>Windows 11’s online Microsoft Account requirement means your PC is automatically backing up its data encryption key to the cloud, and Microsoft says it will hand those over to the FBI
>The data was protected with BitLocker, software that’s automatically enabled on many modern Windows PCs to safeguard all the data on the computer’s hard drive. BitLocker scrambles the data so that only those with a key can decode it.
>These keys enable the ability to decrypt and access the data on a computer running Windows, giving law enforcement the means to break into a device and access its data.
>It’s frankly shocking that the encryption keys that do get uploaded to Microsoft aren’t encrypted on the cloud side, too. That would prevent Microsoft from seeing the keys, but it seems that, as things currently stand, those keys are available in an unencrypted state, and it is a privacy nightmare for customers.
>This isn’t just an issue in the. Jennifer Granick, surveillance and cybersecurity counsel at the ACLU, noted that foreign governments with questionable human rights records also demand data from tech giants like Microsoft. “Remote storage of decryption keys can be quite dangerous,” she said.
>Law enforcement regularly asks tech giants to provide encryption keys, implement backdoor access or weaken their security in other ways. But other companies have refused.
>Now that the FBI and other agencies know Microsoft will comply with warrants similar to the Guam case, they’ll likely make more demands for encryption keys, Green said. “My experience is, once the government gets used to having a capability, it’s very hard to get rid of it.”
Radiant-Maybe-2513 on
Fork got found in the kitchen
Accomplished-Tap-456 on
If you want data to be private, get a NAS and encrypt it. store the decryption keys in a trusted opensource key safe like keepass.
ABolaNostra on
So can we assume that Microsoft doesn’t’t have a backdoor to decrypt data apart from the recovery key..?
GriffinFlash on
So, anyone want to tell me more about Linux?
Bestcon on
Run linux!
TehWildMan_ on
Trusting a US cloud storage provider to not hand over backed up data to the FBI
Classic “What Could Go Wrong” moment
FineWolf on
Full-disk encryption is a very good thing. However, Microsoft backing up recovery keys is just beyond stupid.
Microsoft simply no longer cares about their consumers. All they care about is reassuring their shareholders that all the money they’ve been funnelling to AI isn’t going to waste, even if in reality, it absolutely is.
**As a consumer, you have the option to switch to something else.** Both macOS and Linux exists as options. Yes, it will require you swap out software you are comfortable with and may have already purchased for different alternatives, but at least, in the long term, you won’t have to deal with all the shit above.
I am aware that macOS has its fair share of AI bullshit as well, but at least you can toggle it all off system-wide with a clearly labelled option in the System Settings app, and Apple doesn’t play the sneaky game of splitting AI features into a thousand opt-out toggles. That single one turns it all off, and Apple doesn’t mess with it.
As for Linux, there’s absolutely no AI unless you choose to install it. And LUKS is absolutely amazing as a full-disk encryption solution.
Puniversefr on
Is the illusion of privacy still a thing for anyone after a couple decades of wikileaks then palantir and a world where every single private data company admits being “hacked” every couple years, when they don’t get caught outright selling them.
confident_crypto on
Unpopular take: this is probably fine for most people.
The vast majority of the risk BitLocker is protecting is so that if you lose your laptop your average malicious user can’t access your data, and do some quite inconvenient things with that copy of your passport, downloaded bank statements or saucy pictures you might have.
The benefit of backing up to the cloud is the literally thousands of people who could lose decades of memories in photos and videos when their computer fails – who is actually good at backing up these days?
Assuming encryption is better than no encryption, are you saying you want to be explaining to your Mum or Dad that all their photos have been lost when their motherboard fails – but it’s OK at least the FBI can’t access them?
Yes if that’s your concern then there are much better solutions out there – but to say this is wrong of Microsoft would be removing valuable protection from the majority of people.
