Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.
Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.
Control Panel > System Security > Bitlocker Encryption.
BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.
They also do spyware. They just renamed it “AI.”
and also Recall
Rectal is what it’s called I believe?
Microsoft Rectal
deleted by creator
It takes a screenshot every five seconds and runs an LLM over it to extract text. Then there’s a UI where you can query it for what you did in the past.
It came under fire when they wanted to introduce it last year, because it stored all that data on your disk in unencrypted form. Meaning if anyone manages to run malicious code on your system, they don’t need to do the collecting themselves anymore, but can rather just send off any screenshotted passwords or whatever other secret things you might’ve been doing on your PC at any point in time. In particular, Microsoft had claimed that the data would be encrypted and it wasn’t. Didn’t even need special permissions to access it.
No idea, if they fixed the encryption now, or if this is just a case of the shitstorm having died down, so they roll it out now. But yeah, even with encryption, the implications aren’t great. If your parents or boss or law enforcement want to know what you were doing on your PC, they now have an exact history. And Microsoft could still change their mind and decide to upload all your data at any point in the future.
Doesn’t that take a ton of CPU/Memory?
Yeah, good question. I imagine the screenshotting itself is largely negligible, although obviously not free either. I don’t know when the LLM gets to do its job. Theoretically, it could be delayed until some point where there’s not much going on on your PC.
At some point, Microsoft wanted to roll out these AI features only on PCs which have an NPU, which is basically an additional CPU with a different architecture optimized for pattern recognition and such. I don’t know, if they still hold onto that requirement, but it would mean that it wouldn’t hog your CPU at least.
They have been somewhat desperate to roll out Recall, because it was the only semi-useful out of a handful of features that they came up with to somehow integrate AI into Windows. So, that’s why I’m never quite sure, what requirements they’re still holding onto.
Open your mind!
https://en.wikipedia.org/wiki/Microsoft_Recall
Basically takes screenshots and stores them, then scans them and makes the text searchable. There’s been a bit of controversy over it lately and how it deals with PII/PHI.
Recall Rec all Record all, their not even being subtle about it anymore
My god it’s all true 🤯
Did they change it from “telemetry” to AI now?
Unless the “telemetry” has been removed, shouldnt there be “added extra” instead of “renamed”?
Telemetry is exclusively for internal data collection and the inevitable sale of it. Recall is also for data collection but provides a user interface to access a slice of that data under the guise of the whole thing being a “feature”.
Telemetry isnt always collected to be sold. Open source projects often collect crash data to improve the software
Sure, but we’re talking about Microsoft here. When was the last time they actually improved any of their software?
They added windows explorer tabs a couple years ago. Does that count?
I think they renamed everything to copilot
Office365 is now Copilot 365
Holy shit, they automatically activate it on computers without an account to back the key up to?
That’s just malicious
IIRC, they only do this if you’re logged in with a Microsoft account.
Bitlocker is disabled by default if you only use local accounts
I’ve occasionally seen it activate itself on computers with only a local account, though I’ve so far only seen it when upgrading in place to 11 with secure boot enabled in the BIOS, and not every time. Fortunately the one time it locked me out was on a freshly cloned drive, so it only cost me redoing the work.
Also, the number of people who I’ve seen lose all their data because they don’t even know they created an MS account during OOBE, and later had a boot or BIOS hiccup, is too damn high!
🤔 shit… you right
Could you elaborate?
If you encrypted your disk/partition, the lock is stored in the luks header. But if that one is broken, you cant decrypt anything even if you remember your key and all data is lost.
Thanks!
As I understand it this shouldn’t concern me if my backups are full disk images via Clonezilla, as those should already include the LUKS header, correct?
They desperately wanted to eliminate personal computers and replace them with dumb terminals running over the net.
When the public rejected this idea
THIS is their response. They are still insisting on total control of our computers.
Not to mention DRM. They want to own your computer and prevent any kind of modification so that movie producers give them money.
Movie producers?
Yeah, shit like HDCP is pushed by the film and TV industry.
