Check Bitlocker status, and don't assume anything . . .

cheaterslick said:

Most people out there probably won't even realize it's turned on until the you-know-what hits the fan, anyway.

Click to expand...

That's about the only thing I agree with. It's crazy for Microsoft to setup bitlocker by default on system drive without even asking at install. If it insists on doing this then direct each user into a tutorial explaining that the administrator should back up the recovery key, or allow an opt-out entirely.

But Microsoft only saves your bitlocker key in your Microsoft Account if you ask it to and they cannot recover or recreate or access your Microsoft account to retrieve it if you do save it there due to it's 'zero-knowledge' design: they need your password, 2FA or passkey do do so.

And having had two computers (one laptop, one desktop) stolen in two separate break-ins I can fairly say they're just as much in jeapordy as a laptop that travels with you. Unless you keep your place locked up like fort knox. Which I guess some do so it might largely get down to which kind of security you provide for your records..

Buddywh said:

But Microsoft only saves your bitlocker key in your Microsoft Account if you ask it to and they cannot recover or recreate or access your Microsoft account to retrieve it if you do save it there due to it's 'zero-knowledge' design: they need your password, 2FA or passkey do do so.

Click to expand...

And yet if law enforcement has a warrant and asks Microsoft for the key, they somehow magically come up with it, right?

Buddywh said:

And having had two computers (one laptop, one desktop) stolen in two separate break-ins I can fairly say they're just as much in jeapordy as a laptop that travels with you. Unless you keep your place locked up like fort knox. Which I guess some do so it might largely get down to which kind of tin-foil-hat you want to wear.

Click to expand...

Well again, that's your choice. Benefits vs. costs. I don't knock it.

Besides, I don't live in a neighborhood full of break-ins, anyway. If you think your risk is that great, then by all means, enable it. Better yet, buy an SSD with hardware encryption built into it. Look around, they're out there. Not to mention, hardware straps and (physical) keys to bolt it down and help delay the burglars. Really turn your machine into Fort Knox.

I don't know why some people here are against choice. Even if you think it's a 'bad choice', it's my still my choice to make, now isn't it....

I started this thread just to warn everyone that thru no fault of our own, our new computer asked for a recovery key (I called it a passcode, my bad) on startup. Not already possessing the recovery key but finding out later you have to use another computer to access the key (because your own computer is locked up), which is possible as long as you know the sign-in address and the passcode or password for the startup to begin with, and you have another means to access the recovery code, like a computer, phone, or tablet). I am no tech wiz but have worked with my own computers since 1987. I know a few tricks and have experience. Others may not, so I warned that this can happen, and to avoid panic for some users, it might be a good idea to either turn off Bitlocker, or get the recovery key, or both. In my case, I did both. We have to think about those people who have computers and just use them, without an inkling of how they work, or how to fix a problem when it occurs. Computers are supposed to work for us, not against us!

StralyaPithecus said:

I administer hundreds of windows pcs, and I never saw a single one that activated BitLocker by itself, without the user knowing. A SINGLE ONE! and yes, we have a mix of a few BitLocker encrypted pcs and non-encrypted pcs. Mostly windows home upgraded to professional version, not enterprise. So, or windows 11 home behaves completely different from pro, or I will say those people blaming Microsoft for activating BitLocker without their knowledge are saying BS. It's still a choice, if you f*k and activated it because you were pressing buttons randomly, that's your fault, not Microsoft.

Click to expand...

I didn't know mine was activated until I started visiting this forum and weighed the choices as to whether I keep it or not. I've always used Pro and never Home. Encryption set-up is quite different between the two.

And I notice that the people who develop Rufus (discussed quite a lot in these forums) have it as a disable option when you re-image your machine. Why would they include that if Bitlocker is so universally loved? And why does Microsoft still allow us the choice? For now, anyway... (?)

