Microsoft Has Your Encryption Key If You Use Windows 10

An anonymous reader writes with this bit of news from the Intercept. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers. From the article: "The fact that new Windows devices require users to backup their recovery key on Microsoft's servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they've already uploaded it to the cloud.....As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, 'Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'"

Can a corporate security officer comment

[RichMan]

I would like to know the opinion of large public corporations security officer on this feature of windows.

Re:Can a corporate security officer comment

I know the opinion of a couple of high security smaller companies, only 20,000 to 60,000 employees... they both say, "holy shit no. Windows 10 is not even being considered for corporate deployment"

speaking anon to not get in trouble with them.

Re:Can a corporate security officer comment

Large public corporations are going to be logging in using Active Directory credentials, not their Microsoft accounts. The article summary (which may be wrong, because they usually are) states that this behavior only happens when logging in with a Microsoft account.

Re:Can a corporate security officer comment

CISO here, we haven't made the jump to 10 yet (85% of our workforce is on 7 with some 8.1 here and there), things like this are kinda non starters for us for any employee who even remotely has a chance at accessing PII or confidential information. It's not that I think Microsoft would act maliciously, but it would violate a ton of compliance documentation that we have, requiring re-audits of our policies and procedures. Hopefully this is one of those features Microsoft will allow you to turn off in the Enterprise SKU. We're honestly watching Windows 10 very closely, it has a lot of really nice improvements on the security front. But things like this, and the giant sweeping updates like the November update, make it very hard. Microsoft is trying to move closer to the Apple model, but the Apple model is a big departure for anyone who knows the pains of PCI, HIPAA, or SOC2 compliance.

Re:Can a corporate security officer comment

[JeffSh]

that is a totally out of context comment from an anonymous poster.

large corporate entities will not deploy windows 10 for years anyway due to incompatible or uncertified line of business software platforms. it has nothing to do with this particular feature.

moreover, this has to do with logging into your microsoft.com account, nothing to do with windows 10 pro joined to a domain.

Re: Can a corporate security officer comment

[Billly+Gates]

Windows 10 enterprise doesn't have spyware. Only the home and professional versions do so the point is mute. Great way too to enforce companies buy an expensive corporate blanket and not save with the pro version

Re:Can a corporate security officer comment

You're posting anonymously because you're a liar trying to make a point, without losing precious karma off his main account in the process.

So it's this version of Windows that your non-existent companies finally decided they weren't going to "consider for corporate deployment," eh? What _are_ they deploying corporately, then, seeing as how we're speaking off the record and all? If they're not going with the industry standard, what are they going with? Surely such insider knowledge would be of immense use to everyone trying to secure their systems, not just a karma whore like you.

Re:Can a corporate security officer comment

[silas_moeckel]

Things like this do not affect the corp version at all. It's specific to people using MS not corp AD servers. We have had key escrow as an optional part of AD for a long time at least in relation to drive/file encryption.

Re: Can a corporate security officer comment

The point is moot not mute.

Re:Can a corporate security officer comment

We're moving to TempleOS, not that it's any of your business.

Re:Can a corporate security officer comment

[Anonymous+Brave+Guy]

It's certainly possible that you're right, but equally if the GP poster really does have insider knowledge and really does want to speak without betraying a confidence then surely they really would post anonymously.

In any case, I can tell you the answer to your follow-up questions for at least some small to medium-sized companies I work with: Windows 10's biggest competition is probably Windows 7, which is what the majority of these organisations are already running as their standard desktop.

The difficulty Microsoft has with these customers is that Windows 10 doesn't have a lot of big selling points. I watched and listened to some of the early promotional material, and the loudest message I heard was "it's not Windows 8". Obviously to business customers who standardised on Windows 7 anyway, that's not exactly a good reason to undertake an inevitably expensive and disruptive migration to a new OS.

Re:Can a corporate security officer comment

[Opportunist]

Win10 is not even on the table. Far from it. And as long as there is support for Windows 8, it will not become an issue.

Seriously, most companies I deal with still use Win7. And they will do so until the final moment of its support.

Re:Can a corporate security officer comment

[armanox]

Actually, considering the way the industry has been going the past several versions of Windows, is this very surprising? XP still persists in a lot of organizations (sadly). Most places didn't deploy Vista, they waited until 7. And most places are still on 7, out of dissatisfaction with later releases (which also makes Windows 7 the standard, not Windows 10)

Re:Can a corporate security officer comment

TL;DR: It's horrible, but there are few options.

Microsoft makes the best development tools around and hence garners the most developers - making business software cheap on the labor side in exchange for higher software costs (ultimately the software costs are tiny compared to the burden of finding and keeping good labor.) The move to get everyone on Windows 10 is a move toward the cloud, this can be seen in all their product lines. Once people are on the cloud they can see what people are doing and start rolling out generic products to grab market share horizontally. In the meantime they will continue raising the costs of in-house software (moving up the end-of-life date for non-cloud products, changing licensing to be per-core-processing-power as opposed to per-machine, per-user or even per-core) and making it cheaper to work in the cloud.

The code.org/summer-of-code and similar fits of nonsense failed because there are only so many people that can write software competently, that makes the cost of labor very high compared to other fields. They want to reduce the number of programmers required to complete a task because then competition will drive salaries down and save money. The end-game appears to be a monopoly on all computing tasks. Google and others appear to be pushing in a similar manner (they actually "predicted" that in about a decade programmers will be largely obsolete with machine-written software filling pretty much every niche.)

The alternative is basically Linux - which still requires a huge learning curve for the average user with sub-par product suites AND hardware costs that can
t compete with cloud-based packages (at least not until a critical mass of end-users have switched to the cloud and they can jack up rates.) Security is hardly even a concern on anyone's mind because everyone benefits from indemnification by saying "our data is hosted by Microsoft" as opposed to "our data is hosted in our rack secured by this weird troll of an IT guy."

Re:Can a corporate security officer comment

[reggie6311]

I find this to be rather difficult to properly converse about. While I'm not a CISO per say, I consult many CISO's regularly and this is one of the topics that have come up recently and has opened up a lot of interesting discussions. To clear the air, Windows 10 Enterprise (and Windows 10 Professional) do not give you the ability to store Bitlocker keys with Microsoft when joined to Active Directory, nor do they automatically upload the keys. When joined to Active Directory, you have 3 options for key backup: Printing a Copy, Saving it to a file, Saving it to a USB key. Behind the scenes (not visible to the end-user), there is a 4th option in which you can require that the joined computer store a backup copy of the key on the computer object within Active Directory. This must be configured in AD and deployed as a GPO to the computers otherwise this backup option will not take place. The option to backup to a MS account is not available, even if you add a MS Account to the workstation. Now, to be transparent, none of the large (Fortune 500 or bigger) companies that I consult are using Bitlocker (rather, they are using various third-party drive encryption systems). Now, that isn't to say that there aren't any, just not the ones that I consult. However, several of my medium enterprise clients are. All of the discussions have all been centered around where to store recovery keys for the purpose of the business being able to decrypt a system if needed by an authorized administrator. This has caused a lot of issue because for my clients that are using Bitlocker, a few of them have considered moving to Azure AD (Active Directory run by Microsoft in the Cloud). My concerns about this have been that if you are using AD as a recovery for Bitlocker and you move AD to the cloud, this effectively does exactly what a MS account does to the home computer... puts the encryption keys in the hands of Microsoft. Now, not all of my medium enterprise clients are considering this, but of the few that are, we haven't been able to get clear information from MS on who all would have access to Azure AD and what their policies are.

Re:Can a corporate security officer comment

[ArmoredDragon]

Even if you do consider Windows 10 (or 8 for that matter) don't under ANY circumstances use a Microsoft account to log in. Recall not long ago during Microsoft's "Scroogled" campaign, they were promising account privacy and that they'd never look into your account at all. Well sometime during all of that, they broke into a blogger's hotmail account (read: he was their own customer) to identify his leak source for future MS products, right after saying that "oh, well now we really mean it this time."

