"Thank you for calling Microsoft support. Oh it looks like your running a cracked version of Windows 11. We will provide you your Bitlocker key once we receive payment for a new Windows 11 license".
more reason to stay in win 10 or switch to linux.... looks like the brainrot from Xbox is already showing its effect in windows proper. we all know management got brainrot due to corporate greed. the only thing missing is that these corporate overlords send armed merc to take US users out if we ever rebel.
You lose data cause your operating system breaks. I lose data because i run rm -rf * in the wrong directory and delete my home folder. We are not the same.
Rest assured all these degen tech channels were likely complaining about security on Windows yesterday but now all the sudden since Microsoft is highly encouraging disk encryption somehow that's a bad thing... Smh lol
I seem to remember you are not allowed to save the recovery file to the same disk that you are encrypting. It's actually pretty infuriating if you know what you are doing, since the most practical solution is usually to save it to the cloud - yet you cannot save it to your synced Onedrive or Dropbox folders since those are located on your disk.
@@justsomeguy5103 that does sound like something MSFT should fix (if not already done). There are a couple of obvious options: Allow saving to the cloud drive's cache then ensure a successful sync. Offer an option to connect directly to the drive via its REST API (I'm kinda confident they all have one/ & upload it. Of course if you're *not* using a local user account, you will have a Microsoft Account, so in that scenario it would be better to a) guide the user "hey, it's stored *here* on *this* account" and b) send that same guidance as an email to that user account.
We are living in a world where companies can slowly decide that you don’t own your OWN data ON your OWN drive. I hope this sparks big outrage when this update comes out.
@@edwardmacnab354 and what will Europe do? Sue Microsoft into oblivion? At best, they will FINE Microsoft - and that will be it. Because as things stand, Europe has no tech corporations (i don´t count Philips, which is on a crash course) and no OS developers either. All they can pick from is Windows, Apple or Linux... and i can´t really imagine billions of Windows users migrating onto Linux. Europe right now is standing on shaky car industry legs, once any of those legs will break, whole Europe will follow suit.
Bitlocker horrors: -migrating hyper-v machines. you WILL be lockout out of your machine once you import that vm elsewhere. -password rejected for old drive with previous bitlocker versions -motherboard died, password and recovery key refused on the new MB because TPM mismatch
@@toastdc 90% or more Windows users do not know anything technical about their OS, they just want the device to work. These users are the same people who are likely to lose data because they don't understand any of this. File Encryption is not needed by the majority of Windows Users.
I once had an issue where something went wrong with my USB drive's controller, and it was *crashing any Windows system* when attempting to mount it. Yes, specifically Windows. When I opened it on Linux, it worked fine. If that was full-volume-encrypted, I would have been screwed.
Windows 95/98/2000 - useful Windows XP/Vista/7 - useful and beautiful Windows 8/8.1/10 - spyware Windows 11 (mid) - adware Windows 11 (now) - ransomware
7:48 had a girl come in at the office, her computer got stuck on an update and started bootlooping, she had an important document on her desktop that she couldn't access and had to send later in the afternoon to her experts for her final exams she was sitting next to me crying while i was doing stuff trying to access the drive and recover her document, ive never felt so stressed ever before took us like 3h but we found the decryption key and could recover the data, never seen a more relieved person in my life
@@Cyba_IT person installed their system with a microsoft account, which automatically enabled bitlocker we were able to get the password to that account with a recovery email, then log in the Microsoft website thing to find their decryption key we booted a 3rd party liveboot windows recovery environment (hirens boot) and opened the drive from here we then saved all the files in the desktop, documents and onedrive directories to an external ssd and they were succesfully able to send their documents to their experts
@@kriegnes If you're dumb enough to lose your data because of BitLocker, you probably deserve it. Simple as that. Calling BitLocker useless or blaming Microsoft for it is just ignorant. Proper data management is a personal responsibility.
The key is stored in the TPM module and is very easy to read out. As long as it boots, you can always grab the key. If you discover this after you already trashed the motherboard, you're out of luck, of course.
@@RealNovgorodLmao that comment of yours aged so badly considering that right in late July a windows bug appeared where Windows would ask for you to insert the bitlocker key after every reboot
The real thing nobody's talking about is: If Microsoft is enabling Bitlocker by default for everyone … you can bet your left nut that Bitlocker has been systematically broken.
Windows technical support are outsourced overseas. In their training, they told the agents Bitlocker is basically not from Windows but from the Motherboard. Yes, the damn mf motherboard. I don't know whether to laugh or frightened. ☠️
Bit locker is from MS, but the keys to unlock it are stored on the tpm chip on the MB. If the chip fails, you better hope you wrote down or stored your recovery key somewhere because you are NOT getting in.
The video you just watched is partly wrong. He didn't do his 10 sec due diligence: "On supported devices running Windows 10 or newer BitLocker will automatically be turned on the first time you sign into a personal Microsoft account or your work or school account." It only was tangentially related to 24H2. It's been like this for years. And if you don't use an MS account, it's disabled by default. Only when you do a fresh install of 24H2 will it force device encryption, and only on HE, not on Pro, where you can use a local account instead. MS is just catching up to Android and iOS. This gives you back control on your own data, not the FBI, or any agency, criminally or legally.
I just had to change a bios setting to make it compatible. I think it is literally a motherboard thing that supports this disk encryption thing that I had to activate.
yeah I've decided it's a ruse to push a broken middle class to spend their last $$ on a new laptop. I have an old Alienware laptop but it had the best specs available in 2016, so now it's still running good even for gaming. But my motherboard is locked out for Win11.
They sat on a MASSIVE exchange 0-day for 3 months, including customers who pay $5000/mo from microsoft to get updates before patch tuesday. Just to be told "Well you wouldnt be in this mess if you just went to 365, we patched it there 3 months ago.." This is absolutely a sales tactic. Looking at Bazzite as a replacement for my windows gaming system at this point.
This article is not entirely correct. Windows has two versions of encryption: - Device Encryption - BitLocker Device Encryption is available on any version of Windows as long as the device supports it. Most laptops support Device Encryption, most desktops do not. BitLocker is only available on Windows Pro and above. The vast majority of Windows users do NOT support BitLocker. Going forward, let's not confuse Device Encryption and BitLocker. Device Encryption is automatically initialized on all eligible devices, at least for all Windows 10 builds from the last 4 years. If you setup a local account then Device Encryption will never encrypt the drive: Device Encryption is initialized but will not encrypt the drive unless you sign into a Microsoft Account. Because the encryption key is stored in your Microsoft Account, there is always a way to recover the key. To enable BitLocker, you have to go through a setup wizard that gives you multiple options to backup your key in addition to backing it up to your Microsoft account. Also recall that Windows Home does not have BitLocker so most users can't even use BitLocker. I'm not sure why this is an article now...Device Encryption has been pre-inititialized for at least the last 4 years. I think the issue is that people are confusing BitLocker and Device Encryption. Lots of misinformation is being spread about encryption because of these articles.
Yep, and add to this that Android has used a fully encrypted data partition for years too. If anything, it's Linux centric channels pushing this misinformed narrative, when it's desktop Linux distros that are behind the curve with encryption by default.
BitLocker comes enabled when you buy an HP VIctus with Windows 11 from BestBuy, it was a real pain upgrading from the 500g SSD to the 2Tb SSD, I did not run any set up wizards, I upgraded the SSD within a month of purchasing the laptop, I was required to get the stupid key from my Microsoft account.
Maybe blame Microsoft at least partially for this. They don't commuincate stuff like this and are known to pull various nefarious crap on a regular basis.
The biggest reason I noticed bitlocker is such an common issue on the more recent Windows 10/11 builds is if you EVEN sign in with a Microsoft account on Edge or Chrome it will automatically turn on bitlocker and not tell you a damn thing about it. I tested this theory on my personal machines and yep it explained why all our college student customers didn’t know they had a Microsoft account because the college doesn’t disclose their University email is Microsoft based (Common sense to a tech savvy person). So they would sign in on a browser and it’d migrate that machine’s bitlocker key to that University account. Even worse when they’re no longer a student and the email account is deleted after a set amount of time by the University so you can’t recover the Key. Microsoft is great…
I know you are wrong since I have Windows 11 Pro and BitLocker does not activate by itself . Only corporate laptops will do that when connecting to the corporate network because of the corporate policies and it will prompt you for this.
windows vista wasn't that bad actually. it was literally windows 7 but the drivers were bad on release and it had some relatively minor differences to 7
Vista wasn't bad from an end user perspective. Seven was what vista was supposed to be. 8 and 8.1 were a joke. 10 was a polished 7, and I only use 11 if it's required by clients. Windows is good for gaming machines, and DEI developers.
Vista was good once you got it on a computer with 2 gigs of ram. Microsoft actually ran a blind test back in the day where they debadged the os and had groups of people test out the "next operating system" and most people actually liked it and found it very easy to use. Thats how bad the pr was for vista between all the nerds telling everyone vista sucked and hp, dell, gateway, ect insisting on building computers with vista that only had 512mb of ram most people ether completely avoided it or tried the aborted fetus version that is a vista basic machine with 512mb of ram then downgraded to xp.
@@SaanMigwell>8.1 were a joke What's wrong with the 8.1? This is absolutely the same as 7, but much better optimized and can even run on a laptop from 2006. The only thing that needed to be done there was to enable the classic menu in the settings
Do yourself a solid right now if you're running windows: 1. Open an administrator command prompt 2. Run the following: "manage-bde -protectors C: -get" 3. document that shit (on paper) so you don't get got by windows 11 As long as you aren't signed into your microsoft account, and are using a local account on the PC, your recovery key ***shouldn't*** be in microsoft's possession Love your content, Mr. Outlaw. Keep it coming.
omg I just discovered encryption has been on I have a product key ,when I signed into my ms account, I never did this myself, I am aware of how annoying bitlocker can be for a causal user.
or Simply use Local Account, as i saw that prevent encryption. not sure if this really confirmed.
6 місяців тому
I would say this is only advisable for a threat model where your notebook is stolen at some public place and you keep your recovery key at home. If the threat model includes someone breaking into your house to steal your device, they might as well steal your paper with the key on it so I wouldn't have it printed out or written down at all in that scenario.
As an IT tech I can already tell you Microsoft is gonna walk this back after the hundreds of calls from Grandma and Grandpa asking “WHY MY GOSH DARN PICTURE BOX ASKING FOR A KEY TO A BIT OF A LOCKER?!?!?”
This happened to my sister. The hard drive broke, and we had to use the bitlocker key to unlock it,even though we NEVER activated it! Turns out it was on by default. But because I installed her windows without a Microsoft account, it was NEVER said to me that bitlocker was on and that I should save the key ANYWHERE, and it didn't get saved in the Microsoft account, well because there wasn't one. She lost every file on there at a a point where it was really really needed...
