Microsoft criticised over Windows 10 encryption key upload
Microsoft has confirmed that all device encryption keys generated by Windows 10 are uploaded to remote servers, with only BitLocker users being given the ability to opt-out.
Microsoft's Windows 10 made some strides in improving the security of the company's computing platform, beginning with enabling an on-by-default disk encryption system based around its BitLocker technology. What the company did not make clear, however, is that the key used for this encryption is automatically uploaded to the Microsoft OneDrive servers - meaning it can, in theory, be illegally captured or legally requested by security services and other attackers, rendering the cryptography moot.
The news was broken by The Intercept, which confirmed with Microsoft that the encryption key used for on-disk encryption is automatically uploaded to Microsoft's servers by default and that there is no way to opt-out of the process. 'When a device goes into recovery mode, and the user doesn’t have access to the recovery key, the data on the drive will become permanently inaccessible. Based on the possibility of this outcome and a broad survey of customer feedback we chose to automatically backup the user recovery key,' a spokesperson told the site. 'The recovery key requires physical access to the user device and is not useful without it.'
With Microsoft already under fire for default settings in Windows 10 which see considerable user information being transmitted for the sake of targeted advertising and software feedback, the revelation that the encryption keys are being stored remotely is an unwelcome one. The issue is, however, somewhat mitigated: only the keys used for the on-by-default disk encryption are shared, with any users option to turn on BitLocker being offered the option to store the recovery key locally instead. For Windows 10 Home users, this is of little help: BitLocker is only available on Windows 10 Pro and above.
Microsoft does provide a means of deleting a device's recovery key from the remote servers, but not of generating a new key on Windows 10 Home without having it automatically uploaded once more.
Previous Article
21 Comments
Discuss in the forums ReplyWith all MS' wealth why is it so difficult for them to say no to western governments requests for easy access to data?? It is now becoming clearer why MS is giving away win10 for free for anyone with a PC capable of running a modern OS.
Click-bait article
Since then, Azure platform has been booming with companies switching over to Microsoft offering over Amazon.
I'd still prefer to use Linux as my everyday OS though, perhaps dual booting with windows 7. So my fingers are crossed that Vulkan really twists the knife into Windows and DX12.
So the only options where:
No encryption by default
Microsoft keeps a backup of the key
I'm not sure anyone's said it's an issue, although the potential for it becoming one is huge, and putting my tin foil hat on you could be giving governments the key to unlock your device.
Your analogy of finding a key on the street is a rubbish one, the key Microsoft stores without your consent is linked to the device, it's like a company storing the spare key for every lock in case the person who owns the lock loses the original.
Maybe you need to read the linked article on the Intercept that Gareth provided, either that or read up on what key escrow is.
In this case, someone has discovered a two-year-old feature, and misconstrued it rather dramatically. This reflects very poorly on The Intercept.
Don't forget you also need the users MS account username and password plus physical access to the device, plus it asks a security question.
This is really a very non issue.
As with most analogies they only provide a very rough idea of what's going on, they don't provide a detailed explanation and on this i feel Ars has done its readers a disservice.
The problem (IMO) is that it may provide people with a false sense of security, when enabling devices encryption you would expect to be asked if you wanted to store you decryption key on the Microsoft servers, the problem is, like most of Microsoft's decisions of late, is that they actively opt user into features that put their privacy and security at a potential risk.
I'm not saying features like automatic device encryption and backing up the key to Microsoft servers is a bad thing, but that should be an active choice made by the user and not something that Microsoft assumes everyone wants.
I could be wrong but didn't the hardware requirements change for Windows 10? in effect forcing some, if not all hardware required to automatically enabled the feature.
From my understanding it seems like a clash of cultures as i believe Americans are used to automatically being opted into everything and having to opt out afterwards if they choose to, whereas the rest of the world, particularly European countries, have a culture of automatically assuming an opted out default and letting people choose to opt into something should they wish, or at least actively asking the user.
So muggles want an OS install and upgrade to be one-click easy. They certainly don't want to be confronted with a lot of technical questions on whether they want to opt in on certain features or opt out on them, only to find out much later in a state of crisis of their PC having gone down in flames with all their stuff on it, that they possibly made a wrong choice because they didn't really understand the technical question.
Nope, muggles want Microsoft to know on their behalf what features they need. They want Microsoft to answer the hard technical questions for them, like they expect their car to come with a service plan and a roadside assistance scheme that will change the tire for them.
This annoys geeks like us, who buy cars knowing how to change the oil, gap the spark plugs and change the tires, and buy PCs (or rather, their constituent components) knowing how to do a fine-grained OS install. We worry about security features because we understand their limitations. But muggles just want stuff to work, and don't care about the technology. Ownership means a very different thing to them than to us.
If Apple users are given that option what so different with Windows users (re:Encrypting the drive), automatically enrolling people into things they may not want or puts them at risk is a very questionable tactic, so much so that banks have been paying out millions because they automatically enrolled people into PPI, I've got nothing against presenting people with a default option and letting them choose to either keep it or not, but to do it automatically for them is plain wrong.
EDIT: We all know most people just click next, next, next, and for those people the default options would be chosen, if they didn't like what was chosen for them then they only have themselves to blame and not Microsoft as it was a choice they made, we don't like it if when some software installs all sorts of toolbars and other PUP's without any warning so what make Microsoft think we would like it when they do a *similar thing?
Similar in that it's making a choice on our behalf.
I can't stress it enough, but if I wouldn't be bound to Windows/MacOS because most of my necessary graphics-software isn't available for Linux, I would switch in an instant.
All my non-work PCs are running on Linux anyways, as it's prefectly fine for most of the things you usually do on a PC. In addition it's free and highly configurable to your needs.
clicky
Yeah, only if you have Win10 Pro. The Home-version lacks tools like GPedit.msc.
Also, once Win10 does an update, OneDrive installs itself again.
I did not know this. Why on earth is MS putting something back on that I have removed? (just checked, its there) I was almost ready to put W10 on my gaming rig but this will not be happening 100% now.
yep. works as it should for me.