this post was submitted on 23 Jan 2026
1292 points (99.6% liked)

Technology

79233 readers
2084 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
1292
Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch (techcrunch.com)
submitted 2 days ago by commander@lemmy.world to c/technology@lemmy.world
212 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] goferking0 9 points 2 days ago (1 children)

But, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker, as with the case reported by Forbes.

I mean it's dumb to sync but at same time it's not like MS isn't great at either making it almost impossible to not sync it re-enable syncing for a bit after updates.

You can constantly tell it not to sync but all it takes is MS saying we want it now and they'll get it

[–] Pika@sh.itjust.works 1 points 1 day ago* (last edited 1 day ago)

Whats dumb is this issue is very easily resolved by encrypting the users security pin or password against the bitlocker keys and then only storing that.

or better yet have the pin/password an isolated thing from the microsoft system, so when a key gets uploaded, it requests the recovery pin, and if the pin matches it uploads, otherwise it states invalid pin and offers to change it while warning that it will remove existing keys, then optionally next time a system whom contains a drive with an identifier (which wouldn't need to be encrypted only the key) goes online, it can prompt the user "note: due to recovery pin, drive X recovery key needs to be backed up again, would you like to do so?"

This type of system would make it so the only data MS has stored is the already encrypted recovery key, and as such would mean that the data they gave law enforcement would be worthless.