The problem with a Microsoft account is that your computer now answers to Microsoft's authentication servers, which means they ultimately hold the keys to unlocking your computer. In scenarios such as the above, or a government request, or social engineering, practically anybody could unlock your computer.

As I've said elsewhere, there's no practical benefit to having one (you can still download apps and whatnot without using a Microsoft account to log in to your PC) so why needlessly expose yourself to the above risk?

Re:Can a corporate security officer comment

[will_die]

Unfortunately that is the skill level of the majority of the security people, and 98% of those with a CISSP. The rest say lets review the security policies and make sure those capability are turned off.

Re: Can a corporate security officer comment

[Cro+Magnon]

Maybe the point can't talk.

Re:Can a corporate security officer comment

You better recheck your EULA.

The wording (for all versions I've seen) gives Microsoft the right to install anything it wants, and to take anything it wants.

Re:Can a corporate security officer comment

[ray-auch]

Good summary - unfortunately I don't have mod points today

I would add that the likely reason we can't get clear info from MS about Azure AD is that Azure is international and located in multiple regions / jurisdictions and I think the court cases are still ongoing about whether or not the US can short-circuit international treaties and local laws elsewhere and force MS to hand over data located in other jurisdictions. So, MS basically don't know.

It's safest to assume that govts are always likely to be able to get hold of keys whether stored on your own recovery server or with MS, and the likelihood rises with size of govt concerned...

Re:Can a corporate security officer comment

[PopeRatzo]

We're moving to TempleOS, not that it's any of your business.

I'll only work for companies that adopt enterprise BeOS.

Re: Can a corporate security officer comment

[GrantRobertson]

Well, the point doesn't "speak to me" because I won't be using an enterprise license or logging into AD.

Re:Can a corporate security officer comment

[bfpierce]

I think I'd be more concerned with the corporate security officer that's pushing signon with your microsoft.com account rather than say, your active directory...

Re:Can a corporate security officer comment

[mysidia]

As an IT technical admin of a non-public corporation; I will say that many of the cloud features of Windows 10 scare me greatly, and I would have many concerns to address moving forward.

I do not believe it is necessarily justifiable that they block all deployment, but we may add special in-house requirements and restrictions on deployment, as we see necessary.

For example: we may need to take steps to disable or interrupt features considered a risk.

We expect our endpoints to not upload sensitive encryption keys to Microsoft (or partner) servers outside our control.

Re:Can a corporate security officer comment

[Kjella]

Because they didn't by the pro version and have to use the Microsoft account.

This is simply false. So far, at least.

Re:Can a corporate security officer comment

[epyT-R]

Windows 7, office 2013 probably.

Re:Can a corporate security officer comment

[interval1066]

dissatisfaction? I'll say. Windoiws 10 (or 10.1, or something) brings NO must-have features as far as I can tell. Still, I wanted to try it, so I bought a windows tablet, a cheap British-made "Jumpstreet" (something like that) that came with windows 8. Knowing I would get an icon at some point for the upgrade from 8 to 10, I played with 8 and bided my time. Quick impression of 8: its windiws with a touch screen interface. Completely inappropriate for a touch screen. Besides the small screen the objects on the interface are tiny; my huge hamfist fingers had a hard time navigating the interface. I suppose there's a way to increase the size of the buttons and doodads but then the icon for the upgrade appeared a few days later so I pushed the button, Same thing in my mind, its windows with a touch interface chunked on top, with a few more utilities. I don't use that tablet much, and I won't be upgrading to 10 until something forces me to. Much like Ubuntu's switch to unity; when that happened I switched to Mint.

Re: Can a corporate security officer comment

[Archangel+Michael]

The point is moo.

Re:Can a corporate security officer comment

[Grishnakh]

Hopefully this is one of those features Microsoft will allow you to turn off in the Enterprise SKU.

No, hopefully not. I'd rather see MS force their corporate customers to link their AD servers to MS's, and send all their encryption keys to MS's servers.

Re:Can a corporate security officer comment

[phantomfive]

large corporate entities will not deploy windows 10 for years anyway due to incompatible or uncertified line of business software platforms.

Your post is good, and I understand why large corporations wait for software platforms to be certified, but my question is, are there known incompatibilities in Windows 10? OR is it still more of a theoretical thing?

Re:Can a corporate security officer comment

[phantomfive]

It's safest to assume that govts are always likely to be able to get hold of keys whether stored on your own recovery server or with MS, and the likelihood rises with size of govt concerned...

Indeed, MS is most likely obligated to turn those keys over.

Re:Can a corporate security officer comment

[fustakrakich]

Besides, using Win 10 without a touch screen kinda defeats the point of having it at all. Win 7 will die off with the hardware that can run it unless it's done in a VM. I sure wish EOL meant the end of copyright/patent privileges so independent support could continue.

Re: Can a corporate security officer comment

Fun fact: telemetry cannot be disabled in the Enterprise version either.
Set it to "disabled" and it goes to the "Security" level. Source:
https://technet.microsoft.com/library/mt577208%28v=vs.85%29.aspx

Re:Can a corporate security officer comment

[fustakrakich]

As I've said elsewhere, there's no practical benefit to having one...

Sure there is. They make great throw away accounts to collect spam from all the porn sites you have registered with.. And personally, I like that you can white list your inbox to contacts only. Nobody else offers that. And there is the 15gb of storage..

None of this really matters. The entire internet is being heavily monitored. A connected machine is not safe from any of it.

Re:Can a corporate security officer comment

[ADRA]

Windows 'OS' has had little new to give enterprises for a long time (For at least a decade). Why do you see basically all new enterprise offerings going multi-platform and open web / XML standards? The only enterprise areas Microsoft is dominating are Office / Exchange / SharePoint / SqlServer (though largely used by other MS products) / AD (though this seems more a dodo waiting for obsolescence).

Re:Can a corporate security officer comment

[epyT-R]

Why?

Re:Can a corporate security officer comment

[unixisc]

moreover, this has to do with logging into your microsoft.com account, nothing to do with windows 10 pro joined to a domain.

So this applies only to Microsoft employees, right? Or anyone with a hotmail, outlook.com or live.com account?

Re:Can a corporate security officer comment

[Ubi_NL]

Thats what i thought as well. But i work for a fortune-100 company and we roll out win 10 at this moment (for new machines though).

Re:Can a corporate security officer comment

[myowntrueself]

Because they didn't by the pro version and have to use the Microsoft account.

This is simply false. So far, at least.

To the best of my knowledge...

If you don't have the pro version you can only set up a Windows 10 box without the Microsoft account if it isn't connected to the Internet at setup time. if its got internet connectivity you don't get an option to set up with only a local account.

Re:Can a corporate security officer comment

[ArhcAngel]

Thanks for that. I had a good chuckle.

Re:Can a corporate security officer comment

Because that would force them to understand finally that Microsoft's business model is not theirs.

Corporations these days are basically IT companies that also happen to do "one other thing" like extract oil, manufacture toys, deliver food to restaurants, etc. Microsoft may not exactly be their enemy, but neither is it really their friend. If they want control of their own activities, they need to be willing to put in the effort (a.k.a. $$$) to be capable of running if/when Microsoft makes a choice that is right for Microsoft but catastrophically wrong for their corporate licensees.

Re:Can a corporate security officer comment

[Dins]

Yep, I can confirm this. I have the Home version at home and I do not have to log in to a MS account.

I wouldn't be using Windows at all except I'm a gamer. Yes, Linux gaming is getting better all the time and that's great. But right now Windows is still the gaming OS. In retrospect, I wish I would have stuck with Win 7 as long as possible.

Re:Can a corporate security officer comment

[epyT-R]

I figured that was the reason. Thanks.

Re:Can a corporate security officer comment

[epyT-R]

If you're right, it sounds like people with half a brain should start removing every dependency their lives have on any sort of computer technology. The alternative is being owned (owned and pwned?) by a software company and/or their friends in government.

Sad.

