this post was submitted on 23 Jan 2026
802 points (99.5% liked)
Technology
79233 readers
2443 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If they're selling bitlocker as "full-disk encryption", doesn't that open them up to a class action since encryption with a backdoor isn't encryption?
The keys were very likely uploaded to the linked MS-account.
This is communicated as a backup in case you loose the key.
Breach of trust? Yep
Backdoor? Not very much.
Uploading the key to the cloud is a backdoor. The encryption is only as secure as the your key.
Sure doesnt sound like that to me.
Source: https://en.wikipedia.org/wiki/Backdoor_(computing)
Not very covert if it is offered to a user.
If MS gives up the key that is stored plainly in their system, that is a problem. But not a backdoor.
This is quite literally the police knocking on the front door and demanding the key.
This is a meaningless, pedantic argument. Call it backdoor or something else, it does not matter. What matters is that it renders the encryption worthless.
If I stick the key outside of the apartment the lock is also useless.
In the end it's the carelessness of the user and not some nefarious scheme the big bad corp trying to come for your homework folder.
You should really touch some grass and stop playing cyberpunk2077 so much. For your own mental being.
We're talking about the default option here.
Nah, it's encryption all right, they just back up the key in case you lose it. Which is a feature. https://aka.ms/bitlockerrecovery
I hear iMessage e2e-encrypted messages are also backed up into cloud as plaintext...
Apple did add a new feature to iCloud called Advanced Data Protection, which enables E2E encryption on iCloud contents, which includes message and device backups.
After enabling this, it is likely prudent to regenerate FileVault keys. It’s also notable that for the initial setup of macOS, it does offer you to forego uploading the recovery key to iCloud, but selecting this option presents a warning stating that Apple will be unable to help you retrieve your data if you lose it. Thus, I am certain most Mac users just upload them to iCloud, which opens them up to exactly the same issue as in the article, but does help protect against thieves or adversaries with brief device access.
I have tried to convince Apple users I know to enable ADP, but I have been faced with the expected dismissal of it being unnecessary because they are not interesting, etc.
More people need to engage in a culture of security and privacy when it comes to their digital lives.
Edit: added missing word
plain text is probably the wrong phrasing, but apple does control all your keys
no matter who it is, the key holder can always read your data
Grey area, user chose to store the private bitlocker key to their online Microsoft acct, it's optional. It's still a dirtbag move, but probably less illegal.
While optional, it is also the default behavior.
it's default in that it's the top item on the list, but I can't actually fault them much here, that dialog is crystal clear and you have to log into a Microsoft account to save it there. They don't really push you very hard to put the key into their cloud.
I fault them more for not using zero-knowledge encryption to protect the user's key.
the other options won't let you continue without performing the actions in a way that windows likes. So for someone trying to set up their PC, only the first option has zero cost.
option two requires an external drive without encryption
option 3 requires setting up a printer from that screen, so you can print the page. it won't let you continue otherwise.
if you want to back up in some other way, you just don't (or use PDF conversion from the print dialog)
They want the key, verifiably off the box, in clear text. Any usb stick. any sd card. Not great, but not any barrier that's worse than needing to setup a microsoft account.
lol. Last time I checked the rule of law in the US only matters if corporations want it to
Oh you can sue if you have Epic Games level of money and access to lawyers. Otherwise corporate says "fuck you".
No they're not really technically "selling" it. Its bundled with Windows.
Its the home edition thing where they require a microsoft account. Afaik, for the Pro version of Windows, Bitlocker doesn't require a microsoft account.
They're selling Windows and one of the selling points is that it includes full disk encryption. Thus they are selling full disk encryption.
Most people have windows because of OEM keys, so you don't really have a direct bussiness relationship with Microsoft so its kinda harder to sue.
If you build a pc then separately bought a key, then you might have a better case.
(Disclaimer: I am not a laywer)
What if you downloaded an iso from Microsoft and typed a simple command into powershell to activate it? 🏴☠️
But yeah all I'm saying is Microsoft are definitely on shaky ground with their sales claim here. However it's no less shaky than things they were already convicted of years ago yet seem to be doing yet again, eg bundling Internet Explorer/Edge as the default browser - which has now expanded into occassionally resetting your default apps to Microsoft ones with system updates.
I mean you're gonna have to prove in court how you've been "harmed" and if you don't have a sales receipt from microsoft, then I don't see how a court is gonna side with you.
Pretty sure some lawyer that works for Microsoft is gonna try to counterclaim and say you committed copyright infringement by bypassing the normal activation method.
And can you even afford lawyers lol? Most of us cannot afford constantly paying for laywers that cost $200/hour on the cheaper end, and suing a massive corporation is an uphill battle.
Lol setting aside the joke, and of course if you don't pay you won't have a case, but if you had paid I think there would be some statutory rights that would make a claim straightforward and wouldn't require a lawyer. Small claims is a pretty universal concept regardless of jurisdiction, the limit varies but everywhere has some similar avenue. Filing fees are small and lawyers are not usually involved, just two parties and a judge, and these days it can be done remotely.
Mandatory Arbitration in ToS have entered the chat
You have like 30 days, from the date of sale, to opt out in most of these clauses, if you didnt mail a fucking letter to them to opt out, then you're fucked.
Thankfully mandatory arbitration isn't a global problem.