If they don’t save those photos somewhere else from time to time, it means those photos aren’t that important.
spooky2092@lemmy.blahaj.zone
on 02 May 12:29
nextcollapse
You’re assuming they actually understand proper data protection procedures. You have a very misplaced amount of faith in the knowledge of the average person. Plenty of people just expect stuff to work and are horrified when they realize they’re not.
I saw that all the time when I worked in mobile phone sales/support.
Takumidesh@lemmy.world
on 02 May 12:37
nextcollapse
This is a post about people who don’t understand encryption.
JWBananas@lemmy.world
on 02 May 12:43
nextcollapse
I backup my precious dick pics at several offsite locations by sending them to as many people as possible as often as possible.
8-
pressanykeynow@lemmy.world
on 03 May 02:31
collapse
Yeah, nothing important. Just your banking apps, personal documents, photos, government apps, emails, all the services linked to your phone via mobile number, personal chats, work chats, 2fa codes, some other not important stuff. But at least it doesn’t have your games. Unless you play games on your phone, then you are fucked.
surewhynotlem@lemmy.world
on 02 May 11:11
nextcollapse
Huh … I never noticed. Probably because my phone OS never failed to boot, requiring me to pull data off the HDD directly.
Object@sh.itjust.works
on 02 May 12:15
nextcollapse
One major difference is that it is so much easier to lock yourself out of the desktop TPM chip compared to mobile device security chips because they’re not tightly coupled.
and phones make you use your unlock pin often, so people are forced to remember it. on the other hand windows lets you use a short pin instead of your full account password pretty much forever which results in people forgetting the password completely.
That isnt even the part it is encrypted, the TPM encryption is either “Automatic” or over a password (any length) on startup so far i know it from my work with Bitlocker (tpm 2.0) on windows 10. Idk if this is different on windows 11.
Android I think just uses same credentials you use to unlock account, at least I am not aware of any recovery key. And you are prompted for credentials from time to time so it is harder to forget. I use fingerprint as main unlock + pattern and I have to enter pattern roughly once a week I think.
On Windows if you set up Windows Hello (fingerprint or PIN usually), you are not reminded to enter password afterwards so eventually you can forget it. And if you do not know your password and cannot recover account, you will not be able to retrieve BitLocker recovery key. So fix to this problem could be another annoyance to users if it would be implemented as Android does it.
MonkderVierte@lemmy.ml
on 02 May 15:31
nextcollapse
Different threat model and usage scenario. See the spilled milk comment.
The only phone manufacture that does that is Google with pixel. Any other phone is for my knowledge either “weakly” encrypted or not at all.
Still your Mobile OS isnt just upgrading and encrypting your SD card and main drive. Thats the point.
InnerScientist@lemmy.world
on 03 May 06:57
collapse
All devices launching with Android 10 and higher are required to use file-based encryption.
To use the AOSP implementation of FBE securely, a device needs to meet the following dependencies:
Kernel Support for Ext4 encryption or F2FS encryption.
Keymaster Support with HAL version 1.0 or higher. There is no support for Keymaster 0.3 as that does not provide the necessary capabilities or assure sufficient protection for encryption keys.
Keymaster/Keystore and Gatekeeper must be implemented in a Trusted Execution Environment (TEE) to provide protection for the DE keys so that an unauthorized OS (custom OS flashed onto the device) cannot simply request the DE keys.
Hardware Root of Trust and Verified Boot bound to the Keymaster initialization is required to ensure that DE keys are not accessible by an unauthorized operating system.
cy_narrator@discuss.tchncs.de
on 06 May 00:03
collapse
Forcing people is one thing, not telling them its a thing is completely different. Most Windows users dont even know their Windows has bitlocker enabled and those keys are out of their sight
reseller_pledge609@lemmy.dbzer0.com
on 02 May 09:30
nextcollapse
Surprise, surprise.
Forcing security measures onto someone who doesn’t understand them or know how to recover their data if something goes wrong is a bad idea.
FreedomAdvocate@lemmy.net.au
on 02 May 09:37
nextcollapse
How are these people losing access to their MS accounts on their computers?
SpikesOtherDog@ani.social
on 02 May 10:53
nextcollapse
Step one, be forced to create a Microsoft account.
Step two, create the account with a password you are SURE you remember
Step three, create a PIN so you never have to enter your password
Step four, forget your password
user224@lemmy.sdf.org
on 02 May 13:18
nextcollapse
You can still force local account. Edit: nevermind, first sentence of the article:
Earlier today, we published an article regarding Microsoft’s recent removal of the BYPASSNRO script and how it has irked Windows 11 users
Well, fuck.
On setup: Shift + F10 -> click into the CMD window (it opens unfocused)
cd oobe
bypassnro
And do not connect to network until you finish setup.
Disabling auto updates was also very simple and intuitive. Couldn’t be easier.
Meta + R -> Type gpedit.msc and press enter -> On left click Administrative templates -> All settings -> Configure Automatic Updates -> Select option 2, Enabled and Apply
SpikesOtherDog@ani.social
on 02 May 13:26
nextcollapse
I’m still creating local accounts using the bypass in the auto unattend file.
If a drive is crypto locked and there is only a local account, it might as well be wiped if nobody has a password.
Bypassnro is the old method, no longer working since 24H2. I’ve tested this method on GitHub and it works for normal AND S-mode devices.
Ctrl + Shift + J before selecting secondary keyboard layout (sometimes you need to click on the outside borders of the form so the dev console pops up)
Type this (can use autocomplete): WinJS.Application.restart(“ms-cxh://LOCALONLY”)
Setup with local account
sem@lemmy.blahaj.zone
on 02 May 13:22
nextcollapse
I guess there is a password recovery feature with Microsoft accounts, but people don’t remember which email they signed up with?
Maybe it would help to read the initial reddit thread and not this article.