Re:Can a corporate security officer comment

[epyT-R]

I love your detailed description of 'why' this is the case. May I subscribe to your newsletter?

Re:Can a corporate security officer comment

[cjjjer]

Considering that large companies probably will disable this feature using a gpo (being able to add and or log in using a Microsoft account) it's probably not even an opinion worth asking.

Re:Can a corporate security officer comment

[PCM2]

Besides, using Win 10 without a touch screen kinda defeats the point of having it at all.

You're thinking of Windows 8. Windows 10 tries to cater to desktop machines more, and in the process it actually degraded the experience on tablets in various ways (smaller onscreen controls, gesture actions removed, onscreen keyboard acts in unpredictable ways, etc.)

Re:Can a corporate security officer comment

[fizzer06]

You called it a "feature". Just . . . damn.

Re:Can a corporate security officer comment

[PCM2]

Indeed, MS is most likely obligated to turn those keys over.

Not in all cases. One particular one that I'm aware of was where a US court ordered Microsoft to turn over one of its customers' data, but Microsoft responded that the data in question was not hosted in the US and therefore the court had no jurisdiction to seize it. I think Microsoft is still battling it out with the US government on that one.

Re:Can a corporate security officer comment

[Grishnakh]

Thank you, that's pretty much what I had in mind, but a little more extreme: I *want* to see MS push their customers away so that they'll be finally forced to abandon MS, or get burnt so badly by sticking with them that their competition drives them out of business.

I'd rather see a world where all these "IT companies" as you put it are actually mostly in control over their own destinies (at least with the IT stuff), rather than all of them being on the MS bandwagon.

Re: Can a corporate security officer comment

[Skuld-Chan]

So you can turn off Microsoft accounts by policy, and the long term servicing branch has little support for these features.

Also my end customers don't have local admin (which you need to encrypt the system yourself - outside our solution).

Anyhow that has been my solution for this sort of thing.

Re:Can a corporate security officer comment

[Darinbob]

Windows 8 made it seem lik you had to have Microsoft account. The option to use a local login only was hidden. If you didn't do the research you wouldn't know it was an option. So with Windows 10 you do the same thing: do the research before installing, and don't just click "next" over and over until you're done.

Re:Can a corporate security officer comment

[Sir+Holo]

Yep, I can confirm this. . . In retrospect, I wish I would have stuck with Win 7 as long as possible.

I still run XP.

In VM-Ware, under Mac OS X, only in the rare instances where a technical application is only available under Windoze (usually an application that a friend wrote, amounting to little more than a script).

Re:Can a corporate security officer comment

[Fire_Wraith]

Which may work for you, but those who want full access to the ecosystem of PC games already have enough to deal with, without the rest of the hassles. Windows 10 is fine - you just have to know to turn the 'services' you don't want off, and never, under any circumstances, trade your local user account for a Microsoft cloud account.

Re:Can a corporate security officer comment

[myowntrueself]

Windows 8 made it seem lik you had to have Microsoft account. The option to use a local login only was hidden. If you didn't do the research you wouldn't know it was an option. So with Windows 10 you do the same thing: do the research before installing, and don't just click "next" over and over until you're done.

Well yeah. But the only way I have found to install with local login is to disconnect. Are you sure theres another way? (This is for OS install time only).

Re: Can a corporate security officer comment

[justthinkit]

Registering with web sites that have comment systems is often the only option if you wish to post comments. These days.

Re:Can a corporate security officer comment

[KGIII]

A large corporation security officer that enabled logging in with Microsoft accounts as opposed to local accounts and AD would be a bit remiss in their duties. Their failure to have a preventative policy at the firewall also indicates that they probably should not hold that job.

Re:Can a corporate security officer comment

[KGIII]

I have bumped into it before but, well, now I'm settled in Florida for the duration (probably until spring - though we may go to Nevada after the kids leave to resume their regularly scheduled lives) and I have VMWare. Well, it flaked out on a newer kernel but I should be able to get it squared away. I just haven't tried yet.

It's an OS with a guide to talking in tongues and speaking with God and yet, oddly, I've never once booted a VM image of it. I mean, hell, I've got an image for MINIX, DLS, Puppy, Solaris, Indiana, etc... There's obviously something wrong with my life if I don't have TempleOS installed somewhere and I never have.

This must be remedied, given a thorough review, and documented. I think after the NYE festivities, that might make a good (probably short) project.

Re:Can a corporate security officer comment

[whoever57]

"holy shit no. Windows 10 is not even being considered for corporate deployment"

... until that one PHB decides he can't live without Windows 10

Re:Can a corporate security officer comment

[AmiMoJo]

That isn't quite correct. Before Windows 10 it was trivial to gain access to any Windows computer with physical access. Now some systems come encrypted by default, with the key securely stored in a TPM chip. If you use a Microsoft account the key is also uploaded to OneDrive, unless you disable that feature.

This is a good thing for users. Encryption provides protection if they dispose of the drive, and even some if corrupt law enforcement tries to image it or install a rootkit. It makes extracting the user's Windows password harder. The online backup means that if their motherboard dies they can still recover the data.

If you manually enable encryption you are given the option of uploading the key or saving it to a local drive, or even printing it out to use for emergency recovery later. Truecrypt offers the same feature.

Re:Can a corporate security officer comment

[AmiMoJo]

My company has started using Windows 10 on laptops being taken overseas for security reasons. As long as you don't tick the "upload my keys to OneDrive", or just disable OneDrive altogether via group policy, it's secure. It's better than 7 in fact, because it supports OPAL v2 on SSDs, and the boot environment is hardened against evil maid attacks.

Re:Can a corporate security officer comment

[Gryle]

You're referring to Microsoft Corporation v. United States of America. MS partially complied with a federal warrant by turning over information stored on US servers, but not information stored on servers located in Ireland. MS lost the original case and subsequent appeal, but is currently appealing to Second Circuit Court.

Re:Can a corporate security officer comment

[Z00L00K]

Until you get your computer checked by TSA in the US, then you discover that they have the key to your hard drive. As long as it's just company items and some cached lolcats you are probably safe.

Re:Can a corporate security officer comment

[Z00L00K]

I wouldn't say that they make the best development tools around, just that they are decent but still lacks some features that I expect while they have some unnecessary overhead as well.

I just wait until the day some hacker is penetrating a major cloud service and uses the data there for malicious intent. That can result in a disaster for some major companies.

Re:Can a corporate security officer comment

[NicknameUnavailable]

Every major cloud provider has been compromised, most not in several years but it has happened and chances are it will again. They cover it up as best they can.

Re:Can a corporate security officer comment

[AmiMoJo]

How would the TSA get the encryption key? Please explain how they can extract it from a TPM chip at the border. Or are you saying they pre-hack any company whose employees travel to the US and steal the keys from their Active Directory server in advance?

Re:Can a corporate security officer comment

[Z00L00K]

I wouldn't trust that the key won't be sent to a central server by the operating system. There are both intentional and unintentional holes in security everywhere.

Re:Can a corporate security officer comment

[godefroi]

Cisco's old VPN client isn't compatible. Wasn't compatible with 8.1, or 8 either, though. Wasn't very compatible with 7, for that matter. Never tried it in Vista, but the last OS Cisco supported it on was XP. Around here, we're set to move off of it "very soon". That's the only piece of software I can think of off the top of my head.

Re:Can a corporate security officer comment

[sglewis100]

That person probably recommended not using Windows 10 Home. He or she probably recommends Windows 10 Pro or Enterprise, BitLocker, or a third party encryption solution.

Re:Can a corporate security officer comment

[gweihir]

While I am not in that role, I know several larger organizations where Windows (typically Win7 at this time) is not allowed to phone home in any shape form or way. This is enforced by special, VPN-only network set-ups and corporate firewalls. Any updates come from their own servers, and these are handled very restrictively, both for security and for reliability reasons. All of these organizations just moved to Win7, Win10 will not even be considered for a long time yet. And clearly nobody is in favor of such a move. In fact, there is some activity to search for alternatives to Microsoft, but that is all in its early stages. People are simply unsure what to make about Microsoft's antics, but they are really concerned.

