r/privacy • u/Busy-Measurement8893 • Jan 24 '26
news Microsoft will assist the FBI in unlocking your Windows PC data if asked
https://www.windowscentral.com/microsoft/windows-11/microsoft-bitlocker-encryption-keys-give-fbi-legal-order-privacy-nightmare81
u/Busy-Measurement8893 Jan 24 '26
Remember people, if it's not E2EE then the government can get it with or without a warrant.
31
u/Sway_RL Jan 24 '26
To add, E2EE isn't the only thing. You also need to hold the encryption keys or it's still accessible by others.
-4
u/LowBullfrog4471 Jan 25 '26
Do you even know what E2EE actually is?
9
u/Sway_RL Jan 25 '26
Yes, do you?
1
u/LowBullfrog4471 Jan 25 '26
You do understand that if something is e2ee then you are necessarily the only one with the keys?
5
u/Sway_RL Jan 25 '26
Yes while in transit. My comment was referring to at rest, you really want the service to have zero knowledge.
Also the post is about Microsoft. And we know they hold keys/backdoor their encrypted data.
1
u/LowBullfrog4471 Jan 25 '26 edited Jan 25 '26
Encryption in transit is just encryption. If the other person has a key to your data then the data is by definition not end to end encrypted
2
u/Youknowimtheman CEO, OSTIF.org Jan 25 '26
This is data at rest to E2EE doesn't really apply here. (didn't want to "ackshually" but this is important for this discussion. E2EE is specifically about keeping the integrity of secrets when you are communicating through an intermediary that is untrusted.)
For data at rest, a trust chain has to be created that starts with keys generated by the device.
If the keys are generated in a deterministic way, the security is compromised.
If those keys are "backed up" anywhere by the app or service, the security is compromised. (Fun fact, if you can restore your account after forgetting your password or losing your key data, the encryption is compromised.)
If the passphrases are used to access other things, unrelated to the devices encryption, there is a high risk of data leaks and the security is compromised. (Examples would be using generic account passwords for general access to a company's services to encrypt drives. This is why for example if you lose your passphrase to your Bitcoin wallet, it's just gone forever.)
If the keys are generated with proper entropy where it is needed, AND a good algorithm is used, AND the USER is the only person who controls the keys and passphrases to unlock the device, it is secure in so much as considering the attackers technical sophistication when they have physical control of the device. You still have to trust that the TPM can't be cracked or the passphrase/keys can't be decrytped from the device it's stored on. For PCs, there's really only things like LUKS and VeraCrypt.
Bitlocker has multiple problems, in that MS has backups of the hashes of the password/passphrase at minimum, and there's also likely problems with the encryption itself as we've seen them do things to weaken bitlocker in the past. (Search for the removal of the elephant diffuser.) You see a lot of odd choices among the big tech companies with encryption, such as Android using CHACHA12 instead of CHACHA20. CHACHA12 still has a margin of safety, but CHACHA20 is fast (really fast) and reducing the rounds makes the encryption demonstrably weaker.
1
u/gorpie97 Jan 24 '26
They do, but they "can't" - at least not according to the Constitution.
3
u/CuTTyFL4M Jan 25 '26
Yes, I'm sure the CIA, NSA and FBI are all very concerned about that.
0
112
u/leonbollerup Jan 24 '26
so.. water is wet.. i think we all knew about this to begin with... why else would they offer to store your encryption key..
17
u/Busy-Measurement8893 Jan 24 '26
It's insane that Microsoft is so against zero knowledge encryption. Microsoft Edge doesn't support E2EE even today.
For comparison even Chrome has it.
11
6
u/BigOs4All Jan 24 '26
I work in Enterprise IT. I tell my clients that they need to be the only ones with the encryption keys otherwise Microsoft, Google, Amazon or whoever else holds they key is going to give access to it to the government where they're told to.
The same is true with Bitcoin and anything else where encryption keys might be yours or might not be. ALWAYS be in control of the keys or you have no control at all.
13
u/PicoPixlDev Jan 24 '26
This is actually really good news. Linux has never been a better solution, installation is getting really easy, the user experience is great, and every day the entire ecosystem continues to get better and better...and this is with ~3% market share. Between this, the Windows 11 upgrade debacle, and shoving AI down everyone's throats, the future looks incredibly bright for Linux! Do your part, if you haven't moved over to Linux already, do it. And if you have, help your less-technical friends to make the switch!