SpikesOtherDog@ani.social
on 02 May 14:03
collapse
people don’t remember which email they signed up with
Most likely this is the #1 reason. When Passkeys will become more popular, that will be another problem for regular users unless there is an easy account recovery option.
Another possibility could be switching to local account and deleting MS account, but I would imagine that is more rare and most people would just abandon account. Then it can become the same issue with forgotten password though.
FreedomAdvocate@lemmy.net.au
on 06 May 03:43
collapse
Step 5, recover password?
SpikesOtherDog@ani.social
on 06 May 10:30
collapse
That’s if the password recovery feature was set up properly.
FreedomAdvocate@lemmy.net.au
on 06 May 18:19
collapse
Heaven forbid people take any personal responsibility.
All the time, then people get ran around in circles, are given a too technical explanation and give up more often than not.
The encryption is not inherently a bad thing, but forcing people into account creation is where the trouble starts. With piss-poor customer support as the cherry on top, this should never be allowed.
I’d say it’s a bad thing because it’s the wrong threat model as a default.
More home users are in scenarios like “I spilled a can of Diet Sprite into my laptop, can someone yank the SSD and recover my cat pictures” than “Someone stole my laptop and has physical access to state secrets that Hegseth has yet to blurt on Twitch chat”. Encryption makes the first scenario a lot harder to easily recover from, and people with explicit high security needs should opt into it or have organization-managed configs.
I agree, the encryption should be deliberate choice. And we’ve said nothing yet about the impact on performance.
You used to almost be forced to make a recovery CD or USB when encrypting a drive, now people don’t even know how ‘important’ the MS account actually is.
in Italian gangster voice
“Hey Buddy, give me your information, fair price for security, eh?, What? Do you not trust me? Buddy, you may lose your information, we wouldn’t want that, right?, just make an account I’ll handle the rest”
RedditIsDeddit@lemmy.world
on 02 May 11:00
nextcollapse
Landless2029@lemmy.world
on 02 May 11:40
nextcollapse
Fix that title gore please
Windows 11 users reportedly losing data due to Microsoft’s forcedWindows 11 users reportedly losing data due to Microsoft’s forced BitLocker encryption
lka1988@lemmy.dbzer0.com
on 02 May 17:27
nextcollapse
Tagging OP @moe90@feddit.nl until they quit being a lazy bitch and actually fix their title.
Windows 11 users reportedly losing data due to Microsoft’s forced Windows 11
SplashJackson@lemmy.ca
on 02 May 12:41
nextcollapse
ShitLocker
Imgonnatrythis@sh.itjust.works
on 02 May 13:28
nextcollapse
I’m in favor of a heavy handed push towards encryption, I think most people don’t realize how important this is (now more than ever), but windows should be guiding and educating on this not requiring, and it should have absolutely nothing to do with an email address or online account.
On a home PC, what for? The only data that really matters to be encrypted is my keepass database file. Giving the option is fine but I don’t think it should done without asking the user to choose.
Imgonnatrythis@sh.itjust.works
on 03 May 05:03
collapse
That’s what I said.
Im unfortunate to live in a country where the police can now quite easily enter a residents home and take their computer and use any data on it against them. Encryption can at least slow their nefarious efforts. I think most people should utilize encryption.
I can’t access my home server at all right now. I needed a distraction from all the bullshit in the world so I intentionally made it unstable so I would always have a puzzle to solve. I have a backup but I only use it when the puzzle breaks. That’s the rule I made for myself.
It tech here. Yup sure does.
For enterprise customers it gets saved in active directory anyway.
But for home users, no way.
For new devices I always create a local account and turn off bitlocker if it happens to be enabled.
Most people don’t remember their email password, some don’t even remember their email address.
So many times I’ve had to remove the drive of a dead PC or laptop and copy all their files off of it, because people just don’t make backups.
But already happenend a few times now that a private customer got suckered into making a Microsoft account by one of those full screen pop ups.
Probably set it up with an E-Mail some relative of theirs created just so they can download stuff of their Phones App store.
And all their stuff just gets automatically encrypted.
Bye Bye all the photos you had taken for the last 10 years. Thanks Microsoft.
Why isn’t this a thing for me? Because I skipped MS account creation? So many Win11 issues I read about on here and I get almost none with my vanilla ISO install.
Maybe it’s a home vs. pro thing? On the pro version you don’t even to do any trickery in the command prompt or the registry. You just choose “join a domain”, create a local account. You don’t actually have to join a domain.
GoodLuckToFriends@lemmy.today
on 03 May 01:54
collapse
I just got bit in the ass by bitlocker when my laptop motherboard died. I had to do the unsafe bootloader hack to get back into the drive.
Matriks404@lemmy.world
on 02 May 15:03
nextcollapse
I didn’t expect Windows to become THAT shit. Well it’s good for Linux I guess.
lka1988@lemmy.dbzer0.com
on 02 May 15:12
nextcollapse
Get started early so you have time to acclimate and address issues. You are going to hate it if you urgently need your computer for something and something unexpected happens.
lka1988@lemmy.dbzer0.com
on 02 May 17:32
nextcollapse
I’ve decided to switch my gaming PC to Linux…a few weeks ago.
No ragrets. My games run faster, I no longer need extra shit to make Windows work the way I want it to work, and I can remote into it however I want without running into artificial roadblocks.
captain_aggravated@sh.itjust.works
on 02 May 18:17
collapse
If you’re new to Linux, I suggest at the very least starting to learn now. If you have a spare device you can install it on, an old laptop or something, dual boot on your existing machine or use Virtualbox…Start learning now, while you still consider Windows an option.
My own journey to the Linux platform included several instances of the following scenario:
I need to get something done. It’s simple, in Windows 7 I know how to do it in seconds. It’s so simple that I don’t know the words for it, just the thing to click to do it. But it doesn’t work that way in Linux, even the vocabulary is different, and you need this done right now because you’re working on something and you don’t have time to stop and learn this right now.