Hence nobody in their right mind has trusted Microsoft for a long time anyways and large corporations have the means to enforce that technologically. Of course, ordinary users are screwed.

Re:Can a corporate security officer comment

[phantomfive]

Oh yeah, I remember that breaking in 7, and trying to get off it.

Hmmmm

[Vintowin]

How about you don't login with a Microsoft account? That'll show them!

Re:Hmmmm

[Z00L00K]

And you think that actually helps? The key may already be uploaded and linked to your computer ID. The Microsoft account is just a decoy that they use to mislead and make you feel comfortable with getting some extras since they can confirm your identity even though they have statistically already determined your identity.

Re:Hmmmm

[MatthiasF]

Do you have any proof of this assertion?

Furthermore, how is this any worse than Google's password manager behavior?

Re:Hmmmm

[Z00L00K]

It's worse because it's the key to the operating system itself, which would allow random attacker to gain control over your computer and access your data, possible even if it's encrypted with bitlocker.

Re:Hmmmm

[DigiShaman]

Then you don't get encryption.

You can still create a local account only in Windows 8 and Windows 10. Next, turn on BitLocker and record your own recovery key. All of this can be done OFFLINE!

Re:Hmmmm

When is this capability going to be added to systemd?

Re:Hmmmm

[Ol+Olsoc]

And you think that actually helps? The key may already be uploaded and linked to your computer ID.

Their keylogger has already given it to them

Re:Hmmmm

[Lunix+Nutcase]

Then you don't get encryption.

Bitlocker works without a Microsoft account so this is patently false.

Re:Hmmmm

[Lunix+Nutcase]

Furthermore, how is this any worse than Google's password manager behavior?

One is something you have to explicitly opt-in to use whereas the other is done without your consent?

Re:Hmmmm

[interval1066]

There are native games for Linux, good ones too.

Re:Hmmmm

[MatthiasF]

You're forgetting about the Google Update service for Windows and Mac, and the deep integration of Google services into most version of Android.

If anything, Google has had this very ability for years now and Microsoft is playing catch-up.

Re:Hmmmm

[MatthiasF]

Using a Microsoft account on Windows 8 or 10 is not necessary either.

But I'm willing to bet a lot more people keep themselves logged in to Chrome all the time than use a Microsoft account on Windows 10.

Re:Hmmmm

[Grishnakh]

I thought "AAA" games were ones which were pretty cutting-edge and resource-intensive. As such, that's the last kind of application you want to run inside a VM; the performance will probably be crap.

If you just used Windows for some not-so-high-performance office applications or stuff like that, then yes, that's a good approach.

Re:Hmmmm

[hairyfeet]

Not the poster but it looks like Windows 10 still has the keylogger from the beta running which means ANYTHING you type, including with the virtual keyboard? Is sent home to the mothership, along with samples of your voice and your webcam. Which of course means using a MSFT account means nothing, as once you type your key and/or passwords they have them and can then sell them or do as they see fit.

Until someone shows a toll that can REALLY and truly remove the insane amount of spying, which as you can see from this partial list from MSFT is a couple exits past batshit levels? I'm advising my customers to treat Windows 10 like the only other software I deal with that phones home without user control...malware.

Re:Hmmmm

[unixisc]

That's why I have two PC's at home, one running Linux, and another running Windows 7. The Linux one is the one that I do all of my personal computing on: personal work, internet browsing, hobbies, reading, media consumption, etc. I demoted my Windows box to 'game console' and use it to play the games (usually via in-home streaming) that won't run in Linux Steam or Wine or Crossover for one reason or another. Nothing personal goes on it since Microsoft has repeatedly demonstrated that they cannot be trusted.

Similar to you, but one PC-BSD and another Windows 10 Bing (originally 8.1). The PC-BSd I do all my personal work on - banking, managing my credit card accounts and payments, internet browsing, media consumption, et al. The Windows box was what I bought b'cos my work required it for a Windows only application. That, and anytime I need to edit Office documents, or anything else that specifically needs Windows.

For games, I currently play Civ IV on the Windows box, but I'm waiting until PC-BSD 11 includes a SteamOS jail in it, so that I can get and play Civ V in it. Civ IV doesn't play under Linux.

Re:Hmmmm

[WaffleMonster]

Furthermore, how is this any worse than Google's password manager behavior?

Like a washed up dictator hauled in front of the hauge to answer for their crimes popping off "but Hitler did it too" ? Like that worse?

Please for the love of god enough bandwagon fallacies.

Re:Hmmmm

[myowntrueself]

Then you don't get encryption.

You can still create a local account only in Windows 8 and Windows 10. Next, turn on BitLocker and record your own recovery key. All of this can be done OFFLINE!

To the best of my knowledge it has to be done offline; if you have Internet connectivity you can't install 8 and 10 without a Microsoft account, it doesn't even give an option for local account unless you disconnect.

Re:Hmmmm

[epyT-R]

For now..

Re:Hmmmm

[cfalcon]

Remember that Bitlocker is not included in most installs. This refers to the stripped down version "device encryption" included in Windows Home, which is the vast majority of Windows 10.

Re:Hmmmm

[KGIII]

Could you get PC-BSD to look good? I tried, I really tried. I just couldn't do it and I'm really not even remotely picky. I use LXDE, for FSM's sake. It just looks like a really bad remake of Windows 2000 by a five year old - no matter what I did. On the other hand, GhostBSD is absolutely beautiful and speedy as hell - even in a VM. No matter what I did with PC-BSD, I just couldn't get it to look better than a bad copy of Win2k. It's disappointing, really, because it seemed really stable and was otherwise fine.

Re:Hmmmm

[sglewis100]

Completely false. In your defense, the installer hides it a bit.

Re:Hmmmm

[MatthiasF]

You realize you need to explicitly sign yourself into a Microsoft account using Windows 10 to have the recovery keys transmitted?

You simply can't see the similarities at all? Neither action is required and both lead to privacy endangering outcomes.

On the one hand, you can turn your computer off, pull the hard drive out, store it securely, etc., and the fact you had the recovery keys copied means nothing. Hell, you could even remove the Microsoft Account, force the recovery keys to be recreated and you'll be safe. On the other hand, your account passwords have been sitting on someone's server on the Internet for months, accessed by any number of unknown people/systems, backed up to multiple locations and yet the moment someone grabs them there is nothing you can do to stop them from accessing any said accounts unless you know beforehand.

Re:Hmmmm

[MatthiasF]

Looks like you're talking about the Cortana features. You can turn them off and all those items listed (in the disclose.tv article) and much of the Microsoft list will stop.

No one has actually proven that it records typing into Password boxes, though.

In any case, most of these behaviors are already present in other software, like web browsers, and people do not seem to mind. Prefetching and auto-complete are pretty much the same as the Cortana "telemetry" mentioned.

If you are really paranoid, I am sure someone has produced a hosts file you can use to stop all of them, including Microsoft, Google, etc.

Re:Hmmmm

[hairyfeet]

Did you bother to read TFL? They TURNED OFF CORTANA and it STILL keeps right on sending data showing that its bullshit, its keylogging. Type on the keyboard? Certain addresses are called, the same one called when you use the virtual keyboard. Turn on webcam? Different addresses, mike? Ditto. Sorry but that kind of behavior I see all the time at the shop....from malware.

No they dont....

[Lumpy]

I dont have an encryption key! HA! Take that Microsoft!

password

Did you know if you log-in with you online user account they also have your password?! granted it is probaly hashed but those crafty Russian spies have their ways

Remember that it's a disk RECOVERY key

[CajunArson]

So one important thing to remember is that these keys don't give anyone a login or remote access to your box whatsoever. Instead, Windows 10 now turns on disk encryption by default. That's a good thing, but of only limited value since disk encryption really only helps if the disk is physically stolen from you.

