undefined | Better HN

0 pointssudioStudio6410y ago0 comments

That's a new one on me.

Bitlocker keys can be backed up to onedrive if you want, but you can also store them in a TPM or a smartcard (physical or virtual).

0 comments

8 comments · 1 top-level

JoshTriplett10y ago· 7 in thread

See http://thenextweb.com/microsoft/2015/07/29/wind-nos/ ; "Windows 10 automatically encrypts the drive its installed on and generates a BitLocker recovery key. That’s backed up to your OneDrive account." Together with the ToS: "We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services."

the847210y ago

> We will access, disclose and preserve personal data, including [...] files in private folders

I don't see any language that restricts that to their cloud offerings. It's in the privacy statement that covers windows too.

So unless i'm missing something they're granting themselves the right to disclose your harddrive to government agencies or their own legal department on a good-faith basis.

sudioStudio64OP10y ago

Every company that has access to your encryption keys can be prompted to give them up with a warrant.

You can keep them from having the key. That's one way around it. Using hardware of some kind (and there are multiple.)

You are also free to use another solution that might meet your strict requirements to personally review the encryption, filesystem, device driver, and memory management code of your operating system to verify it's operating to your specifications. There have literally never been so many options for the privacy minded person with the time to pour through a metric ton of C code.

1 more reply

sudioStudio64OP10y ago

OK. What I'm trying to say is that backing up to OneDrive is optional. You get the choice. You can protect the key with a TPM or a smart card...It's not an all or nothing thing. You have options there, if you are interested.

The other thing is that it sounds like a lot of privacy minded people can't trust BitLocker despite any number of assurances from MS or code reviews by third parties. AND THAT'S OK. Use something else.

EDIT: I forgot to mention that if you are an admin or just operate your own AD installation you can store the key in Active Directory. The behavior is version specific, I think.

EDIT EDIT: I believe that the TOS you are talking about is specifically referring to online services. I don't have time to stop and read it right now, but I think that you are misconstruing the intent.

the847210y ago

> This privacy statement explains what personal data we collect from you and how we use it.

> It applies to Bing, Cortana, MSN, Office, OneDrive, Outlook.com, Skype, Windows, Xbox and other Microsoft services that display this statement.

> References to Microsoft services in this statement include Microsoft websites, apps, software and devices.

Seems to cover the Windows OS too.

JoshTriplett10y ago

> OK. What I'm trying to say is that backing up to OneDrive is optional. You get the choice. You can protect the key with a TPM or a smart card...It's not an all or nothing thing. You have options there, if you are interested.

Except that the default is both insecure and privacy-violating.

1 more reply

drdaeman10y ago

Read this warning on release day, went to read this myself and haven't found such statement neither in ToS, nor in Privacy Policy.

This paragraph (about private communications and files in private folders) seems to be gone from their Privacy Policy. Google cache confirms it was present (in PP, not ToS), but I suppose MS spotted had this insane statement and removed in a hurry - or hid somewhere else, deeper in small fine print and with another wording.

(Or maybe I had totally missed something, scrolling through the document and my browser's search function malfunctioned.)

mmebane10y ago

Did you expand the sections in the Privacy Statement [1]? Open the page in Firefox or Chrome, hit F12 to get to the browser console, then run this to expand all the sections:

    $('.learnMoreLabel').click()

If you search the page for "disclose", you'll see that that exact wording is no longer present, but very similar wording is in the "Reasons We Share Personal Data" and "Skype - Partner companies" sections.

[1]: https://www.microsoft.com/en-us/privacystatement/default.asp...

1 more reply

j / k navigate · click thread line to collapse

0 comments

8 comments · 1 top-level

JoshTriplett10y ago· 7 in thread

the847210y ago

> We will access, disclose and preserve personal data, including [...] files in private folders

I don't see any language that restricts that to their cloud offerings. It's in the privacy statement that covers windows too.

So unless i'm missing something they're granting themselves the right to disclose your harddrive to government agencies or their own legal department on a good-faith basis.

sudioStudio64OP10y ago

Every company that has access to your encryption keys can be prompted to give them up with a warrant.

You can keep them from having the key. That's one way around it. Using hardware of some kind (and there are multiple.)

1 more reply

sudioStudio64OP10y ago

EDIT: I forgot to mention that if you are an admin or just operate your own AD installation you can store the key in Active Directory. The behavior is version specific, I think.

the847210y ago

> This privacy statement explains what personal data we collect from you and how we use it.

> It applies to Bing, Cortana, MSN, Office, OneDrive, Outlook.com, Skype, Windows, Xbox and other Microsoft services that display this statement.

> References to Microsoft services in this statement include Microsoft websites, apps, software and devices.

Seems to cover the Windows OS too.

JoshTriplett10y ago

Except that the default is both insecure and privacy-violating.

1 more reply

drdaeman10y ago

Read this warning on release day, went to read this myself and haven't found such statement neither in ToS, nor in Privacy Policy.

(Or maybe I had totally missed something, scrolling through the document and my browser's search function malfunctioned.)

mmebane10y ago

Did you expand the sections in the Privacy Statement [1]? Open the page in Firefox or Chrome, hit F12 to get to the browser console, then run this to expand all the sections:

    $('.learnMoreLabel').click()

[1]: https://www.microsoft.com/en-us/privacystatement/default.asp...

1 more reply

j / k navigate · click thread line to collapse