Boot into Windows, get your job done and turned in. Then look up how to do it in Linux later. Eventually you stop hitting that wall.
You’ve decided you have seven months. I’d get to it.
Better than ever in base usability as an operating system for the average person. And you can run wsl2 and have a full Linux environment too. It’s as close to a macOS user friendly experience as it has ever been without losing the windows identity.
Okay, I’ll give you wsl2, and the “average user experience” being better, but Windows is losing its identity with the IT and customization front. For both destroying the win32 control panel and locking down the shell so you can no longer customize it.
Somewhat ironically OSX recently added widgets to the desktop. Something Microsoft did years ago, removed it for no reason, and then added a flyout to tick almost the same check boxes.
As for me, the spike in resource usage and over saturation of “AI” was enough for me to decide to jump ship.
I’m currently attempting to daily drive Manjaro so maybe my opinion will change, but so far, it feels like home.
Oh yeah some of the bloat is terrible and I wish the ai stuff came off by default but a lot of the issues can be handled with Chris Titus script. But to me win 11 with some tweaks feels better than anything since xp and I know I have rose tinted glasses on xp.
toastmeister@lemmy.ca
on 02 May 23:20
nextcollapse
It seems like a buggy mess to me.
OmgItBurns@discuss.online
on 02 May 23:34
collapse
I’m getting daily or near daily BSODs since switch back from Debian. I was okay with Vista and 8, and maybe I’m just getting crankier as I get older, but I definitely am not a fan of the current direction Windows is taking.
Windows can’t be updated in any meaningful way without being rebooted because Windows can’t overwrite a file that is in use. This makes it fairly unlikely for a machine to be up for 12 years.
Windows 7 also doesn’t “idle in the low MBs” It uses almost 1G at least at startup more if you have apps that auto start and like every OS it caches recently accessed files.
pressanykeynow@lemmy.world
on 03 May 02:20
collapse
They know, read their yearly financial reports. They said for a decade that Windows is not only not profitable, there’s no future for it. Microsoft for several years now is a company that sells cloud and opensource services(Linux, Github, etc).
Clearly you’ve never used a Mac. It wasn’t until 2024 that you could snap windows, they have a built in dark mode but the word processor that ships with their computer requires you to use a dark page template if you want black background/white text, and lord forgive you if you want to take a screenshot.
brbposting@sh.itjust.works
on 04 May 04:40
collapse
I think the vibe is kind of “works for grandma out of the box“, “someone in the small-but-mighty dev community made an [open-source] app for that”
Yeah frustrates me too but seeing it as a kind of culture would probably help me be less frustrated
Then Apple gets tiny bits of occasional flak for Sherlocking
From the software usability perspective, they have the “it just works” reputation and that might be true if you’re doing really basic stuff. I’ve found both windows and Linux to be much more user friendly if you want to do mildly advanced things.
Their hardware is generally pretty solid but comes at a premium, especially once you start talking about increasing RAM/SSD capacity. I have both a MacBook pro M3 pro and a Snapdragon X Elite Lenovo Yoga slim 7x. The 7x can give great battery life, but is much more inconsistent in doing so. On the other hand, the 7x has an amszing 3k OLED screen, has a removable m3 SSD, and you can upgrade to 32 GB of RAM for around $100.
What I find interesting is that a large swath of developers have macs. I get it for some use cases (ARM emulation on ARM vs doing it on x86), but it seems like it’s a bit of a status symbol for others.
I read the article but am not smarter than before. I heard some time ago that windows does encrypt the drive but you need an active online account and the key will be saved online. So do people forget their online passwords and methods to recover that said account? I dont like m$ and am using linux, but people loosing their passwords, being uninformed about their systems and dont so backups is not the direct fault of the operating system.
Correct, can be turned on and it will provide you the key to be saved as a file if I recall
habitualcynic@lemmy.world
on 02 May 23:46
nextcollapse
I helped my sister deal with this. Bitlocker activated itself, the keys were in her account which she had access to. She had done everything properly but nothing worked to resolve it.
There’s countless forum posts on it since about 2021 if you go looking for it. None of the recovery processes worked so I reformatted and enabled bitlocker at the start. Next time I visit, she’s getting Linux Mint.
Fuck Microsoft. End users shouldn’t be expected to troubleshoot like that.
pressanykeynow@lemmy.world
on 03 May 02:06
nextcollapse
you need an active online account and the key will be saved online
Is there a legit reason for this? Why can’t they just encrypt the data with the password used to access the online account?
Because then you can’t change your password. Since you would have to decrypt all the hard drives that use windows with that account, and then encrypt them again with the new one.
This also means that if you forget your password you are fucked.
Typically an actual key is effectively just a very long pseaudorandom binary blob and the passphrase is just used to unlock the actual key. This means you can add a new key just by encrypting the actual key with the new passphrase
Typically that is also the way you can use multiple accounts to unlock the same hard drive encryption. You just encrypt the actual key with each of the account passwords.
LoveSausage@discuss.tchncs.de
on 03 May 03:43
nextcollapse
Just did a fresh win 11 install . In order to update bios before installing Linux.
Refused to let me install without wifi but a quick googling and a command prompt later it was possible to work around easily
InnerScientist@lemmy.world
on 03 May 06:50
nextcollapse
Lose access to your MS account = lose your data forever. No warnings, no second chances. Many people learn about BitLocker the first time it locks them out.
It seems like they just got locked out of their Microsoft account (which stores the bitlocker key).
Idk why they can’t just reset their password or if this article talks about the times where people couldn’t do that due to missing email access or maybe resetting the password deletes the bitlocker keys?
Either way though, the problem is that Microsoft is forcing encryption on everyone and not properly educating them on the consequences like “Backup your decryption key if you care about the data” in a way a normal user actually listens to.
Setting up encryption has previously been an affirmative step wherein the user opted into being unable to access their data if they lose their password. Because of this users have the opportunity to back up their recovery key you know after they even learn what one is.