If the data is worth $50, it should be in an external hard drive. if its worth $100, it should be on tape. If its worth $500, it should be on three tapes, in three different places. If its worth $1,000 - three different tapes in three different countries. And the tapes should be backed up using GFS rotation. My mum learned this in 1968 (when the dollar was actually worth something). Don' t they teach you anything in school these days?
It is supposed to only encrypt when you log into a ms account, it is also supposed to encrypt C: only. Instead, it encrypts everything anyway, and does it to all internal drives, including non os. They assume you are not bypassing the ms account requirement and activate encryption anyway, because if you were a good boy and did it legit, you would have the key on the account. So you bypassed it? Well that's too bad. They won't care.
@@andrewgrillet5835 Sooo you're saying ordinary users MUST be experienced sysadmins. Ordinary users are NOT that. They don't have reason to understand these things, until it's way too late.
If you think this is bad, just imagine my face when I discovered that Windows lterally uploads the Bitlock decryption key to your Microsoft account in the cloud by default in case you lock yourself out of your computer... which completely defeats the point of full disk encryption.
That trailing "lmao" gives it away, even to non-techies. This is literally breaching. The point of securing your local data is to locally secure your data. On secure boot-capable machines, this key will be stored on the TPM, which is definitely not easy to access even physically. But now, your key is basically stored on someone else's machine, who now has by all means, access to your data. And because BitLocker is proprietary to Microsoft, this data is most likely accessible remotely. This is no longer spying, it's outright theft.
They don't. But the thief doesn't matter when the company serving the account is the real thief, especially if you live in the US where big tech companies basically hand over user data to the government on demand. Edit : Had to remove source link from my comment because youtube kept deleting it. How strange...
Have been posting the same reply exactly 10 times. Every single time it has been deleted by youtube. Now that's freedom and caring for users! Edit : Comment seems to have survived Big Brother, so here's the original : "They don't. But the thief doesn't matter when the company serving the account is the real thief, especially if you live in the US where big tech companies basically hand over user data to the government on demand."
@@RoeiCohen I'm thinking that's probably a necessity. Gpu and some other hardware in a vm is hit or miss depending on the hardware, driver support, etc.
Ugh Microsoft WHY!? As someone that used to work on repair computers as a job, Recovering data was one of the things I did most. People are going to lose data over this, and there's going to be tears over this. Its wasn't unusual I'll get people who just want to recover photos from a family members computer that has recently died! I'm seriously thinking about going over to my family's house and stealth installed Linux on their computers and put a skin over it to make it look like windows, then just setup the router to let me ssh into those computers so I can maintain them. I doubt they would ever know, as only thing they ever do pretty much is open a web browser and print.
I just stealth disabled all updates for windows 10! No force install on our computer! Remember to backup important files to an external hdd or DVD-RAM!
@danielhalachev4714 The definition of back door: A secret way to take control of a computer. I never doubted the security of SSH. However it does have vulnerabilities, but that’s not what my point was. This is a breach of trust & privacy. You have no right. Even if you asked them and they’re tech illiterate, they don’t understand what they’re getting into, undermining their consent.
@@smallcube-zn2mm Well, most games (if they don't need to modify the Window$ kernel for anticheat, which I find is a bit too invasive anyways) run perfectly fine under Proton (Steam's WINE-based Window$ compatibility layer). And you can add whatever game you want to Steam as a non-steam game if they don't have it in their library. Just click the little plus in the bottom left of the Library view in Steam and add the game and enable Proton use in the steam settings for the game entry.
This would be concerning and I wouldn't put it pass them to do something like that. But if you put a door in for one person, well then the whole party is going to enter through it. 🤦♂️
When I bought my laptop, it had Windows 11 installed by default. First thing I did, was I switched it to Windows 10. I am validated on that decision every day.
Make sure to disable TPM then, otherwise you might automatically be "upgraded" back to Windows 11 one day. Happened to a friend of mine! I switched to Linux four weeks ago and my decision is validated every day. Linux will never update or replace itself with another OS without my knowledge and consent. I recommend Ubuntu, because it's the most widely supported distro and has sheer endless beginner-friendly resources online to help you get used to the new system. I choose the Kubuntu flavor , which is the official Ubuntu, but with KDE, a Windows-like desktop environment, pre-installed instead of the standard Gnome desktop, which is a bit different. Setting up all the important things (including printer and NAS connections) only took me a couple hours over two evenings and after that, I began exploring the vast customization options and testing/playing old disc-based games that were impossible to run on Windows 10 due to unsupported DRM in Lutris, with varying success (some ran right away, some after a bit of tweaking, some still don't). Both of these are things I really enjoyed playing around with as a teenager on Windows 7, but became either extremely frustrating or downright impossible on Windows 10, so switching to Linux not only freed me from Microsoft's infuriating BS, but it even revived my old passion for tinkering with PCs! ❤️👍
@@quantummelody2959I searched up "Windows 10 install" on Google, and downloaded off the official Microsoft website. After that, find the program and run it. It'll give the rest of your instructions. Be warned, though, that the install WILL take at least a couple hours, and I don't know how it'll handle any other programs you may have installed.
When I was working with an MSP we had bit locker on all devices. Some smart cookie who setup our remote management solution made the remote management service capture the bit locker key every time it was setup. Saved our asses hundreds of times
This is how we did it too, even when using it personally you can just either print the key and put it in a safe or throw it in your password manager. I don't see how this is any different to ios/android enforcing device encryption, but they should put in a box where to user needs to type I AGREE THAT I RECORDED MY KEY AND CAN LOSE DATA IF I DIDN'T before leaving the key screen just to hammer it home that it's important to record.
As someone who works in IT, bitlocker sucks to deal with. Atleast for my job, stuff it automated where we have these keys in a database... except when it isnt there. When I hear bitlocker, I always bring the key and a fresh cmos battery since 9 out of 10 times, its an issue with TPM being disabled from a dead battery.
But it's not bitlocker problem. We have bitlocker and firevault enforced in company. You just have to implement simple monitoring tool to check for existence of keys, and that is. And almost for any company that works with private data, the hustle worth it
If Windows honestly just gave people an encryption key with their Win11 install, it'd be seen as a "physical key to unlock your copy of windows". It's what I did back in win7 and I actually enjoyed Bitlocker. But to make it mandatory, basically holding people's pcs like ransomware is dystopian as hell. I hate that I'm on Win11, but I don't like linux's interface even with distros like Ubuntu and Mint. I just want Windows 7 but with modern applications and without the dystopian stuff that comes with it.
The interface is pre installed with a os but can be changed its a so called window mansger if you want something reliable, clean and similar try xfce, xubuntu is a ubuntj fork and is optimized for it if you wanna customize more you may wanna get into arch or debian
I mean you can probably make linux UI look like pretty much anything you want if you got the skills. My vm linux looks like windows 95, its kinda funny, wasn't too hard to setup either, and i think i mightve seen some windows 7/10 lookalike desktops.
What Linux interface do you dislike? There are dozens of different desktop environments and tiling window managers to choose from, it's hard to imagine anyone wouldn't find one they like!
huh, its almost like they have a certain mentality that rossmen mentions... not saying the word because im sure that will cause yt to yeet the comment.
It matches ransomware in all criteria but one: charging money to unlock it! Just wait until Windows becomes a subscription software (already announced) and your Microsoft online account becomes tied to that subscription (because why shouldn't it be, if you can't use Windows without Microsoft online account anyway?). Then it'll literally match ALL criteria of ransomware! 🥶
If Microsoft really wanted to do encryption by default - honestly not the worst idea - it should ideally only encrypt the user directory, so that a tech support person can still resolve OS issues without the key.
There is such a thing; it's called Encrypting File System. Problem is, if you reset your local account password the key gets nuked and you lose everything in that folder.
As if everyone keeps their pictures, movies and documents in their users folder. I only have one user on my pc at home and I'm the only one using that computer. I have all my pictures and such located on my D drive. I worked like this back in my Amiga days and I keep doing it this way. I want to store my documents where I want, not where Microsoft expects me to store them. So only protecting the users folder isn't going to help to keep my files from being stolen. On the other hand, I don't see a burglar enter my home, open my pc and take my harddrive to steal my pictures, movies and cnc files. I can't imagine why nothing is being done to stop Microsoft from enforcing all this nonsense upon every user in the world. Such things should stay optional.
@@powerpc6037 you are not the average computer user, obviously. The solution I'm talking about is not targeted at you. My comment is about how BitLocker is overkill for 99% of Windows users who store all their files in a disorganized mess on their Desktop.
That's how Apple OS X FileVault worked, but now the new thing is everything is encrypted, even if you don't want it, so that your operating system and personal files can't be read by anybody except the government.
@@powerpc6037Nothing is being done because Microsoft is just following. Stopping must start with Google and Apple. All of this is stuff on which Microsoft is about a decade behind those two.
10ys ago my friend lost 500GB of personal data stored on the encrypted D: partition because the C: partition (where bitlocker stored the key file) was endamaged, he had to reinstall Windows and found no solution to recover the data from encrypted partition. Now when I create a bootable USB with rufus, I always enable the option to disable bitlocker, it can be enabled later if needed.
Why was your friend using a Business/Ultimate edition of Windows 10 years ago and enabling an encryption feature that wasn't even prompted at the time?
@@tunisiantalents I meant he used "Windows, 10 years ago", not "Windows 10, years ago". But still, he used a feature reserved professional users that is not recommended for casual users by Microsoft without reading up on how to secure his data? That's not Microsoft's fault, dumb users will always find ways to hurt themselves
This happened to me also a few years ago. Spent days trying to recover before I called in experts. They said it was a lost cause, give up. I really despise these systems to “protect” users.
It already does this by default. We usually get at least one bitlocked system a week. Most users end up needing to reset their forgotten MS account password, but we can eventually recover the key. But every few times we get people that only had a local account and had device encryption added anyway. It’s never fun to realize that and tell them there’s no way to recover the data
Yep, happened to me on my win10 laptop months ago, never even knew that bitlocker existed yet there's the blue screen, luckily I've got my Microsoft account on my phone
this is in fact mostly an OEM issue. They (laptop vendors) set policies in the BIOS to enable BitLocker by default. This is especially bad on W11 machines, when you set up a local account, chances are - after the next BIOS update your OS will ask for a recovery key which you were never able to save, it's not saved in your MS account either since you didn't set it up and that is gg for your data. Had noticed this on some customers machines, truly awful.
@@PvtAnonymous not an OEM issue. My laptop is from 2021 and had none of this shit enabled from the OEM. It came pre deployed with 21H2 (updated to 22H2 same day because I bought it in jan 2023) and didn't have any encryption. But after I did a full windows 11 reinstall (from the windows settings interface) on july 2023, I noticed it installed 22H2 latest version from the get go, and enabled drive encryption. It's somewhere down the line of 22H2 that the setting is auto enabled. Sure, every OEM bought after July 2023 will have this, but it's not the OEM. It's Microsoft.
@@charginginprogresss it is an OEM issue. Certain vendors enable it, others don't. I worked at a repair store where we had to deal with this constantly, Lenovo is one of the worst offenders in that regard.
