Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.
Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.
Control Panel > System Security > Bitlocker Encryption.
BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.
When I switched to a new CPU I got a bit locker message and it was one of my biggest computer scares ever. I couldn’t remember if the shop that assembled my pc would have enabled it or not. And wasn’t available to contact.
I had to take a risk. If I continued there was a 50 50 chance my shit would have been bricked. Thankfully. That shop had the foresight to NOT randomly enable features the client didn’t ask for
I ran into a similar problem after a bios update.
Turns out “this update may wipe out your bitlocker key” also means “if you don’t have bitlocker turned on, it’ll just wipe out your windows key.”
I still don’t understand why there is no other mainstream os in competition alongside MS except IOs, I wouldn’t call Linux mainstream of course, don’t you think that’s a bit weird?!
Microsoft is almost good as dead. These days, Linux takes just as much maintenance as XP used to. They’ve got maybe 5 years left until laptops start shipping with alternatives to Windows. My bet is it’s going to be SteamOS.
Maybe SteamOS Lite if the device doesn’t have a proper GPU.
iGPUs are more than enough to play most indie games.
Even older dGPUs like the R9 270/270X or 280/280X, hell, even the R9 290/290X or 390/390X (R9 390/290X is just a faster 290/290X which ships with 8GB VRAM as standard issue), while admittedly pushing it a little, will also work fine for most indie titles and even truly ancient (as in DX9-era and earlier, think stuff like Silent Hill 2 which launched in 2002 for the PC) AAA stuff, you’ll just need to manually enable a compatibility toggle for GCN1 or GCN2 cards to work with AMDGPU in DIY distros like Arch or Gentoo while last time I thought some prebuilt distros like Fedora enabled it by default.
These are the compatibility toggles you’ll need to set in kernel parameters for GCN1 and GCN2 cards to work with AMDGPU if they’re not set already. GCN3 and newer natively supports AMDGPU without needing said toggles.
amdgpu.si_support=1 amdgpu.cik_support=1
I have way less maintenance to do than on my old XP machine.
And considering all the shenanigans Microsoft does starting with 10, I guess this still holds up.
Microsoft is thriving and will continue to do so, just probably on machines running Linux.
They get paid $$ per month per employee by most businesses in the developed world.
There is a mature alternative to desktop Windows now. But there isn’t for AD, Azure, Exchange, Kerberos and M365.My bad, I meant their consumer grade stuff.
I would generally agree with you on their cloud/server solutions. However, I do think AWS will get there some day.
If you don’t just look at desktop computers, GNU/Linux and Android/Linux are the most used operating systems in the world (not sure which is in the lead).
If you look only at desktop computers, the most used OS is Minix, which is installed on most Intel CPUs and motherbords.MS abused its monopoly in the 90s. The Clinton administration was too lenient, then the Bush admin kowtowed completely. Now, there’s largely no chance for another operating system to compete.
Why so! and what Clinton and Bush have to do with an operating system that is used globally!? I think you overestimate MS
Right wing politicians will always be in favour of big corporations, they pay good money
I’m not sure how to explain the concept of walled gardens to people who grew up with four websites. In the 90s, most software was “shareware”, you could try it out for as long as you wanted, but businesses were expected to buy licenses.
MS used it’s dominant operating system to drive web browser competitors out of business. This is illegal. The whole concept of capitalism is built around competition, but MS used it’s power to stifle ’ innovation. The Clinton administration beat MS in court, then the Bush Administration dropped the case before the appeal was heard. If they hadn’t done that, instead had broken up Google, Meta, Apple, and the lot of them, the world would be a lot different now.
Bit late to this thread but I know a few commands that might help if you’re stuck:
manage-bde -off C:(or any other drive) This decrypts the volume and turns off bitlockermanage-bde -lock/unlockmanage-bde -protectors -get C:(or any other drive) This displays your 48-digit key. I suggest you store it somewhere, just to be safe.Get-BitlockerVolumereveals which of your partitions are encrypted with Bitlocker.Disclaimer: I am not a terminal nerd, I just had similar problems years ago and went down the rabbit hole, used these commands and turned off bitlocker permanently. I don’t use windows anymore, but when I did, it didn’t cause any problems with bitlocker after this. If you’re concerned about your un-encrypted hard drives, consider using Veracrypt (carefully!) or similar open source encryption software.
Alright, lol, I’ll be the guy
Hey OP, ever heard of Linux?