And to those asking “why isn’t the backup key in the cloud encrypted again?” It’s not a very good cloud backup if it’s encrypted with a key in your drawer – you can just cut the middle man out and have a printed backup key to keep safe/lose. And if you want somehow to have a cloud-mediated end-to-end encryption – even Apple recommends that most users don’t need/shouldn’t turn on Advanced Data Protection.
ExpertPath on
All Microsoft has to do is encrypt the key with the user password upon upload – This is industry standard, why are they storing keys in plaintext?????
DR_CAWK on
Microsoft. So hot right now.
Craftkorb on
I’ll never understand why European institutions ever chose US companies for their services. The e-spionage comes free.
Spudtron98 on
Apple would never. Not even kidding, they take their encryption so seriously they’ve told entire governments to fuck off.
Nyoka_ya_Mpembe on
This will be posted every day?
asdf_lord on
Imagine your LUKS key for your arch install was sent to the maintainers of Arch Linux. See how crazy that sounds?
Wide_Open_Buttcheeks on
At this point I wonder why the fuck am i still using windows when I dont game anymore lmao
dbula on
Didn’t the twitter files and Zuck’s statements already show tech companies are gonna listen to whichever administration is in charge? Only company in Silicon Valley I ever heard about giving resistance in the past was Apple.
NiceMonster on
Alternative headline: Microsoft complies with the law.
(Search ‘lavabit’ if you don’t know)
StaticSystemShock on
And this is why I don’t want their bullshit “online account” or active OneDrive. I’ve ditched it on all other systems and replaced it with Fedora. Even laptop that had Windows 11 out of the box was formatted and Linux installed on day 1. I’d NEVER trust Microsoft on ANY encryption. Or even security for that matter. If they can’t fix mundane shit that keeps breaking every week, how are we suppose to trust them with complex stuff like encryption lmao.
Tirux on
Thanks for reminding me to install Linux on a mini PC I have so I can start replacing Windows.
Dafffy_Duck on
Microsoft should be sued for false advertising if they advertised Bitlocker as secure. Customers deserve to know that this is not secure.
ShinyBloke on
I look at this as a AD to never buy any Microsoft products the rest of my life, and I’m not at all joking.
cloudfable1 on
No way
geo_prog on
I mean, yeah. Of course they did. As soon as I saw that Bitlocker encryption keys were stored on Microsoft’s servers I knew they were just for show. Anyone who isn’t completely naïve would have seen that.
Shooter_McGavin_666 on
The privacy flaw was the user in this case. They chose to store a plain text password on the cloud.
User4C4C4C on
Don’t just rely on a single third party for encryption. Do some yourself. Encrypted containers within encrypted containers within Encrypted containers.
boraam on
Shocking. That anyone is surprised at all. This is so obvious.
32 Comments
Company also confirms that they’ll do it again – [https://www.windowscentral.com/microsoft/windows-11/microsoft-bitlocker-encryption-keys-give-fbi-legal-order-privacy-nightmare](https://www.windowscentral.com/microsoft/windows-11/microsoft-bitlocker-encryption-keys-give-fbi-legal-order-privacy-nightmare)
>Windows 11’s online Microsoft Account requirement means your PC is automatically backing up its data encryption key to the cloud, and Microsoft says it will hand those over to the FBI
>The data was protected with BitLocker, software that’s automatically enabled on many modern Windows PCs to safeguard all the data on the computer’s hard drive. BitLocker scrambles the data so that only those with a key can decode it.
>These keys enable the ability to decrypt and access the data on a computer running Windows, giving law enforcement the means to break into a device and access its data.
>It’s frankly shocking that the encryption keys that do get uploaded to Microsoft aren’t encrypted on the cloud side, too. That would prevent Microsoft from seeing the keys, but it seems that, as things currently stand, those keys are available in an unencrypted state, and it is a privacy nightmare for customers.
>This isn’t just an issue in the. Jennifer Granick, surveillance and cybersecurity counsel at the ACLU, noted that foreign governments with questionable human rights records also demand data from tech giants like Microsoft. “Remote storage of decryption keys can be quite dangerous,” she said.
