'Windows 10' Covertly Sends Your Disk-Encryption Keys to Microsoft

by Cory Doctorow

December 29, 2015
from BoingBoing Website

There's no way to turn off the "recovery" feature that sends your disk encryption keys to Microsoft by default, without notice - though you can (and should) ask Microsoft to forget the keys later.

The new disk encryption protocol in Windows 10 is in stark contrast with Microsoft's Bitlocker product, a hardcore, Fed-infuriating full-disk encryption system that allows you to decide whether or not to escrow your keys with Microsoft.

Windows 10 has many unprecedented anti-user features:

a remote kill-switch that lets it disable your hardware

key-logging and browser-history logging that, by default, sends it all to Microsoft

a deceptive "privacy mode" that continues to exfiltrate your data, even when you turn it on

As soon as your recovery key leaves your computer, you have no way of knowing its fate...

A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data.

Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it.

Return to Windows-Microsoft-Bill Gates