They designed a system that recommended that the average user use full disk encryption as part of device setup, and then provided a way that Grandma could easily recover her family photos when she set it up with their cloud.
This was built by an engineer trying to prevent a foreseeable issue. The intent was not malicious. The intent was to get more people more secure by default, since random hacker couldn’t compell ms to give them keys, while still allowing low tech literacy people to not get fucked.
It’s been a while since I installed a new Windows OS, but I’m pretty sure it prompts you to allow uploading your bitlocker key. It probably defaults to yes, but I doubt you can’t say no, or reset the key post onboarding if you want the privacy, and now it’s on you to record your key. You do have to have some technical understanding of the process, though, which is true of just about everything.
That all said, if a company has your data, it can be demanded by the government. This is a cautionary tale about keeping your secrets secret. Don’t put them in GitHub, don’t put them in Chrome, don’t put them online anywhere because the Internet never forgets.
I’m certainly not a microslop supporter, but…
They designed a system that recommended that the average user use full disk encryption as part of device setup, and then provided a way that Grandma could easily recover her family photos when she set it up with their cloud.
This was built by an engineer trying to prevent a foreseeable issue. The intent was not malicious. The intent was to get more people more secure by default, since random hacker couldn’t compell ms to give them keys, while still allowing low tech literacy people to not get fucked.
It’s been a while since I installed a new Windows OS, but I’m pretty sure it prompts you to allow uploading your bitlocker key. It probably defaults to yes, but I doubt you can’t say no, or reset the key post onboarding if you want the privacy, and now it’s on you to record your key. You do have to have some technical understanding of the process, though, which is true of just about everything.
That all said, if a company has your data, it can be demanded by the government. This is a cautionary tale about keeping your secrets secret. Don’t put them in GitHub, don’t put them in Chrome, don’t put them online anywhere because the Internet never forgets.