So what we have here is a copy of the key that allows recovery of an encrypted disk being stored in the cloud unless you delete it. Not the greatest thing ever but it doesn't panic me all that much when the same people who scream about not upgrading to Windows 10 because OMG NSA are also running old systems without any disk encryption whatsoever.

To put it another way: The vast VAST majority of Linux systems in operation that don't use full disk encryption are actually LESS secure than this setup simply because there's no need to get your hands on a recovery key to decrypt anything. Yes, I'm well aware that Linux systems with full-disk encryption exist. So what, they did (and still do) on Windows too.

Re:Remember that it's a disk RECOVERY key

[nctritech]

Windows 10 does not turn on disk encryption by default.

Re:Remember that it's a disk RECOVERY key

[sasparillascott]

But new systems are coming with it turned on by default (read the original linked article).

Re:Remember that it's a disk RECOVERY key

[Opportunist]

So one important thing to remember is that these keys don't give anyone a login or remote access to your box whatsoever. Instead, Windows 10 now turns on disk encryption by default. That's a good thing, but of only limited value since disk encryption really only helps if the disk is physically stolen from you.

Like, say, in a police raid.

So what we have here is a copy of the key that allows recovery of an encrypted disk being stored in the cloud unless you delete it.

Like, say, to gain access to the data after the raid.

Not the greatest thing ever but it doesn't panic me all that much when the same people who scream about not upgrading to Windows 10 because OMG NSA are also running old systems without any disk encryption whatsoever.

To put it another way: The vast VAST majority of Linux systems in operation that don't use full disk encryption are actually LESS secure than this setup simply because there's no need to get your hands on a recovery key to decrypt anything. Yes, I'm well aware that Linux systems with full-disk encryption exist. So what, they did (and still do) on Windows too.

With the difference that I can actually create encryption on Linux with a chance that nobody but me gains access to the key.

Re:Remember that it's a disk RECOVERY key

[Perky_Goth]

Like, say, in a police raid.

See, that's not how you should put, because people will think you want to break the law free of charge.
You should say corporate espionage helped by the US government and have a few links ready. That'll get their attention.

Re:Remember that it's a disk RECOVERY key

[Sloppy]

Raids schmaids. In my experience, the most common case of data leaving the building are failing drives RMAed to manufacturer. I don't remember ever being raided but I have RMAed quite a few drives.

That is why everyone should always be encrypting. So that the drive (which is different from the boot SSD which has the key file pointed at by /etc/crypttab) is just noise. Worrying about the feds is like worrying that you're going to be killed by a terrorist, when you ought to be getting more exercise and driving more defensively. Prioritize your threats!

The Microsoft scenario isn't that they're going to hand your keys over to the feds. It's that a couple years from now we're going to be reading the news story that all Windows 10 users' keys were leaked in some unattributed breach.

Re:Remember that it's a disk RECOVERY key

[Opportunist]

Look at your laws. Then tell me with a straight face that you have not broken one of them today. Or in the last 60 minutes.

Re:Remember that it's a disk RECOVERY key

[AC5398]

What on earth am I going to be doing on the home computer that requires me to encrypt the hard drive contents?

Hint: Nothing!

I'm already having issues with Windows not allowing me access into certain directories. 'Not authorized ...' But encrypting things is just asking for trouble.

Once my current computer dies, the next computer will be running Ubuntu. I've just had it with Microsoft.

Re:Remember that it's a disk RECOVERY key

[AC5398]

Dude, I do indeed work in the 'grown-up world' and the only way you can secure a computer is to bury it in the back yard. No, scratch that, the only way to secure a computer is to set it on fire and then bury it in the back yard. I don't do ANYTHING on the damn thing that I wouldn't want broadcast on the 5pm news.

The work is done on a work laptop, and work secures that damn thing to whatever specs they like.

Re:Remember that it's a disk RECOVERY key

[Xyrus]

Obligatory XKCD: https://xkcd.com/538/

Your encryption is only as strong as your resistance to being drugged and tortured. They don't even need to do that much. They could plant false evidence for whatever crime they wanted to get you for and throw you in a hole for the rest of your life.

Encryption just means they have to do a little more work. If they're coming for you no matter what, they're going to get you. Period.

Re:Remember that it's a disk RECOVERY key

[Perky_Goth]

I torrent every day (not really). I was just saying people think they don't break laws because they're not bad people and found another situation that might be understood better.

Re:Remember that it's a disk RECOVERY key

[sglewis100]

You would probably -- at the very least -- want to encrypt things like credit cards, banking passwords, bank statements and so on. You never know who might be poking around your hard drive. It's a very connected world.

That's not the same thing as needing to encrypt your entire hard drive.

Re:Remember that it's a disk RECOVERY key

[david_thornley]

However, if you're part of a general sweep, they aren't going to drug and torture you for your key. Of course, this violates the Fourth Amendment, so it never happens, right?

Dovetails with new surveillance legislation

[sasparillascott]

Good to remember, that Congress just passed new (clearing companies to share any data with the NSA directly without liability) surveillance legislation tucked into the 2015 budget bill:

http://arstechnica.com/tech-po...

The way this (and the data uploading with Windows 10) dovetails with the budget spy bill just passed you'd think it was hatched out in a back room - in D.C.. Obviously don't use Windows 10 if possible (you can still get 7 or 8.1 on most systems) and don't use Microsoft's built in encryption option (which Microsoft kneecapped starting with Windows Version 8 by removing the elephant diffusor making it more vulnerable to brute force attacks), there are other options for Windows Encryption.

Re:Dovetails with new surveillance legislation

[Holi]

"you can still get 7 or 8.1 on most systems"
You haven't heard? Windows 10 Telemetry and spyware have been backported to Windows 7 and 8.
http://www.extremetech.com/com...

Re:Dovetails with new surveillance legislation

[jez9999]

Only if you install those particular updates. Set the update system NOT to auto-install and vet the updates every time.

Re:Dovetails with new surveillance legislation

[thegarbz]

Set the update system NOT to auto-install and vet the updates every time.

That may be fine for the very small portion of security concious out there, but what are the real alternatives?

Run an insecure system?
Run an up to date system with "telemetry"?

One of those two is the situation most of the Windows world will face. Neither is good.

Nope...not me

[p51d007]

When I set up my computer, it stays OFFLINE until I'm finished setting it up. I don't logon with my hotmail account, so technically my key isn't there.

Craziness

[TimeOut42]

The article states = 'Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'

Yes, because your everyday user's are so much more capable of protecting their data on their computers.

Silliness...

Re:Craziness

[brix]

This.

If Microsoft was forcing full-disk encryption on Windows 10 Home users (and I'm not convinced that they are), then it's still better than the alternative of having no encryption, right? Someone might argue that it's a "false sense of security" since you really don't know where the recovery keys could have gone, but I seriously doubt that most of these users would even know that they had encryption on anyway, so it can't be a false sense of security if you never knew you had the security in the first place.

And I'm not convinced this is even that widespread. I've installed Win 10 Pro on several machines with the TPM chip enabled from a previous install, and none of them automatically encrypted. In each case, I had to manually turn on Bitlocker. I can't speak for Home installs, but having this "poor man's Bitlocker" seems an upgrade over the "no encryption at all" (or third-party) in 8.1 Home and before. And seriously, how many Home users have actually configured their TPM in the first place?

Speaking as the "family tech support" guy, I'm happy that Microsoft went this route (again, if they did). It ensures that recovery is possible in case of the need to switch the drive to a new machine, without making me have to explain to each of my family members what to do during each install. And really, my advice for these users would be to let Microsoft manage it anyway. I wouldn't trust that they would print out a recovery key and put it in their safe (don't forget labeling it properly to make sure they knew which computer/drive it went with), purchase some storage media (e.g. flash drive) to keep in the safe, or safely store it in some other way. For these HOME users, having the recovery key in their MS account is "good enough", especially when they probably wouldn't have encryption otherwise.

