular situation this would result in my gf getting stuck whenever she tries to log on? I'd say that's one more compelling reason to stick with Windows 7 for now.

    At the risk of bordering fanboyism but... If I want security then there's only one organization I'd put my trust in: The FreeBSD organization. It includes the best from Solaris (my all-time personally favored Unix environment), is run by a friendly, -mature- and reasonable organization and yah... It even supports using encrypted storage media.Of course without the quiet opt-out approach. And they don't want your keys either! :-)

    1. TheDarkFreak

      Re: My gf is going to love this!

      "Am I right to assume that in a regular situation this would result in my gf getting stuck whenever she tries to log on? I'd say that's one more compelling reason to stick with Windows 7 for now."

      No, that's incorrect. The boot-time encryption key is stored in the TPM of the computer, and is (pending hardware verification) automatically used upon starting the computer.

      The key that's stored on Microsoft's servers is the RECOVERY key, used for force-resetting the encryption key in the instance that the TPM's encryption key is cleared for some reason(such as the hardware in the PC changing in some defined manner, causing hardware verification to fail).

      It's also used when attempting to use Windows' boot-time startup diagnostics on an encrypted drive.

      It should not change the NORMAL operation of the computer, nor would it affect the ability of local user accounts to sign in.

  13. Anonymous Coward
    Anonymous Coward

    Promises...

    Microsoft promises ...

    That's really cracks me up. MS and "promises". It's hard to stop laughing...

    1. Roo
      Windows

      Re: Promises...

      "It's hard to stop laughing..."

      I started laughing at MS's promises when they announced "Cairo". :)

  14. MooJohn

    What if you don't use OneDrive?

    I know it's a foreign concept to Microsoft but I set up computers with only a local account. I have no need for their "cloud" services or their store. I still call them "programs" instead of "apps." Since they never mentioned that encryption would be on by default if a TPM was present, I would have no idea my files were inaccessible until something happened that rendered the OS unbootable. Instead of copying files & doing a re-install I'd be left with nothing.

    Like many of the issues with Windows 10, it would be less of a big deal if they would just TELL us what is being done instead of sneaking it in!

    1. Hellcat

      Re: What if you don't use OneDrive?

      If you don't have it setup with a MS account then it won't attempt to encrypt your drive. The number of questions Win10 has during setup is already pretty long if you don't choose express. Has anyone bothered to check through everything that's shown? Must admit I skimmed through most of the settings when I did my last install.

  15. Anonymous Coward
    Anonymous Coward

    DOS an enemy?

    Can someone ring up Microsoft Support pretending to be their someone else, telling them "my computer has been stolen and I'm worried about the sensitive information (personal pics) on it." to get them to change/remove the encryption key in OneDrive?

    If the computer syncs the updated/changed key from OneDrive onto the local system... that would DOS the encrypted data permanently wouldn't it?

  16. Alan Sharkey

    Mine isn't set

    I'm not sure it's on by default. My laptop (HP Spectre) has TPM enabled and available (I've just checked) and MS tells me (once I've logged on) that there are no bitlocker keys to download (from the lonk in the article).

  17. Anonymous Coward
    Anonymous Coward

    FBI asked for this backdoor in 2013

    Does this sound very familiar?

    https://redmondmag.com/articles/2013/09/13/encryption-backdoor-by-fbi.aspx?m=1

    "Peter Biddle, head engineer during BitLocker's creation, said he was approached by federal agents and asked to create a backdoor in Microsoft's encryption software to battle crime -- specifically child pornography."

    "While Biddle denies building in a backdoor, his team worked with the FBI to teach them how they could possibly retrieve data, including targeting the backup encryption keys of users.

    "As soon as we said that, the mood in the room changed dramatically," said the anonymous Microsoft engineer to Mashable. "They got really excited."

  18. Anonymous Coward
    Anonymous Coward

    Class action lawsuit

    Am I entitled to join one, even if my upgrade was free?

    FAQ question.

    1. tom dial Silver badge

      Re: Class action lawsuit

      Even in class action lawsuits there has to be a plausible* claim of actual damage. If I understand correctly, someone in physical possession of the computer (or its storage device) who also obtained the key (no matter the source) would be able to obtain the data. In other words, would be able to do exactly the same thing that could be done based on physical access of a computer with unencrypted storage.

      It's a bit hard to see the damage from Microsoft's possession of the key no matter how slack they might be about its security.

      * "Plausible" because meritless lawsuits are likely to be dismissed and can, although with considerable difficulty, come back and bite attorneys who bring them.

  19. HarryBl

    In the UK wouldn't encrypting a user's drive without their knowledge or permission be a criminal offence under the Computer Misuse Act 1990?

  20. Alan Sharkey

    Its not all Windows 10 machines.

    I've just read another report which suggest that brand new TPM enabled machines which are shipped with TPM enabled will have encryption on by default, but older machines, or ones upgraded from an earlier O/S will NOT be on by default.

    Which explains why mine isn't on.