Just wait until you learn about Intel’s Management Engine…
Not that it helps now, but you can also dump your bitlocker recovery key through powershell and save it independently.
(Get-BitLockerVolume -MountPoint “C”).KeyProtector
The control panel dialogue allows you to do this as well. Control Panel > system security > Bitlocker encryption. But it also has the superior option which is to turn it off.
I didn’t loose any data BTW. I had my M$ account info, and a backup besides.
Disk encryption should absolutely be used, especially on laptops/portable systems.
Otherwise someone steals your laptop and swaps the disk into another system and they’ve got all your stuff. Including that folder that nobody knows about.
Meanwhile in Linux with luls, which I’ve had since a pre-pre-pre version somewhere back in the early 2000’s, I can have multiple keys, all works like sunshine, never had problems.
On windows… So we work with highly sensitive data, and ever since I came in I thought it insane that people working remote don’t have that highly sensitive data encrypted. We can’t switch Linux yet, so okay, we go for BitLocker.
Boy oh boy oh boy was that a mistake.
50 remote users, 5 get encrypted devices with BitLocker as a trial and within a month, 3 of them already got locked up permanently because apparently it’ll pwrma lock itself after x amounts of invalid passwords which is just incredibly stupid. But don’t worry, there is a backup key! Yeah, that is lie 48 characters that we’d had to pass by phone and they have to type it flawlessly.
Suffice to say, the remote users will be running Linux soon, like it or not.
Yeah, that is lie 48 characters that we’d had to pass by phone and they have to type it flawlessly.
Wouldn’t be so bad if everyone knew their Alpha Bravo Charlies
My one talent: alpha bravo charlie delta echo foxtrot golf hotel India Juliet kilo Lima mike November Oscar papa Quebec Romeo Sierra tango uniform Victor whiskey x-ray Yankee Zulu, typed using voice to text
You have a point. But Bitlocker recovery keys are all numeric. Really not all that hard to translate over the phone. Typically a secure email is what we use to deliver since 99% of employees also have email on their mobile devices.
deleted by creator
Yeah I’m with you. I also manage about 800 devices at my current role and I’ve never had any major issues with BitLocker.
I’m tempted to think they’re just lying but that’s a little mean. Maybe they just didn’t know? I don’t know but BitLocker is not the problem here.
I suggest we move all our machines over to Linux, which is the actual plan. Fuck everything about windows
Also, permanently locking a device after x failed attempts is just plain silly, security wise. You know I can take that drive out and just try to brute force it a million times per second without that silly rule being in my way, right? It’s an anti security pattern similar to requiring password changes every week, it’s a bad idea.
deleted by creator
Exactly. We’ll switch to Linux, finally have security and dependable devices, and then we’ll move on
deleted by creator
hey, at least it tells you if you put in a typo every few chars.
Windows is the virus.
I’ve actually had this occur before to a machine I specifically disabled the tpm on so that it wouldn’t happen (it was an account less frozen kiosk). I was fuming the entire time I spent rebuilding it.
This happened to me once and I had to redo my coursework over the weekend…now I use Fedora :D
I just installed Manjaro on my daily driver over the weekend. My entire steam library just works. My dev tools all work(better) on Linux, and free office is nice and familiar. Fuck widows.
Give them time to mourn first, but then fuck widows :D
Bazitte ! Try Bazitte.
Why cant windows copy luks and let you choose your own password
because people will set hunter2 and be done with it.
So?
deleted by creator
Oh I thought you can only pick tpm
I’m pretty sure you can get your recovery key and write that down elsewhere.
Ik that
deleted by creator
It’s not ”leaving bitlocker off”, though. It’s ”be aware about it and turn bitlocker off manually” since it’s enabled by default in the latest updates.
That’s false. My Windows partition didn’t magically enable bitlocker and I’m on 24h2. LTSC build and local account tho.
Thank you for the word of warning. Does this affect Windows 10 as well?
Does this affect Windows 10 as well
IDK. 10 has bitlocker, so I’d check.
I just checked and it is not on by default.
This has been happening to people randomly for years. Ysed to get calls about it all the time, and that was pre-covid