@@qlippoth13 Good quote! His vaccines do a great job already! Remember how hot weather leads to strokes? Me neither! He adviced to "Prepare for the next one [...] that will get attention this time!" 😵💫☠
Heh... at least at one time you had to have the account password to boot safe mode, not just the PIN. Also you can't run command prompt or system restore in the local recovery environment without the password. So I would call someone and ask for the "real" password and they would tell me that the (PIN) is the only thing they ever used. Then I would ask about the Microsoft account. They would say "huh??" I would say, you created a PIN on this computer, that means there is a Microsoft account. "OH....." (And yes I know you can do things to activate the local administrator and bypass these restrictions, but I want to emphasize to people that they need to keep track of their info!)
I find it really wholesome how you make a point that this stuff is important for people to remember. I'm not the person you helped, but regardless, thank you for being thoughtful!
The easy thing for Microsoft to do would be to make the default recovery key the same password that you use to log in to your computer. Since this Password is needed every time you boot the Computer every user should have remembered it. And for professionals just offer the option to generate a random safe password like the one shown in the video.
Or Make it so if you DONT want it To completely make it REMOVABLE in the Install. "Use Bitlocker" or "No Bitlocker inlcuded" would be the better option.
It's supposed to be the last saving grace, when something about the usual unlocking process goes wrong or when the hardware is changed. Like if you set up Bitlocker to use a password in the first place, and type it in wrong to many times, it will ask for the recovery key instead. That's why it's generated and not chosen by the user (as they tend to create crappy passwords) it's sort of a master key.
I found that when people by new PCs, Encryption is already active on the installed system-and Windows is not: “Oh, you've just created your account, so you should save your recovery key“, no, many people don't even know that it’s active already. They just want to push a lot harder for people to have this Microsoft Account. (Had also a colleague, where the recovery key WASN’T saved in the microsoft account.)
Not sure how it is now in Linux but my experience with full disk encryption there has been, that I get a password prompt everytime at boot and this prompt doesn't even use my keyboard layout so I was unable to type my password and had to reinstall...
@@Rastafaustian I think it was Manjaro and about a few years ago. How is it on other distros? I would not want to use it if it still had the prompt on every boot.
@@RealFlicke The prompt on boot never really bothered me, but it looks like auto-decrypt can be set up. Not sure if there are any distros that operate this way by default, but here is an ai generated answer from Brave Search. (do your own research if you plan on trying this) Method 1: Using LUKS and Clevis Ensure you have LUKS installed and configured on your system. You can check if LUKS is installed by running the command blkid and looking for the LUKS keyword. Install Clevis, a tool that allows you to generate and store decryption secrets in a TPM2 chip. You can install Clevis using the package manager of your Linux distribution. Configure Clevis to store the decryption secret in the TPM2 chip. This will require you to generate a new decryption secret using the clevis generate command. Configure the system to automatically decrypt the LUKS partition at boot time using the clevis configure command.
Tip for Beginner Linux users. Almost every distro (Ubuntu, Zorin, Fedora) has almost every desktop environment (KDE, Gnome, XFCE). If you don't like how it looks, you can change without changing distro. I personally recommend Linux Mint (Cinnamon) or Kubuntu (similar to Steam Deck OS) for newbies. For games, Steam can play almost everything. Istall Steam using terminal or your distro's store app. Change compatibility to proton to play Window games. And you can add non-Steam games (eg. Blizzard, EA) to your library, Steam will also try to use proton to run it too.
I'm looking to switch to Linux for my new gaming pc when I'm done with it (bit of a late-stage change considering I went for Nvidia. They've been improving, at least). Heard Mint was great. However, I heard Kubuntu was an upgrade for people who outgrew it, but still wanted a beginner-friendly distro. So I plan to go with that to dive in without drowning. I knew about most of these things because I've been looking into it. I didn't know that by adding non-steam games to my library it'd try to run them through proton. I'll need to keep that in mind. Is there a good resource for command line stuff and what it does? I keep seeing command line stuff pop up for things, but I don't know what they do or where to start looking.
@@TwistedChaos4428 I would recommend Fedora. Fedora 40 comes with a very new kernel, which will help improve performance in games. Linux Mint is stable but if I recall runs on the 6.1 kernel.
Data Recovery engineer here: I would say about 30-40% of cases where a drive comes in with BL encryption, we hit this same issue and those poor souls are SOL. Sometimes they can send in their whole laptop and their TPM will unlock it, but anyone who's PC/Laptop was damaged or destroyed are screwed out of their data. Enabling encryption by default for the base consumer is a nightmare
I did 10+ years of technical support for a major ISP and we occasionally got someone calling, usually elderly or particularly non-tech-savvy, whose computer had some sort of problem causing it to come to the infamous enter Bitlocker Pin screen. There were a few of them who said they had even called their PC's tech support and been told to go online to find the pin and when the PC tech support person deemed that the poor soul couldn't get online they determined it was not their issue and was instead our companies issue lmao
If they can not get online, assuming they have another device to do so, that sounds like an ISP issue. You don't need to help them recover their account or bitlocker pin on the MS account. Just verify connectivity up to the demarc point and move on. My company was responsible for troubleshooting our software and services. We helped troubleshoot printers, OS issues, WAN, and LAN to a limited extent as far as making our product work, but if the issue was more complex in regards to the printer or connectivity, we referred them to their printer’s support/their ISP/their IT team and asked them to call us back afterwards to continue helping them with the software or services portion. It sucks. We want to help those people, especially the elderly and less tech literate, but there is only so much we can do, or at least verify within our scope. Plus, caregiver syndrome will burn you out quick. Don't fall into that trap.
Tell me about it lol... I can't even get my mother to learn a smartphone. I showed her how to delete her call log 15 times already and she still asks me how... She has messed up her computer more times than I can count.
Is Microsoft actively trying to reduce their install base over time? I'm perplexed at the decisions made especially over the last 5 years and for anyone who just needs a computer for internet and office applications then there are a number of Linux distros that are easy enough to get running with.
It's far worse than it seems. In case of the home version, drive gets automatically encrypted, but you can't finish the encryption process without logging into the MS account. Without the MS account you can't, by any means possible, export the generated recovery key, even with the CLI tool. So your drive is encrypted, but there's no way to decrypt it with key. You can - fortunately - decrypt the drive without it if you can boot into Windows.
I've run into something like this; bought a used laptop which had been wiped / clean install done on it. I noticed the entire windows partition shows as encrypted in my linux disk manager, though I've no idea what the key is. Imagine I'd copied some files over in Windows, then wanted to access them while using my linux OS on the same PC - not possible because I can't mount the encrypted partition because I have no idea what the key is. Apparently I have to 'complete the installation' or something like that to set my own key. I don't know if that just encrypts the existing encryption key with my own key or if it goes the whole hog and re-encrypts the entire partition with my own key - frankly I stopped caring at that point, I'd just been curious. I'm unlikely to ever use the windows install anyway I just kept it in case I don't like the laptop and want to sell it on again soon.
You mean i get locked out of my data if I don't want/can't connect the new install to the internet? They're making a really big case for going back to win7 and using linux as a main OS
@@theliberator0390 you can disable it without account, you "just" can't get the recovery keys without logging in. Now imagine that somebody didn't know that their drive is encrypted by default in Home version, didn't log-in into MS account, and now is in need of recovering some data... It's basically gone. Heck, you NEED the key even if you want to enter safe mode, because it doesn't decrypt automatically in that case either
@@edwardmacnab354 then you should be safe, but the fact that it's now turned on by default, and it's not possible to finalize the ecryption process in Home Edition, therefore, you can't get the recovery keys without MS account, is just evil.
Imagine allowing a company as malicious as Microsoft to have full access to encrypt YOUR data. Always encrypt your own data, that way any and all security breaches are on YOU.
Yes: personal files in TrueCrypt containers with the original old release which I trust more than the newer fork! ;-) Backups always encrypted too: makes for double encryption. ;-)
Remember when commercial PGP encryption was really just easy to beat simple AES encryption by a "random" key and only that key was encrypted by PGP using your password?
I once had bitlocker enabled (it was default) and the pc was set up with my personal Microsoft account. I had also entered the school account somewhere in settings, assuming this would maybe make logins a bit smoother (don't ask what exactly I expected). Later, I tried out a Linux distro (usb-booted) and bitlocker locked the device. It took 3 days to find out the key wasn't stored on my personal account but my school account and the PC was basically bricked until then.
I had a similar experience. I recently bought a refurbished Surface Pro 4, tried booting a Linux thumb drive just to see if it would. Yep, no problem there. Try to go back to Window and get the bitlocker message. I went through the recovery process and then turned off bitlocker. I don't know if the decrypt key would change if it gets turned on again, but I've forwarded it to a more accessible email account.
This happened with one of my computers back around 2017, device encryption was enabled, I was never told it was enabled, and I lost a significant amount of data.
BitLocker was originally a feature exclusive to the pro versions of Windows that were activated and it was enabled by default on my Dell G15 laptop from late 2021 which had Windows 11 pre installed.
Wow, what wholesome replies. The tech community is not toxic at all. Anyway, I'm sorry for your loss. I've had the exact situation where I lost my family photos when my laptop was stolen. I hope this becomes a hard lesson for you to start doing backups of your important data!
I jumped through the hoops required to set up a Windows 11 laptop without a Microsoft account for a relative only for them to get that blasted Bitlocker screen months later out of nowhere. Had to reset the PC, losing all data and learned how to manually get the goddamned recovery because it was never volunteered by the system. Thankfully they didn't have anything important on the device, but damn that was a chilling experience. Fuck Microsoft.
Seriously? The standard behavior has been to not enable BL by default when running setup with a local account, even on compliant devices. At least not unless the vendor set a key to ensure it's enabled. That's good to know and I'm glad that the people I've had to setup just wanted to use their old account. Just another reason I'll never use this f'in operating system on anything I own.
It's baffling that microsoft avertises this as secure in any way when I not even a week ago saw a video of a guy using a raspberry pi pico with spring contacts to rip bitlocker keys while they were being moved from the TPM to the CPU at boot. It took him forty seconds to bypass this feature, let that sink in. Video here for those who want to watch it: ua-cam.com/video/wTl4vEednkQ/v-deo.html
This is a manufacturer specific implementation and as the video states you can also use a pin to secure the key on the TPM if you wish. And it still is a very difficult attack on a modern processor which will have an integrated TPM.
I had an internship at a small data recovery company and a lot of devices we had coming in, were because people spilled coffee over their laptops. Generally no biggie, just pop the drive out, dock it, clone it and then start recovery on the clone. Most people didn't run encryption, so recovering their holiday pictures and what not, was generally a breeze. This change, however, will make things quite a lot more difficult...
@@LordCoeCoe Everyone that knows how a business works? We'd lose potential customers (and thus, revenue) because a job that would normally have costed them 150 euro will either be "not possible" or cost 1K+ because Windows turned on a feature for them they probably didn't even know existed.