    Alan

  21. Christian Berger

    This seems more like a "get the competition out" feature...

    ...than a security feature.

    I mean obviously if you can get that key back from Microsoft, it's very likely you'll be able to social engineer your way to it. So for the criminal wanting to steal your data that's not exactly much of a hurdle.

    However it's a big hurdle if you want to install another operating system in parallel. This system then won't be able to access your data as it cannot get to the key.

  22. Len Goddard

    Dual boot

    My system is a linux/windows dual boot, with some of the drives accessible from both OSs. Presumably this would fail if the windows involved were win 10 (not that that is going to happen in the forseeable future). Come to that, would linux partitioning tools screw the drive so that windows could not read the data either?

    TBH if this was announced and you had the option to enable it when installing or using a new machine for the first time then I would applaud MS for providing a potentially useful feature ... and then not use it. As it is, this is just another factor hastening my migration to an all-linux world.

    1. Dave 126 Silver badge

      Re: Dual boot

      See Alan Sharkey's post above.

      New machines shipped with Win10 only.

  23. MAH

    I had no idea Windows 10 was configured to do this and I am honestly a little pissed off. While I agree that encryption should be enabled on everything, they should be making clear how it works and where they are storing the keys., because nothing will be worse then trying to restore a system image to another machine after a crash or something to find out you can't because there was some encryption you never knew about configured.

    On a side note, this concerns me as well...

    Note: If someone else helped you set up your PC, the BitLocker keys you're looking for might be in their account.

    So whoever logs into the machine first owns the encryption on the device? that's just absolutely lovely. You have a home Pc with 3 logins and you have to go try and figure out who has the encryption key in their Microsoft account because you cant' remember who you setup first 2 years ago

    Strangely enough, it appears there is no TPM on my surface pro 3 tablet because I have no keys on my onedrive account

  24. Infernoz Bronze badge
    Big Brother

    IMO anyone logging in Windows 10 with a microsoft account gets what the deserve..

    ..their security raped. I have a non-main Windows 10 machine which I only set-up for and use with a local login, and have anything which looks like it can leak stuff to the net disabled.

  25. joed

    one key for all?

    one key for all?

    I remember the prompt when setting up my new (then) Windows 8 tablet. I surely dismissed it - both because I didn't like sharing it with MS and definitely had no intention to setup MS account to login to MY device.

    Now, what I don't understand is why the key is not used/associated only with the profile folder of the user that logs in with particular MS account.

  26. Anonymous Coward
    Anonymous Coward

    Which is Why...

    I simply run Linux on a fully encrypted drive and Windows 10 PRO via Virtualbox on an encrypted virtual disk within it. It works fine for my purposes. My only use whatsoever for Windows is Adobe Creative Cloud and it runs to my complete satisfaction on my i7 chip on a new machine -- something that certainly wasn't the case a few years ago.

    The idea that anyone would trust Microsoft for encryption is ludicrous.

  27. Henry Wertz 1 Gold badge

    A bit flippant....

    This seems a bit flippant to me, the "Oh, well, 'they' will have to physically get a hold of your computer anyway so who cares?" Yeah, by the same argument, why have disk encryption at all, since no-one can read your disk if they can't get a hold of it. Given this cryptosystem is fatally flawed (since it puts the decryption key "out there" somewhere...), honestly I'd probably prefer to run none and enjoy the extra battery life of not having to run useless crypto. As much as you dismiss the NSA, you do have agencies such as them and GCHQ who by all appearances have simply gone power-mad (the quantity of info they already get exceeds their ability to do even a cursory automated analysis, but they seek access to more and more info anyway). They view their goal as being to collect* as much info on as many people as possible, ignoring both the law (and constitution), right to privacy, and seeking to get backdoors put into cryptosystems just because (ignoring that increasing the attack surface of a cryptosystem makes it worse for everyone.)

    It's highly irresponsible at best for Microsoft to turn on full-disk crypto without notice, then send their crypto keys out without notice. Pray tell, if you've lost your Microsoft account password, how would you get into the Onedrive to get this key yourself? And if you can supposedly have Microsoft give you the key, how will they verify you are you and not some guy who just "found" your computer?

    How far Microsoft has fallen from a few years ago with the "Scroogled" campaign comparing how much more privacy-minded Microsoft's options were compared to Google's, compared to now where Win10 will keep dumping out info, and even have updates that keep re-enabling privacy-unfriendly options that the user or administrator has disabled.

    =============

    *I'm using the plain-English word "collect" here, where info is "collected" when it's thrown in some NSA database.... , not the NSA-speak word "collect".. they have told Congress they don't "collect" all sorts of info that they definitely do, because they redefine "collect" so info is not "collected" until a query displays it on someone's screen.

    1. Roo
      Windows

      Re: A bit flippant....

      "they have told Congress they don't "collect" all sorts of info that they definitely do, because they redefine "collect" so info is not "collected" until a query displays it on someone's screen."

