Windows 10 covertly sends your disk-encryption keys to Microsoft


[Read the post]


What could possibly go wrong? Isn’t there enough trust lost with your international customers since the PRISM leak? Apparently you don’t need those sweet euro-dollars…


You know when they said, “Windows 10 is the last version of Windows you will ever need”? I think they were correct. I’ll hunker down in the Windows’ 7 hole for a bit and keep casting increasingly desperate glances at Linux.


Dammit, I was just considering switching to 10 before they disable my Minecraft, only to see this. Don’t I recall Microsoft saying, “Don’t worry, nothing bad could happen!”


It looks like this is part of MS’ attempt to maintain differentiation between Windows Pro/enterprise SKUs and the practically-giving-it-away home versions without getting hammered by a bunch of ugly little stories about how much less secure than ipads all those little win tablets are.

So far as anyone knows, bitlocker, the version that ships with versions of Windows that Microsoft actually wants you to buy, doesn’t move encryption keys anywhere without being specifically ordered to; can be used without any ‘microsoft account’ nonsense, and so on.

The flavor that ships with Windows Peon Edition is architecturally bitlocker, nothing to gain by reinventing the wheel; but you cannot even turn it on without logging in with a ‘microsoft account’ rather than a local user account, and the keys are automatically exfiltrated for your convenience, customer.

Cynical; but pragmatic on their part. They can both claim ‘customer demand/user experience’ as a reason for storing those key backups(and, in fairness, they probably aren’t lying; lots of users are very, very, surprised when they run into ‘no, we actually can’t just reset your password and make it all better, period.’ for the first time); and gimp their crypto features such that no pro/enterprise user will be able to touch the cheaper versions.


Its not funny because it is true :’(


So you have to 1. Enable this, 2. Log into your microsoft account to use it. So splain to me how this affects someone who does neither?
Like the the other things Cory mentioned it does not have to be enabled and requires sign in to microsoft services (and because they put all the EULA language for their services in with the OS EULA everyone thinks they are one and the same).
And considering they may well have had plenty of people who bitlockered themselves out I kinda don’t blame them for trying this.
What to other full disk encryption utilities do with their keys if you have an account with them? I honestly dunno. Only my work machine has full encryption and that has an automatic login or something. Nobody gets the password/key for it. I think maybe the helpdesk folk can look it up but we get given the thing already encrypted and never a password for it.


It sounds cynical, but I think this is spot on – I recently tried activating an OEM Office 2016 license on a Dell PC, but there was a glitch between Dell & MSFT. When I mentioned to the rep that it’s silly to tie these licenses to a Microsoft account the reason he promptly told me was “Users kept losing their license keys, so they did this to help users keep track of them”


Yeah this. Like I said in another thread Cory was saying how sysadmins were like parents and I said no. There are real reasons we do things like lock users out having admin rights on the pcs like no matter how much you educate them one will try and click the attachment, install the tool bar, etc which will then get loose in the enterprise and we have to fix that.
Basically you can’t fix stupid and having it tied to the MSFT services account probably is the best way they can mitigate the stupid.


The main issue(though I don’t remember it being a surprise: the Win10 UI won’t even let you turn it on if you clicked past the “Hey, login with The Cloud Because Reasons!!!” startup screen and insisted on an oh-so-last-year local acount); is that the non-pro version of Win10 have no non-‘escrowed’ disk encryption available, despite ‘bitlocker’ being technologically present.

Given that non-pro versions historically had nothing this may or may not be considered an improvement; but it is worth knowing: Microsoft will not allow you to use disk encryption, without grabbing a copy of your keys, unless you buy one of the Pro/enterprise SKUs. If you don’t do that, you cannot use the feature at all without logging in with a microsoft account, rather than a local one; and your keys will leave the system, without any particular assurance that ‘delete’ means ‘really delete’.


Well considering I don’t keep anything I want/need encrypted locally on my machine and would rather use other options for encryption.
But having had to deal with the stupid of userland for over 20 years now… I have trouble seeing what they are doing as specifically evil over how do we keep from having to tell them sorry it is all gone because you were an idiot… A LOT. Probably not the best solution but I can understand why they want to do it that way.


This is the paradigmatic conflict between administrating systems and consumerism. Anybody with personal/household/portable computers is actually a sysadmin, regardless of their degree of competence. People learn through failure. It’s not as if I haven’t learned by breaking my own installs, or getting locked out of my own boxes. Saying “It’s OK, you don’t need to learn” makes the marketplace only more foolish. If some people are resolved to never learn, then perhaps computers aren’t for them.

Having a culture based upon exploiting stupid doesn’t help, since it appears to reward stupid, this leaves few people interested in fixing the underlying cognitive problems.

But is that really a bad thing? Without getting so personal about it, at least. People being responsible for their systems seems to be preferable to vendor-as-babysitter.


This. This is why I use TAILS ( and PGP.


I have a weedy 128gig SSD drive for my C Drive and a couple of terabyte drives for storage. MS “preloaded” Windows 10 on to my C Drive; taking up the last 6gig of free space. This stopped me updating ARMA 3, the whole reason why I bought my computer.

I thought, that’s okay, I can move the Windows 10 files to one of my storage drives and leave it in a cold dark corner somewhere. I can then put a symbolic link on the C Drive to prevent MS from feeling the need to re-preload those pesky files. Unfortunately, despite having admin rights on my own computer, MS denies me the authority to move those files. Fecking tossers.


Can you boot to linux, mount the disk, and move the files that way?


Astonishingly, I’ve not got Linux yet :smiley: But that sounds like a plan.


There are live distros out there that you can boot from a USB disk. I used to rely on Knoppix, But you can likely get something smaller and more agile.

With something small enough to not waste much space, and a cellphone that can expose its SD card as a USB mass storage, there’s even a chance of carrying a live CD always with you.


The only reason I would build a Windows machine nowadays is for game playing. Considering that most of my games can run quite happily under Windows 7, I see no reason to go to Windows 10.


I’m already engaged in full binary computing practices. Anything important I run on Linux with SELinux set up properly. If it’s school or business related, I’ll use Windows 10. If people want to steal my homework, they’re welcome to it. I’m not sure how much I should be protecting my search history, but I’ve defaulted to “I don’t care… for now.”

But as @TobinL points out, I think there’s a benevolent seed in the idea. I don’t think it’s immediately insidious, but this is what happens when we don’t successfully defang the corrupt national security apparatus: We are forced to default to paranoia, because it’s the only substitute for real accountability.



Pervasive device encryption has been a feature of Windows since Windows 8.1 was released in 2013. I wrote about it in a blog post and paper, Windows 8.1 - Security Improvements, and even tried to get some reporters interested, but no one seemed to think it was an issue.