Regarding your last sentence, something similar happened to me with OneDrive. I mocked people thinking surely they enabled something by mistake. Nope. The defaults and general behavior are just that wacky. Glad I’m off Microsoft now.
I mean you can write your Bitlocker key down and store it safely or put it somewhere else safe… Lol
The main problem here is Bitlocker is being turned on by default on fresh 24H2 installs, most people that don’t know how to bypass the online account requirement are making burner Microsoft accounts (Boomers), therefore do not know the credentials in 3-4 years when their computer needs a repair.
Not that it helps now, but you can also dump your bitlocker recovery key through powershell and save it independently.
(Get-BitLockerVolume -MountPoint “C”).KeyProtector
The control panel dialogue allows you to do this as well. Control Panel > system security > Bitlocker encryption. But it also has the superior option which is to turn it off.
I didn’t loose any data BTW. I had my M$ account info, and a backup besides.
Disk encryption should absolutely be used, especially on laptops/portable systems.
Otherwise someone steals your laptop and swaps the disk into another system and they’ve got all your stuff. Including that folder that nobody knows about.
But it also has the superior option which is to turn it off.
Why would you not want to encrypt your files? My Linux systems are encrypted too.
Why would you not want to encrypt your files?
Bitlocker is only as secure as Microsoft is. If someone hacks your account, they’ve got your keys. And Micosoft stores that key in plain text.
It sounds like you’re complaining about both approaches.
If Microsoft doesn’t have the key: You can’t recover your files if you lose it.
If Microsoft does have the key: An attacker could get in and take it (unlikely if you have two factor auth though) and you need to trust Microsoft.
And Micosoft stores that key in plain text.
How do you know this, though? It could be encrypted using your account password as a key or seed.
Microsoft is very much encouraging passwordless accounts. Mine only has a passkey with MFA.
Not using Bitlocker is not the same as not encrypting your stuff.
I know, I just meant why would someone willingly disable Bitlocker?
I know, I just meant why would someone willingly disable Bitlocker?
I mean… the premise of the thread seems like a good enough reason, doesn’t it?
And even if it doesn’t, if one is already using a different encryption solution that doesn’t rely on TPM and secureboot silliness, what possible reason could there be not to disable Bitlocker?the premise of the thread
Some of the things mentioned in the OP don’t actually happen in real life, though. Bitlocker is only automatically activated if you use a Microsoft account to log in, and why wouldn’t you know the account credentials if it’s what you use to log in?
doesn’t rely on TPM and secureboot silliness
TPM is optional (but recommended) for Bitlocker. Practically every computer released in the past 10 years has TPM support.
Secure boot is needed to ensure that the boot is secure and thus it’s okay to load the encryption key. Without it, a rootkit could be injected that steals the encryption key.
You generally want to use TPM and secure boot on Linux too, not just on Windows. You need secure boot to prevent an “evil maid attack”
Some of the things mentioned in the OP don’t actually happen in real life, though. Bitlocker is only automatically activated if you use a Microsoft account to log in, and why wouldn’t you know the account credentials if it’s what you use to log in?
Maybe I’m misunderstanding something here, but does this whole thing not mean that the moment you use your Microsoft account for logging in, you immediately tie the permanent accessibility of your local files to you retaining access to a cloud account?
TPM is optional (but recommended) for Bitlocker. Practically every computer released in the past 10 years has TPM support. Secure boot is needed to ensure that the boot is secure and thus it’s okay to load the encryption key. Without it, a rootkit could be injected that steals the encryption key. You generally want to use TPM and secure boot on Linux too, not just on Windows. You need secure boot to prevent an “evil maid attack”
You have different opinions on TPM and the prevalence of evil maids than me, fair. But please don’t disregard the central premise of my last comment: One is already using a different encryption solution. Say, Veracrypt is churning away in the background. Why would one leave Bitlocker activated?
Years ago I thought I was being smart encrypting my home dir on my Linux server. I found out the hard way this prevents remote login over ssh using public key encryption, as the .ssh dir is in the home dir, which is encrypted unless you are already logged in at the time! So every time I wanted to ssh in, I had to plug in a monitor and log in on the console first.
You can install Dropbear into your initramfs and configure it to allow entering the encryption key via SSH. Example guide I found: https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
You do have to have an unencrypted
/boot, but the rest of the system can be encrypted. This uses a separateauthorized_keysfile embedded within the initramfs.
They also do spyware. They just renamed it “AI.”
Did they change it from “telemetry” to AI now?
Unless the “telemetry” has been removed, shouldnt there be “added extra” instead of “renamed”?