@@LordCoeCoe You don't get paid if they know that your business can't recover data, because surprise surprise, customers doesn't have the recovery key to unlock the encrypted data. Why don't you use your brain more?
Except, now, 99% of people upload their photos to iCloud, Onedrive or Google Drive, either on their phone when they take the pic or on their Windows device, where for 10 years now Onedrive has been a no-brainer for anyone who uses Office.
I just couldn't suffer windows 11 anymore. My asus zenbook kept constantly crashing despite resetting it multiple times. Heated up like a kettle on idle workloads and the battery kept draining very quickly (within 2-3 hours). I nuked everything on my hard drive and installed linux. What a god damn difference! All of the above issues are gone and my battery now actually lasts 5-6 hours.
@@anon1963 at first, I thought the same but its been 2 weeks now and the difference in performance, back up and stability is like night and day. My laptop literally had been kept crippled by Windows 11 + ASUS bloatware.
Already happened to with a preinstalled windows 11, the bios got updated and it asked for bios key, so I had to reinstall, thx for keeping the pc safe from it's owner.
I’ve been using Windows 10 for half a decade now, and it’s worked great, but if this is how they’re gonna treat Windows 11 I might as well switch to Linux when they stop updating 10.
I'm very grateful to Microsoft for this change. This is the single best thing to happen to Windows in a long time. Because of this change, my dad has switched to Linux. If a nearly 70 year old man who only knows how to use Windows XP for taxes and web browsing can switch to Linux, so can you.
As a gamer, I don't want Linux because of the ridiculous hassles of trying to run Windows games on Linux. yes, there's Proton, yes there's WINE, but they are not perfect and require lots of fiddling, and of course, the hurdles of trying to learn how to install everything whilst on Linux, blah blah blah.
@@MakeItWork256 Maybe someday, maybe on a test bench, if I had one. Haven't had the room lately to justify having another PC sitting around set up, as that takes up a lot of room, and I don't wanna put it on my main PC because dual booting is a lot of work and as mentioned before, it'd be easier to just do everything on Windows rather than having to swap between OS's regularly.
the recovery key not being the admin user password is a good idea for professionally or techie managed machines, terrible for literally the other 90% of humans
Windows wants to become macos, but it's entirely different paradigm: Windows laptops will still be stolen and even decrypted(via vulnerability), unless Microsoft starts doing "genuine part" crap like apple does. And it will reduce gaming performance (probably the reason #1 why people use windows computers at home).
TBF I do believe the #1 reason why people use Windows is just because it's what you get off the shelf. My grandma and aunt used a Kubuntu laptop I set up for them for like 8 years and they were none the wiser because all they did was go on Firefox to read their mails / watch UA-cam with the odd Libreoffice letter from time to time #2 is definitely compatibility issues between Linux / Mac and most Windows software though
The whole idea is to force you to use a Microsoft account so that your data is "backed up" to onedrive - This way they can charge you for the service and make more money!
Which makes me wonder: Microsoft announced plans to make Windows 11 licenses a monthly subscription in the future. So, will they make Microsoft online accounts a part of that subscription then? Because you can't use Windows without Microsoft account, nor do you need a Microsoft online account, if you don't use Windows, so why wouldn't they integrate them into one product? However, it would turn Windows into LITERAL ransomware, imagine that! 🤣
I do IT support for work. Ive seen bitlocker prompts come up for literally no reason at all.. I expect some boomers will just buy a new laptop when that screen comes up.
@@joeykeilholz925 The so called "boomers" at MIT's Project Athena and CMU's Project Andrew have a radical clue. In fact much of what Gates stole for his products was plagiarized from those and associated projects.
This news makes me happy. It's always a step forward for Linux overtaking the workstation monopoly. Once windows 11 becomes obligatory, I will be getting my entire work to switch to Linux workstations and thin clients. Just gonna leave windows server terminals so people still have windows as their "OS"
As an IT Security Professionial that utilizes Bitlocker for most of my clients i can tell you that Microsoft started enabling Bitlocker by default awhile back but NOT in the form that is discussed here. Systems would come with it set up but NOT activated. That setup allowed the system to unlock itself without a dedicated password which seems completely useless to me since it protected nothing upon startup. Now if you altered the BIOS it would trigger the Blue Bitlocker screen requiring the key. So what i did to elevate this problem completely is disable Bitlocker in it's default form for anyone that didn't want to use it. And for those that did, i would disable and then reenable it with additional security measures within the policy editor so that the client could have a defined password with the backup key printed out to be put into a safe within their home if they ever forgot their pass phrase. Of course as a Linux user i would always recommended switching over to Linux to use LUKS since it's NON propriety but since most users won't do that, i made Bitlocker work to best fit their needs.
Many laptops and brand PCs come pre-encrypted where hard disk is already encrypted but it's in "unsealed" state where decryption key is saved at the start of the disk. When you log in with MS Account or 365 account it will seal the decryption key to TPM chip and backup recovery key to cloud account. I suppose this is to speed up device setup so that you don't need to wait disk encryption. During Bios upgrades etc you can set Bitlocker to suspended state where where it pulls decryption key back to start of the disk and it won't ask recovery key if bios upgrade wipes the TPM chip. Some vendor software like Dell Command Update or Lenovo System Update should do this automatically bet they still manage to mess it up sometimes.
@@ReptilianXHologram You can "Harden" Bitlocker by turning on certain perimeters within the Policy Editor BEFORE you enable it. Some of the hardening i do is increasing the encryption from AES 128 to AES 256 to decrease the lightihood of government agencies running brute force attacks on a client's machine. I also increase the password length and special characters requirements when creating a password at enablization. I also decrease the number of password attempts by the user incase someone does try to brute force the computer they will be locked out much earlier than normal. What you will find is that Microsoft errors on the side of customer useability instead of security. I change all that since i want to maximize FDE.
I never made myself dependent on Window$, because I learnt computing on a RasPi running RasPiOS (and at some point breaking the install every ~24h) and then used Window$ for a while. Then I switched back to Linux and am happy with it since years. Even though I've encountered my fair share of problems on Linux too I have never lost any data because of it and at some point even repaired a Linux install that refused to boot because of FS errors. That installation still runs, over two years after I fixed it and more than five years after I installed it.
How to implicitly state you don't have any Windows-only programs. Linux needs Wine/compatibility built-in first. Most Windows-users are sick of newer Windows versions too, but have little choice.
@@CnCDune Well, I use some Window$-only programs like e.g. IrfanView or 7zip. I just use them through WINE which works fine for programs that don't mess that up on purpose. But because I learnt computing on Linux I mostly use programs that offer a native Linux version.
This is an example of why I’ve made a rule for family and friends that if I didn’t set up the computer or if someone else has done ANY configuration work on it then I won’t fix any problems. Even if I know how to fix it. I’ll wipe back to bare metal and reinstall, that’s it. Bitlocker makes sense in a corporate environment, where you’ll probably have a similar rule around support and be restricted from being able to do anything too destructive, not on a home PC.
Why can't it be a one click choice in the install menu, something like "Use Bitlocker, keep your data secure" or "Don't use BitLocker, protect against data loss"
idk if this is mentionned later in the video but, this is especially infuriating for me because turning off bitlocker once its already enabled takes HOURS to de-encrypt even on an ssd. i recently had to swap drives for more storage space and apparently my device had it enabled, it took SO LONG to finish, im talking hours
Steinberg took years to release a version of thier Cubase music production software that could remotely run on windows 10, and as a musician who does nothing but browse the internet and make music on my PC, I'm sticking with windows 10... the nightmare I've had every time I "upgrade" windows with audio interfaces is soul destroying!
6:37 Windows doesn't let you store your recovery key on the encrypted partition, it requires that the key will be on an unecrypted device, internal or external
Windows 10 will soon be unsupported and very very vulnerable. Also programmers are already beginning to make most APIs and webapps unsupported for Windows 10. You will either upgrade or any apps or appliances currently running on your Windows 10 machine is not going to work...most apps and installations require updating to work and to secure their end users and apps as new and evolving vulnerabilities are found. So....this I feel is why so many are now looking to Linux. 🐧
I’ve encountered that bitlocker screen once while helping a friend to backup his dead laptop but thankfully he knew what it was and had a backup of the key
I've had a management person, who's laptop required the recovery key to be entered at boot, file a complaint because I could not unlock it without the recovery key.
I used to work for Microsoft and Costco tech support, ran into that crap all the time, trying to walk the customer over the phone to get their bitlocker key to do a reset..pain int he backside..
Eww. I turned this off after my laptop randomly started timing my logins out (fucking local windows logins even though I had the password!) up to an hour, entirely locking me away from my data and after logging in saying that I'd only be able to get the key if I logged in to Microsoft account. Regardless even if it was probably caused by false fingerprint logins being logged by a power button that tries to be too smart (reads the fingerprint on press, caches it, then tries to feed it when windows asks even if I likely didn't use the right finger or pose to press the button), being locked out of my own device and the key being unextractable was just entirely unacceptable.
Gross. Think the only solution is not to feed it a MS account, am on local now. Can probably still use a LInux usb to boot into but I hope I never find out, assuming that one is ready for the next bitlocker lockout. I don't like the idea of not owning your own pc and not having control.
@@roflBeck It really isn't a bad design per se, actually it's genius as it effectively allows for authenticated windows login from a fully powered off state with one button press. I could turn it off but won't as I'm no longer in danger of being locked out of my data in the corner case it submits enough login requests for windows to do stupid windows things like the lockout. But it becomes a problem in the case where windows arbitrarily locks you out from too many login attempts while keeping your data hostage in a by-default encrypted BitLocker volume that is inaccessible and even the decryption key is kept behind basically a paywall you pay with your privacy. This is a Windows problem, not a hardware design problem.
Bitlocker is great if you know what youre doing, and how to make sure you never lose access. But it is sooooo unnecessary for an everyday person, and honestly such an overkill. Just dont forget, its still windows, you can customize EVERYTHING. Its a bit more difficult than just ticking checkboxes on or off, but you can change whatever the hell you want. Registry and policy editing are your friend.
Drive Encryption should never be an automatically applied feature of your Operating System, it should be a conscious decision you make during device setup and you should have the option to decline the feature. I will certainly immediately disable it if an update turns it on. One Drive is also pretty much automatically turned on when you set up your device with a Microsoft Account Login , this also causes many headaches as you most assuredly know, ask the average person if he is using One Drive, most reply that they don't know. I have to deal with these issues almost daily.
Yeah it seems like Microsoft tries to shepherd the user through the setup as quickly as possible without ever explaining how important it is to keep your key. Furthermore it seems from some comments like they even enable it automatically in some cases! So people have absolutely no familiarity with what BitLocker even is. If they want everyone to use encryption then they must prompt people to backup their passkey multiple times and perhaps even ask for it as a test, similarly to how Signal does. And if it's not working offer users to disable it. As it is now it might very well block more people from their own data, rather than blocking outsiders from it.
