So setting aside conspiracy theories, do I want to do this?

- if i lose my encryption key, is this a way to get it back? I assume so since they call it a "recovery key"

- do I really care if MS gets hacked and my key gets stolen? What are the chances that the attacker will then gain access to my physical machine?

My guess is that most users should leave well enough alone and let Windows stash their key somewhere they can get it back when their system is borked and then need to recover their encrypted data.

[edit: I think the main worry here seems to be that if subpoenaed, MS might give up your key.... which I wasn't thinking of when I wrote the above]

If you’re using a recent version of Windows, and your computer has the encryption chip, and if you have a Microsoft account, your disk will automatically get encrypted, and your recovery key will get sent to Microsoft.

Which is dramatically more secure than what most users have now. Seems like, overall, a got compromise for average users.

Nice feature :)

The security conscious among us will want to take the steps in the article to re-encrypt their drive and store the key themselves. Sure the default encryption is better than what most had before, but giving the key to a third party is a severe risk. If the key gets loose your data is at risk. I'm the type who would prefer the inconvenience of storing the key myself (it's not all that hard) rather than opening up this potential hole.

...giving the key to a third party is a severe risk. If the key gets loose your data is at risk.

Assuming you store sensitive data within the Windows OS, which I don't. I also don't keep usernames/passwords in the browser (which always seemed like a vastly stupid idea, but almost everyone I know does it.)

I see it more like 2-factor auth in the sense it's unlikely my computer will get stolen and it's unlikely my key will get stolen, but it is extremely unlikely both will be obtained by the same person.

What scenario do you foresee where this will happen? Someone steals my computer, gets access to my accounts and is able to demand the recovery key?

It's not really 2FA. It's more like giving a 3rd party the key to your home. They say that they won't use the key without your permission, but then someone steals that key or Uncle Sam asks nicely... The keys to all of your data are in the hands of someone who might not have your best interests in mind.

If all your data is backed up in OneDrive, along with your key, you'd never know if your data was opened. That fundamentally breaks the security model. Better that you save the key to a USB drive or print it out and stick it in a safety deposit box.

A 12 hour cron writes my junk to a remote SSD which I can access several ways including WiFi.

After this conversation I may consider moving this disk encryption key there as well.

If all your data is backed up in OneDrive, along with your key, you'd never know if your data was opened.

I don't sign in to an MS account, and I don't use their stupid cloud ... I would just rather be responsible for my own stuff and take it on the chin if I ever get borked -- Nothing that a good backup and a bit of reformatting couldn't cure ..

I sound like a broken record. I know it, and many of you, too. This intrusion by MS is Step One to the Dumb Terminal ala 1950s Big Iron on access to computing services (which is why MS is calling Win 10 the last windows as 'Windows as a Service') to get back to tight control and monthly billing for use/access. Win 7 is your last bastion against this. Else Linux for the security minded.

MS moved there with 365, One Drive, etc. and Adobe got there first with CS in the cloud.

While the encryption is a good thing, having your key(s) "out of house" is a rare and scary prospect. Others above have noted those many problems. I repeat, again, this is all about taking back the PC Genie (as in Personal Computer, not Politically Correct) and putting a cork in that paradigm. Selling a site/seat license that can remain active for 20 years does not generate the same income as a monthly billing---and all your data hostage on their machines (try killing One Drive, and killing it over and over and over and over)

Sadly, once all accounts (not users) are back in the big iron fold the gubermint (sic) will have ways and means to get your goodies because MS will roll over. They, and others working the same game, have done so time and again.

There's a reason why I wear a tin foil hat. :)

7 and 5/8s.

Other thoughts

[theregister.co.uk...]

>>If all your data is backed up in OneDrive

Oh.... well that isn't going to happen. Nor is logging into my MS account actually, but that's me.

Because of limited bandwidth, only a tiny portion of what I have syncs to the cloud and none of it would be terribly compromising... except one service that I know that Bill and I both use.

I don't worry so much about this (and the other questionable data MS collects from users) when it comes to hacking. As others have said someone would need to steal the key and then have the resources and motivation to get access to my device as well.

This sort of thing is what concerns me:
Tech companies face criminal charges if they notify users of UK government spying [techspot.com]

If any big tech company has your data, so will various governments, if not immediately then at some point provided the current surveillance climate continues.

I don't actually encrypt my drives in the first place, but all of the reasons I might have to encrypt data are also reasons not to give the key to a third party.

If any big tech company has your data, so will various governments

I would actually, in the end, be more concerned with all of the writes that exist in the back end of today's x86 processors and other related firmware.

The OS is somewhat irrelevant when you've got all of these other things accessing your info via the firmware.

Encrypted or not, the back end (firmware) whether it be networking, video, or even the processor itself, can see all of what you have going on at any given time via your RAM --

This whole business of "Microsoft Stores Your Encryption Key" can be no more than a mere talking point when you stop to consider what Microsoft and/or others can really see via their own "very secret" firmware writes.

I don't detect a whole lot of surprise that Microsoft was recording encryption keys and don't suspect anyone will speak up against it to any degree which makes Microsoft change. The rep of never failing to disappoint on the privacy front is well earned in most cases.

Microsoft clearly doesn't see this as a bug, but rather a feature (pun intended)
As there are guidelines for the security conscious to fix this issue I don't foresee them changing this default action. At this point I'm just glad that someone has identified the issue and documented some recourse.

To be fair, they suddenly rolled out encrpytion to a vast army of people who have no idea what that means and who do, in fact, need some babysitting and do, in fact, need an adult holding their key.

I am occasionally reminded of how far we are from the average user. The other day I asked someone to do a Google search on a term. She went to Yahoo!, searched for "Google," clicked through to the Google search page and then did the search. When I introduced her to using a password manager instead of storing them in clear text in an Excel spreadsheet, she declared a few weeks later that I had "ruined her life." Now you might argue that MS shouldn't roll out encryption for folks like that at all, but that's the audience they are building for.

The issue here is not that they store the keys for people who don't know better. It's that they do not make it clear to people like bill and JS_Harris that they are doing that and give an option to opt out.

When I introduced her to using a password manager instead of storing them in clear text in an Excel spreadsheet, she declared a few weeks later that I had "ruined her life."

How so? Had she lost the master key?

At this point I'm just glad that someone has identified the issue and documented some recourse.

Thanks to those way more savvy than me, i'm with you on that. I really cannot understand why such a feature (bug) is hidden from the average user. Why hide something potentially very useful to those that would more likely need it! Surely, Microsoft should be documenting all this and proclaiming it a really helpful way of resolving issues for the technically challenged. Of course, handing the keys over is one thing, but what gets me is that they haven't made that clear for a user. To use the analogy; nobody knew the house keys were handed over, so if there was a problem getting back into the house, the house owner never knew to ask. It seems to me it's pretty stupid of Microsoft to fail to inform and provide choice to users. No wonder the "authorities" come gunning for them.

When even people here don't clearly see that there's an issue with trusting encryption keys to a third-party, then it says to me that efforts to educate the community are lacking. I can understand the average user not comprehending this...they have an excuse. I would expect the tech-savvy to be a bit more up in arms about something like this.

After reading the comments here I'd have to say that Microsoft probably did the right thing for most users. I wouldn't want them helping me out in this way, but I too know users who go to Bing and search for "Google". They are amazed when I show them you can just type "Google" into the URL bar and get there in less steps. Explaining cryptoraphic keys to this type always leaves me with impressions of keyboard keys in my forehead.