Mastodawn

I was wondering when a reporter would uncover this.

So BitLocker is super secure, right? Well... BitLocker recovery keys are backed up to Microsoft's Cloud - and they give them out to law enforcement on request. Using the BitLocker recovery key, you can just unlock the device without a PIN etc.
https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw

The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.

Forbes

Show thread

Niknukem Jan 23

@GossiTheDog You can save Key as a file.

Show thread

jesterchen42 Jan 23

@niknukem Which doesn't help if the key is additionally and automatically synced to MS. You have a MS account to login, don't you? So it's easy to connect...

And afaik the sync can only be deactivated using GPOs - but perhaps even this is no longer a possibility...

Show thread

Niknukem Jan 23

@jesterchen So is there peoof they sync the key even if you select sace as file? Yeah no MS account in windows. But guess most do use intune, than key is cloud based. Welcome back veracrypt. Xd

Show thread

JustEnoughDucks Jan 23

@niknukem @jesterchen when it comes to security, you should always think of the worse cade scenario.

It is already proven that they upload the keys to their servers, so it should be assumed until proven otherwise that selecting a different option in their own tool doesn't change that, especially with Microsoft's history of sending literally everything to their servers.

Show thread

Niknukem

@justenoughducks @jesterchen But this was the question, if you save your key local, will it be uploaded? No Account, No Intune. So worst case yes, but it should be in a realistic scenario. Or more a proper evaluation. But besides that, who needs encryption if the user activate the 10282 copilot features on windows.