Side note: The fact that there are around 100 replies after the nonsensical question "Can a corporate security officer comment?" goes to show why Slashdot should put back in the "most recent posts first" sort order and have it as the default. This just isn't an issue for corporate use, since they are going to manage Bitlocker recovery keys themselves in AD. And yet then you get a dozen nonsensical replies that, "This is why no company would consider Windows 10."

Why center the discussion around the person who put all of 10 seconds of thought into their "First post" when the better thought out posts will be further down?

Re:If privacy is a concern, you don't use Windows

[Farmer+Tim]

Hey, at least it can't be shortened further to "Windows fixed that for you".

Windows account?

[truck_soccer]

I am 12 and what is this?

Duh, that's how encryption works

[iamacat]

Consider the alternative:

1. Encrypt the disk and login with Microsoft account
2. Forget the password, reset it from the web
3. Poof! You data is gone!

Maintaining strong security is not a joke. You have to memorize multiple long passphrases for different domains of protected data and never access stuff on devices that have ever left your custody. Like a laptop that has been left at home for NSA keylogger installation convenience. Be prepared to lose data and toss hardware on regular basis. I don't blame Microsoft for not making that the default setting, there is just no way to explain this to users who don't have specialized training.

Re:Duh, that's how encryption works

[iamacat]

I don't know how strong is your safe or how resistant it might be to thieves or cops. Microsoft data centers are likely to have security guards and require some due process before handing out the key to authorities. Admittedly they are more vulnerable to massive theft of keys from many users at once through software or insider attacks. On the other hand, you are keeping key and lock in the same house.

Regardless, you can switch to Win10 and NOT login with windows account. I think group a) just needs to be aware what implications of being able to reset a forgotten password and keep access to encrypted data are.

Re:Duh, that's how encryption works

[brix]

Hmm. I don't see that you'd have any problem either. If you already encrypt with Bitlocker on Win 7 (Pro, Ultimate, or Enterprise, obviously), then MS would have no way of getting your recovery keys post de facto, right? You'd have to unencrypt the disk, then install Win 10, then let MS re-encrypt it for you.

Speaking of, I've installed Pro and Enterprise on several TPM machines, and Bitlocker has never automatically been enabled (unless through IT policies, in which case the recovery is backed up to corporate IT servers. In the case of Pro, it's always asked me if I want to store the recovery key with my Windows account, along with the other options of saving it to a file or printing it.

I tend to think that this is, for the most part, only going to impact Home users who don't know how to otherwise use Bitlocker. It looks to me like a "poor man's Bitlocker" for Home users who didn't have the option before. In other words, Group B is going to be substantially better off, and Group A will be in the same position as they are now, because they'll be manually configuring Bitlocker on Pro or higher.

Re:Duh, that's how encryption works

[epyT-R]

How is your mom more secure with her keys in someone else's hand?

Re:Duh, that's how encryption works

[sglewis100]

I just leave my key printed out and taped to the side of my computer, in case I ever need it. But seriously... for the vast majority of users, having it backed up to OneDrive is a great, great thing. I'm talking about the 99% of computer users who don't really know what this stuff is or how it works. For the rest of us, we can always follow the instructions, remove the key from OneDrive and ALSO change it to a new key.

Incidentally, I understand how all of this stuff works, and really don't care, personally. I use Win 10 in a VM for work purposes, and don't store documents there, but I am using a similar feature on my main machine which is OS X. I do store my recovery key in iCloud. If my device was stolen, and they hacked iCloud, or social engineered their way in, they'd get banking information, credit card data, tax returns. I get all that. To me, there's such a minimal risk (the chance of my laptop being stolen is small. The chance of it being stolen by someone with hacking ability even smaller. The chance that someone with all those skills cares about my data is even smaller still) - I just don't care.

This system is just fine for almost everybody. And the few that it isn't good for (not counting corporations who ought to be on Professional or Enterprise, and aren't subject to this system anyway) - they are smart enough (hopefully) to be here, and if they couldn't figure it out on their own, they've now seen 100 people link to 50 different blogs instructing them how to reinstall Windows without a Live account, decrypt and recrypt, remove the key from OneDrive, etc - there's half a dozen ways out of it even if you already had it happen to you and OH KNOWS my key is on OneDrive.

I suppose a non-technical leaning child pornographer may have a problem one day stemming from this. Good.

A bit of a pain in arse

[MarkH]

But you can setup a windows 10 machine with all local accounts and all updates, traffic disabled.

Good guide here http://www.rockpapershotgun.com/2015/07/30/windows-10-privacy-settings/

Looking at wireshark it does seem to work

did we forget the edward snowden stuff already?

[strstr]

this is no joke. the reason why Microsoft is saving the key is to hand to NSA. the key is not safe. encryption has been broken. every bit of data uploaded over the Internet is saved in NSA databases via upstream fiber tapping. the law didn't change that. even metadata is still being saved.

Microsoft is one of NSA's/DOD's biggest contractors. They secretly hand everything over to them. Your data is being hacked and snooped through even if no one tells you about it.

obamasweapon.com

Re:did we forget the edward snowden stuff already?

[strstr]

here's a few ways NSA is intercepting it.

1. all data over the internet is being saved so they nab the key as it's being uploaded plus any other data communicated with Microsoft transparently as you use the net. ; if they want to gain legal authority to use the snoop'd data they go for a warrant and get it 'lawfully' from Microsoft, parallel constructing how their case was built. even if Microsoft encrypts the signal communications between their server and the end-user, the data is nabbed, and most definitely all of the encryption codes for end-user and Microsoft server software is de-decryptable by NSA because NSA has all of Microsoft's encryption certificates and has broken most encryption.
2. alt method is Microsoft just gives them all the encryption certificates secretly even without a warrant.

This has been explained before. Check out the Whistleblowers Websites on the issue.

williambinney.com thomasdrake.xyz russelltice.com drrobertduncan.com

RE: I am 6 x 2

[davidwr]

"I am not a number. I am a free man."

Well, I was a free man until I logged in with my Microsoft account on my Windows 10 PC.

Primer version anyone

[RubberDogBone]

Can someone explain what all this actually means? Why should I care about this recovery key? I back up my own data so... if I had to do a recovery, I can certainly do that.

Not really any scenario where I would think of going to Microsoft to recover anything. What am I missing?

Re:Primer version anyone

[wbr1]

It means MS has a copy of the keys to your bitlocker encrypted data. And by inference anyone with access to MS, hackers, government, disgruntled employees.. any could log into your computer and use the keys to unlock what you thought was encrypted and safe.

Re:Primer version anyone

[pr100]

You have a laptop running windows 10. The hdd is encrypted with bitlocker. MS have a copy of the recovery key.

That means that, in theory, MS and anyone they're prepared to share the key with can decrypt the contents of your HDD.

Presumably there was a reason that you encrypted your hdd in the first place, so there at least some people that you don't want to be able to decrypt it (otherwise encrypting it was a waste of time).

One difficulty is that you can't know for sure who really can get hold of that recovery key - some MS employee being blackmailed by a third party, for example.

Now on a practical level using Windows 10 and bitlocker, even given all of the above, is better than not encrypting at all. In the case of losing your laptop, with sensitive work materials on it ( a reason why many people encrypt HDDs) it's unlikely that whoever finds your laptop will be able to get hold of the recovery key from MS.

End-to-end encryption and "normal" users

[GuB-42]

If encryption is turned on by default for normal users, there must be a way for the provider to recover the data.
People lose their passwords all the time, and don't want to lose all their data if that happens. For these people, disk encryption is just a way to prevent regular laptop thieves from accessing their data, not to protect them from the NSA and criminals who can hack Microsoft. They don't want end-to-end encryption.
If you need high level security even against Microsoft, then don't use your MS account, or better yet, don't use Windows.

Re:End-to-end encryption and "normal" users

[StormReaver]

...or better yet, don't use Windows.

I've been saying this for 20 years. Watching Windows users defend Microsoft's practices is a lot like watching a lobster defend rising water temperature in the cooking pot while the big guy in the white hat talks about seasoning.