I'm an average user. I have a 1st gen Microsoft Surface Go that can't be updated to 11 without a bunch of hassle. So I switched to Apple. I update my Surface Go once a month, but I was considering wiping it and donating it to the local library since I rarely use it anymore. After this bit of news, I'm definitely going to do it.
I've needed to get someone else's BitLocker recovery key once. My mom bought a Windows laptop that, after testing a Linux Mint live environment, triggered BitLocker recovery. The hardest part of getting her computer back up and running was getting her Microsoft account information, which she completely forgot. It was a six-hour chase, but we found it. The funniest part about BitLocker is that you can still boot from USB when it's triggered, so we actually used the very same Linux Mint live environment on the locked computer to browse the web with our more familiar friend, Firefox. Thought that was always funny. What broke the computer, we used to fix it. Crazy. Haven't used Windows unironically since. That was probably the biggest push to Linux for me.
The evolution of Windows: useful -> spyware -> adware -> ransomware
"Thank you for calling Microsoft support. Oh it looks like your running a cracked version of Windows 11. We will provide you your Bitlocker key once we receive payment for a new Windows 11 license".
@@jer1776 Add a McAffee subscription for the next 10 years
Bitlocker is awful it breaks everytime theres a major Windows update, the reason I stopped using it and switched to Veracrypt
more reason to stay in win 10 or switch to linux....
looks like the brainrot from Xbox is already showing its effect in windows proper.
we all know management got brainrot due to corporate greed. the only thing missing is that these corporate overlords send armed merc to take US users out if we ever rebel.
@@jer1776 why did i read this in an Indian accent
Chill Microsoft, I'm already staying on Windows 10. You don't need to convince me any more.
exactly. instead of making me want to switch they are doing the opposite entire time.
only until October 2025 :)
Just switch to Linux
@@c.n.crowther438 Sadly WINE isn't perfect yet.
w10 is bad too to be fair, last good windows was windows 7.
You lose data cause your operating system breaks.
I lose data because i run rm -rf * in the wrong directory and delete my home folder. We are not the same.
rm -rf --no-preserve-root /
@@wChris_ sudo
😂
@@wChris_ It's not working. Do I need to get permissions from my sys admin?
You should be running srm or shred if you really want to make sure it's lost. Don't forget to wipe the slack space and do last pass all zeros.
I looked at this in full screen and almost shat myself when the bitlocker screen appeared
Lmao
Windows: Assuming Direct Control
Rest assured all these degen tech channels were likely complaining about security on Windows yesterday but now all the sudden since Microsoft is highly encouraging disk encryption somehow that's a bad thing...
Smh lol
@@Zinojn huh
@@Zinojn do you even know what encryption is?
Saving your recovery key into your drive is like having a spare car key in the glove box when you're locked out of the car.
But it's also impossible to break the window to start the car, so it's an armoured car or a tank.
Save it on your cloud drive of choice.
Simple.
I seem to remember you are not allowed to save the recovery file to the same disk that you are encrypting. It's actually pretty infuriating if you know what you are doing, since the most practical solution is usually to save it to the cloud - yet you cannot save it to your synced Onedrive or Dropbox folders since those are located on your disk.
@@justsomeguy5103 that does sound like something MSFT should fix (if not already done).
There are a couple of obvious options:
Allow saving to the cloud drive's cache then ensure a successful sync.
Offer an option to connect directly to the drive via its REST API (I'm kinda confident they all have one/ & upload it.
Of course if you're *not* using a local user account, you will have a Microsoft Account, so in that scenario it would be better to a) guide the user "hey, it's stored *here* on *this* account" and b) send that same guidance as an email to that user account.
You can safe it on your Microsoft account though.
We are living in a world where companies can slowly decide that you don’t own your OWN data ON your OWN drive. I hope this sparks big outrage when this update comes out.
In Europe you have teeth--in America , Bill Gates owns senators and congressmen
That's capitalism for ya!
@@kenetickups6146 yes, us Americans really adore our crony capitalist society. Always keeping our wallets nice and clean for us!
AND our drives! Thanks Bill!
@@edwardmacnab354 and what will Europe do? Sue Microsoft into oblivion? At best, they will FINE Microsoft - and that will be it.
Because as things stand, Europe has no tech corporations (i don´t count Philips, which is on a crash course) and no OS developers either. All they can pick from is Windows, Apple or Linux... and i can´t really imagine billions of Windows users migrating onto Linux.
Europe right now is standing on shaky car industry legs, once any of those legs will break, whole Europe will follow suit.
Outrage from whom? Consoomers?
Bitlocker horrors:
-migrating hyper-v machines. you WILL be lockout out of your machine once you import that vm elsewhere.
-password rejected for old drive with previous bitlocker versions
-motherboard died, password and recovery key refused on the new MB because TPM mismatch
Thanks for this.
oh hell nah
if the recovery key was refused there was a failure to properly back up the recovery key
@@toastdc 90% or more Windows users do not know anything technical about their OS, they just want the device to work. These users are the same people who are likely to lose data because they don't understand any of this. File Encryption is not needed by the majority of Windows Users.
I once had an issue where something went wrong with my USB drive's controller, and it was *crashing any Windows system* when attempting to mount it. Yes, specifically Windows. When I opened it on Linux, it worked fine. If that was full-volume-encrypted, I would have been screwed.
Windows 95/98/2000 - useful
Windows XP/Vista/7 - useful and beautiful
Windows 8/8.1/10 - spyware
Windows 11 (mid) - adware
Windows 11 (now) - ransomware
By the way, why did designers give up on the Frutiger Aero aesthetic and design? Could be dumb reasoning but that's what I liked in Windows 7 the most
@@NoraTheCreator117 i liked Aero in windows 7 the most too
@@NoraTheCreator117 I think Microsoft decided they wanted to enter the phone OS market, so they designed a phone OS then ported it to PC. Truly awful.
@VeritasAbsoluta That is the first thing I noticed with the windows phone, then windows 8. Fucking awful design
Windows 8.1 was actually the last one without spyware shit.
They ask you if you want to send analytics data, they don't force you
Microsoft yet again being an amazing advertiser for Linux
The first turbo autist who creates a linux for windowsfigs will be the first millionaire
@@noterrormanagement How come?
@@noterrormanagement😂
can't play valorant in linux
@@thebluegremlin I consider that as a feature
7:48 had a girl come in at the office, her computer got stuck on an update and started bootlooping, she had an important document on her desktop that she couldn't access and had to send later in the afternoon to her experts for her final exams
she was sitting next to me crying while i was doing stuff trying to access the drive and recover her document, ive never felt so stressed ever before
took us like 3h but we found the decryption key and could recover the data, never seen a more relieved person in my life
Magical girls make dreams come true
Crying is chemical warfare.
How did you find the key?
@@Cyba_IT person installed their system with a microsoft account, which automatically enabled bitlocker
we were able to get the password to that account with a recovery email, then log in the Microsoft website thing to find their decryption key
we booted a 3rd party liveboot windows recovery environment (hirens boot) and opened the drive from here
we then saved all the files in the desktop, documents and onedrive directories to an external ssd and they were succesfully able to send their documents to their experts
@@junfour of hopes and dreams indeed
Windows has fallen. Thousands will lose data.
Based and LUKS-pilled
It started dying in 8. 11 was the final nail in the coffin.
Honestly Windows has always been trash. Their XP version was notorious for giving people viruses.
TwitterGod...
Based
Imagine being able to rescue the data of family members. Good thing Microsoft protects us against old photos we might be embarrassed about.
Imagine having backups.
@@loganmedia1142 imagine living in reality
@@kriegnes If you're dumb enough to lose your data because of BitLocker, you probably deserve it. Simple as that. Calling BitLocker useless or blaming Microsoft for it is just ignorant. Proper data management is a personal responsibility.
The key is stored in the TPM module and is very easy to read out. As long as it boots, you can always grab the key. If you discover this after you already trashed the motherboard, you're out of luck, of course.
@@RealNovgorodLmao that comment of yours aged so badly considering that right in late July a windows bug appeared where Windows would ask for you to insert the bitlocker key after every reboot
The real thing nobody's talking about is: If Microsoft is enabling Bitlocker by default for everyone … you can bet your left nut that Bitlocker has been systematically broken.
This
Ding ding ding
What incentive does microsoft have to push to their users a compromised full disk encryption method though?
You answered your own question Thom.
@ScumSookar Why would they do that, though? I honestly do not see a reason why microsoft would want that
Windows technical support are outsourced overseas.
In their training, they told the agents Bitlocker is basically not from Windows but from the Motherboard.
Yes, the damn mf motherboard.
I don't know whether to laugh or frightened. ☠️
you do get hardware bitlocker
@@redf7209 and straight up deny it's not from Microsoft? 🤣
Bit locker is from MS, but the keys to unlock it are stored on the tpm chip on the MB. If the chip fails, you better hope you wrote down or stored your recovery key somewhere because you are NOT getting in.
@@metazare lool want to bet?
@@DarthLungs Bitlocker literally stores the key via the TPM that is on the motherboard, not sure what you are on about
Millions of people have it turned on unnecessarily. So yes, saying thousands will lose data is an understatement. Thanks Microsoft...
Sounds to me like microsoft is pulling a bethesda, making updates that break everything
@@SqualidsargeStudios It just works. (At making money)
Governments should do just like when a car manufacturer releases a faulty product and force MS to fix this shjt immediately.
The video you just watched is partly wrong. He didn't do his 10 sec due diligence: "On supported devices running Windows 10 or newer BitLocker will automatically be turned on the first time you sign into a personal Microsoft account or your work or school account."
It only was tangentially related to 24H2. It's been like this for years. And if you don't use an MS account, it's disabled by default. Only when you do a fresh install of 24H2 will it force device encryption, and only on HE, not on Pro, where you can use a local account instead.
MS is just catching up to Android and iOS. This gives you back control on your own data, not the FBI, or any agency, criminally or legally.
Meanwhile, my computer apparently 'doesn't meet the hardware requirements' to update to Windows 11.
That's a good thing
Same
Me too
I just had to change a bios setting to make it compatible. I think it is literally a motherboard thing that supports this disk encryption thing that I had to activate.
yeah I've decided it's a ruse to push a broken middle class to spend their last $$ on a new laptop. I have an old Alienware laptop but it had the best specs available in 2016, so now it's still running good even for gaming. But my motherboard is locked out for Win11.
the NSA has a backdoor key to bitlocker, 120% guaranteed
They don't need a backdoor, Microsoft keeps a copy of your recovery key as stated in the video.
Any proof?
@@Spessman That's an opt-in feature for users that log into windows via microsoft
@@丷 *users that can't find the barely visible "I don't want to create a Microsoft Account" button
@@丷It's a good thing Microsoft doesn't force people to sign in with their Microsoft accounts. Oh wait
"But if you move all of your (private) data to OUR online servers it will be 'safe'." (Insert eyeroll here.)
Seems like a sales tactic to me.
