alt Hacker NewsThat's a crypto architecture design choice, MS opted for the user-friendly key escrow option instead of the more secure strong local key - that requires a competent user setting a strong password and saving recovery codes, understanding the disastrous implication of a key loss etc.
Given the abilities of the median MS client, the better choice is not obvious at all, while "protecting from a nation-state adversary" was definitely not one of the goals.
Replies
Yes and they had to lie to sell that option.
If they honestly informed customers about the tradeoff between security and convenience they'd certainly have far fewer customers. Instead they lead people to believe that they can get that convenience for free.
The obvious better choice is transparancy.
Protecting from a nation state adversary should probably be a goal for the kind of enterprise software MS sells.
Protecting from specifically the nation state that hosts and regulates Microsoft and its biggest clients, probably not.
This is a consent issue, and visibility thereof, not "crypto architecture"
They could still have asked. They do if you enable Bitlocker outside of the OOBE.
This story is just yet another confirmation of what used to be the "the americans have bugged most computers in the world" conspiracy theory.
I hope Microsoft wakes up to the changes in the way America is being viewed these days, because they stand to lose a lot of business if they don't.
While you're right, they also went out of their way to prevent competent users from using local accounts and/or not upload their BitLocker keys.
I could understand if the default is an online account + automatic key upload, but only if you add an opt-out option to it. It might not even be visible by default, like, idk, hide it somewhere so that you can be sure that the median MS user won't see it and won't think about it. But just fully refusing to allow your users to decide against uploading the encryption key to your servers is evil, straight up.