Welcome to WebmasterWorld Guest from 23.20.8.182

Forum Moderators: bill

Message Too Old, No Replies

Windows 10 disk encryption keys are uploaded to Microsoft

     
9:20 pm on Dec 29, 2015 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14791
votes: 86


Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key [theintercept.com]
One of the excellent features of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key – which can be used to unlock your encrypted disk – to Microsoft’s servers, probably without your knowledge and without an option to opt-out.


Home users can delete the copy of their key from their account, only Pro and Enterprise users can opt out when re-encrypting.
10:03 pm on Dec 29, 2015 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8298
votes: 142


So setting aside conspiracy theories, do I want to do this?

- if i lose my encryption key, is this a way to get it back? I assume so since they call it a "recovery key"

- do I really care if MS gets hacked and my key gets stolen? What are the chances that the attacker will then gain access to my physical machine?

My guess is that most users should leave well enough alone and let Windows stash their key somewhere they can get it back when their system is borked and then need to recover their encrypted data.

[edit: I think the main worry here seems to be that if subpoenaed, MS might give up your key.... which I wasn't thinking of when I wrote the above]
10:08 pm on Dec 29, 2015 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8298
votes: 142


If you’re using a recent version of Windows, and your computer has the encryption chip, and if you have a Microsoft account, your disk will automatically get encrypted, and your recovery key will get sent to Microsoft.


Which is dramatically more secure than what most users have now. Seems like, overall, a got compromise for average users.
1:05 am on Dec 30, 2015 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6533
votes: 114


Nice feature :)
2:46 am on Dec 30, 2015 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14791
votes: 86


The security conscious among us will want to take the steps in the article to re-encrypt their drive and store the key themselves. Sure the default encryption is better than what most had before, but giving the key to a third party is a severe risk. If the key gets loose your data is at risk. I'm the type who would prefer the inconvenience of storing the key myself (it's not all that hard) rather than opening up this potential hole.
3:51 am on Dec 30, 2015 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6533
votes: 114


...giving the key to a third party is a severe risk. If the key gets loose your data is at risk.
Assuming you store sensitive data within the Windows OS, which I don't. I also don't keep usernames/passwords in the browser (which always seemed like a vastly stupid idea, but almost everyone I know does it.)
4:49 am on Dec 30, 2015 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8298
votes: 142


I see it more like 2-factor auth in the sense it's unlikely my computer will get stolen and it's unlikely my key will get stolen, but it is extremely unlikely both will be obtained by the same person.

What scenario do you foresee where this will happen? Someone steals my computer, gets access to my accounts and is able to demand the recovery key?
6:26 am on Dec 30, 2015 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14791
votes: 86


It's not really 2FA. It's more like giving a 3rd party the key to your home. They say that they won't use the key without your permission, but then someone steals that key or Uncle Sam asks nicely... The keys to all of your data are in the hands of someone who might not have your best interests in mind.

If all your data is backed up in OneDrive, along with your key, you'd never know if your data was opened. That fundamentally breaks the security model. Better that you save the key to a USB drive or print it out and stick it in a safety deposit box.
7:30 am on Dec 30, 2015 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:6533
votes: 114


A 12 hour cron writes my junk to a remote SSD which I can access several ways including WiFi.

After this conversation I may consider moving this disk encryption key there as well.
9:57 am on Dec 30, 2015 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:July 23, 2004
posts:489
votes: 37


If all your data is backed up in OneDrive, along with your key, you'd never know if your data was opened.


I don't sign in to an MS account, and I don't use their stupid cloud ... I would just rather be responsible for my own stuff and take it on the chin if I ever get borked -- Nothing that a good backup and a bit of reformatting couldn't cure ..
11:48 am on Dec 30, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:6964
votes: 385


I sound like a broken record. I know it, and many of you, too. This intrusion by MS is Step One to the Dumb Terminal ala 1950s Big Iron on access to computing services (which is why MS is calling Win 10 the last windows as 'Windows as a Service') to get back to tight control and monthly billing for use/access. Win 7 is your last bastion against this. Else Linux for the security minded.

MS moved there with 365, One Drive, etc. and Adobe got there first with CS in the cloud.

While the encryption is a good thing, having your key(s) "out of house" is a rare and scary prospect. Others above have noted those many problems. I repeat, again, this is all about taking back the PC Genie (as in Personal Computer, not Politically Correct) and putting a cork in that paradigm. Selling a site/seat license that can remain active for 20 years does not generate the same income as a monthly billing---and all your data hostage on their machines (try killing One Drive, and killing it over and over and over and over)

Sadly, once all accounts (not users) are back in the big iron fold the gubermint (sic) will have ways and means to get your goodies because MS will roll over. They, and others working the same game, have done so time and again.