Having it happen on upgrade to an existing machine is inherently confusing and its easy to see how it could lead to data loss.
pewgar_seemsimandroid@lemmy.blahaj.zone
on 02 May 19:39
nextcollapse
hearing about this was my final straw, thank god
ArkyonVeil@lemmy.dbzer0.com
on 02 May 22:57
nextcollapse
I’m of the opinion that encryption based security should be compartmentalized. IE, an encrypted folder, or “safe” app. Safes in housing are already a concept that is already commonly known so it would be natural to extend a safe into the digital realm.
This would also help in the idea that safes are locked with a key, so if the user loses their keys, whatever is inside the safe, might as well be lost.
Now if EVERYTHING is a safe, (always on encryption). People will never known the difference. Its a dangerous type of security that is likely to be more a loss than a benefit.
You are arguing for selective encryption, but I can’t really find any technical argument in your comment.
Whether we are speaking of encryption at transit or rest, there’s a general consensus that encrypting everything is best in every way except possibly performance for select cases.
For example, it allows hiding (meta)data about the really important bits, and with computers it’s really difficult to tell which bits of (meta)data could be combined to abuse. Tampering is a consideration as well.
michaelmrose@lemmy.world
on 03 May 07:38
nextcollapse
For most folks they could just write down their encryption passphrase in a secure location with the rest of their papers since 99.9% of the risk is thieves stealing their laptops. For most folks the biggest secure item they have is the one they use constantly their browser and all the passwords it stores to all their services. You know the thing they use constantly.
A compartmentalized approach makes sense when the laptop contains really vulnerable data like laptops which have been stolen with bunches of client data on it or a journalists communication with confidential sources etc etc. In that case you STILL want to encrypt the whole thing but you want to separately encrypt the really important stuff with a different key so that every time you open your laptop to watch cat videos on youtube you aren’t also unlocking all the data you will have to tell your companies users you lost.
But, houses have locks on the doors. The whole point of the house is to be a safe for people. Security is all about the threat model, your risk assessment should inform the security measures that make sense in the security/convenience continuum. Not everyone will be equally well served by the exact same risk mitigation methods.
The point of whole disk encryption is to delay or nullify physical device control. If your disk is not encrypted, but you have a single encrypted file a bad actor wants to access. If they get physical control, then it is game over. They have all the time and power in the world to crack down that one file. Now, most people don’t have any one file(s) like that, but instead are worried about their private life in general. Without encryption, physical access to the device means total access to their entire life, the house had no locks and the thieves just waltzed in and took everything of value. Whole disk encryption is opting for a sturdier door, with better locks. Physical control is still bad, but access is orders of magnitude harder. Sure, if you lose the only key to your house, you better be prepared to break windows or walls to get in, but that is a user responsibility.
fluffykittycat@slrpnk.net
on 03 May 01:13
nextcollapse
What a stinker of an OS. Linux never looked so good
A_Random_Idiot@lemmy.world
on 03 May 01:31
nextcollapse
Same. Except my first pc was running DOS on a black and amber CRT…so switching to Linux even part time in 2010 was pretty easy for me to wrap my head around in terms of CLI stuff.
FooBarrington@lemmy.world
on 03 May 05:23
collapse
r_deckard@lemmy.world
on 03 May 03:27
nextcollapse
That’s extraordinary, even for Microsoft.
If you’re on Win 11 Pro, up to 23H2, follow these steps to prevent 24H2:
win+R, type GPEDIT.MSC, press enter
Locate “Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Update\Select the target feature update version”
Now click the “Enabled” button, type “Windows 11” in the first prompt and “23H2” in the second prompt and click “Apply”
That will prevent 24H2 from being downloaded and installed. When they’ve fixed this and the “Recall” mess, you can go back and undo the setting.
You can still do the “bypassnro” thing, it’s just a script that’s been removed. All it did was write a registry entry and reboot. This is the registry key entry - you can still press shift-F10 at the same point and type this manually:
I remember when Linux users used to say that, but it turns out they were right.
I’m glad I leaved that cursed OS behind.
nek0d3r@lemmy.dbzer0.com
on 03 May 05:18
nextcollapse
I am LITERALLY in the process of migrating my servers to my new NixOS server after months of prep work. This couldn’t have been more timely lol
Funniest part is, I just did my own TPM based encryption on my drives.
cy_narrator@discuss.tchncs.de
on 05 May 23:50
collapse
But my PC doesn’t even have a password. So how can my files be encrypted? I thought a password was manditory for file encryption to work.
synapse1278@lemmy.world
on 04 May 12:01
nextcollapse
You probably haven’t activate Bitlocker. Up until now it was optional with Windows. I would argue it isn’t necessary for a desktop computer at home, but you should seriously consider activating disk encryption for a laptop.
cy_narrator@discuss.tchncs.de
on 05 May 23:48
collapse
It automatically encrypts the drive only if admin has a Microsoft account (to backup the key on their cloud servers for easier LEO access data recovery) and the PC is a prebuilt
If one of the condition is not met, the automatic ransomware isn’t enabled
peetabix@sh.itjust.works
on 03 May 16:39
nextcollapse
I had a small Win11 machine that I now have Ubuntu on. Win11 wouldn’t let me use the whole disk because of the BitLocker bullshit. I had to dig through the menus and disable it then wait hours for it to finish decrypting.
Fuck Microsoft. I’m proud to say me and my GF dont have a single Microsoft product in our home, and I’m keeping that way.
emeralddawn45@discuss.tchncs.de
on 04 May 05:40
collapse
Why couldn’t you just format the entire drive with the linux installer?
Yes! This happened to me when I turned off the ‘safe boot’ on a laptop via BIOS. It locked me out but I had never agreed to install Bitlocker in the first place, let alone know what key I was supposed to have. It was a total loss & I had to wipe the drive.
