Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops
techcrunch.com944 points by bookofjoe a day ago
944 points by bookofjoe a day ago
FYI BitLocker is on by default in Windows 11. The defaults will also upload the BitLocker key to a Microsoft Account if available.
This is why the FBI can compel Microsoft to provide the keys. It's possible, perhaps even likely, that the suspect didn't even know they had an encrypted laptop. Journalists love the "Microsoft gave" framing because it makes Microsoft sound like they're handing these out because they like the cops, but that's not how it works. If your company has data that the police want and they can get a warrant, you have no choice but to give it to them.
This makes the privacy purists angry, but in my opinion it's the reasonable default for the average computer user. It protects their data in the event that someone steals the laptop, but still allows them to recover their own data later from the hard drive.
Any power users who prefer their own key management should follow the steps to enable Bitlocker without uploading keys to a connected Microsoft account.
> Any power users who prefer their own key management should follow the steps to enable Bitlocker without uploading keys to a connected Microsoft account.
Except the steps to to that are disable bitlocker, create a local user account (assuming you initially signed in with a Microsoft account because Ms now forces it on you for home editions of windows), delete your existing keys from OneDrive, then re-encrypt using your local account and make sure not to sign into your Microsoft account or link it to Windows again.
A much more sensible default would be to give the user a choice right from the beginning much like how Apple does it. When you go through set up assistant on mac, it doesn't assume you are an idiot and literally asks you up front "Do you want to store your recovery key in iCloud or not?"
> make sure not to sign into your Microsoft account or link it to Windows again
That's not so easy. Microsoft tries really hard to get you to use a Microsoft account. For example, logging into MS Teams will automatically link your local account with the Microsoft account, thus starting the automatic upload of all kinds of stuff unrelated to MS Teams.
In the past I also had Edge importing Firefox data (including stored passwords) without me agreeing to do so, and then uploading those into the Cloud.
Nowadays you just need to assume that all data on Windows computers is available to Microsoft; even if you temporarily find a way to keep your data out of their hands, an update will certainly change that.
Yes, they push the MS account stuff very hard. I've found Windows so actively hostile to the user that I basically only use Linux now.
I used to be a windows user, it has really devolved to the point where it's easier for me to use Linux (though I'm technical). I really feel for the people who aren't technical and are forced to endure the crap that windows pushes on users now.
> actively hostile
That’s the real problem MS has. It’s becoming a meme how bad the relationship between the user and windows is. It’s going to cause generational damage to their company just so they can put ads in the start menu.
It’s a pity for Apple that they keep making macOS worse with each major update. Modern Apple hardware running snow leopard would be a thing of beauty.
At this rate, my next laptop might end up being a framework running Linux.
I switched from Windows to Mac 15 years ago. It was a revelation when the terrible habits of verbally abusing my computer and anxiety saving files every 22 seconds just evaporated.
Those old habits have been creeping back lately through all the various *OS 26 updates. I too now have Linux on Framework. Not perfect, but so much better for my wellbeing.
Mine already is... it's so nice not to be disrespected every time I turn on my laptop.
I recommend it.
Buy a laptop with less problems on Linux if that's your intention.
What laptops would you recommend? I didn’t realise framework laptops struggled with Linux?
I bought and returned an AMD Framework. I knew what I was getting into, but the build quality + firmware quality were lacking, sleep was bad and I'm not new to fixing Linux sleep issues. Take a look at the Linux related support threads on their forum.
I've been using AMD EliteBooks, the firmware has Linux happy paths, the hardware is supported by the kernel and Modern Standby actually works well. Getting one with a QHD to UHD screen is mandatory, though, and I wouldn't buy a brand new model without confirming it has working hardware on linux-hardware.org.
If you look online, HP has a YouTube channel with instructional videos for replacing and repairing every part of their laptops. They are made to make memory, storage and WiFi/5G card replacements easy, parts are cheap and the after market for them is healthy.
I've also had good luck with their support, they literally overnight'd a new laptop with a return box for the broken one in a day.