Flash and hard drives are a gift from God
Indeed, it is safer on an air gapped drive than on cloud leakable servers
They sat on a MASSIVE exchange 0-day for 3 months, including customers who pay $5000/mo from microsoft to get updates before patch tuesday. Just to be told "Well you wouldnt be in this mess if you just went to 365, we patched it there 3 months ago.."
This is absolutely a sales tactic. Looking at Bazzite as a replacement for my windows gaming system at this point.
🙄
🙄
This article is not entirely correct.
Windows has two versions of encryption:
- Device Encryption
- BitLocker
Device Encryption is available on any version of Windows as long as the device supports it. Most laptops support Device Encryption, most desktops do not.
BitLocker is only available on Windows Pro and above. The vast majority of Windows users do NOT support BitLocker. Going forward, let's not confuse Device Encryption and BitLocker.
Device Encryption is automatically initialized on all eligible devices, at least for all Windows 10 builds from the last 4 years. If you setup a local account then Device Encryption will never encrypt the drive: Device Encryption is initialized but will not encrypt the drive unless you sign into a Microsoft Account. Because the encryption key is stored in your Microsoft Account, there is always a way to recover the key.
To enable BitLocker, you have to go through a setup wizard that gives you multiple options to backup your key in addition to backing it up to your Microsoft account. Also recall that Windows Home does not have BitLocker so most users can't even use BitLocker.
I'm not sure why this is an article now...Device Encryption has been pre-inititialized for at least the last 4 years. I think the issue is that people are confusing BitLocker and Device Encryption. Lots of misinformation is being spread about encryption because of these articles.
Confirmed: I'm not crazy...thanks.
Yep, and add to this that Android has used a fully encrypted data partition for years too.
If anything, it's Linux centric channels pushing this misinformed narrative, when it's desktop Linux distros that are behind the curve with encryption by default.
BitLocker comes enabled when you buy an HP VIctus with Windows 11 from BestBuy, it was a real pain upgrading from the 500g SSD to the 2Tb SSD, I did not run any set up wizards, I upgraded the SSD within a month of purchasing the laptop, I was required to get the stupid key from my Microsoft account.
Maybe blame Microsoft at least partially for this. They don't commuincate stuff like this and are known to pull various nefarious crap on a regular basis.
Shame this is buried.
If someone stole my laptop, they'd get my meme folder and think the bad guy is a real cool guy instead of me. 😭
my laptop stealer would get 500 gigs of Study material if you know what i mean
All I have is osc pictures and emulators of games I own lol I guess they can play kingdom hearts when they steal mine
@@SillyTopHatFrogcare to tell what is your OC art?
@@EnchantedSmellyWolf on my pc all my pictures are just the bfdi mini replica cast lol
@@XashA12Musk500 gigs, that’s child’s play. Got me a 10 tb server 😂
The biggest reason I noticed bitlocker is such an common issue on the more recent Windows 10/11 builds is if you EVEN sign in with a Microsoft account on Edge or Chrome it will automatically turn on bitlocker and not tell you a damn thing about it. I tested this theory on my personal machines and yep it explained why all our college student customers didn’t know they had a Microsoft account because the college doesn’t disclose their University email is Microsoft based (Common sense to a tech savvy person). So they would sign in on a browser and it’d migrate that machine’s bitlocker key to that University account. Even worse when they’re no longer a student and the email account is deleted after a set amount of time by the University so you can’t recover the Key. Microsoft is great…
Yikes 😬
Wow. This is worse than Windows Vista UAC.
This happen to me now my device shows blackscreen😢
@@LOCKBlTironic name
I know you are wrong since I have Windows 11 Pro and BitLocker does not activate by itself . Only corporate laptops will do that when connecting to the corporate network because of the corporate policies and it will prompt you for this.
Glad to know they're making Windows Vista look user friendly in comparison.
Windows Vista wrote the book on usability, literally.
windows vista wasn't that bad actually.
it was literally windows 7 but the drivers were bad on release and it had some relatively minor differences to 7
Vista wasn't bad from an end user perspective. Seven was what vista was supposed to be. 8 and 8.1 were a joke. 10 was a polished 7, and I only use 11 if it's required by clients. Windows is good for gaming machines, and DEI developers.
Vista was good once you got it on a computer with 2 gigs of ram. Microsoft actually ran a blind test back in the day where they debadged the os and had groups of people test out the "next operating system" and most people actually liked it and found it very easy to use. Thats how bad the pr was for vista between all the nerds telling everyone vista sucked and hp, dell, gateway, ect insisting on building computers with vista that only had 512mb of ram most people ether completely avoided it or tried the aborted fetus version that is a vista basic machine with 512mb of ram then downgraded to xp.
@@SaanMigwell>8.1 were a joke
What's wrong with the 8.1? This is absolutely the same as 7, but much better optimized and can even run on a laptop from 2006. The only thing that needed to be done there was to enable the classic menu in the settings
Do yourself a solid right now if you're running windows:
1. Open an administrator command prompt
2. Run the following: "manage-bde -protectors C: -get"
3. document that shit (on paper) so you don't get got by windows 11
As long as you aren't signed into your microsoft account, and are using a local account on the PC, your recovery key ***shouldn't*** be in microsoft's possession
Love your content, Mr. Outlaw. Keep it coming.
Print it out (or write it on paper) and lock it in a safe or save the key in a password manager accessible from any computer.
didn't work and I have Microsoft account
omg I just discovered encryption has been on I have a product key ,when I signed into my ms account, I never did this myself, I am aware of how annoying bitlocker can be for a causal user.
or Simply use Local Account, as i saw that prevent encryption. not sure if this really confirmed.
I would say this is only advisable for a threat model where your notebook is stolen at some public place and you keep your recovery key at home. If the threat model includes someone breaking into your house to steal your device, they might as well steal your paper with the key on it so I wouldn't have it printed out or written down at all in that scenario.
As an IT tech I can already tell you Microsoft is gonna walk this back after the hundreds of calls from Grandma and Grandpa asking “WHY MY GOSH DARN PICTURE BOX ASKING FOR A KEY TO A BIT OF A LOCKER?!?!?”
This happened to my sister. The hard drive broke, and we had to use the bitlocker key to unlock it,even though we NEVER activated it! Turns out it was on by default. But because I installed her windows without a Microsoft account, it was NEVER said to me that bitlocker was on and that I should save the key ANYWHERE, and it didn't get saved in the Microsoft account, well because there wasn't one. She lost every file on there at a a point where it was really really needed...
If the data is worth $50, it should be in an external hard drive.
if its worth $100, it should be on tape.
If its worth $500, it should be on three tapes, in three different places.
If its worth $1,000 - three different tapes in three different countries.
And the tapes should be backed up using GFS rotation.
My mum learned this in 1968 (when the dollar was actually worth something).
Don' t they teach you anything in school these days?
No
It is supposed to only encrypt when you log into a ms account, it is also supposed to encrypt C: only.
Instead, it encrypts everything anyway, and does it to all internal drives, including non os.
They assume you are not bypassing the ms account requirement and activate encryption anyway, because if you were a good boy and did it legit, you would have the key on the account.
So you bypassed it? Well that's too bad. They won't care.
@@andrewgrillet5835 Sooo you're saying ordinary users MUST be experienced sysadmins.
Ordinary users are NOT that. They don't have reason to understand these things, until it's way too late.
@@andrewgrillet5835 Where did you go to school where they would teach you this lmao
If you think this is bad, just imagine my face when I discovered that Windows lterally uploads the Bitlock decryption key to your Microsoft account in the cloud by default in case you lock yourself out of your computer... which completely defeats the point of full disk encryption.
No it doesnt defeat anything lmao
That trailing "lmao" gives it away, even to non-techies. This is literally breaching. The point of securing your local data is to locally secure your data. On secure boot-capable machines, this key will be stored on the TPM, which is definitely not easy to access even physically. But now, your key is basically stored on someone else's machine, who now has by all means, access to your data. And because BitLocker is proprietary to Microsoft, this data is most likely accessible remotely. This is no longer spying, it's outright theft.
@@davidkroft Tell me how someone who steals your PC gets access to your Microsoft account :)
They don't. But the thief doesn't matter when the company serving the account is the real thief, especially if you live in the US where big tech companies basically hand over user data to the government on demand.
Edit : Had to remove source link from my comment because youtube kept deleting it. How strange...
Have been posting the same reply exactly 10 times. Every single time it has been deleted by youtube. Now that's freedom and caring for users!
Edit : Comment seems to have survived Big Brother, so here's the original : "They don't. But the thief doesn't matter when the company serving the account is the real thief, especially if you live in the US where big tech companies basically hand over user data to the government on demand."
"Your disk is encrypted, great, let me just upload all your files to onedrive to bypass it"
Me:
-disables secure boot in bios
- bitlocker wipes ssd
- format it and installs linux
- profit
Do you have any legit sources for good Adobe alternatives on linux, that aren't gimp?
@@normduchjust use kvm and get windows VM to run adobe and other "work" softwares..
@@normduch honestly idk, but what you CAN do is install wine to run adove software on your linux
Even though things has advanced for the past couple of years. Gaming with high end graphic cards still basically require a windows system.
@@RoeiCohen I'm thinking that's probably a necessity. Gpu and some other hardware in a vm is hit or miss depending on the hardware, driver support, etc.
Ugh Microsoft WHY!? As someone that used to work on repair computers as a job, Recovering data was one of the things I did most. People are going to lose data over this, and there's going to be tears over this. Its wasn't unusual I'll get people who just want to recover photos from a family members computer that has recently died!
I'm seriously thinking about going over to my family's house and stealth installed Linux on their computers and put a skin over it to make it look like windows, then just setup the router to let me ssh into those computers so I can maintain them. I doubt they would ever know, as only thing they ever do pretty much is open a web browser and print.
I'd say you do it
I just stealth disabled all updates for windows 10!
No force install on our computer!
Remember to backup important files to an external hdd or DVD-RAM!
What you’re suggesting sounds like a breach of trust and a leaving a back door other attackers can use.
Ssh? Maybe it's better to use vnc?
And make sure that computer has public IP
@danielhalachev4714 The definition of back door: A secret way to take control of a computer. I never doubted the security of SSH. However it does have vulnerabilities, but that’s not what my point was. This is a breach of trust & privacy. You have no right. Even if you asked them and they’re tech illiterate, they don’t understand what they’re getting into, undermining their consent.
You think that Linux would have a hard time advertising themselves, being open source and all, but Microsoft is doing a good job of it for them 😂
They don't advertise linux, I'd say more like they're the horror example to show when saying to people "Get away from that and come to Linux".
Only problem with Linux is game developed generally don't make game compatible for Linux
@@smallcube-zn2mm
Well, most games (if they don't need to modify the Window$ kernel for anticheat, which I find is a bit too invasive anyways) run perfectly fine under Proton (Steam's WINE-based Window$ compatibility layer). And you can add whatever game you want to Steam as a non-steam game if they don't have it in their library. Just click the little plus in the bottom left of the Library view in Steam and add the game and enable Proton use in the steam settings for the game entry.
