>Windows 11’s online Microsoft Account requirement means your PC is automatically backing up its data encryption key to the cloud, and Microsoft says it will hand those over to the FBI
>The data was protected with BitLocker, software that’s automatically enabled on many modern Windows PCs to safeguard all the data on the computer’s hard drive. BitLocker scrambles the data so that only those with a key can decode it.
>These keys enable the ability to decrypt and access the data on a computer running Windows, giving law enforcement the means to break into a device and access its data.
>It’s frankly shocking that the encryption keys that do get uploaded to Microsoft aren’t encrypted on the cloud side, too. That would prevent Microsoft from seeing the keys, but it seems that, as things currently stand, those keys are available in an unencrypted state, and it is a privacy nightmare for customers.
>This isn’t just an issue in the. Jennifer Granick, surveillance and cybersecurity counsel at the ACLU, noted that foreign governments with questionable human rights records also demand data from tech giants like Microsoft. “Remote storage of decryption keys can be quite dangerous,” she said.
>Law enforcement regularly asks tech giants to provide encryption keys, implement backdoor access or weaken their security in other ways. But other companies have refused.
>Now that the FBI and other agencies know Microsoft will comply with warrants similar to the Guam case, they’ll likely make more demands for encryption keys, Green said. “My experience is, once the government gets used to having a capability, it’s very hard to get rid of it.”
Radiant-Maybe-2513 on
Fork got found in the kitchen
Accomplished-Tap-456 on
If you want data to be private, get a NAS and encrypt it. store the decryption keys in a trusted opensource key safe like keepass.
ABolaNostra on
So can we assume that Microsoft doesn’t’t have a backdoor to decrypt data apart from the recovery key..?
GriffinFlash on
So, anyone want to tell me more about Linux?
Bestcon on
Run linux!
TehWildMan_ on
Trusting a US cloud storage provider to not hand over backed up data to the FBI
Classic “What Could Go Wrong” moment
iamagermanpotato on
And yet another nail in the coffin for Microsoft…
FineWolf on
Full-disk encryption is a very good thing. However, Microsoft backing up recovery keys is just beyond stupid.
Microsoft simply no longer cares about their consumers. All they care about is reassuring their shareholders that all the money they’ve been funnelling to AI isn’t going to waste, even if in reality, it absolutely is.
**As a consumer, you have the option to switch to something else.** Both macOS and Linux exists as options. Yes, it will require you swap out software you are comfortable with and may have already purchased for different alternatives, but at least, in the long term, you won’t have to deal with all the shit above.
I am aware that macOS has its fair share of AI bullshit as well, but at least you can toggle it all off system-wide with a clearly labelled option in the System Settings app, and Apple doesn’t play the sneaky game of splitting AI features into a thousand opt-out toggles. That single one turns it all off, and Apple doesn’t mess with it.
As for Linux, there’s absolutely no AI unless you choose to install it. And LUKS is absolutely amazing as a full-disk encryption solution.
InSight89 on
I wonder if Microsoft will lose customers over this as they can no longer be trusted to keep private data private. Unfortunately, there’s not much in the way of competition.
Puniversefr on
Is the illusion of privacy still a thing for anyone after a couple decades of wikileaks then palantir and a world where every single private data company admits being “hacked” every couple years, when they don’t get caught outright selling them.
Sartres_Roommate on
Welp, we use both Windows and Mac in this household, Win 11 already had us pushed towards not upgrading our PCs. This solidifies going full Apple now.
yksvaan on
This shouldn’t come as a surprise to anyone. Also MS should disable encryption by default for consumers, it only does more harm than good.
confident_crypto on
Unpopular take: this is probably fine for most people.
The vast majority of the risk BitLocker is protecting is so that if you lose your laptop your average malicious user can’t access your data, and do some quite inconvenient things with that copy of your passport, downloaded bank statements or saucy pictures you might have.
The benefit of backing up to the cloud is the literally thousands of people who could lose decades of memories in photos and videos when their computer fails – who is actually good at backing up these days?
Assuming encryption is better than no encryption, are you saying you want to be explaining to your Mum or Dad that all their photos have been lost when their motherboard fails – but it’s OK at least the FBI can’t access them?
Yes if that’s your concern then there are much better solutions out there – but to say this is wrong of Microsoft would be removing valuable protection from the majority of people.
And to those asking “why isn’t the backup key in the cloud encrypted again?” It’s not a very good cloud backup if it’s encrypted with a key in your drawer – you can just cut the middle man out and have a printed backup key to keep safe/lose. And if you want somehow to have a cloud-mediated end-to-end encryption – even Apple recommends that most users don’t need/shouldn’t turn on Advanced Data Protection.
