Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.
Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you’ve got an unactivated copy, local account, or don’t know your M$ account credentials, your boned.
Control Panel > System Security > Bitlocker Encryption.
BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.
This is gonna happen to a lot more people with their password change.
Why do you have to use there? Nothing a cater. You can’t use Google or open source. I don’t get it. They suck.
Like I need more spyware on my phone.
What about people with landlines? Older people.
So they’re going to lose a huge market share when they force everybody to throw away their computer to run Windows 11.
Thank you for the word of warning. Does this affect Windows 10 as well?
Does this affect Windows 10 as well
IDK. 10 has bitlocker, so I’d check.
I just checked and it is not on by default.
In your region and device
I got into coding in the last few days. I have a project. Bumping into this while I’m trying to learn this shit? Fuck me. You know, we could just stop using money
Hahahha
No, we can’t. Otherwise how would people like Elon and Bezos know that they’re better than us?
/s
Their good looks, obviously
I’m not going to link shame.
You like what you like.
I can’t connect what you are saying into a coherent thread
I can’t even adjust bitlocker settings on my laptop’s windows 11 home Installation…
The what? I think i disabled bitlocker fromsettings on my laptop which is probably home version
Disabling it entirely is possible, but I want to keep the encryption and set a proper password for it instead of the stupidly long recovery key. That and similar features seem to be locked behind the pro version.
Yeah, you need Windows 11 Pro, Enterprise, or Education edition.
Is this person lying/incorrect? https://lemmy.world/comment/16865866
Unlikely. But, there’s a possibility they are both telling the truth. Since, they could be on a different Software version on their story.
Always the AB testing. All versions are regional and they only try these things in faschist us first where it is safest to assault customers
Not anymore. Now home has it too
Do home versions even come with bitlocker? There might be nothing to adjust
They do and it auto activates when you add a Microsoft account. It cannot be turned off on the home edition as it doesn’t have the full bitlocker settings. Came across this one on some machine i was working on a while ago and i ended up having to pull the SSD from the customers machine and plug it into something with pro to actually disable bitlocker.
I had a windows home installation too, local rules may vary, but mine (India), I could turn it off from the command prompt.
manage-bde -off C:(or any other drive) was what I used.Edit: nevermind, you meant that you wanted to change the key. That’s not possible, unfortunately, you might have to use some other encryption software.
This has been happening to people randomly for years. Ysed to get calls about it all the time, and that was pre-covid
I mean you can write your Bitlocker key down and store it safely or put it somewhere else safe… Lol
The main problem here is Bitlocker is being turned on by default on fresh 24H2 installs, most people that don’t know how to bypass the online account requirement are making burner Microsoft accounts (Boomers), therefore do not know the credentials in 3-4 years when their computer needs a repair.
When I switched to a new CPU I got a bit locker message and it was one of my biggest computer scares ever. I couldn’t remember if the shop that assembled my pc would have enabled it or not. And wasn’t available to contact.
I had to take a risk. If I continued there was a 50 50 chance my shit would have been bricked. Thankfully. That shop had the foresight to NOT randomly enable features the client didn’t ask for
I ran into a similar problem after a bios update.
Turns out “this update may wipe out your bitlocker key” also means “if you don’t have bitlocker turned on, it’ll just wipe out your windows key.”
Holy shit, they automatically activate it on computers without an account to back the key up to?
That’s just malicious
IIRC, they only do this if you’re logged in with a Microsoft account.
Bitlocker is disabled by default if you only use local accounts
I have (had ;'( ) a local account, and bitlocker was activated. I only found out when my motherboard bit the dust, and that triggered the no-TPM bitlocker thingamajig. Goodbye data.
Of course it hits right as I needed the data on that laptop. Fucking murphy and his fancy legal words.
If anyone is in a situation like mine, you might find luck with a little DIY hacking: https://www.techspot.com/news/106166-old-bitlocker-vulnerability-exploited-bypass-encryption-updated-windows.html
This only happens on OEM installs of Windows. Ridiculous but as far as I know if you disable it after first setup (OOBE) it never shows up again if you have only local accounts.
I’ve occasionally seen it activate itself on computers with only a local account, though I’ve so far only seen it when upgrading in place to 11 with secure boot enabled in the BIOS, and not every time. Fortunately the one time it locked me out was on a freshly cloned drive, so it only cost me redoing the work.