>Law enforcement regularly asks tech giants to provide encryption keys, implement backdoor access or weaken their security in other ways. But other companies have refused.
>Now that the FBI and other agencies know Microsoft will comply with warrants similar to the Guam case, they’ll likely make more demands for encryption keys, Green said. “My experience is, once the government gets used to having a capability, it’s very hard to get rid of it.”
Fork got found in the kitchen
If you want data to be private, get a NAS and encrypt it. store the decryption keys in a trusted opensource key safe like keepass.
So can we assume that Microsoft doesn’t’t have a backdoor to decrypt data apart from the recovery key..?
So, anyone want to tell me more about Linux?
Run linux!
Trusting a US cloud storage provider to not hand over backed up data to the FBI
Classic “What Could Go Wrong” moment
Full-disk encryption is a very good thing. However, Microsoft backing up recovery keys is just beyond stupid.
If you want to use Windows & Bitlocker, then use [`Remove-BitLockerKeyProtector`](https://learn.microsoft.com/en-us/powershell/module/bitlocker/remove-bitlockerkeyprotector?view=windowsserver2025-ps) to remove the recovery password protector, and use [`Add-BitLockerKeyProtector`](https://learn.microsoft.com/en-us/powershell/module/bitlocker/add-bitlockerkeyprotector?view=windowsserver2025-ps) to add a regular password protector. You may as well remove your TPM-based protector unless you really like the convenience of your partition auto-unlocking.
Or… alternatively, use an operating system that doesn’t disrespect you as a user with:
* Nag [banners to enable Windows Backup in Explorer](https://i.imgur.com/mYS4v2L.png) and [notifications in the notification area](https://i.imgur.com/53aHgaK.png). (Windows Backup which conveniently only supports OneDrive as a cloud target).
* [The Microsoft account requirement](https://alternativeto.net/news/2025/10/windows-11-now-blocks-all-microsoft-account-bypasses-during-setup/).
* The addition of Copilot absolutely everywhere.
* [Dark patterns to get you to accidentally switch to an account-wide Microsoft account](https://i.imgur.com/ltJx0mC.png).
* Advertisements for Microsoft services on the [lock screen](https://i.imgur.com/ZxfZE8o.png), [settings app](https://i.imgur.com/VhTPWvp.png), [photos app](https://i.imgur.com/Rnbq8Oo.png) which are not acceptable on a Pro SKU that retails at AU$379.00.
* Big scary yellow messages that imply that your computer has a problem because you haven’t copied your files to OneDrive ([settings app](https://i.imgur.com/VhTPWvp.png), [start menu](https://i.imgur.com/vCjO9q6.png)).
* The removal of basic personalisation options, like pinning your task bar anywhere but the bottom.
* Big “whoopsies” in terms of user privacy like the implementation of Recall that was said to be encrypted ([but wasn’t](https://github.com/xaitax/TotalRecall)), wasn’t supposed to capture financial information ([but does](https://www.theregister.com/2025/08/01/microsoft_recall_captures_credit_card_info/)), and now the addition of Gaming Copilot which [captures and uploads screenshots of your gaming sessions without your explicit consent to train their AI](https://www.techpowerup.com/342179/copilot-for-gaming-screenshots-your-games-uploads-them-to-ms-enabled-by-default).
* A lacklustre migration to the new settings app, which is lacking plenty of important settings that were present in the previous iterations of the screens (the audio subsection is now an abject disaster for anyone in audio/music production).
* [The use of deceptive pricing practices for their M365 subscription plans](https://www.accc.gov.au/media-release/microsoft-in-court-for-allegedly-misleading-millions-of-australians-over-microsoft-365-subscriptions), again, to force AI down the throat of every single user..
Microsoft simply no longer cares about their consumers. All they care about is reassuring their shareholders that all the money they’ve been funnelling to AI isn’t going to waste, even if in reality, it absolutely is.
