this post was submitted on 04 May 2025

1248 points (97.0% liked)

linuxmemes

25011 readers

2358 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

Instance-wide TOS: https://legal.lemmy.world/tos/
Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html

2. Be civil

Understand the difference between a joke and an insult.

Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".

Don't get baited into back-and-forth insults. We are not animals.

Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.

Bigotry will not be tolerated.

3. Post Linux-related content

Including Unix and BSD.

Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.

No porn, no politics, no trolling or ragebaiting.

4. No recent reposts

Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.

5. 🇬🇧 Language/язык/Sprache

This is primarily an English-speaking community. 🇬🇧🇦🇺🇺🇸

Comments written in other languages are allowed.

The substance of a post should be comprehensible for people who only speak English.

Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.

6. (NEW!) Regarding public figures

We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations.

Keep discussions polite and free of disparagement.

We are never in possession of all of the facts. Defamatory comments will not be tolerated.

Discussions that get too heated will be locked and offending comments removed.

Please report posts and comments that break these rules!

Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.

founded 2 years ago

MODERATORS

[email protected]

1248

Microsoft secured my files! (lemmy.world)

submitted 2 weeks ago by [email protected] to c/[email protected]

237 comments fedilink hide all child comments

Back in January Microsoft encrypted all my hard drives without saying anything. I was playing around with a dual boot yesterday and somehow aggravated Secureboot. So my C: panicked and required a 40 character key to unlock.

Your key is backed up to the Microsoft account associated with your install. Which is considerate to the hackers. (and saved me from a re-install) But if you've got an unactivated copy, local account, or don't know your M$ account credentials, your boned.

Control Panel > System Security > Bitlocker Encryption.

BTW, I was aware that M$ was doing this and even made fun of the effected users. Karma.

(page 5) 38 comments

sorted by: hot top controversial new old

[–] [email protected] 137 points 2 weeks ago (6 children)

load more comments (6 replies)

[–] [email protected] 2 points 2 weeks ago

This was the exact same situation I experienced with my old Surface 6. Started to look into Linux firmware on Surface devices and deactivated secure boot because it wouldn't boot Ventoy at all and do nothing, so I figured to try again with no secure boot. It still didn't work so I turned it on again, but was then greeted with this Bitlocker screen which I didn't even know it had activated up until this point. I set up a local account so I had no key to reset or something and was literally not able to do anything besides reinstalling the entire system.

Luckily I had nothing important on it lol

Weirdly the activation was saved on the MS servers so I didn't need to do that again at least (was a preinstalled system so I wouldn't have known the activation key anyways, I thought "When it doesn't work I'll switch to Linux fully because I'm not paying for that garbage system").

After I updated Ventoy I was able to boot again even with secure boot on, there seems to have been an issue with that specific version.

I had Windows on my device since I bought it (around 2018) only upgraded to W11. It never mentioned anything about Bitlocker before this incident so if I had important stuff on it it would have been so over. Well, never save important files on Windows without backup is what I got out of it

This caused me literally bigger problems than my switch to Arch Linux after having only used Windows the entire time xD

[–] [email protected] 55 points 2 weeks ago (10 children)

Meanwhile in Linux with luls, which I've had since a pre-pre-pre version somewhere back in the early 2000's, I can have multiple keys, all works like sunshine, never had problems.

On windows... So we work with highly sensitive data, and ever since I came in I thought it insane that people working remote don't have that highly sensitive data encrypted. We can't switch Linux yet, so okay, we go for BitLocker.

Boy oh boy oh boy was that a mistake.

50 remote users, 5 get encrypted devices with BitLocker as a trial and within a month, 3 of them already got locked up permanently because apparently it'll pwrma lock itself after x amounts of invalid passwords which is just incredibly stupid. But don't worry, there is a backup key! Yeah, that is lie 48 characters that we'd had to pass by phone and they have to type it flawlessly.

Suffice to say, the remote users will be running Linux soon, like it or not.

[–] [email protected] 7 points 2 weeks ago

pass by phone

That's a ticket I would go and overnight mail a pre configured IP KVM

load more comments (9 replies)

[–] [email protected] 8 points 2 weeks ago* (last edited 2 weeks ago)

Holy shit. This happened to me last week.

Turned off Safe Boot when going back over to Win on a dualboot after 6 months. Wanted to avoid updates nuking my dualboot option. (Edit: As was a Win issue 6 months ago)

...enter Bitlocker recovery for Every. Single. Logon.

Just need to do one thing that needs genuine Win11 fingerprint and then I'm doing a 22.1 fresh install.

[–] [email protected] 8 points 2 weeks ago

Upvote for a acknowledging karma

[–] [email protected] 6 points 2 weeks ago (1 children)

Windows is still around?????

[–] [email protected] 7 points 2 weeks ago

yes, I have to use it at work - and it's awful.

[–] [email protected] 20 points 2 weeks ago (2 children)

Thank you for the word of warning. Does this affect Windows 10 as well?

[–] [email protected] 17 points 2 weeks ago (1 children)

Does this affect Windows 10 as well

IDK. 10 has bitlocker, so I'd check.

[–] [email protected] 6 points 2 weeks ago (1 children)

I just checked and it is not on by default.

load more comments (1 replies)

[–] [email protected] 159 points 2 weeks ago (1 children)

Holy shit, they automatically activate it on computers without an account to back the key up to?