Also, the number of people who I’ve seen lose all their data because they don’t even know they created an MS account during OOBE, and later had a boot or BIOS hiccup, is too damn high!
I just installed Manjaro on my daily driver over the weekend. My entire steam library just works. My dev tools all work(better) on Linux, and free office is nice and familiar. Fuck widows.
Give them time to mourn first, but then fuck widows :D
Bazitte ! Try Bazitte.
You know, this is actually one Windows decision I agree with. Encryption should be default, especially on portable devices like laptops. For an OS aimed at people who want to use their computers, rather than understand them, you have to choose an encryption that works by default for most of your non-tech-savvy users.
If they want their data truly in their own hands, or full control, use Linux.
If they want to use Windows, but not rely on a Microsoft account for recovery, get the bitlocker recovery key and write it down (which you can do).
But I think this looks like a sane default.
(Full disclosure, I don’t use Windows for anything I care about!)
Respectfully, hard disagree and terrible take. I work in IT, and your stance only makes sense if people have some tech knowledge. Which is never going to happen for the average person.
I can’t tell you how many older people I’ve had to tell that I can’t save their grandkids first pics because of bitlocker
That still happens without bitlocker. Computers are dropped. Facebook passwords are forgotten.
I acknowledge automatic encryption is going to make some more cases of lost data, but, with respect, I think the benefit of making fewer cases of stolen data is worth it. I agree with the other commenter that users should be made aware of it more clearly.
Also, as much as I hate the push to Microsoft accounts, I have to admit it helps mitigate this problem: if all ordinary users have an account looking after their master keys, then they can turn to that when they forget their login password etc. but the opportunistic thief on the train can’t (as easily). Not every grandma has a Millennial relative at hand to boot Linux to rescue files off her HDD. And for those who don’t like to trust their master keys to Microsoft/Apple/Google? There’s Linux. And external backups. And saving your password somewhere safe.
Not nearly as much. If someone breaks their motherboard in half but the hard drive is okay, I can get their data unless they have bitlocker. Microsoft is encrypting drives and storing the keys in the TPM only, and it is insane. My grandma doesn’t have state secrets on her laptop, she doesn’t need encryption.
So, your grandma doesn’t need encryption. She might not need a seatbelt either. But it’s not only state secrets that are worth protecting. Does she have internet banking, with cookies stored in her browser? But many people do, and it’s either encryption for everyone, or for (almost) no one.
Hah is there a rash of nursing home break ins that I’m unaware of? I’m in the field, the way that is happening is phishing with fake ads and emails
Very few people are breaking into a laptop for cookies, it’s tremendous amounts of work, and is usually targeted. Motherboards die all the time, and take the TPM with them
Hah is there a rash of nursing home break ins that I’m unaware of?
I mean, not Windows user lives in a nursing home. I wish! But some lose laptops on the train, and some even throw their computers away!
Sure, most of the risk is remote through emails etc. Maybe you’re right. Maybe the balance is better the other way round: let all Windows Home users’ computers stay unencryptedv at rest, and keep encryption for Pro users. I grew up with a high focus on security; maybe I’m paranoid.
But phones are all encrypted these days. Obviously they’re more mobile and at more risk, but that suggests to me that laptops are subject to similar, if smaller, risks.
I get it, but as someone who has had to tell little old ladies their data is fucked, I am beyond pissed at Microsoft’s implementation. They should not be encrypting data without forcing lay people to have backup codes printed or on a flash drive or something.
They’re doing this because they want to force people to her Microsoft accounts, probably just to collect more data.
And for the record, I am very pro encryption The half assed way of encrypting even if there isn’t a Microsoft account connected and therefore no way to save keys somewhere is completely unacceptable
But wtf, all thiefs want is the device, why do they want photos of her grandson?
How many has it protected though? Maybe 2? It’s not logical to ask the user if you want to take over their data
The push to Microsoft accounts? More people, I expect, than I’d care to admit.
Locked out recoveries, yes, but I am fairly certain that encrypting data you don’t own without notifying is some kind of crime
Would be fine. The problem is, Microsoft is encrypting drives and not telling anybody about it. Average users have no clue what any of this is and are completely unaware they need to create a passphrase for safe keeping.
Fair point.
I’ve actually had this occur before to a machine I specifically disabled the tpm on so that it wouldn’t happen (it was an account less frozen kiosk). I was fuming the entire time I spent rebuilding it.
