alt.hn

1/23/2026 at 12:30:32 PM

Microsoft Gave FBI Keys to Unlock Encrypted Data, Exposing Major Privacy Flaw

 https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

by _____k

1/23/2026 at 2:03:35 PM

The flaw is that they had those keys to begin with. What's the point of encryption if key is available and free to use? Same with iCloud Email.

Privacy cannot come from human-made laws and regulations because they get abused on they change. Privacy comes from mathematics which do not care for laws and regulations.

by romanovcode

1/23/2026 at 5:55:56 PM

The main threat model here is a stolen/lost device or an unscrupulous repair shop not a government agency with a warrant.

You also do not have to backup keys in the cloud, however for most users it’s the best solution since for them data recovery in case of a hardware failure is more important than resiliency against state level adversaries.

by dogma1138

1/23/2026 at 9:12:44 PM

I am an Apple ecosystem lifetime participant. I have recovery and legacy contacts. What I would love is for those contacts to have the encryption key(s) for my data shared with them so they can provide me with recovery options if needed, but Apple cannot.

Certainly, nation state actors could pursue those people to obtain access to key material, but that is a different hill to climb than simply sending requests to Apple, especially for contacts outside of the jurisdiction or nation state reach. Perhaps Shamir's secret sharing would be a component of such an option (you need X out of Y trusted contacts to recover, 2 out of 3 for easy mode, 3 out of 5 for hard mode).

by toomuchtodo

1/23/2026 at 5:57:42 PM

Don't include iCloud in this.

https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s

by eddyg

1/23/2026 at 6:05:03 PM

Apple can recover your keys also unless you enable ADP.

With MSFT cloud backup of keys is an opt-in. With Apple it’s an opt-out.

by dogma1138

1/23/2026 at 6:43:13 PM

I will include iCloud in this because their email has nothing to do with ADP and is accessible by any agency that would ask.

by romanovcode

1/23/2026 at 8:48:16 PM

Mailbox encryption is near pointless since at the least it needs to be encrypted at both ends not to mention relays.

For email each individual message should be encrypted if you want any confidentiality and even then the meta data is in the clear.

And this is because in order to send or receive an email the provider needs to access it. If they put it into a box later on to which they do not hold the key that is just security theater at that point.

by dogma1138

1/24/2026 at 6:28:52 PM

Dude thats from 9 years ago.

A lot has changed since then and it is common knowledge that Apple regularly give government agencies access to their systems and hides it from the public until a whistleblower leaks it.

https://www.reuters.com/technology/cybersecurity/governments...

In a statement, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. "In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."

by alt227

1/23/2026 at 1:07:52 PM

You all did know that the idea of a Microsoft account was a security & privacy compromise from day zero of its conception, right?

by fuzzfactor

1/23/2026 at 2:11:49 PM

Well I would say this should be true for most people here. I expect the same for Apple too. The big question is, when will these keys hit the wild ? Since they exist, eventually they will get out there.

We all know, if you want real security, there are much better OSs.

by jmclnx

1/23/2026 at 4:33:12 PM

Why would you expect Apple to have the keys? They famously fought the FBI on the grounds of not having access to the keys themselves.

Good engineering practices say that you shouldn’t even find yourself in the position of having the keys.

And what “better OS” pushes you to encrypted drives on setup? Most Linux distros don’t.

by dagmx

1/23/2026 at 1:46:18 PM

Yes; and none of my computers have one. Contrary to popular myth, it is relatively easy to install Win11 Pro without one.

by jqpabc123

1/23/2026 at 2:12:52 PM

A constant cat-and-mouse game of Microsoft disabling every method to do so as soon as they become somewhat popular is not "relatively easy".

by josephcsible

1/23/2026 at 3:34:20 PM

Really? I haven't had any problems, even with computers that don't meet the official hardware requirements.

Download the Win11 Pro ISO, extract it to a USB drive and then execute the command below from it for a totally automated install that bypasses all the BS.

.\setup.exe /product server /auto upgrade /EULA accept /migratedrivers all /ShowOOBE none /Compat IgnoreWarning /Telemetry Disable

You're welcome!

PS: I know it says "server" but when upgrading a desktop machine, desktop is what you will get --- minus a lot of BS.

by jqpabc123

1/23/2026 at 5:36:25 PM

I believe you that that way works today, but once knowledge of it starts to spread, I expect Microsoft to break it, just like they previously broke Shift+F10 "oobe\bypassnro" and "start ms-cxh:localonly".

by josephcsible

1/23/2026 at 5:49:37 PM

It has worked all along and MS can't break it because I have the ISO that it works with.

It's unlikely it can be broken without totally abandoning the server market and disrupting a lot of existing installations --- which would be a marketing disaster.

by jqpabc123

1/24/2026 at 6:44:47 PM

There will always be a way to create local accounts in Windows because they are intrinsic to how windows actually works.

by alt227

1/24/2026 at 7:42:03 PM

There may always be a way, but every few months the existing way will stop working and people will need to discover a new way.

by josephcsible

1/25/2026 at 1:50:55 PM

Thats exactly my point, they will keep closing loopholes but they will never truly stop people doing it without removing local accounts completely, which they cant do.

by alt227

1/23/2026 at 1:29:58 PM

... does not possess the forensic tools to break into devices encrypted with Microsoft BitLocker

Nice intel to have. Now, all that is needed for reasonable security is to avoid storing the key in the cloud. Duhhh.

Basic rule: Not your hardware (computer/drive), not your data.

Never store anything on someone else's hardware that you need to maintain full control over.

But, but, but encryption? It helps but encryption does not guarantee full access when you don't control the hardware.

by jqpabc123

1/23/2026 at 2:11:10 PM

They don't have the tools but for 99% of the people who have laptop with device encryption, they mandate Microsoft Accounts, and guess where the keys are uploaded to? Thats right, https://aka.ms/recoverykey.

You don't need to build backdoors when you store a copy of the key.

by OptionOfT

1/23/2026 at 4:40:22 PM

they mandate Microsoft Accounts

I don't use these. See post below.

by jqpabc123

1/23/2026 at 5:32:12 PM

> Nice intel to have. Now, all that is needed for reasonable security is to avoid storing the key in the cloud. Duhhh.

You can go one step further. Encrypt your computer, store keys on the cloud, then encrypt your computer again but store keys into a file. You can see key ID on Microsoft Live account. Now you won't even look suspicious.

by general1465

1/23/2026 at 3:29:15 PM

The part that I was shocked to read is that Apple is equally unsafe.

by OutOfHere

1/23/2026 at 6:04:10 PM

You can enable ADP (unless you’re in the UK) and then they can’t recover the key either. But the risk then is that if you lose the device your data is gone for good (unless you have a backup and that opens you up for a whole other list of potential threats).

by dogma1138

1/23/2026 at 9:29:08 PM

Oh I would never use iCloud. The concern is more about Apple's full disk encryption.

Regarding my own encrypted backups, the choices there are so diverse that Apple doesn't factor in.

by OutOfHere