This is already looking like Microsuck is asking for a Windows 11/BitLocker based Class Action Lawsuit against them for this data lose blunder, and hopefully get their currently CEO fired.
threaded - newest
Fool me once, shame on you and fool me twice, shame on me; fool me hundred times and what the fuck is wrong with me
Yeah it can happen, when you force people without their consent encrypting their data.
Isn’t that what Iphone and Android already do?
Most people don’t have anything of importance on their phones. And the tuning options are almost absent on phones, so it is less problematic bug-wise.
For many, a mobile device is their sole computer, and things of importance to them are stored on it.
Le banking app.
But THAT is recoverable EASILY, not like lost forever if you dont recover data from that phones storage.
Something like OTP are rather more important.
Well, I wasn’t talking about recovery, but need for encryption.
I guess thats true.
.
No you’re right, nobody has precious photos or videos on their phone 🙄
If they don’t save those photos somewhere else from time to time, it means those photos aren’t that important.
You’re assuming they actually understand proper data protection procedures. You have a very misplaced amount of faith in the knowledge of the average person. Plenty of people just expect stuff to work and are horrified when they realize they’re not.
I saw that all the time when I worked in mobile phone sales/support.
This is a post about people who don’t understand encryption.
en.m.wikipedia.org/wiki/False_equivalence
I backup my precious dick pics at several offsite locations by sending them to as many people as possible as often as possible.
8-
Yeah, nothing important. Just your banking apps, personal documents, photos, government apps, emails, all the services linked to your phone via mobile number, personal chats, work chats, 2fa codes, some other not important stuff. But at least it doesn’t have your games. Unless you play games on your phone, then you are fucked.
Huh … I never noticed. Probably because my phone OS never failed to boot, requiring me to pull data off the HDD directly.
Samsung is notorious for this.
One major difference is that it is so much easier to lock yourself out of the desktop TPM chip compared to mobile device security chips because they’re not tightly coupled.
and phones make you use your unlock pin often, so people are forced to remember it. on the other hand windows lets you use a short pin instead of your full account password pretty much forever which results in people forgetting the password completely.
That isnt even the part it is encrypted, the TPM encryption is either “Automatic” or over a password (any length) on startup so far i know it from my work with Bitlocker (tpm 2.0) on windows 10. Idk if this is different on windows 11.
Android I think just uses same credentials you use to unlock account, at least I am not aware of any recovery key. And you are prompted for credentials from time to time so it is harder to forget. I use fingerprint as main unlock + pattern and I have to enter pattern roughly once a week I think.
On Windows if you set up Windows Hello (fingerprint or PIN usually), you are not reminded to enter password afterwards so eventually you can forget it. And if you do not know your password and cannot recover account, you will not be able to retrieve BitLocker recovery key. So fix to this problem could be another annoyance to users if it would be implemented as Android does it.
Different threat model and usage scenario. See the spilled milk comment.
The only phone manufacture that does that is Google with pixel. Any other phone is for my knowledge either “weakly” encrypted or not at all.
Still your Mobile OS isnt just upgrading and encrypting your SD card and main drive. Thats the point.
source.android.com/docs/security/…/file-based?hl=…
Forcing people is one thing, not telling them its a thing is completely different. Most Windows users dont even know their Windows has bitlocker enabled and those keys are out of their sight
Surprise, surprise.
Forcing security measures onto someone who doesn’t understand them or know how to recover their data if something goes wrong is a bad idea.
How are these people losing access to their MS accounts on their computers?
Step one, be forced to create a Microsoft account.
Step two, create the account with a password you are SURE you remember
Step three, create a PIN so you never have to enter your password
Step four, forget your password
You can still force local account. Edit: nevermind, first sentence of the article:
Well, fuck.
On setup: Shift + F10 -> click into the CMD window (it opens unfocused)
And do not connect to network until you finish setup.
Disabling auto updates was also very simple and intuitive. Couldn’t be easier.
Meta + R -> Type gpedit.msc and press enter -> On left click Administrative templates -> All settings -> Configure Automatic Updates -> Select option 2, Enabled and Apply
I’m still creating local accounts using the bypass in the auto unattend file.
If a drive is crypto locked and there is only a local account, it might as well be wiped if nobody has a password.
Bypassnro is the old method, no longer working since 24H2. I’ve tested this method on GitHub and it works for normal AND S-mode devices.
I guess there is a password recovery feature with Microsoft accounts, but people don’t remember which email they signed up with?
Maybe it would help to read the initial reddit thread and not this article.
No. We are the top 5%-10% of users
Most likely this is the #1 reason. When Passkeys will become more popular, that will be another problem for regular users unless there is an easy account recovery option.
Another possibility could be switching to local account and deleting MS account, but I would imagine that is more rare and most people would just abandon account. Then it can become the same issue with forgotten password though.
Step 5, recover password?
That’s if the password recovery feature was set up properly.
Heaven forbid people take any personal responsibility.
All the time, then people get ran around in circles, are given a too technical explanation and give up more often than not.
The encryption is not inherently a bad thing, but forcing people into account creation is where the trouble starts. With piss-poor customer support as the cherry on top, this should never be allowed.
I’d say it’s a bad thing because it’s the wrong threat model as a default.
More home users are in scenarios like “I spilled a can of Diet Sprite into my laptop, can someone yank the SSD and recover my cat pictures” than “Someone stole my laptop and has physical access to state secrets that Hegseth has yet to blurt on Twitch chat”. Encryption makes the first scenario a lot harder to easily recover from, and people with explicit high security needs should opt into it or have organization-managed configs.
I agree, the encryption should be deliberate choice. And we’ve said nothing yet about the impact on performance.
You used to almost be forced to make a recovery CD or USB when encrypting a drive, now people don’t even know how ‘important’ the MS account actually is.
Thanks for making me laugh. It’s been a while.
That’s what the online MS account is for - your BitLocker encryption key is stored on your account that you can access from any web browser.