Don't cherry pick

[s.petry]

While the main point of the article is about a Windows account there is an underlying discussion on overall privacy using Microsoft Windows. This is just the latest article discussing privacy and security concerns. Sure, "some" businesses are always years behind in releasing a new OS. Others are not so far behind, and are very concerned about security so not approving Win10.

For example, as soon as the OS was released we see how the OS will send your keystrokes to Microsoft. Not just what you type into Cortana, IE, or Edge but ALL keystrokes are recorded by the OS. You can disable sending the data to Microsoft, but we have yet to find a way of disabling the keylogger built in to the Kernel. (recorded does not necessarily mean stored long term, but long enough to evaluate in memory.)

Due to that lack of trust, I may have installed Win10 but never created a MS or Azure account. Anything I do on the device is treated as public knowledge because the OS is built to remove privacy from end users. I won't use online banking on the PC with Win10, and logging in to anything is assessed under the assumption that someone from MS and the Government will have full access to the account. When I'm working on sensitive stuff I use Linux.

Re:Don't cherry pick

When I'm working on sensitive stuff I use Linux.

Linux is no better than windows. The NSA is one of Red Hat's biggest customers. Red Hat has major influence on the Linux kernel and the base of modern distros, systemd. "A million eyes on open source code" thing is bullshit. Look at how long it took and how expensive it was for Truecrypt to be audited. That was a small static project. The kernel and systemd are monsters that are constantly changing. Even if you did audit them, a lot of the code would have already changed. I would be disappointed if the NSA hasn't pwned either one by now.

Re:Don't cherry pick

[phantomfive]

we have yet to find a way of disabling the keylogger built in to the Kernel. (recorded does not necessarily mean stored long term, but long enough to evaluate in memory.)

Wait, what exactly does this mean? Even in Linux every keystroke goes through the kernel, it's kind of the purpose of the kernel to handle hardware stuff like that (of course Linux doesn't record it anywhere unless you want it to).

Re:Don't cherry pick

[kimhanse]

There is a lot of NSA code in Linux.

http://git.kernel.org/cgit/lin...

https://www.nsa.gov/research/s...

I am not saying that it causes the security problems the AC was writing about, but it is there.

Re:Don't cherry pick

[rubycodez]

and no one I know uses SELinux because it is bolt-on garbage. I've decades of experience in financial and healthcare systems, there are better ways to do things

Re:Don't cherry pick

[johnw]

That's not a low ID.

Re:Don't cherry pick

You're engaging in sophistry, making an equivalence between an OS (linux) getting the keystrokes thru its' kernel, and an OS (Win 10) getting the keystrokes & sending them to Microsoft. The purpose of an OS is to process its' user's input, but not to act as a keylogger for a corporation (and possibly the Gov't).

Re:Don't cherry pick

[Darinbob]

Even on Windows 8 I made sure never to create a Microsoft account, even though it goes out of its way to make it seem like it's mandatory. On OSX I have never created an Apple account either. And for a lot of other services I have to be proactive and disable all cloud services, and periodically check that they weren't turned back on during an update (which Steam did).

There's a hard drive on the computer, so use it and not the cloud. Duh.

Re:Don't cherry pick

[pepsikid]

You have links to the code committed by the NSA to Linux kernel? No? Your just blathering about the phobias and fears that only exist between your ears? Yes, we thought so

Hey Chuckles. You don't know for a FACT that burglars have their sights set on your property. So show us some confidence and leave your doors unlocked and your keys on the dashboard.

Re:Don't cherry pick

[Cito]

Stephen Smalley at NSA has added code to the Linux kernel.

http://git.kernel.org/cgit/lin...

Re:Don't cherry pick

Except if you read the post, you'd know it's not doing that. They're held long enough to enter the memory state. This is also true in Linux. It's true in BeOS, FreeBSD, OS X, Solaris, AIX, and MINUX.

Re:Don't cherry pick

[AmiMoJo]

It means most of this stuff is bullshit. For example, Windows 10 only uploads your encryption key if you sign on to a Microsoft account and the machine came encrypted from the factory, in which case the manufacturer had ample opportunity to steal your keys too. This is actually a huge win for privacy, because devices encrypted by default with no effort on the part of the user are clearly better than devices with no encryption.

If you enable bitlocker manually you can optionally upload your key. For home users who weren't going to encrypt anyway it's a reasonable compromise. If their mobo dies their data will be recoverable via the copy MS keeps for them. For the rest of us it makes no difference.

The keylogger is pure bullshit. Like other operating systems, you can submit anonymous handwriting samples to improve pen input, but it's optional and doesn't affect most desktop users who don't have pen input. Unfortunately the message that got out was Windows 10 logs every keystroke and sends it to Microsoft.

Re:Don't cherry pick

[rubycodez]

false, only certain agencies use it, and some highly secure ones purposely do NOT use it. Hint, there are other OS on this planet than Linux. Hint: your money, for example, is not bits in a Linux system.

Re:Don't cherry pick

[rubycodez]

they have an unmanaged selinux system set to not be in the way

Re: Don't cherry pick

[Pozican]

The code audit on true crypt produced less issues than the communities own bug fixes. It seems to me that the results of the audit support the million eyes concept.

Re:Don't cherry pick

[david_thornley]

The NSA has two missions. One is to spy on communications. The other is to secure US computer and communication systems. I'm not real happy about their balance between conflicting goals.

Re:Don't cherry pick

[rthille]

Holy crap. 60k+ is a "low I'd"?

My favorite version of Windows?

[globaljustin]

Yours :P

TrueCrypt

[duke_cheetah2003]

Should be noted, TrueCrypt 7.1a (last full version) works fine with Windows 10 if you're really concerned about someone thieving your data. I highly doubt the OS has your TrueCrypt keys if you use this solution, Microsoft account or not.

Re:TrueCrypt

Windows 10 logs all keystrokes, and by default sends everything to MS. Allegedly that transfer can be disabled, but not the logging itself. That info was taken from above.

Re:TrueCrypt

[cfalcon]

Veracrypt as well. I'm not sure about Ciphershed, but probably. These are the forks of Truecrypt once the Truecrypt devs gave their warnings and went away.

The keylogger's transmission can be disabled, and I'm not 100% sure if the fact that the data is in the kernel is inherently flawed. It's definitely highly suspicious, however.

Re:TrueCrypt

[duke_cheetah2003]

Windows 10 logs all keystrokes, and by default sends everything to MS. Allegedly that transfer can be disabled, but not the logging itself. That info was taken from above.

That'd be a neat trick, when you're using full system encryption, it logging keystrokes before the OS even starts (which is where you put in your TrueCrypt passphrase.)

Don't use Microsoft account

[sigmabody]

I mean, this should be pretty old news by now, but the moral of the story is the same as the previous N stories where using a Microsoft account uploads your personal information to Microsoft's (and the government's) servers: don't use a Microsoft account. At least this is a relatively easy fix which avoids a lot of the badness of Windows 10. I view it like running an ad blocker: yeah, it's kinda bad for convenience sometimes, but it's a small price to pay to avoid malware I know about, and other malicious things in the future.

Preferable != ideal and wrong conclusions

[drolli]

The conclusion in the article was that everybody who manages to hack the MS database or extorts an employee there would get access to my data. While i severely doubt that accessing the key is easily possible for an employee (i would not think so) without being noticed, there is another important point: Whoever steals my key, still needs access to my physical access to the HD (an that is the only situation in which stealing the key makes a difference: physical access, but no possibility to manipulate the OS before).

That would be
(1) thieves
(2) anybody who buys the device witout being wiped correctly
(3) anybody who finde the device after being lost
(4) law enforcement (with court orders)
(5) intelligence service (in the gray zone)

1-3 probably wont get access to the key
4 at least will have to show an official document to MS to get the key (and at least make the transgression trackable, and therefore less likely that some stupid cop "just because he does not like your nose" will search the computer)

IMHO 1-4 are much more likely threats than 5.

