To be double plus sure you never lose it…
ONE OF THE EXCELLENT FEATURES of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key — which can be used to unlock your encrypted disk — to Microsoft’s servers, probably without your knowledge and without an option to opt out…
As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel it to hand over your recovery key, which it could do even if the first thing you do after setting up your computer is delete it.
As Green puts it, “Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.”
None of this happens accidentally. Microsoft could easily have made it opt-in/opt-out. Microsoft was not oblivious that opt-in/opt-out would be more secure. They didn’t do that because all of those keys are being grabbed. This is why the government is bitching about Apple not grabbing their user’s encryption keys, and not mentioning Microsoft. If Microsoft wasn’t actually saving all of them, or giving them outright to Fedguv, this would be as secure as Apple, and Fedguv would be bitching about them too.
What genuinely impresses me is that if you can believe the news (and I have no position on that, though it is possibly correct) Apple has evolved such an amazing in-house counter-intel machine (probably to keep new product ideas and IP from drifting away) that it may have actually also stopped Fedguv from gaining access to the insides of their machines. That is impressive since I would imagine Apple hires ex-intel profesionals to organize the effort, and yet they somehow insulate their actual tech operation from the very intel professionals (who are themselves ex-Fedguv, and could easily be plants) who organize their counter-intel.
I would imagine that it is a combination of a couple of things. One, the fact that Apple genuinely hires the best coders and engineers, so when they pull in a new employee, that employee will tend to not be a fedguv spook who learned coding or engineering on the side with an eye to gaining employment in Apple. Second they probably have a set of established procedures to handle employee approaches by outsiders, regardless of who the outsiders claim to work for, with an emphasis on the nature of false-flag operations. That makes any attempt by Fedguv to approach and compromise an employee a major risk to blow an operation, and initiate a potentially major private sector counter-intel operation by Apple’s stable of PI’s and spooks, to get on top of what is going on. You see how much more there is to these billion dollar technology companies.
The whole thing is very fascinating, though I am convinced the fedguv surveillance machine is on track to someday either blow up entirely in a media-cataclysm, or become the most oppressive of dictatorial regimes – and maybe both, though not in that order.
Apocalypse – not just for the little people.
[…] By Anonymous Conservative […]
Sounds overkill anyway to encrypt “regular Joe’s” hard drive, which for the most part will contain nothing more than a few hundreds lul cats memes.
I’m feeling better and better about migrating towards Ubuntu for everything. Not there yet, but I’m moving inexorably in that direction.
My contact info below is bullshit for self protection.
Do not believe the apple hype. What you are witnessing is a triumph of marketing, and not privacy.
If I could safely confirm who I am and how I know this, I would do so. Pascal’s wager can be applied to many things,
Thank you. It is good to know.
Something to keep in mind — one of the reasons the TrueCrypt team killed the Windows version was that “Bitlocker is better.” I wonder if they might not take the mantle back up now that Bitlocker is not only not better, it is, at its core, useless.