@@smallcube-zn2mm if they don’t work on wine, they weren’t worth your time
@@malachigvcouldn't agree more. Everytime some family member tells me let em play roblox on their computer, I feel relieved
And you better believe that they'll provide law enforcement with a backdoor to gain access to the encrypted data when they need it.
No, they won't. BitLocker is used in every company. No company would use it if law enforcement had it back door to it.
Or they'll make them pay money too.
Is that really too much of a stretch after this?
Better yet they’ll sell a tool for it while posing as another company
This would be concerning and I wouldn't put it pass them to do something like that. But if you put a door in for one person, well then the whole party is going to enter through it. 🤦♂️
Maybe TrueCrypt is still safe?
When I bought my laptop, it had Windows 11 installed by default. First thing I did, was I switched it to Windows 10.
I am validated on that decision every day.
Make sure to disable TPM then, otherwise you might automatically be "upgraded" back to Windows 11 one day. Happened to a friend of mine!
I switched to Linux four weeks ago and my decision is validated every day. Linux will never update or replace itself with another OS without my knowledge and consent.
I recommend Ubuntu, because it's the most widely supported distro and has sheer endless beginner-friendly resources online to help you get used to the new system. I choose the Kubuntu flavor , which is the official Ubuntu, but with KDE, a Windows-like desktop environment, pre-installed instead of the standard Gnome desktop, which is a bit different.
Setting up all the important things (including printer and NAS connections) only took me a couple hours over two evenings and after that, I began exploring the vast customization options and testing/playing old disc-based games that were impossible to run on Windows 10 due to unsupported DRM in Lutris, with varying success (some ran right away, some after a bit of tweaking, some still don't). Both of these are things I really enjoyed playing around with as a teenager on Windows 7, but became either extremely frustrating or downright impossible on Windows 10, so switching to Linux not only freed me from Microsoft's infuriating BS, but it even revived my old passion for tinkering with PCs! ❤️👍
How did you do that? Are there some instructions out there? I'm tired of my computer's windows 11 bs.
@@quantummelody2959 same
@@quantummelody2959I searched up "Windows 10 install" on Google, and downloaded off the official Microsoft website. After that, find the program and run it. It'll give the rest of your instructions. Be warned, though, that the install WILL take at least a couple hours, and I don't know how it'll handle any other programs you may have installed.
Enlighten me in your ways, wise sage of the Windows 10
When I was working with an MSP we had bit locker on all devices. Some smart cookie who setup our remote management solution made the remote management service capture the bit locker key every time it was setup.
Saved our asses hundreds of times
This is how we did it too, even when using it personally you can just either print the key and put it in a safe or throw it in your password manager.
I don't see how this is any different to ios/android enforcing device encryption, but they should put in a box where to user needs to type I AGREE THAT I RECORDED MY KEY AND CAN LOSE DATA IF I DIDN'T before leaving the key screen just to hammer it home that it's important to record.
@@fenix849Microsoft being Microsoft and they want their GUI to have the best animation all the time, even when it's half ass functional 😅
Tell me how plz
As someone who works in IT, bitlocker sucks to deal with. Atleast for my job, stuff it automated where we have these keys in a database... except when it isnt there. When I hear bitlocker, I always bring the key and a fresh cmos battery since 9 out of 10 times, its an issue with TPM being disabled from a dead battery.
But it's not bitlocker problem. We have bitlocker and firevault enforced in company. You just have to implement simple monitoring tool to check for existence of keys, and that is. And almost for any company that works with private data, the hustle worth it
Where do you work that you need back up cmos batteries? LoL
"works in IT" means literally nothing
@@NWOslave a place with such a bad budget we cant give new computers to most the staff. Most desktop units there are like 15 year old models
@@CheebscastCheebs I'd leave. Used to work for a place like that, not that bad but still.
Microsoft, chill. I already decided I'm staying on Windows 10! You didn't need to give me more reasons to avoid 11 entirely 😂
Microsoft is pancking reeeaallll quick these days. it's as if the company has too many mentally ill people in the headquarters of the place and such.
Eventually they’ll give you a reason to switch to Linux 🤷
Hop on Linux with an old pc! So you learn how to use it before Win 10 EOL in October 2025.
telling someone to hop on linux usually does the opposite
I've got a Steam Deck so I've been using that to get acquainted! That said a lot of programs like my video editor are Windows only.
If Windows honestly just gave people an encryption key with their Win11 install, it'd be seen as a "physical key to unlock your copy of windows". It's what I did back in win7 and I actually enjoyed Bitlocker.
But to make it mandatory, basically holding people's pcs like ransomware is dystopian as hell. I hate that I'm on Win11, but I don't like linux's interface even with distros like Ubuntu and Mint. I just want Windows 7 but with modern applications and without the dystopian stuff that comes with it.
The interface is pre installed with a os but can be changed its a so called window mansger if you want something reliable, clean and similar try xfce, xubuntu is a ubuntj fork and is optimized for it if you wanna customize more you may wanna get into arch or debian
Exactly. I just want windows 7 but it can run more recent programs and is de-spooked.
I mean you can probably make linux UI look like pretty much anything you want if you got the skills.
My vm linux looks like windows 95, its kinda funny, wasn't too hard to setup either, and i think i mightve seen some windows 7/10 lookalike desktops.
What Linux interface do you dislike? There are dozens of different desktop environments and tiling window managers to choose from, it's hard to imagine anyone wouldn't find one they like!
@@Remon_yeah, there’s a very recently released theme that brings Aero glass to KDE Plasma.
I love when they Force "Features" on me, I never asked for nor wanted. Its giving me the Ransomware Vibe tbh.
MS should now stand for Malware System 😂
@@peterschmidt9942 i thought it stood for "Much Spyware"
huh, its almost like they have a certain mentality that rossmen mentions... not saying the word because im sure that will cause yt to yeet the comment.
@someguy4252 yeah I've seen the video you mean the R-ist mentality
It matches ransomware in all criteria but one: charging money to unlock it!
Just wait until Windows becomes a subscription software (already announced) and your Microsoft online account becomes tied to that subscription (because why shouldn't it be, if you can't use Windows without Microsoft online account anyway?). Then it'll literally match ALL criteria of ransomware! 🥶
If Microsoft really wanted to do encryption by default - honestly not the worst idea - it should ideally only encrypt the user directory, so that a tech support person can still resolve OS issues without the key.
There is such a thing; it's called Encrypting File System. Problem is, if you reset your local account password the key gets nuked and you lose everything in that folder.
As if everyone keeps their pictures, movies and documents in their users folder. I only have one user on my pc at home and I'm the only one using that computer. I have all my pictures and such located on my D drive. I worked like this back in my Amiga days and I keep doing it this way. I want to store my documents where I want, not where Microsoft expects me to store them. So only protecting the users folder isn't going to help to keep my files from being stolen. On the other hand, I don't see a burglar enter my home, open my pc and take my harddrive to steal my pictures, movies and cnc files. I can't imagine why nothing is being done to stop Microsoft from enforcing all this nonsense upon every user in the world. Such things should stay optional.
@@powerpc6037 you are not the average computer user, obviously. The solution I'm talking about is not targeted at you. My comment is about how BitLocker is overkill for 99% of Windows users who store all their files in a disorganized mess on their Desktop.
That's how Apple OS X FileVault worked, but now the new thing is everything is encrypted, even if you don't want it, so that your operating system and personal files can't be read by anybody except the government.
@@powerpc6037Nothing is being done because Microsoft is just following. Stopping must start with Google and Apple. All of this is stuff on which Microsoft is about a decade behind those two.
10ys ago my friend lost 500GB of personal data stored on the encrypted D: partition because the C: partition (where bitlocker stored the key file) was endamaged, he had to reinstall Windows and found no solution to recover the data from encrypted partition. Now when I create a bootable USB with rufus, I always enable the option to disable bitlocker, it can be enabled later if needed.
Why was your friend using a Business/Ultimate edition of Windows 10 years ago and enabling an encryption feature that wasn't even prompted at the time?
@@0106johnny Because he doesn't know what he's talking about.
@@0106johnny it wasn't Windows 10 but Windows 7 and he enabled the feature to encrypt the partition which contains his personal data.
@@tunisiantalents I meant he used "Windows, 10 years ago", not "Windows 10, years ago". But still, he used a feature reserved professional users that is not recommended for casual users by Microsoft without reading up on how to secure his data? That's not Microsoft's fault, dumb users will always find ways to hurt themselves
This happened to me also a few years ago. Spent days trying to recover before I called in experts. They said it was a lost cause, give up. I really despise these systems to “protect” users.
"We're so sorry, your PC will not be able to run windows 11 :(" -Microsoft
Oh.. oh no.. How awful. What ever shall I do?
It already does this by default. We usually get at least one bitlocked system a week. Most users end up needing to reset their forgotten MS account password, but we can eventually recover the key. But every few times we get people that only had a local account and had device encryption added anyway. It’s never fun to realize that and tell them there’s no way to recover the data
Yep, happened to me on my win10 laptop months ago, never even knew that bitlocker existed yet there's the blue screen, luckily I've got my Microsoft account on my phone
Yeah, I used to make all my client's new PC's local accounts because screw Microsoft but now either create or use an MS account because of this crap.
this is in fact mostly an OEM issue. They (laptop vendors) set policies in the BIOS to enable BitLocker by default. This is especially bad on W11 machines, when you set up a local account, chances are - after the next BIOS update your OS will ask for a recovery key which you were never able to save, it's not saved in your MS account either since you didn't set it up and that is gg for your data. Had noticed this on some customers machines, truly awful.
@@PvtAnonymous not an OEM issue. My laptop is from 2021 and had none of this shit enabled from the OEM.
It came pre deployed with 21H2 (updated to 22H2 same day because I bought it in jan 2023) and didn't have any encryption.
But after I did a full windows 11 reinstall (from the windows settings interface) on july 2023, I noticed it installed 22H2 latest version from the get go, and enabled drive encryption.
It's somewhere down the line of 22H2 that the setting is auto enabled. Sure, every OEM bought after July 2023 will have this, but it's not the OEM. It's Microsoft.
@@charginginprogresss it is an OEM issue. Certain vendors enable it, others don't. I worked at a repair store where we had to deal with this constantly, Lenovo is one of the worst offenders in that regard.
Remember, the corporation knows what's best for you!
You will have nothing and be happy
@@pinstripecool34 You will eat ze bugs.
🎶 Establishment, establishment, you always know what's best!🎶
Open up for slop piggy 🐷
@@qlippoth13 Good quote! His vaccines do a great job already! Remember how hot weather leads to strokes? Me neither!
He adviced to "Prepare for the next one [...] that will get attention this time!" 😵💫☠
I'm still 19 and was just at a PC repair store for 2 weeks. In that time, I helped multiple people discover they have a Microsoft account :D
Surely they were aware, but called it Outlook / Hotmail than an M$ account.