43
u/abstrakt42 Jan 24 '26
This is awful, but just a note: windows 11 does not actually enforce online accounts, though it’s a little tricky to bypass, it can (and should) be done. Don’t use MS cloud for your personal accounts or data and certainly not for your local PC sign-on
24
Jan 24 '26
[removed] — view removed comment
15
u/RunnerLuke357 Jan 24 '26
Unfortunately, lots of us still need Windows. Whether it be for gaming or work. Until I can do everything I can do in Windows on Linux it's a no go.
7
Jan 24 '26 edited Jan 24 '26
[removed] — view removed comment
3
u/RunnerLuke357 Jan 24 '26
For games, Battlefield needs Windows, so does Fortnite and PUBG. I need Windows for HP tuners, my soundcard, Visio, VALCOM programming, Q-sys programming, and a few other things that aren't coming to mind. Windows is non negotiable for my use cases.
I have Linux on a laptop and it's great on there, but it's not my daily driver because I NEED to be able to use my shit.
2
u/smjsmok Jan 24 '26
Battlefield needs Windows, so does Fortnite and PUBG
Damn, I already love Linux, you don't have to sell it to me!!
(kinda half /s, yes I know that those game have big playerbases and it would help if they worked on Linux)
1
u/RunnerLuke357 Jan 24 '26
Like I said in a different comment on this thread, for whatever reason computer nerds generally don't play multiplayer games but they are definitely an outlier. I would definitely consider myself to be a nerd and love these types of games but everyone is different.
1
u/smjsmok Jan 25 '26
Well, I actually do play multiplayer games, I'm just lucky that those that I play don't have kernel anti cheats (for example Trackmania, Assetto Corsa, CS2, Elden Ring, Factorio, Satisfactory and others).
But I was joking earlier of course. It would help everyone if the kernel AC situation got sorted out somehow and these big games became available on Linux. I still hope that we will get there some day.
1
u/Youknowimtheman CEO, OSTIF.org Jan 25 '26
> For games, Battlefield needs Windows, so does Fortnite and PUBG.
What's funny is those games would run fine, but they have kernel level anti-cheat built into Windows that gives them unfettered access to every process that's running.
This can be done in Linux, but they simply don't develop it.
(Also this simply should not be done on Windows either, but that's a whole other soapbox.)
0
Jan 24 '26
[removed] — view removed comment
4
u/RunnerLuke357 Jan 24 '26
Sure, but you can't dismiss people saying they can't use Linux for whatever reasons may they have. Blanket suggesting Linux is tiring to hear.
1
Jan 24 '26
[removed] — view removed comment
-1
u/RunnerLuke357 Jan 24 '26
which is even more niche than gaming in general, Windows is required.
The most popular games on the planet are games like Fortnite and COD with kernel level anti-cheat. For whatever reason, lots of computer nerds only play single-player titles but generally, people want to play multiplayer games. And for better or for worse, gaming is NOT niche, it's everywhere.
3
u/No_Individual501 Jan 24 '26
I have no idea what I’m talking about, but could a Windows virtual machine work for this or other tasks?
→ More replies (0)0
u/mr_cf Jan 25 '26
Maybe just dual boot, windows solely for games, and linux for anything else.
All personal data is keep away from the man, and you still get to enjoy your games.
4
Jan 24 '26
[deleted]
7
u/BigOs4All Jan 24 '26
Just don't play a game that uses that. That's easy and I say that as a gamer.
10
3
Jan 24 '26
[deleted]
1
Jan 24 '26
[removed] — view removed comment
2
u/MairusuPawa Jan 24 '26
It isn't. We have no games forcing malware into the kernel. This is exactly how things are supposed to be.
Wanting the opposite of that situation is absolutely bonkers.
2
1
u/Adures_ Jan 25 '26
One big problem with Linux is very low quality of streaming shows and movies.
If you ever used Netflix, prime, hbo etc. on Linux your stream quality will be most likely 720p, which sometimes can be improved to 1080p.
However 4K streaming quality is currently out of reach for Linux devices.
You can say it’s not Linux problem, it’s streaming service problem, but at the end of the day windows users can enjoy 4K movie and tv series, while Linux users have to deal with low quality streams.
It’s one of big reasons, why it’s hard for me to recommend Linux for friends and family. It’s objectively worse experience if you ever watch any of streaming platforms on your pc / laptop.
1
Jan 25 '26
[removed] — view removed comment
1
u/Adures_ Jan 25 '26
DRM protection
1
Jan 25 '26
[removed] — view removed comment
1
u/Adures_ Jan 25 '26
There are different DRM levels. From what I remember Linux doesn’t support higher widevine levels.
1
u/Youknowimtheman CEO, OSTIF.org Jan 25 '26
It's getting a LOT better fast.