Unique-Staff-2644 on
5 years ago i would of been strongly on the “if you have nothing to hide” side of the arguement.
I see the future now, the core of your whole identity and existence will one day be reduced to a digital token that is like the long birth certificate of olden times .. it provides trust for other forms of your existence passport.. drivers licence.. you will have to look after it like it’s your own beating heart. Hide it under the bed ? eeeek .. deposit in a bank ? who has access ? what if it gets robbed ? keep on your phone ? get hacked ? lose your phone ..eeeek. You can’t trust anyone now not government.. not company’s bad faith actors have changed that for good.
ExpertPath on
All Microsoft has to do is encrypt the key with the user password upon upload – This is industry standard, why are they storing keys in plaintext?????
DR_CAWK on
Microsoft. So hot right now.
Craftkorb on
I’ll never understand why European institutions ever chose US companies for their services. The e-spionage comes free.
18 Comments
Company also confirms that they’ll do it again – [https://www.windowscentral.com/microsoft/windows-11/microsoft-bitlocker-encryption-keys-give-fbi-legal-order-privacy-nightmare](https://www.windowscentral.com/microsoft/windows-11/microsoft-bitlocker-encryption-keys-give-fbi-legal-order-privacy-nightmare)
>Windows 11’s online Microsoft Account requirement means your PC is automatically backing up its data encryption key to the cloud, and Microsoft says it will hand those over to the FBI
>The data was protected with BitLocker, software that’s automatically enabled on many modern Windows PCs to safeguard all the data on the computer’s hard drive. BitLocker scrambles the data so that only those with a key can decode it.
>These keys enable the ability to decrypt and access the data on a computer running Windows, giving law enforcement the means to break into a device and access its data.
>It’s frankly shocking that the encryption keys that do get uploaded to Microsoft aren’t encrypted on the cloud side, too. That would prevent Microsoft from seeing the keys, but it seems that, as things currently stand, those keys are available in an unencrypted state, and it is a privacy nightmare for customers.
>This isn’t just an issue in the. Jennifer Granick, surveillance and cybersecurity counsel at the ACLU, noted that foreign governments with questionable human rights records also demand data from tech giants like Microsoft. “Remote storage of decryption keys can be quite dangerous,” she said.
>Law enforcement regularly asks tech giants to provide encryption keys, implement backdoor access or weaken their security in other ways. But other companies have refused.
>Now that the FBI and other agencies know Microsoft will comply with warrants similar to the Guam case, they’ll likely make more demands for encryption keys, Green said. “My experience is, once the government gets used to having a capability, it’s very hard to get rid of it.”
Fork got found in the kitchen
If you want data to be private, get a NAS and encrypt it. store the decryption keys in a trusted opensource key safe like keepass.
So can we assume that Microsoft doesn’t’t have a backdoor to decrypt data apart from the recovery key..?
So, anyone want to tell me more about Linux?
Run linux!
Trusting a US cloud storage provider to not hand over backed up data to the FBI
Classic “What Could Go Wrong” moment
And yet another nail in the coffin for Microsoft…
Full-disk encryption is a very good thing. However, Microsoft backing up recovery keys is just beyond stupid.
If you want to use Windows & Bitlocker, then use [`Remove-BitLockerKeyProtector`](https://learn.microsoft.com/en-us/powershell/module/bitlocker/remove-bitlockerkeyprotector?view=windowsserver2025-ps) to remove the recovery password protector, and use [`Add-BitLockerKeyProtector`](https://learn.microsoft.com/en-us/powershell/module/bitlocker/add-bitlockerkeyprotector?view=windowsserver2025-ps) to add a regular password protector. You may as well remove your TPM-based protector unless you really like the convenience of your partition auto-unlocking.
Or… alternatively, use an operating system that doesn’t disrespect you as a user with:
* Nag [banners to enable Windows Backup in Explorer](https://i.imgur.com/mYS4v2L.png) and [notifications in the notification area](https://i.imgur.com/53aHgaK.png). (Windows Backup which conveniently only supports OneDrive as a cloud target).
* [The Microsoft account requirement](https://alternativeto.net/news/2025/10/windows-11-now-blocks-all-microsoft-account-bypasses-during-setup/).
* The addition of Copilot absolutely everywhere.
* [Dark patterns to get you to accidentally switch to an account-wide Microsoft account](https://i.imgur.com/ltJx0mC.png).
* Advertisements for Microsoft services on the [lock screen](https://i.imgur.com/ZxfZE8o.png), [settings app](https://i.imgur.com/VhTPWvp.png), [photos app](https://i.imgur.com/Rnbq8Oo.png) which are not acceptable on a Pro SKU that retails at AU$379.00.