That's just malicious

[–] [email protected] 97 points 2 weeks ago (2 children)

IIRC, they only do this if you're logged in with a Microsoft account.

Bitlocker is disabled by default if you only use local accounts

[–] [email protected] 28 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I have (had ;'( ) a local account, and bitlocker was activated. I only found out when my motherboard bit the dust, and that triggered the no-TPM bitlocker thingamajig. Goodbye data.

Of course it hits right as I needed the data on that laptop. Fucking murphy and his fancy legal words.

If anyone is in a situation like mine, you might find luck with a little DIY hacking: https://www.techspot.com/news/106166-old-bitlocker-vulnerability-exploited-bypass-encryption-updated-windows.html

load more comments (1 replies)

[–] [email protected] 45 points 2 weeks ago* (last edited 2 weeks ago)

I've occasionally seen it activate itself on computers with only a local account, though I've so far only seen it when upgrading in place to 11 with secure boot enabled in the BIOS, and not every time. Fortunately the one time it locked me out was on a freshly cloned drive, so it only cost me redoing the work.

Also, the number of people who I've seen lose all their data because they don't even know they created an MS account during OOBE, and later had a boot or BIOS hiccup, is too damn high!

[–] [email protected] 52 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Not that it helps now, but you can also dump your bitlocker recovery key through powershell and save it independently.

(Get-BitLockerVolume -MountPoint "C").KeyProtector

[–] [email protected] 27 points 2 weeks ago (2 children)

The control panel dialogue allows you to do this as well. Control Panel > system security > Bitlocker encryption. But it also has the superior option which is to turn it off.

I didn't loose any data BTW. I had my M$ account info, and a backup besides.

[–] [email protected] 10 points 2 weeks ago

Disk encryption should absolutely be used, especially on laptops/portable systems.

Otherwise someone steals your laptop and swaps the disk into another system and they've got all your stuff. Including that folder that nobody knows about.

[–] [email protected] 24 points 2 weeks ago (11 children)

But it also has the superior option which is to turn it off.

Why would you not want to encrypt your files? My Linux systems are encrypted too.

[–] [email protected] -2 points 2 weeks ago (2 children)

Why would you not want to encrypt your files?

Bitlocker is only as secure as Microsoft is. If someone hacks your account, they've got your keys. And Micosoft stores that key in plain text.

load more comments (2 replies)

load more comments (10 replies)

[–] [email protected] 228 points 2 weeks ago (3 children)

They also do spyware. They just renamed it "AI."

[–] [email protected] 8 points 2 weeks ago

I think they renamed everything to copilot

Office365 is now Copilot 365

[–] [email protected] 30 points 2 weeks ago (1 children)

Did they change it from "telemetry" to AI now?

[–] [email protected] 18 points 2 weeks ago (1 children)

https://en.wikipedia.org/wiki/Microsoft_Recall

[–] [email protected] 16 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Unless the "telemetry" has been removed, shouldnt there be "added extra" instead of "renamed"?

[–] [email protected] 9 points 2 weeks ago (1 children)

Telemetry is exclusively for internal data collection and the inevitable sale of it. Recall is also for data collection but provides a user interface to access a slice of that data under the guise of the whole thing being a "feature".

[–] [email protected] 4 points 2 weeks ago (1 children)

Telemetry isnt always collected to be sold. Open source projects often collect crash data to improve the software

[–] [email protected] 12 points 2 weeks ago (1 children)

Sure, but we're talking about Microsoft here. When was the last time they actually improved any of their software?

[–] [email protected] 6 points 2 weeks ago

They added windows explorer tabs a couple years ago. Does that count?

[–] [email protected] 93 points 2 weeks ago (4 children)

and also Recall

[–] [email protected] 18 points 2 weeks ago (5 children)

Can you remind me what that "recall" is?

[–] [email protected] 6 points 2 weeks ago

[–] [email protected] 15 points 2 weeks ago (2 children)

It takes a screenshot every five seconds and runs an LLM over it to extract text. Then there's a UI where you can query it for what you did in the past.

It came under fire when they wanted to introduce it last year, because it stored all that data on your disk in unencrypted form. Meaning if anyone manages to run malicious code on your system, they don't need to do the collecting themselves anymore, but can rather just send off any screenshotted passwords or whatever other secret things you might've been doing on your PC at any point in time. In particular, Microsoft had claimed that the data would be encrypted and it wasn't. Didn't even need special permissions to access it.

No idea, if they fixed the encryption now, or if this is just a case of the shitstorm having died down, so they roll it out now. But yeah, even with encryption, the implications aren't great. If your parents or boss or law enforcement want to know what you were doing on your PC, they now have an exact history. And Microsoft could still change their mind and decide to upload all your data at any point in the future.

load more comments (2 replies)

[–] [email protected] 5 points 2 weeks ago

Open your mind!

[–] [email protected] 46 points 2 weeks ago (2 children)

It logs literally everything you do with screenshots, then sends it to M$ despite their assurances that it would be local only.

Super invasive!

[–] [email protected] 3 points 2 weeks ago (1 children)

I'm not aware of them uploading the screenshotted data, not for now anyways.

load more comments (1 replies)

[–] [email protected] 41 points 2 weeks ago

Thanks, it was hard to recall

load more comments (1 replies)

[–] [email protected] 43 points 2 weeks ago* (last edited 2 weeks ago)

Rectal is what it's called I believe?

Microsoft Rectal

load more comments (2 replies)

load more comments