Too bad they don't tell everybody. You have to make an effort to find out, out there. And I suspect most people out there don't do that.

cheaterslick said:

And yet if law enforcement has a warrant and asks Microsoft for the key, they somehow magically come up with it, right?

Click to expand...

Wrong...

While Microsoft would doubtless be obligated to respond to a lawful demand imposed on it by any of the governments of the countries within which it operates (as would ANY international company whether it be MIcrosoft, Google, Apple), it simply cannot do so for bitlocker recovery keys.

And there are no known incidents of it occurring. But I'm not the authority on this I have to "hit the internets" so if you know of an incident where it happened let us all in on it.

cheaterslick said:

And why does Microsoft still allow us the choice? For now, anyway... (?)

Click to expand...

My opinion on that: Microsoft wants the ability to thumb their noses at governments when they come asking for a computer owner's data.

Not that it matters because they and every other company that purports to maintain user privacy through encryption keys are at risk of governments forcing them to do something like modify code to capture keys. I'm sure it could be done, has been (Hushmail for the Canadian Government at US D.E.A.'s request in 2007) and could be for any system that requires a user input for decryption. All that shows is they'll win one way or another and we're really only protecting ourselves from the petty thieves anyway.

Buddywh said:

Wrong...

Click to expand...

How do you know?

Buddywh said:

While Microsoft would doubtless be obligated to respond to a lawful demand imposed on it by any of the governments of the countries within which it operates (as would ANY international company whether it be MIcrosoft, Google, Apple), it simply cannot do so for bitlocker recovery keys.

Click to expand...

Color me very, very skeptical... lol

Buddywh said:

And there are no known incidents of it occurring. But I'm not the authority on this I have to "hit the internets" so if you know of an incident where it happened let us all in on it.

Click to expand...

Microsoft doesn't really tell you.


However the FBI does request it. Bitlocker key stored in the cloud? As a customer backup? Maybe...

"Rather, the FBI along with federal, state, and local law enforcement colleagues, want providers who manage encrypted data to be able to decrypt that data and provide it to law enforcement only in response to U.S. legal process."

Click to expand...

I believe anything is hackable. We just don't know about it.

cheaterslick said:

Microsoft doesn't really tell you.

Click to expand...

And yet, it has a way of coming out anyway when "requests" are made...


If Apple didn't use a "zero-knowledge" encryption system I bet they wish they had so they could look the government in the eye and say quite clearly and honestly: we lack the ability even if we were of a mind to comply.

And yes, I do agree anything is "hackable" at some level, just ask Hushmail who did it to their own customers! If the government wants your data, they'll get it one way or the other. That's why I'm content knowing the only thing I'm protecting my data from are common theives.

Buddywh said:

And yet, it has a way of coming out anyway when "requests" are made...

Click to expand...

Not everything makes the news. Almost 30,000 requests according to that link up above. We have little idea of what happened. Or what workarounds were used. Just a pie chart without any specifics.

Buddywh said:

FBI–Apple encryption dispute | Law | Research Starters | EBSCO Research

<p>The FBI–Apple encryption dispute was a significant legal conflict that arose following the 2015 San Bernardino terrorist attack, where the FBI sought to unlock an iPhone 5C belonging to one of the shooters. The FBI argued that accessing the phone was crucial for investigating potential...

www.ebsco.com

If Apple didn't use a "zero-knowledge" encryption system I bet they wish they had so they could look the government in the eye and say quite clearly and honestly: we lack the ability even if we were of a mind to comply.

Click to expand...

Yet...

"Ultimately, the FBI found a third party to unlock the phone, leading to the withdrawal of its court request against Apple."

Click to expand...

Oh well. So much for encryption...

Buddywh said:

And yes, I do agree anything is "hackable" at some level (just ask Hushmail who did it to their own customers!) If the government wants your data, they'll get it one way or the other. That's why I'm content knowing the only thing I'm protecting my data from are common theives.

Click to expand...

And there's nothing wrong with that. I choose to take a different approach, that's all.

Again, costs vs. benefits.