Windows is ransomware now
Nailed it, that is how ransomware works.
in Italian gangster voice “Hey Buddy, give me your information, fair price for security, eh?, What? Do you not trust me? Buddy, you may lose your information, we wouldn’t want that, right?, just make an account I’ll handle the rest”
I saw this problem coming a mile away
Must have been a massive monitor.
I had a stroke reading the thread title.
The lost data is appearing inThe lost data is appearing in this thread.
It has too much data
new form of encryption just dropped
@moe90@feddit.nl clearly doesn’t give a shit. They’re a serial poster.
lol @moe90@feddit.nl posted and logged off, they have a life! (I gotchu moe)
Mod coulda fixed fix huh or maybe that’s dangerous
.
Fix that title gore please
Windows 11 users reportedly losing data due to Microsoft’s forcedWindows 11 users reportedly losing data due to Microsoft’s forced BitLocker encryptionTagging OP @moe90@feddit.nl until they quit being a lazy bitch and actually fix their title.
I mean, it’s kind of not incorrect:
ShitLocker
I’m in favor of a heavy handed push towards encryption, I think most people don’t realize how important this is (now more than ever), but windows should be guiding and educating on this not requiring, and it should have absolutely nothing to do with an email address or online account.
On a home PC, what for? The only data that really matters to be encrypted is my keepass database file. Giving the option is fine but I don’t think it should done without asking the user to choose.
That’s what I said.
Im unfortunate to live in a country where the police can now quite easily enter a residents home and take their computer and use any data on it against them. Encryption can at least slow their nefarious efforts. I think most people should utilize encryption.
I live in one where refusing to decrypt it for them results in a 2 year prison sentence.
And yes, if you forget you will still be charged.
All of the data I actually care about is stored on a NAS and backed up in triplicate. The only data actually on my PC are program files.
I can’t access my home server at all right now. I needed a distraction from all the bullshit in the world so I intentionally made it unstable so I would always have a puzzle to solve. I have a backup but I only use it when the puzzle breaks. That’s the rule I made for myself.
This distraction certainly delivers.
It tech here. Yup sure does. For enterprise customers it gets saved in active directory anyway. But for home users, no way. For new devices I always create a local account and turn off bitlocker if it happens to be enabled. Most people don’t remember their email password, some don’t even remember their email address. So many times I’ve had to remove the drive of a dead PC or laptop and copy all their files off of it, because people just don’t make backups. But already happenend a few times now that a private customer got suckered into making a Microsoft account by one of those full screen pop ups. Probably set it up with an E-Mail some relative of theirs created just so they can download stuff of their Phones App store. And all their stuff just gets automatically encrypted. Bye Bye all the photos you had taken for the last 10 years. Thanks Microsoft.
Why isn’t this a thing for me? Because I skipped MS account creation? So many Win11 issues I read about on here and I get almost none with my vanilla ISO install.
Maybe it’s a home vs. pro thing? On the pro version you don’t even to do any trickery in the command prompt or the registry. You just choose “join a domain”, create a local account. You don’t actually have to join a domain.
I just got bit in the ass by bitlocker when my laptop motherboard died. I had to do the unsafe bootloader hack to get back into the drive.
I didn’t expect Windows to become THAT shit. Well it’s good for Linux I guess.
HEY, @moe90@feddit.nl
FIX YOUR FUCKING TITLE lazy ass
don’t you mean, “FIX YOUR FUCKING TITLEFIX YOUR TITLE FUCKING lazy ass”
😂😂
Dude has a stutter be cool
Something broke.
I blame bitlocker.
I’ve decided to switch to Linux come october. I have some reasons I wanna wait as long as I can, but come october I’m leaving Windows behind.
Get started early so you have time to acclimate and address issues. You are going to hate it if you urgently need your computer for something and something unexpected happens.
I’ve decided to switch my gaming PC to Linux…a few weeks ago.
No ragrets. My games run faster, I no longer need extra shit to make Windows work the way I want it to work, and I can remote into it however I want without running into artificial roadblocks.
If you’re new to Linux, I suggest at the very least starting to learn now. If you have a spare device you can install it on, an old laptop or something, dual boot on your existing machine or use Virtualbox…Start learning now, while you still consider Windows an option.
My own journey to the Linux platform included several instances of the following scenario:
I need to get something done. It’s simple, in Windows 7 I know how to do it in seconds. It’s so simple that I don’t know the words for it, just the thing to click to do it. But it doesn’t work that way in Linux, even the vocabulary is different, and you need this done right now because you’re working on something and you don’t have time to stop and learn this right now.
Boot into Windows, get your job done and turned in. Then look up how to do it in Linux later. Eventually you stop hitting that wall.
You’ve decided you have seven months. I’d get to it.
When are stockholders going to realize that the current Microsoft CEO is ruining Windows?
Kinda joking because in many ways windows is better than ever… but also making windows have non starter features enhances Linux adoption soooo
Better than ever? What? Bloated than ever maybe.
Better than ever in base usability as an operating system for the average person. And you can run wsl2 and have a full Linux environment too. It’s as close to a macOS user friendly experience as it has ever been without losing the windows identity.
Okay, I’ll give you wsl2, and the “average user experience” being better, but Windows is losing its identity with the IT and customization front. For both destroying the win32 control panel and locking down the shell so you can no longer customize it.
Somewhat ironically OSX recently added widgets to the desktop. Something Microsoft did years ago, removed it for no reason, and then added a flyout to tick almost the same check boxes.
As for me, the spike in resource usage and over saturation of “AI” was enough for me to decide to jump ship.
I’m currently attempting to daily drive Manjaro so maybe my opinion will change, but so far, it feels like home.
Oh yeah some of the bloat is terrible and I wish the ai stuff came off by default but a lot of the issues can be handled with Chris Titus script. But to me win 11 with some tweaks feels better than anything since xp and I know I have rose tinted glasses on xp.
It seems like a buggy mess to me.