They also do spyware. They just renamed it “AI.”
I think they renamed everything to copilot
Office365 is now Copilot 365
and also Recall
deleted by creator
It logs literally everything you do with screenshots, then sends it to M$ despite their assurances that it would be local only.
Super invasive!
Thanks, it was hard to recall
I’m not aware of them uploading the screenshotted data, not for now anyways.
The data is indexed and parsed somehow. The last report on it that I saw had a picture of a semi-famous person be properly indexed under the person’s name, despite it being a picture that was taken by the person talking about recall, which means the image was not public. Whatever recall was doing, it analyzed the picture, and that’s probably not a local process.
https://en.wikipedia.org/wiki/Microsoft_Recall
Basically takes screenshots and stores them, then scans them and makes the text searchable. There’s been a bit of controversy over it lately and how it deals with PII/PHI.
Open your mind!
It takes a screenshot every five seconds and runs an LLM over it to extract text. Then there’s a UI where you can query it for what you did in the past.
It came under fire when they wanted to introduce it last year, because it stored all that data on your disk in unencrypted form. Meaning if anyone manages to run malicious code on your system, they don’t need to do the collecting themselves anymore, but can rather just send off any screenshotted passwords or whatever other secret things you might’ve been doing on your PC at any point in time. In particular, Microsoft had claimed that the data would be encrypted and it wasn’t. Didn’t even need special permissions to access it.
No idea, if they fixed the encryption now, or if this is just a case of the shitstorm having died down, so they roll it out now. But yeah, even with encryption, the implications aren’t great. If your parents or boss or law enforcement want to know what you were doing on your PC, they now have an exact history. And Microsoft could still change their mind and decide to upload all your data at any point in the future.
Doesn’t that take a ton of CPU/Memory?
Yeah, good question. I imagine the screenshotting itself is largely negligible, although obviously not free either. I don’t know when the LLM gets to do its job. Theoretically, it could be delayed until some point where there’s not much going on on your PC.
At some point, Microsoft wanted to roll out these AI features only on PCs which have an NPU, which is basically an additional CPU with a different architecture optimized for pattern recognition and such. I don’t know, if they still hold onto that requirement, but it would mean that it wouldn’t hog your CPU at least.
They have been somewhat desperate to roll out Recall, because it was the only semi-useful out of a handful of features that they came up with to somehow integrate AI into Windows. So, that’s why I’m never quite sure, what requirements they’re still holding onto.
Rectal is what it’s called I believe?
Microsoft Rectal
Recall Rec all Record all, their not even being subtle about it anymore
My god it’s all true 🤯
Did they change it from “telemetry” to AI now?
Unless the “telemetry” has been removed, shouldnt there be “added extra” instead of “renamed”?
Telemetry is exclusively for internal data collection and the inevitable sale of it. Recall is also for data collection but provides a user interface to access a slice of that data under the guise of the whole thing being a “feature”.
Telemetry isnt always collected to be sold. Open source projects often collect crash data to improve the software
Sure, but we’re talking about Microsoft here. When was the last time they actually improved any of their software?
They added windows explorer tabs a couple years ago. Does that count?
This was the exact same situation I experienced with my old Surface 6. Started to look into Linux firmware on Surface devices and deactivated secure boot because it wouldn’t boot Ventoy at all and do nothing, so I figured to try again with no secure boot. It still didn’t work so I turned it on again, but was then greeted with this Bitlocker screen which I didn’t even know it had activated up until this point. I set up a local account so I had no key to reset or something and was literally not able to do anything besides reinstalling the entire system.
Luckily I had nothing important on it lol
Weirdly the activation was saved on the MS servers so I didn’t need to do that again at least (was a preinstalled system so I wouldn’t have known the activation key anyways, I thought “When it doesn’t work I’ll switch to Linux fully because I’m not paying for that garbage system”).
After I updated Ventoy I was able to boot again even with secure boot on, there seems to have been an issue with that specific version.
I had Windows on my device since I bought it (around 2018) only upgraded to W11. It never mentioned anything about Bitlocker before this incident so if I had important stuff on it it would have been so over. Well, never save important files on Windows without backup is what I got out of it
This caused me literally bigger problems than my switch to Arch Linux after having only used Windows the entire time xD
Upvote for a acknowledging karma