      It's a pity the spooks are not subject to the same copyright legislation that everyone else is, it would be a LOL riot watching them explain to a Judge how copying stuff then not looking at it in return for money doesn't constitute copyright infringement.

  28. Henry Wertz 1 Gold badge

    Crypto from Linux

    "My system is a linux/windows dual boot, with some of the drives accessible from both OSs. Presumably this would fail if the windows involved were win 10 (not that that is going to happen in the forseeable future). Come to that, would linux partitioning tools screw the drive so that windows could not read the data either?"

    Can't speak for Windows in terms of being able to repartition (they love to use "magic" sectors, hidden files, and so on...)... but I think the principles are the same, see below.

    I just got a Chromebook13 (Nvidia TK1, quad-core ARM + decent GPU) that I set up to dual boot Ubuntu (ChromeOS on the internal flash, Ubuntu on an SDCard). I accidentally repartitioned the flash first; whether it would have screwed up the encrypted "vault"s on there or not, I don't know (I doubt it); the ChromeOS automatically decided something was screwy with the partition it wiped itself back to factory defaults (and then when I re-expanded the partition back to full size it did it again.) I would GUESS (as long as you don't trash the NTFS filesystem) that Windows, including the cryptosystem, would not care a bit if it's partition size changed.

    So, from Ubuntu, I mounted the largest volume on the flash drive and looked around. I went to the /home/chronos and it's empty, /home/user/ and it's got an empty directory with 40 character (0-9, a-f)... I found there's a /home/.shadow/ directory with same 40 character (0-9,a-f) directory in it (so you can't even get user names), under that under vault/user/ there are files and diectories all named like ECRYPTFS_FNEK_ENCRYPTED.(15 chars).(40 chars).(40 chars) (these are not hex, it's (0-9, a-z, A-Z) ). So, if I wanted to snoop, not only encrypted file contents, no useable file names either. I assume it'd be similar with Win10...either useless file names and contents, or "best" case useable file names but unreadable contents.

    For the record, I've looked into Chromebook key handling, and it's sensible; the disk crypto key is based on username, password, and TPM value (or a value from Scrypt library if you ha a non-TPM system.) This key is not stored or sent out anywhere! When you log in, the Google account password is not sent to Google, rather a hash value is sent. If you use the Chromebook to change your account password, it updates the on-disk crypto to use the new key (I assume having to reencrypt everything?) If you change your account password elsewhere, then log into the Chromebook, it logs into Google, then realizes the disk crypto key doesn't work; it gives you a chance to put in the older password. If you can't, it wipes the encrypted data and starts fresh with the new password (hased with username + TPM data).

    So yeah, accessing one of these Win10 accounts from Linux-side would fail. But it's not a Windows-specific fail, it's true with any encrypted disk system.

  29. Vance P. Frickey
    Big Brother

    WTG for a good article

    Congratulations for not dinging Microsoft for doing Windows users a solid. First. Win10, which made my quad-core Pentium sit up and do tricks, fast tricks. Now, they're taking all the incentive out of stealing laptops (or will once market saturation of Win 10 reaches a decent level). Another ten years of mitzvahs, and I MAY forgive them for pulling the rug out from under the huge body of Win XP users.

  30. Siriuss

    nothing really new...

    Google know the color of my underwear and a lot more, microsoft know just about everything else. There is just one good thing, I just don't care because i don't have anything to hide. We have another computer with linux on it when we need it.....

    If it wouldn't be for 1 piece of hardware that absolutely need windows to work I would be using linux since a long time ago ...

  31. JBowler

    You've convinced me!

    Ok, on a new machine with a TPM Windows Home will make your files unreadable without Microsoft's help. I thought every manufacturer did that? Nothing new there, except maybe MS did it right.

    So, if you want your files secure against your own government then you have to encrypt them, unless, of course, you are in the UK when, in fact, you aren't permitted to do that (i.e. if you do it then you will be sent to prison until you stop being antisocial).

    But in the US it's still easy, isn't it? You just encrypt the files. Your mysterious third party sponsor provides you with an encryption device and software to undo this when you need to access the files, and when you need to decrypt your emails to find out what your orders are, but that all just works.

    It's just a lot more difficult for the govmint; first you get the court order to have MS disclose your recovery key, then you discover that, you T-word you, you encrypted your data before having MS encrypt it again. So that's a delay of at least 30 minutes until the US govmint is in the same position as the UK govmint but without the option of sending you to prison for ever.

    Meanwhile I only want to know with regard to my Quicken file, but wait, that's already encrypted! Ok, not very well, gubfr thlf jbhyqa'g xabj rapelcgvba vs vg uvg gurz jvgu n qnzc purdhrobbx, but, I realize, it doesn't matter: you have to be the US govmint, you have to actually want to decrypt my Quicken file and you have to have the resources to do it (it's not quite as easy as the comment.)

    Gee. That would probably be the IRS, and they might then be motivated to explain how to fill in a US tax return. That would be worth the money.

    John Bowler

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like