I’m getting daily or near daily BSODs since switch back from Debian. I was okay with Vista and 8, and maybe I’m just getting crankier as I get older, but I definitely am not a fan of the current direction Windows is taking.
It’s valid to feel disappointed. Windows 7 was really stable.
My work still has a windows 7 machine with an uptime of something like 12 years.
Windows 7 will idle in the low megabytes. But why does 11 want to use 6-8 Gigs on idle for no good reason?
And it’s not like there’s that much difference between the two operating systems. One is just loaded up with electron wrappers and spyware
Windows can’t be updated in any meaningful way without being rebooted because Windows can’t overwrite a file that is in use. This makes it fairly unlikely for a machine to be up for 12 years.
Windows 7 also doesn’t “idle in the low MBs” It uses almost 1G at least at startup more if you have apps that auto start and like every OS it caches recently accessed files.
They know, read their yearly financial reports. They said for a decade that Windows is not only not profitable, there’s no future for it. Microsoft for several years now is a company that sells cloud and opensource services(Linux, Github, etc).
<img alt="" src="https://lemmy.world/pictrs/image/5dffba37-b4d0-4837-8673-2361eee1fb36.jpeg">
You can merge the choices and resolve the conflict: Microsoft users are dumb.
Found the Linux user.
Not Arc though, they would have said so
Maybe he uses a Mac?
(I use arch BTW)
No.
(I use Tumbleweed btw).
Clearly you’ve never used a Mac. It wasn’t until 2024 that you could snap windows, they have a built in dark mode but the word processor that ships with their computer requires you to use a dark page template if you want black background/white text, and lord forgive you if you want to take a screenshot.
I think the vibe is kind of “works for grandma out of the box“, “someone in the small-but-mighty dev community made an [open-source] app for that”
Yeah frustrates me too but seeing it as a kind of culture would probably help me be less frustrated
Then Apple gets tiny bits of occasional flak for Sherlocking
Apple is almost the tale of two companies.
From the software usability perspective, they have the “it just works” reputation and that might be true if you’re doing really basic stuff. I’ve found both windows and Linux to be much more user friendly if you want to do mildly advanced things.
Their hardware is generally pretty solid but comes at a premium, especially once you start talking about increasing RAM/SSD capacity. I have both a MacBook pro M3 pro and a Snapdragon X Elite Lenovo Yoga slim 7x. The 7x can give great battery life, but is much more inconsistent in doing so. On the other hand, the 7x has an amszing 3k OLED screen, has a removable m3 SSD, and you can upgrade to 32 GB of RAM for around $100.
What I find interesting is that a large swath of developers have macs. I get it for some use cases (ARM emulation on ARM vs doing it on x86), but it seems like it’s a bit of a status symbol for others.
Thanks?
The bot that posted this is not programmed to edit typos.
Really wish we didn’t have bots posting at all
really interesting to see that they have more posts than comments
I read the article but am not smarter than before. I heard some time ago that windows does encrypt the drive but you need an active online account and the key will be saved online. So do people forget their online passwords and methods to recover that said account? I dont like m$ and am using linux, but people loosing their passwords, being uninformed about their systems and dont so backups is not the direct fault of the operating system.
Bitlocker can be turned on without having an account on device iirc.
Correct, can be turned on and it will provide you the key to be saved as a file if I recall
I helped my sister deal with this. Bitlocker activated itself, the keys were in her account which she had access to. She had done everything properly but nothing worked to resolve it.
There’s countless forum posts on it since about 2021 if you go looking for it. None of the recovery processes worked so I reformatted and enabled bitlocker at the start. Next time I visit, she’s getting Linux Mint.
Fuck Microsoft. End users shouldn’t be expected to troubleshoot like that.
Is there a legit reason for this? Why can’t they just encrypt the data with the password used to access the online account?
Because then you can’t change your password. Since you would have to decrypt all the hard drives that use windows with that account, and then encrypt them again with the new one.
This also means that if you forget your password you are fucked.
Typically an actual key is effectively just a very long pseaudorandom binary blob and the passphrase is just used to unlock the actual key. This means you can add a new key just by encrypting the actual key with the new passphrase
Typically that is also the way you can use multiple accounts to unlock the same hard drive encryption. You just encrypt the actual key with each of the account passwords.
Just did a fresh win 11 install . In order to update bios before installing Linux. Refused to let me install without wifi but a quick googling and a command prompt later it was possible to work around easily
It seems like they just got locked out of their Microsoft account (which stores the bitlocker key). Idk why they can’t just reset their password or if this article talks about the times where people couldn’t do that due to missing email access or maybe resetting the password deletes the bitlocker keys?
Either way though, the problem is that Microsoft is forcing encryption on everyone and not properly educating them on the consequences like “Backup your decryption key if you care about the data” in a way a normal user actually listens to.
Setting up encryption has previously been an affirmative step wherein the user opted into being unable to access their data if they lose their password. Because of this users have the opportunity to back up their recovery key you know after they even learn what one is.
Having it happen on upgrade to an existing machine is inherently confusing and its easy to see how it could lead to data loss.
hearing about this was my final straw, thank god
I’m of the opinion that encryption based security should be compartmentalized. IE, an encrypted folder, or “safe” app. Safes in housing are already a concept that is already commonly known so it would be natural to extend a safe into the digital realm. This would also help in the idea that safes are locked with a key, so if the user loses their keys, whatever is inside the safe, might as well be lost.
Now if EVERYTHING is a safe, (always on encryption). People will never known the difference. Its a dangerous type of security that is likely to be more a loss than a benefit.
You are arguing for selective encryption, but I can’t really find any technical argument in your comment.
Whether we are speaking of encryption at transit or rest, there’s a general consensus that encrypting everything is best in every way except possibly performance for select cases.
For example, it allows hiding (meta)data about the really important bits, and with computers it’s really difficult to tell which bits of (meta)data could be combined to abuse. Tampering is a consideration as well.