There's a reason why I wear a tin foil hat. :)

7 and 5/8s.
1:10 pm on Dec 30, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:6964
votes: 385


Other thoughts

[theregister.co.uk...]
4:46 pm on Dec 30, 2015 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8298
votes: 142


>>If all your data is backed up in OneDrive

Oh.... well that isn't going to happen. Nor is logging into my MS account actually, but that's me.

Because of limited bandwidth, only a tiny portion of what I have syncs to the cloud and none of it would be terribly compromising... except one service that I know that Bill and I both use.
2:56 am on Dec 31, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 4, 2001
posts: 1265
votes: 12


I don't worry so much about this (and the other questionable data MS collects from users) when it comes to hacking. As others have said someone would need to steal the key and then have the resources and motivation to get access to my device as well.

This sort of thing is what concerns me:
Tech companies face criminal charges if they notify users of UK government spying [techspot.com]

If any big tech company has your data, so will various governments, if not immediately then at some point provided the current surveillance climate continues.

I don't actually encrypt my drives in the first place, but all of the reasons I might have to encrypt data are also reasons not to give the key to a third party.
9:38 pm on Jan 1, 2016 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:July 23, 2004
posts:489
votes: 37


If any big tech company has your data, so will various governments

I would actually, in the end, be more concerned with all of the writes that exist in the back end of today's x86 processors and other related firmware.

The OS is somewhat irrelevant when you've got all of these other things accessing your info via the firmware.

Encrypted or not, the back end (firmware) whether it be networking, video, or even the processor itself, can see all of what you have going on at any given time via your RAM --

This whole business of "Microsoft Stores Your Encryption Key" can be no more than a mere talking point when you stop to consider what Microsoft and/or others can really see via their own "very secret" firmware writes.
9:50 pm on Jan 6, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:July 29, 2007
posts:1745
votes: 80


I don't detect a whole lot of surprise that Microsoft was recording encryption keys and don't suspect anyone will speak up against it to any degree which makes Microsoft change. The rep of never failing to disappoint on the privacy front is well earned in most cases.
10:59 pm on Jan 6, 2016 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14791
votes: 86


Microsoft clearly doesn't see this as a bug, but rather a feature (pun intended)
As there are guidelines for the security conscious to fix this issue I don't foresee them changing this default action. At this point I'm just glad that someone has identified the issue and documented some recourse.
9:47 pm on Jan 7, 2016 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8298
votes: 142


To be fair, they suddenly rolled out encrpytion to a vast army of people who have no idea what that means and who do, in fact, need some babysitting and do, in fact, need an adult holding their key.

I am occasionally reminded of how far we are from the average user. The other day I asked someone to do a Google search on a term. She went to Yahoo!, searched for "Google," clicked through to the Google search page and then did the search. When I introduced her to using a password manager instead of storing them in clear text in an Excel spreadsheet, she declared a few weeks later that I had "ruined her life." Now you might argue that MS shouldn't roll out encryption for folks like that at all, but that's the audience they are building for.

The issue here is not that they store the keys for people who don't know better. It's that they do not make it clear to people like bill and JS_Harris that they are doing that and give an option to opt out.
9:24 am on Jan 8, 2016 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:23150
votes: 344


When I introduced her to using a password manager instead of storing them in clear text in an Excel spreadsheet, she declared a few weeks later that I had "ruined her life."

How so? Had she lost the master key?

At this point I'm just glad that someone has identified the issue and documented some recourse.

Thanks to those way more savvy than me, i'm with you on that. I really cannot understand why such a feature (bug) is hidden from the average user. Why hide something potentially very useful to those that would more likely need it! Surely, Microsoft should be documenting all this and proclaiming it a really helpful way of resolving issues for the technically challenged. Of course, handing the keys over is one thing, but what gets me is that they haven't made that clear for a user. To use the analogy; nobody knew the house keys were handed over, so if there was a problem getting back into the house, the house owner never knew to ask. It seems to me it's pretty stupid of Microsoft to fail to inform and provide choice to users. No wonder the "authorities" come gunning for them.
3:14 am on Jan 10, 2016 (gmt 0)

Administrator from JP 

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:Oct 12, 2000
posts:14791
votes: 86


When even people here don't clearly see that there's an issue with trusting encryption keys to a third-party, then it says to me that efforts to educate the community are lacking. I can understand the average user not comprehending this...they have an excuse. I would expect the tech-savvy to be a bit more up in arms about something like this.

After reading the comments here I'd have to say that Microsoft probably did the right thing for most users. I wouldn't want them helping me out in this way, but I too know users who go to Bing and search for "Google". They are amazed when I show them you can just type "Google" into the URL bar and get there in less steps. Explaining cryptoraphic keys to this type always leaves me with impressions of keyboard keys in my forehead.