* Big scary yellow messages that imply that your computer has a problem because you haven’t copied your files to OneDrive ([settings app](https://i.imgur.com/VhTPWvp.png), [start menu](https://i.imgur.com/vCjO9q6.png)).
* The removal of basic personalisation options, like pinning your task bar anywhere but the bottom.
* Big “whoopsies” in terms of user privacy like the implementation of Recall that was said to be encrypted ([but wasn’t](https://github.com/xaitax/TotalRecall)), wasn’t supposed to capture financial information ([but does](https://www.theregister.com/2025/08/01/microsoft_recall_captures_credit_card_info/)), and now the addition of Gaming Copilot which [captures and uploads screenshots of your gaming sessions without your explicit consent to train their AI](https://www.techpowerup.com/342179/copilot-for-gaming-screenshots-your-games-uploads-them-to-ms-enabled-by-default).
* A lacklustre migration to the new settings app, which is lacking plenty of important settings that were present in the previous iterations of the screens (the audio subsection is now an abject disaster for anyone in audio/music production).
* [The use of deceptive pricing practices for their M365 subscription plans](https://www.accc.gov.au/media-release/microsoft-in-court-for-allegedly-misleading-millions-of-australians-over-microsoft-365-subscriptions), again, to force AI down the throat of every single user..
Microsoft simply no longer cares about their consumers. All they care about is reassuring their shareholders that all the money they’ve been funnelling to AI isn’t going to waste, even if in reality, it absolutely is.
**As a consumer, you have the option to switch to something else.** Both macOS and Linux exists as options. Yes, it will require you swap out software you are comfortable with and may have already purchased for different alternatives, but at least, in the long term, you won’t have to deal with all the shit above.
I am aware that macOS has its fair share of AI bullshit as well, but at least you can toggle it all off system-wide with a clearly labelled option in the System Settings app, and Apple doesn’t play the sneaky game of splitting AI features into a thousand opt-out toggles. That single one turns it all off, and Apple doesn’t mess with it.
As for Linux, there’s absolutely no AI unless you choose to install it. And LUKS is absolutely amazing as a full-disk encryption solution.
I wonder if Microsoft will lose customers over this as they can no longer be trusted to keep private data private. Unfortunately, there’s not much in the way of competition.
Is the illusion of privacy still a thing for anyone after a couple decades of wikileaks then palantir and a world where every single private data company admits being “hacked” every couple years, when they don’t get caught outright selling them.
Welp, we use both Windows and Mac in this household, Win 11 already had us pushed towards not upgrading our PCs. This solidifies going full Apple now.
This shouldn’t come as a surprise to anyone. Also MS should disable encryption by default for consumers, it only does more harm than good.
Unpopular take: this is probably fine for most people.
The vast majority of the risk BitLocker is protecting is so that if you lose your laptop your average malicious user can’t access your data, and do some quite inconvenient things with that copy of your passport, downloaded bank statements or saucy pictures you might have.
The benefit of backing up to the cloud is the literally thousands of people who could lose decades of memories in photos and videos when their computer fails – who is actually good at backing up these days?
Assuming encryption is better than no encryption, are you saying you want to be explaining to your Mum or Dad that all their photos have been lost when their motherboard fails – but it’s OK at least the FBI can’t access them?
Yes if that’s your concern then there are much better solutions out there – but to say this is wrong of Microsoft would be removing valuable protection from the majority of people.
And to those asking “why isn’t the backup key in the cloud encrypted again?” It’s not a very good cloud backup if it’s encrypted with a key in your drawer – you can just cut the middle man out and have a printed backup key to keep safe/lose. And if you want somehow to have a cloud-mediated end-to-end encryption – even Apple recommends that most users don’t need/shouldn’t turn on Advanced Data Protection.
5 years ago i would of been strongly on the “if you have nothing to hide” side of the arguement.
I see the future now, the core of your whole identity and existence will one day be reduced to a digital token that is like the long birth certificate of olden times .. it provides trust for other forms of your existence passport.. drivers licence.. you will have to look after it like it’s your own beating heart. Hide it under the bed ? eeeek .. deposit in a bank ? who has access ? what if it gets robbed ? keep on your phone ? get hacked ? lose your phone ..eeeek. You can’t trust anyone now not government.. not company’s bad faith actors have changed that for good.
All Microsoft has to do is encrypt the key with the user password upon upload – This is industry standard, why are they storing keys in plaintext?????
Microsoft. So hot right now.
I’ll never understand why European institutions ever chose US companies for their services. The e-spionage comes free.