Telemetry is exclusively for internal data collection and the inevitable sale of it. Recall is also for data collection but provides a user interface to access a slice of that data under the guise of the whole thing being a “feature”.
Telemetry isnt always collected to be sold. Open source projects often collect crash data to improve the software
Sure, but we’re talking about Microsoft here. When was the last time they actually improved any of their software?
They added windows explorer tabs a couple years ago. Does that count?
and also Recall
Can you remind me what that “recall” is?
https://en.wikipedia.org/wiki/Microsoft_Recall
Basically takes screenshots and stores them, then scans them and makes the text searchable. There’s been a bit of controversy over it lately and how it deals with PII/PHI.
It logs literally everything you do with screenshots, then sends it to M$ despite their assurances that it would be local only.
Super invasive!
Thanks, it was hard to recall
I’m not aware of them uploading the screenshotted data, not for now anyways.
The data is indexed and parsed somehow. The last report on it that I saw had a picture of a semi-famous person be properly indexed under the person’s name, despite it being a picture that was taken by the person talking about recall, which means the image was not public. Whatever recall was doing, it analyzed the picture, and that’s probably not a local process.
Open your mind!
It takes a screenshot every five seconds and runs an LLM over it to extract text. Then there’s a UI where you can query it for what you did in the past.
It came under fire when they wanted to introduce it last year, because it stored all that data on your disk in unencrypted form. Meaning if anyone manages to run malicious code on your system, they don’t need to do the collecting themselves anymore, but can rather just send off any screenshotted passwords or whatever other secret things you might’ve been doing on your PC at any point in time. In particular, Microsoft had claimed that the data would be encrypted and it wasn’t. Didn’t even need special permissions to access it.
No idea, if they fixed the encryption now, or if this is just a case of the shitstorm having died down, so they roll it out now. But yeah, even with encryption, the implications aren’t great. If your parents or boss or law enforcement want to know what you were doing on your PC, they now have an exact history. And Microsoft could still change their mind and decide to upload all your data at any point in the future.
Doesn’t that take a ton of CPU/Memory?
Yeah, good question. I imagine the screenshotting itself is largely negligible, although obviously not free either. I don’t know when the LLM gets to do its job. Theoretically, it could be delayed until some point where there’s not much going on on your PC.
At some point, Microsoft wanted to roll out these AI features only on PCs which have an NPU, which is basically an additional CPU with a different architecture optimized for pattern recognition and such. I don’t know, if they still hold onto that requirement, but it would mean that it wouldn’t hog your CPU at least.
They have been somewhat desperate to roll out Recall, because it was the only semi-useful out of a handful of features that they came up with to somehow integrate AI into Windows. So, that’s why I’m never quite sure, what requirements they’re still holding onto.
Recall Rec all Record all, their not even being subtle about it anymore
My god it’s all true 🤯
Rectal is what it’s called I believe?
Microsoft Rectal
I think they renamed everything to copilot
Office365 is now Copilot 365
Thank you for the word of warning. Does this affect Windows 10 as well?
Does this affect Windows 10 as well
IDK. 10 has bitlocker, so I’d check.
I just checked and it is not on by default.
Might be, so better check like this user did:
Just checked my wife’s laptop. Local account, secure boot off, windows 10. It had a message telling me to setup a microsoft account to ‘finish encrypting the device’. I clicked turn off, and it’s currently decrypting the hard drive. Blech.
Windows is still around???
Always have backups! Doesnt matter what OS you use, stuff will break eventually.
I prefer bootable full system images to my NAS for easy restores, and online file backups, both running daily.
3-2-1 rule : 3 backups 2 different types of storage 1 copy off-site
Yup, I treat the ‘3’ as 3 copies of data, so the first copy is just my working system, and the other 2 are various backups.
This has been happening to people randomly for years. Ysed to get calls about it all the time, and that was pre-covid
“do not redeem!” - microsoft, probably
Just checked my wife’s laptop. Local account, secure boot off, windows 10. It had a message telling me to setup a microsoft account to ‘finish encrypting the device’. I clicked turn off, and it’s currently decrypting the hard drive. Blech.
Which version of Win 10 are you using? My girl’s Win 10 Pro laptop is still unencrypted.
Windows 10 Home
It’s not which version, it’s where you are. They follow some laws here some there and now that the US is fascist they roll out features like this on these easy targets first
Oh, ok. I am in EU.
I need to check my girl’s laptop.
Shit they do this on windows 10 too? I should check my girl laptop too.