For most folks they could just write down their encryption passphrase in a secure location with the rest of their papers since 99.9% of the risk is thieves stealing their laptops. For most folks the biggest secure item they have is the one they use constantly their browser and all the passwords it stores to all their services. You know the thing they use constantly.
A compartmentalized approach makes sense when the laptop contains really vulnerable data like laptops which have been stolen with bunches of client data on it or a journalists communication with confidential sources etc etc. In that case you STILL want to encrypt the whole thing but you want to separately encrypt the really important stuff with a different key so that every time you open your laptop to watch cat videos on youtube you aren’t also unlocking all the data you will have to tell your companies users you lost.
But, houses have locks on the doors. The whole point of the house is to be a safe for people. Security is all about the threat model, your risk assessment should inform the security measures that make sense in the security/convenience continuum. Not everyone will be equally well served by the exact same risk mitigation methods.
The point of whole disk encryption is to delay or nullify physical device control. If your disk is not encrypted, but you have a single encrypted file a bad actor wants to access. If they get physical control, then it is game over. They have all the time and power in the world to crack down that one file. Now, most people don’t have any one file(s) like that, but instead are worried about their private life in general. Without encryption, physical access to the device means total access to their entire life, the house had no locks and the thieves just waltzed in and took everything of value. Whole disk encryption is opting for a sturdier door, with better locks. Physical control is still bad, but access is orders of magnitude harder. Sure, if you lose the only key to your house, you better be prepared to break windows or walls to get in, but that is a user responsibility.
What a stinker of an OS. Linux never looked so good
Its why I switched to Linux.
We use Linux by the way.
But I use arch BTW
I’ve been a Linux user since 2010 and I’m glad I developed that skillset
Same. Except my first pc was running DOS on a black and amber CRT…so switching to Linux even part time in 2010 was pretty easy for me to wrap my head around in terms of CLI stuff.
<img alt="" src="https://lemmy.world/pictrs/image/37a42f6c-6d83-4c27-a607-baafe5329387.gif">
That’s extraordinary, even for Microsoft.
If you’re on Win 11 Pro, up to 23H2, follow these steps to prevent 24H2:
win+R, type GPEDIT.MSC, press enter Locate “Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Update\Select the target feature update version”
Now click the “Enabled” button, type “Windows 11” in the first prompt and “23H2” in the second prompt and click “Apply”
That will prevent 24H2 from being downloaded and installed. When they’ve fixed this and the “Recall” mess, you can go back and undo the setting.
You can still do the “bypassnro” thing, it’s just a script that’s been removed. All it did was write a registry entry and reboot. This is the registry key entry - you can still press shift-F10 at the same point and type this manually:
another method to try is this, instead of the registry entry:
start ms-cxh:localonlybut I haven’t tried that one yet.
I love how Windows fix has terminal and GUI configurations mixed as an unholy concoction directly from the HQ.
I’ve fixed it by axing my bitlocker encrypted partition that contained my Pro version OS and just installed arch.
Windows is malware.
I remember when Linux users used to say that, but it turns out they were right.
I’m glad I leaved that cursed OS behind.
I am LITERALLY in the process of migrating my servers to my new NixOS server after months of prep work. This couldn’t have been more timely lol Funniest part is, I just did my own TPM based encryption on my drives.
SERVERS???
Just one server, but multiple “services” (i.e. Jellyfin, Minecraft, Discord bots, Wordpress, etc). Server is kind of a misnomer there
If they are still using windows, their privacy and data safety was never of importance to them, anyway.
Or just get the data back from the backups they made.
Data privacy != Documents/data on hard disk
If I have documents on my harddisk, they are private. If a windows 11 user has documents on their harddisk, they are not.
What do you smoke exactly?
I did not invent “recall”.
Your title is borked. Maybe edit that
It’s duplicated in case half of it is lost to Bitlocker
!titlegore
Since when is Bitlocker required? None of my files are encrypted, and I’ve been using 11 since it came out.
Bitlocker encrypts your drive, not single files. Once the computer is booted up, it’s completely transparent to the user.
But my PC doesn’t even have a password. So how can my files be encrypted? I thought a password was manditory for file encryption to work.
You probably haven’t activate Bitlocker. Up until now it was optional with Windows. I would argue it isn’t necessary for a desktop computer at home, but you should seriously consider activating disk encryption for a laptop.
TPM keys, and without your knowledge
Every retail PC I’ve seen with win11 has bitlocker enabled. Screwed one over as they forgot their password…
Did you use Rufus? You can bypass Bitlocker. Or your machine does not have TPM 2.0 (which you can also bypass)…?
Yeah I used Rufus. Always do for every OS install. Explains it lol
It automatically encrypts the drive only if admin has a Microsoft account (to backup the key on their cloud servers for easier
LEO accessdata recovery) and the PC is a prebuiltIf one of the condition is not met, the automatic ransomware isn’t enabled
I had a small Win11 machine that I now have Ubuntu on. Win11 wouldn’t let me use the whole disk because of the BitLocker bullshit. I had to dig through the menus and disable it then wait hours for it to finish decrypting. Fuck Microsoft. I’m proud to say me and my GF dont have a single Microsoft product in our home, and I’m keeping that way.
Why couldn’t you just format the entire drive with the linux installer?
I could only format the free space not used by the windows partition.
where_steamos_orang.jpeg
They’re making an increasingly compelling case for me to switch to Linux.
Yes! This happened to me when I turned off the ‘safe boot’ on a laptop via BIOS. It locked me out but I had never agreed to install Bitlocker in the first place, let alone know what key I was supposed to have. It was a total loss & I had to wipe the drive.
MS is hot trash.
The decryption key is saved in the Microsoft account, the error message explains that
I also almost got a panic attack when my Lenovo updated the bios and i was locked out
This is already looking like Microsuck is asking for a Windows 11/BitLocker based Class Action Lawsuit against them for this data lose blunder, and hopefully get their currently CEO fired.