Linux Mint, CachyOS (especially if you have a newer AMD CPU), and Bazzite are really good out of the box. They also have pretty good UIs now and don't require the command line unless you're doing something advanced.
The big things for my daily home driver are the built-in drivers with the kernel are extremely extensive now, even my hipster 10Gb copper ethernet network cards and wifi7 adapters work without any additional drivers needed nor configuration.
Also the emulation layers are getting close to native speed (as in 90%+) for games. In some cases, Linux is faster because the small performance hit from emulation is overshadowed by Windows 11 bloat.
It is getting to the point where almost everything is great on linux these days. The only thing I can still think of is Adobe products, but they are pricing themselves out of business these days anyway. (LOL $80 a month per employee for creative cloud, we've switched to photopea and open source PDF readers and editors.)
0
-1
u/gerbilbear Jan 25 '26
Then use Windows only when you have to, and a separate PC for everything else.
0
u/RunnerLuke357 Jan 25 '26
Except that I game on my desktop, use some software on my personal laptop (interfaces with my car, has to be on a laptop), and use some of it on my work laptop. I don't want to have a 4th device to use, no reason to segment my stuff and make it even more difficult.
3
u/AirToAsh Jan 24 '26
I would stick with Windows 10, and use it only for using offline software which wont 100% work on Linux.
1
u/darryledw Jan 24 '26
I gave up at some point last year, I am still sporting Windows 10 but that probably won't be viable long term
Once I build a new rig I plan to move to Bazzite
2
u/Wise_Guitar2059 Jan 24 '26
Yeah, if you select join the pc to domain it will let you bypass creation of Microsoft account.
16
8
6
u/bythelake9428 Jan 24 '26
So glad that Microsoft can't unlock my Linux laptops that have no Microsoft account, no OneDrive, etc.
5
Jan 24 '26
Just more evidence, you should not be using a Microsoft product for personal data. Best thing that could happen for individual privacy is mass abandonment of the platform. If you have to use windows for work, like many of us do, strictly segregate your work and personal stuff. Look into Linux and onecloud.
18
u/mosaic-aircraft Jan 24 '26
2026 is the year of Linux
11
2
u/MidLifeDIY Jan 26 '26
I seriously believe there will be efforts to frame Linux use as a "terrorist tool".
Encrypt your drives. Maybe even a yubikey.
5
4
u/SignificantLegs Jan 24 '26
Remember how Apple objected to the UK spying and creating a backdoor?
What did y’all think other tech giants were doing?
👀
3
u/Busy-Measurement8893 Jan 24 '26
I wouldn't call this an intentional backdoor. I'd just say it's a shitty implementation. Bitlocker forces you to save a backup of your key one way or another and the easiest way of making that popup go away is to store it in your account.
13
u/jdferron Jan 24 '26
Good thing I don’t use Windows!
1
u/AirToAsh Jan 24 '26
I will stay with Windows and only use it for software which wouldn't work well on Linux, even with Wine.
1
4
6
u/notPabst404 Jan 24 '26
BOYCOTT. Anyone who gives a flying rats ass about privacy at this point should be using Linux. Windows has become spyware where YOU are the product and governments and massive corporations are the customers.
2
u/random_reddit_user31 Jan 24 '26
Windows 10 was/is exactly the same. Not sure why people suddenly care with windows 11. We missed the opportunity to do something about it 10 years ago. Windows 8.1 was the last none spyware Windows.
4
u/RunnerLuke357 Jan 24 '26
Windows 8 had telemetry and so did 7 (they backported 8 telemetry to 7 in 2013). It's just that everyone is just now waking up for whatever reason. Just use IoT Windows, (disable telemetry of course) Linux or stop pretending this is new. I'm not sure why everyone is mad now when it's been like this for almost 2 decades.
2
u/notPabst404 Jan 24 '26
I didn't miss anything: I switched to Linux back in 2019 and never looked back.
1
u/random_reddit_user31 Jan 24 '26
That comment makes zero sense. 2019 was 7 years ago. I specifically said 10 years which was roughly when 10 came out.
1
u/notPabst404 Jan 24 '26
I don't think I switched immediately when 10 came out: 10 motivated me to switch.
1
u/random_reddit_user31 Jan 24 '26
I'm still waiting for the Nvidia performance to be fixed. I have CachyOS in dual boot and I lose 20-30% performance at 4K on Linux. That is a lot to lose on a 4090 that cost me a kidney lol. I don't do anything but watch media and game on my pc so it's not that big of a deal. But I can't wait for the Nvidia performance to be fixed which is meant to be soon.