Lets go to 5. If you are the target of an attack of any stat-level actor nowadays, i would assume that the level of precaution you have to take goes far beyond "not storing you key at MS". Dont get me wrong, i use local encryption and dont upload the key somewhere.

so the choice is
* making encryption unusable to the everyday user (most likely to get victim of accidental loss/theft) since they are afraid to loose theirs keys (imagine the kind of publicity MS would get....)
* accepting that law-enforcement/state-level actors still can transgress on a few selected users under substantially increased effort, but protect the average user from the fall-out of loosing his/her device

I personally thinks it's absolutely sane to choose the latter (and contrary to the statement in the article, most companies actually *do* store recovery keys centrally for Bitlocker.

If you believe that you are under treat by any western state-level actor, then trust nobody and nothing besides your own brain. The majority of the advice/ideas/hints/analysis which are reported in the tech press in respect to security are worthless shit.

Re:Preferable != ideal and wrong conclusions

[The-Ixian]

I could not agree with you more.

The encryption keys are only useful to decrypt your hard drive once your computer has been turned off.

There are much easier ways for hackers to get your data which do not require decryption at all (because that has already been or is being done once the computer is booted).

This is a perfectly reasonable trade off in usability without a huge hit to security.

It is not a "TNO" (trust no one) solution. But if you need that, you probably should not be running anything but a Linux box where you have personally vetted all of the code.

Re:Preferable != ideal and wrong conclusions

[brix]

A great analysis. Some points to add:

• - I don't think that it's technically required that the attacker have physical access, but it's kind of a moot point otherwise. If the attacker can log in remotely anyway, then they already have access to the unencrypted data because Bitlocker has unlocked the drive at boot time based on the TPM or other protector, right? What full disk encryption does do is protect against those with physical access but not remote access. In other words, the same set of 1-3, and probably 4.
• - Agreed on (5). I seem to remember seeing a quote from someone in security circles that said something like, "I typically assume that at least two countries have access to my system at any given point in time." In other words, you are already vulnerable; deal with it. Granted, this provides an additional attack vector, but as you said, it's the same for most corporations running Bitlocker with AD. The threat is no greater with MS storing the key, and probably much lower than your typical IT department.

I knew it!

[MagickalMyst]

Microsoft doesn't give anything away for free without a catch.

In this instance, the catch is your encryption key.

Re:Linux distros do the same

[rubycodez]

nonsense, instead use a distro (or other open source operating system for that matter) that is actually built for privacy and security as a prime consideration. There are Linux distros like that, and there is a BSD that is extremely like that

Re: If privacy is a concern, you don't use Windows

[IBME]

Tbqh, I have entertained the idea of running windows offline for quite some time now. I run a windows 7 pro desktop and a windows 7 pro tablet. On both I use Bleachbit, PrivaZer, & run Yamicsofts Windows7 Mgr, using Tinywall as a windows fw gui. Yamicsoft allows you to see the tasks created that send data back and/or the one that silently sets you up for an unwanted OS update. I delete them all. As for encryption, gpg4win or the like is useful to me. Full disk is not necessary atm and in fact the only thing I encrypt is obviously my password manager. I will be investing in a couple of Yubikeys before spring to get two factor up and running system wide, incl. for my phone. Windows 10 is too full of holes, driver and or sound problems, and clearly cannot be trusted. As well, unless they can claim it is significantly faster than 7, which it isn't, It is absolutely useless to me unfortunately.

The acknowledgement does not look good

[140Mandak262Jamuna]

Not only you have to upload your recovery key to microsoft, the response you get after you upload from their servers does not bode well.

It says "all your base are belong to us".

HIPPA Compliance

[ITRambo]

Does MS having a copy of a WIndows 10 Pro bitlocker key for a PC in a small medical office violate HIPPA or is the issue moot?

Re:HIPPA Compliance

[cfalcon]

I don't think you can use Windows 10 in that setting at all yet.

Microsoft has your win10 Encryption Key

[shubus]

Absolutely NO ONE can be surprised by this. Anyone think NSA wasn't in this up their eyeballs?

Does this include dev accounts

[fredrated]

like Microsoft developers forums?

Headline is a *tad* FUDdy, but article is accurate

[cfalcon]

Bitlocker lets you have the option to save your "recovery key" to USB, or to print it. In both cases, you can destroy the key effectively (note that you'll have to take care to ensure that the USB device is physically destroyed or secured in a manner secure against attackers you are concerned about, and that your printer doesn't keep a recoverable copy somewhere).

So Bitlocker is (in theory) safe and secure. Personally, I wouldn't trust this- it's proprietary, it's Microsoft, and there's every motivation to either make the key recoverable or disclose it for uses Microsoft deems useful (for instance, a future tyrannical government might be able to threaten them in such a way as to produce the keys). But by their claims, it should be.

The article distinguishes this from "device encryption", a gimped form of Bitlocker present in the "Home" edition that they give for free (or cheap or whatever- once I did even the first amount of research into Windows 10 I decided to avoid it entirely). If you pay for Professional, you get access to "Bitlocker", which has configuration options, including the print-out and USB options, which can result in NO recovery key- the generally desired state from a security perspective.

The headline of the article truthfully states that Microsoft "probably" has your recovery key, and the slashdot headline leaves that out totally. Both leave out the important fact that you have to be using the "device encryption" version of Bitlocker in the shit-tier version of Windows 10.

There's other posts talking about the keylogger, or kernel keylogging. I'm not sure the fact that the kernel keeps your keystrokes for awhile is inherently vulnerable, but it is suspicious.

In any event, the fact that you must be an expert user to get anything that MIGHT be security out of Windows 10 is absolutely disgusting. The Home version will be the most common by far, and the average user will not be aware of the default settings where keys are sent (along with a ton of other things) upstream, nor will he be aware of the fact that his supposed device encryption is recoverable by any hacker or bad actor in the future. The level of drama required to do anything in Windows 10 is massive. It's a real nightmare.

Anyone notice how oddly hard it is to set up anything but straight AES in almost all places? There's a shocking lack of user exposed options even in Linux (and Linux can be configured to extremely high levels of redundancy or security). Name a distro that lets you full disk encrypt with AES-Twofish-Serpent from a GUI, for instance (again, you can absolutely configure this, but it seems hard to get anything but straight AES). I know AES is trusted, but I'd trust it more if there were ways more ways to opt out of it and use either another block cipher, or it WITH another block cipher.

Even more reason

[DaMattster]

To not use Microsoft's products!

BS

[s.petry]

You are attempting to conflate a kernel passing device information, with a kernel capturing and analyzing that information. It is not the same thing, and I think people should be insulted reading posts like yours.

Re:BS

[phantomfive]

You are attempting to conflate

I'm not trying to conflate anything lol. I was asking a clarifying question to understand what you were saying, then you got defensive.

More BS

[s.petry]

If you read the post you will see that the memory is still evaluated for particulars which ANY application could grab if it knew the correct system calls. Pass through is NOT what Windows 10 is doing.

True since Windows 8

[fearofdecaf]

This has been the case since Windows 8 if you used BitLocker while logging into your PC using a Microsoft Account. It's not one of the newly deployed 'features' either, I looked into it when I was going to purchase a Surface Pro 2 a couple of years ago. The simplest solution is to log in with a local account.

http://windows.microsoft.com/e...

See "How can I get my BitLocker recovery key".

Recovery Key Encryption?

[Cardcaptor_RLH85]

My question here is, is the recovery key at least encrypted (by whatever method) with your account password on their servers or is it in the clear to MS? If the latter is true, then that's another reason to use some other method of system encryption. If the former then, yes, it's somewhat troubling that this can't be disabled prior to uploading the key but, it's really not the worst problem.

Does it really matter? (Obligatory XKCD)

[rocket+rancher]

Does it really matter where your key is stored? I think not.

What is this?

[RockDoctor]

... Windows 10 thing?

I continue to get spam from an Indian company about it, but, why should I care about their new viruses?