**As a consumer, you have the option to switch to something else.** Both macOS and Linux exists as options. Yes, it will require you swap out software you are comfortable with and may have already purchased for different alternatives, but at least, in the long term, you won’t have to deal with all the shit above.
I am aware that macOS has its fair share of AI bullshit as well, but at least you can toggle it all off system-wide with a clearly labelled option in the System Settings app, and Apple doesn’t play the sneaky game of splitting AI features into a thousand opt-out toggles. That single one turns it all off, and Apple doesn’t mess with it.
As for Linux, there’s absolutely no AI unless you choose to install it. And LUKS is absolutely amazing as a full-disk encryption solution.
Is the illusion of privacy still a thing for anyone after a couple decades of wikileaks then palantir and a world where every single private data company admits being “hacked” every couple years, when they don’t get caught outright selling them.
Unpopular take: this is probably fine for most people.
The vast majority of the risk BitLocker is protecting is so that if you lose your laptop your average malicious user can’t access your data, and do some quite inconvenient things with that copy of your passport, downloaded bank statements or saucy pictures you might have.
The benefit of backing up to the cloud is the literally thousands of people who could lose decades of memories in photos and videos when their computer fails – who is actually good at backing up these days?
Assuming encryption is better than no encryption, are you saying you want to be explaining to your Mum or Dad that all their photos have been lost when their motherboard fails – but it’s OK at least the FBI can’t access them?
Yes if that’s your concern then there are much better solutions out there – but to say this is wrong of Microsoft would be removing valuable protection from the majority of people.
And to those asking “why isn’t the backup key in the cloud encrypted again?” It’s not a very good cloud backup if it’s encrypted with a key in your drawer – you can just cut the middle man out and have a printed backup key to keep safe/lose. And if you want somehow to have a cloud-mediated end-to-end encryption – even Apple recommends that most users don’t need/shouldn’t turn on Advanced Data Protection.
All Microsoft has to do is encrypt the key with the user password upon upload – This is industry standard, why are they storing keys in plaintext?????
Microsoft. So hot right now.
I’ll never understand why European institutions ever chose US companies for their services. The e-spionage comes free.
Apple would never. Not even kidding, they take their encryption so seriously they’ve told entire governments to fuck off.
This will be posted every day?
Imagine your LUKS key for your arch install was sent to the maintainers of Arch Linux. See how crazy that sounds?
At this point I wonder why the fuck am i still using windows when I dont game anymore lmao
Didn’t the twitter files and Zuck’s statements already show tech companies are gonna listen to whichever administration is in charge? Only company in Silicon Valley I ever heard about giving resistance in the past was Apple.
Alternative headline: Microsoft complies with the law.
(Search ‘lavabit’ if you don’t know)
And this is why I don’t want their bullshit “online account” or active OneDrive. I’ve ditched it on all other systems and replaced it with Fedora. Even laptop that had Windows 11 out of the box was formatted and Linux installed on day 1. I’d NEVER trust Microsoft on ANY encryption. Or even security for that matter. If they can’t fix mundane shit that keeps breaking every week, how are we suppose to trust them with complex stuff like encryption lmao.
Thanks for reminding me to install Linux on a mini PC I have so I can start replacing Windows.
Microsoft should be sued for false advertising if they advertised Bitlocker as secure. Customers deserve to know that this is not secure.
I look at this as a AD to never buy any Microsoft products the rest of my life, and I’m not at all joking.
No way
I mean, yeah. Of course they did. As soon as I saw that Bitlocker encryption keys were stored on Microsoft’s servers I knew they were just for show. Anyone who isn’t completely naïve would have seen that.
The privacy flaw was the user in this case. They chose to store a plain text password on the cloud.
Don’t just rely on a single third party for encryption. Do some yourself. Encrypted containers within encrypted containers within Encrypted containers.
Shocking. That anyone is surprised at all. This is so obvious.
Nah, is China who is spying us?
Privacy optional, Microsoft approved.
What privacy?
ATT and Cisco do the same.