Recently bought a Windows computer? Microsoft probably has your encryption key

Discussion in 'Technical' started by melbo, Jan 18, 2016.

  1. melbo

    melbo Hunter Gatherer Administrator Founding Member

    ONE OF THE EXCELLENT FEATURES of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key — which can be used to unlock your encrypted disk — to Microsoft’s servers, probably without your knowledge and without an option to opt out.

    During the “crypto wars” of the ’90s, the National Security Agency developed an encryption backdoor technology — endorsed and promoted by the Clinton administration — called the Clipper chip, which it hoped telecom companies would use to sell backdoored crypto phones. Essentially, every phone with a Clipper chip would come with an encryption key, but the government would also get a copy of that key — this is known as key escrow — with the promise to only use it in response to a valid warrant. But due to public outcry and the availability of encryption tools like PGP, which the government didn’t control, the Clipper chip program ceased to be relevant by 1996. (Today, most phone calls still aren’t encrypted. You can use the free, open source, backdoorless Signal app to make encrypted calls.)

    The fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts (you can skip to the bottom of this article to learn how) — something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud.

    -Micah Lee

    Read the rest: Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key
  2. runswithdogs

    runswithdogs Monkey+++

    Fat lotta good it would do them... I Killed 6 PC's in 11 years... They hate me.. One even committed suicide a week after I got it and set itself on fire.

    Macs for me now... at least they dont try to burn down the house....
    AD1, chelloveck and Motomom34 like this.
  3. oldawg

    oldawg Monkey+++

    [LMAO] DANG!! That's some SERIOUS overclocking !!
    Brokor and chelloveck like this.
  4. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    That's what happens when you use "Tinder" as your home page.....:rolleyes:
    Brokor, AD1 and chelloveck like this.
  5. runswithdogs

    runswithdogs Monkey+++

    I actually got banned from working as a cashier at one place i worked.. Not my department but somebody called in sick & they thought getting me to help out at the tills was a good idea...
    15 minutes in and my till went on strike, transferred to another..... after the 3rd one did the same they decided that may have been a mistake...
    They had to work with 2 tills for the rest of the day until they could get someone in to fix them all....:ROFLMAO::ROFLMAO::ROFLMAO:
    oldawg, kellory and chelloveck like this.
  6. DarkLight

    DarkLight Live Long and Prosper - On Hiatus

    One key here is that it cannot upload your encryption key if you do not use a Microsoft enabled/tied email address as your login. If you use a local account, it doesn't upload any key as the upload is tied to the OneDrive system. I've read a number of articles by folks who also post the "Don't install this update" lists, and they all say that it doesn't just upload to MS, it uploads to your OneDrive.

    That having been said, MS is doing a lot of hinky stuff outside of the encryption key business.

    I wonder if there would be a business model where you "pay" for an association with an entity which then allows you to install the Enterprise version of Windows 10. The "dues" would be the cost of the OS you are running plus a very nominal fee to cover annual bandwidth usage for updates. The reason this would matter is that the Enterprise version of Windows 10 has the ability to completely (so far) turn off all of the telemetry gathering as well as point to a WSUS update server that can further limit which updates get installed.

    It would give you the chance to turn off all the gathering and then update from a trusted source (gotta be able to be trusted) that wouldn't enable/install/push all the crap to your machine.

    @melbo - you think we could get set up to get an ELA with Microsoft? That's the only way to get Enterprise at this time. Bet quite a few people would take you up on it. I've got MSDN and TechNet both so I'm covered but I know a bunch of people aren't, and they aren't happy with being spied on either.
  7. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    I don't like even GPS knowing where I am.....:cautious:
  8. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Kell, GPS does NOT know where YOU ARE, It only knows where IT IS.... Now if you chose to keep GPS with YOU, that is A Personal Issue.....
    AD1 likes this.
  9. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    Two blonds are walking down the road. One finds a mirror and picks it up. "Looks familiar," she says. The second blond takes a look, and says " it's me silly!" "I thought she looked familiar...."

    For me to know what the GPS reports, it requires observation, therefore, it knows where I am.
    Last edited: Jan 18, 2016
  10. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Not sure. We run Enterprise level at work (and use all of MS one drive stuff too)
  11. ghrit

    ghrit Bad company Administrator Founding Member

    So leave it home. Therefore, it thinks it knows where you are. Or, get a unit that isn't your cell phone.
    BTPost likes this.
  12. VisuTrac

    VisuTrac Ваша мать носит военные ботинки Site Supporter+++

    Yep, mining BitCoin was a hardware killer!
  13. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    I do both. I have one (not my cell, I leave at home) and one that is my cell, that comes with think they are in cahoots?o_O:cautious:
  14. ghrit

    ghrit Bad company Administrator Founding Member

    No. However, your usual propensity for complete, highly detailed argumentative answers is notably missing at least half the story from post #9. o_O
    Brokor, stg58 and BTPost like this.
  15. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    Really? In what way?....:rolleyes:
  16. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    I have a GPS that reports where it is... Over my Network... It knows where IT is, to the nearest 10 Centimeter.... When I do Post-Processing of Field GPS Datapoint Work, I use that GPS's Data to correct my Field Data, and I get .25 Meter Resolution... I can access this GPS thru my VPN, from anywhere in the World... Therefore what I stated is true.... GPS only knows where IT IS, and it can only Report those Facts.... It has NO IDEA where I am, and doesn't really Care, either...
  17. kellory

    kellory An unemployed Jester, is nobody's fool. Banned

    Sometimes, you really have no sense of humor.....:rolleyes::p
  1. sec_monkey
  2. 3M-TA3
  3. Yard Dart
  4. Motomom34
  5. DarkLight
  6. Motomom34
  7. sec_monkey
  8. sec_monkey
  9. sec_monkey
  10. melbo
  11. sec_monkey
  12. sec_monkey
  13. sec_monkey
  14. Brokor
survivalmonkey SSL seal warrant canary