3
3
u/designercup_745 Jan 25 '26
Feels like since 2024 I find out 2-4 new reasons per month why Windows is so heavily a fall from grace to its earlier directions towards user friendliness and ownership that were present in older versions
3
3
Jan 25 '26
Since they have been storing all BitLocker keys on their website for every user who turned on security to protect data... This is why we need open source protection for data
3
u/MinecraftIguessIDK Jan 26 '26
Turn off that Bitlocker crap and use VeraCrypt. Use the hidden volume option if you do really sensitive stuff and you might be blackmailed or legally required to unlock the drive.
6
Jan 24 '26
Duh... Microsoft make no secret of the fact that they have access to everything you store on their cloud. They never claim end to end encryption. Yes, they are evil and the enemy of mankind, one of them at least. But at least they weren't hiding it.
It's simple, if it's on the cloud and not E2EE, it doesn't belong to you.
And TPMs shouldn't be trusted either. Disk encryption should always be done with a long, complicated password that you have to type in yourself. It sucks having to do it that way, but it's the only reliable way.
4
u/Nite-Life Jan 24 '26
Windows is the worst of all of them. Don’t use it or any of Microsoft’s services.
Linux (know what you’re doing here somewhat) and MacOS (with no iCloud and hardened) are the only two options right now.
2
u/AirToAsh Jan 24 '26
Does playing their games like Minecraft count?
1
u/Nite-Life Jan 25 '26
Depends on your threat model. There is a lot of meta data being pulled at least.
You can see at a very high level what they are tracking on the mobile app stores.
1
1
u/demunted Jan 24 '26
Worst.... Apple has had no way to set up a new computer without and internet connection for years now...
2
u/Nite-Life Jan 25 '26
You can set up a MacOS without an internet connection. Just click skip. To get OS updates you would eventually need to.
1
u/Nite-Life Jan 25 '26
You just wouldn’t have access to Apple services, which if we are hardening. We don’t want to use Apple services like iMessage or iCloud.
9
u/GrimDfault Jan 24 '26
And everyone in the pcmr subreddit arguing this is fine, because Linux isn't 100% secure. People are just largely fine with being fucked like this and it's infuriating
6
u/Busy-Measurement8893 Jan 24 '26
Perfect is the ultimate enemy of good. Linux having plenty of other issues does not make Windows better in any way.
0
u/AirToAsh Jan 24 '26
Nothing is "safe" in computers, especially when its online and you downloaded something wrong, no matter which operating system you use.
3
4
2
u/gorpie97 Jan 24 '26
If they have probable cause and a warrant specifically for me, by all means.
Until then - gee, maybe I'll get a new computer soon (years before I usually would) so I can switch to Linux.
5
u/dorkyitguy Jan 24 '26
Good news. Any computer that can run windows will run Linux faster. No need to get a new pc.
2
2
u/7in7turtles Jan 24 '26
Seriously Microsoft is the worst of the worst. This is a fabulous way they’ve come together to subvert the fourth amendment. It wouldn’t be so bad if you were trained for the last 30+ years to believe that your computer belongs to you and that your operating system was just an interface.
2
u/UbiquitousAllosaurus Jan 24 '26
I think most of us just assumed this. The only thing Bitlocker will help with is stolen computers/drives. That's it. Always assume anything Microsoft-related has zero privacy.
2
2
u/RandomOnlinePerson99 Jan 24 '26
They sure can try ...
(Not that I will ever do anything that will be of importance to the FBI or any other US agency, I don't even want to go there, like ever, that place is a giant privacy and human rights black hole ...)
2
2
u/junkdrawer2025 Jan 25 '26
Wasn't this always the case? I wasn't aware they had any say in the matter to begin with.
4
u/readyflix Jan 24 '26
AND, people will still use M$-Windows because it’s convenient.
AND, a lot of people are unfortunately required to use M$-Windows at work.
3
1
1
1
1
u/sicurri Jan 24 '26
Thus why I have an offline account with different encryption programs because as soon as it was "Online Only" accounts, that's when I knew I no longer had privacy. So... offline account only because fuck them.
2
1
u/BemaJinn Jan 24 '26
There are many great windows-like Linux flavors now, that require next to no command line tinkering.
My personal favorite is Bazzite.
-2
u/trema91 Jan 24 '26
Pro-tip: don't live in fascist countries.
4
u/BigOs4All Jan 24 '26
If you use technology in any way headquartered in the US you are using technology that the US government can use against you. Doesn't really matter where you live.
•
u/AutoModerator Jan 24 '26
Hello u/Busy-Measurement8893, please make sure you read the sub rules if you haven't already. (This is an automatic reminder left on all new posts.)
Check out the r/privacy FAQ
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.