Heh... at least at one time you had to have the account password to boot safe mode, not just the PIN. Also you can't run command prompt or system restore in the local recovery environment without the password. So I would call someone and ask for the "real" password and they would tell me that the (PIN) is the only thing they ever used. Then I would ask about the Microsoft account. They would say "huh??" I would say, you created a PIN on this computer, that means there is a Microsoft account. "OH....." (And yes I know you can do things to activate the local administrator and bypass these restrictions, but I want to emphasize to people that they need to keep track of their info!)
I find it really wholesome how you make a point that this stuff is important for people to remember. I'm not the person you helped, but regardless, thank you for being thoughtful!
The easy thing for Microsoft to do would be to make the default recovery key the same password that you use to log in to your computer. Since this Password is needed every time you boot the Computer every user should have remembered it. And for professionals just offer the option to generate a random safe password like the one shown in the video.
Or Make it so if you DONT want it To completely make it REMOVABLE in the Install. "Use Bitlocker" or "No Bitlocker inlcuded" would be the better option.
It's supposed to be the last saving grace, when something about the usual unlocking process goes wrong or when the hardware is changed. Like if you set up Bitlocker to use a password in the first place, and type it in wrong to many times, it will ask for the recovery key instead. That's why it's generated and not chosen by the user (as they tend to create crappy passwords) it's sort of a master key.
Your a goddam genius, bud
I found that when people by new PCs, Encryption is already active on the installed system-and Windows is not: “Oh, you've just created your account, so you should save your recovery key“, no, many people don't even know that it’s active already.
They just want to push a lot harder for people to have this Microsoft Account. (Had also a colleague, where the recovery key WASN’T saved in the microsoft account.)
Windows is now officially less novice friendly than many Linux distros.
It has been for some time. The difference is that every school/institution has windows as a default. That's why it's viewed as more user friendly.
Not sure how it is now in Linux but my experience with full disk encryption there has been, that I get a password prompt everytime at boot and this prompt doesn't even use my keyboard layout so I was unable to type my password and had to reinstall...
@@RealFlicke I've never had that happen. How long ago was this, and which distro were you using?
@@Rastafaustian I think it was Manjaro and about a few years ago. How is it on other distros? I would not want to use it if it still had the prompt on every boot.
@@RealFlicke The prompt on boot never really bothered me, but it looks like auto-decrypt can be set up. Not sure if there are any distros that operate this way by default, but here is an ai generated answer from Brave Search. (do your own research if you plan on trying this)
Method 1: Using LUKS and Clevis
Ensure you have LUKS installed and configured on your system. You can check if LUKS is installed by running the command blkid and looking for the LUKS keyword.
Install Clevis, a tool that allows you to generate and store decryption secrets in a TPM2 chip. You can install Clevis using the package manager of your Linux distribution.
Configure Clevis to store the decryption secret in the TPM2 chip. This will require you to generate a new decryption secret using the clevis generate command.
Configure the system to automatically decrypt the LUKS partition at boot time using the clevis configure command.
Tip for Beginner Linux users.
Almost every distro (Ubuntu, Zorin, Fedora) has almost every desktop environment (KDE, Gnome, XFCE). If you don't like how it looks, you can change without changing distro.
I personally recommend Linux Mint (Cinnamon) or Kubuntu (similar to Steam Deck OS) for newbies.
For games, Steam can play almost everything.
Istall Steam using terminal or your distro's store app. Change compatibility to proton to play Window games. And you can add non-Steam games (eg. Blizzard, EA) to your library, Steam will also try to use proton to run it too.
This needs pinned.
They also come with an -optional- encryption when you install it, and you select the password for it.
What about Fedora?
I'm looking to switch to Linux for my new gaming pc when I'm done with it (bit of a late-stage change considering I went for Nvidia. They've been improving, at least). Heard Mint was great. However, I heard Kubuntu was an upgrade for people who outgrew it, but still wanted a beginner-friendly distro. So I plan to go with that to dive in without drowning.
I knew about most of these things because I've been looking into it. I didn't know that by adding non-steam games to my library it'd try to run them through proton. I'll need to keep that in mind.
Is there a good resource for command line stuff and what it does? I keep seeing command line stuff pop up for things, but I don't know what they do or where to start looking.
@@TwistedChaos4428 I would recommend Fedora. Fedora 40 comes with a very new kernel, which will help improve performance in games. Linux Mint is stable but if I recall runs on the 6.1 kernel.
If you don't have backups, you are playing with fire.
Data Recovery engineer here: I would say about 30-40% of cases where a drive comes in with BL encryption, we hit this same issue and those poor souls are SOL. Sometimes they can send in their whole laptop and their TPM will unlock it, but anyone who's PC/Laptop was damaged or destroyed are screwed out of their data. Enabling encryption by default for the base consumer is a nightmare
welp i have all my data so its not bad expect its broken-
Backups exist for a reason.
I did 10+ years of technical support for a major ISP and we occasionally got someone calling, usually elderly or particularly non-tech-savvy, whose computer had some sort of problem causing it to come to the infamous enter Bitlocker Pin screen. There were a few of them who said they had even called their PC's tech support and been told to go online to find the pin and when the PC tech support person deemed that the poor soul couldn't get online they determined it was not their issue and was instead our companies issue lmao
If they can not get online, assuming they have another device to do so, that sounds like an ISP issue. You don't need to help them recover their account or bitlocker pin on the MS account. Just verify connectivity up to the demarc point and move on.
My company was responsible for troubleshooting our software and services. We helped troubleshoot printers, OS issues, WAN, and LAN to a limited extent as far as making our product work, but if the issue was more complex in regards to the printer or connectivity, we referred them to their printer’s support/their ISP/their IT team and asked them to call us back afterwards to continue helping them with the software or services portion.
It sucks. We want to help those people, especially the elderly and less tech literate, but there is only so much we can do, or at least verify within our scope. Plus, caregiver syndrome will burn you out quick. Don't fall into that trap.
Don't you just love when corporations give an illusion of pretending to care about privacy?
I haven't commented in months btw
Glad to see you back around
@@MentalOutlaw Im glad to see you around too, four eyed orange cat
@@MentalOutlaw thank you!!! It's been a bit rough but I've recovered enough to keep up with your videos again :^)
I love etymology. Corpus oration, a body of words is literally the concept of a Golem
Almost always when it is "for your security" you should reject that option for your security.
I remember almost losing my data because of this "feature" it took me the better part of the day to find the "key"
Oh boy, I can't wait to not be able to recover a thing when Grandma manages to render her PC unbootable again.
A prophecy you can bet on.
I'm going to have to add Bitlocker recovery vault to my Family IT duties.
Move her to Linux. She wont care since Facebook still works.
@@wumwum42 "OS is a bootloader for the browser"
Tell me about it lol... I can't even get my mother to learn a smartphone. I showed her how to delete her call log 15 times already and she still asks me how... She has messed up her computer more times than I can count.
Is Microsoft actively trying to reduce their install base over time? I'm perplexed at the decisions made especially over the last 5 years and for anyone who just needs a computer for internet and office applications then there are a number of Linux distros that are easy enough to get running with.
It's far worse than it seems. In case of the home version, drive gets automatically encrypted, but you can't finish the encryption process without logging into the MS account. Without the MS account you can't, by any means possible, export the generated recovery key, even with the CLI tool. So your drive is encrypted, but there's no way to decrypt it with key.
You can - fortunately - decrypt the drive without it if you can boot into Windows.
i'm pretty sure i turned bitlocker off in settings
I've run into something like this; bought a used laptop which had been wiped / clean install done on it. I noticed the entire windows partition shows as encrypted in my linux disk manager, though I've no idea what the key is. Imagine I'd copied some files over in Windows, then wanted to access them while using my linux OS on the same PC - not possible because I can't mount the encrypted partition because I have no idea what the key is. Apparently I have to 'complete the installation' or something like that to set my own key. I don't know if that just encrypts the existing encryption key with my own key or if it goes the whole hog and re-encrypts the entire partition with my own key - frankly I stopped caring at that point, I'd just been curious. I'm unlikely to ever use the windows install anyway I just kept it in case I don't like the laptop and want to sell it on again soon.
You mean i get locked out of my data if I don't want/can't connect the new install to the internet?
They're making a really big case for going back to win7 and using linux as a main OS
@@theliberator0390 you can disable it without account, you "just" can't get the recovery keys without logging in. Now imagine that somebody didn't know that their drive is encrypted by default in Home version, didn't log-in into MS account, and now is in need of recovering some data... It's basically gone. Heck, you NEED the key even if you want to enter safe mode, because it doesn't decrypt automatically in that case either
@@edwardmacnab354 then you should be safe, but the fact that it's now turned on by default, and it's not possible to finalize the ecryption process in Home Edition, therefore, you can't get the recovery keys without MS account, is just evil.
Happen to many friends and coworker, the computer broke and they didn't know they have this extortion by default.
Imagine allowing a company as malicious as Microsoft to have full access to encrypt YOUR data.
Always encrypt your own data, that way any and all security breaches are on YOU.
they already have full access to encrypt your data, only difference is now they want this on by default
Yes: personal files in TrueCrypt containers with the original old release which I trust more than the newer fork! ;-) Backups always encrypted too: makes for double encryption. ;-)
Like Google or Apple on your phone?
Remember when commercial PGP encryption was really just easy to beat simple AES encryption by a "random" key and only that key was encrypted by PGP using your password?
@@chuckcrizerYeah, data encryption has been on by default on Android for a while now. I don't think you can turn it off neither.
I once had bitlocker enabled (it was default) and the pc was set up with my personal Microsoft account. I had also entered the school account somewhere in settings, assuming this would maybe make logins a bit smoother (don't ask what exactly I expected). Later, I tried out a Linux distro (usb-booted) and bitlocker locked the device. It took 3 days to find out the key wasn't stored on my personal account but my school account and the PC was basically bricked until then.
I had a similar experience. I recently bought a refurbished Surface Pro 4, tried booting a Linux thumb drive just to see if it would. Yep, no problem there. Try to go back to Window and get the bitlocker message. I went through the recovery process and then turned off bitlocker. I don't know if the decrypt key would change if it gets turned on again, but I've forwarded it to a more accessible email account.
This happened with one of my computers back around 2017, device encryption was enabled, I was never told it was enabled, and I lost a significant amount of data.
BitLocker was originally a feature exclusive to the pro versions of Windows that were activated and it was enabled by default on my Dell G15 laptop from late 2021 which had Windows 11 pre installed.
Lost my entire family photo collection and whole dj music library. Haven't been the same since.
You don't have your data saved in 3 places, you didn't save your data.
@@wesss9353 you got that right 🤣
nobody wants to look at those pictures anyway
noob
Wow, what wholesome replies. The tech community is not toxic at all.
Anyway, I'm sorry for your loss. I've had the exact situation where I lost my family photos when my laptop was stolen. I hope this becomes a hard lesson for you to start doing backups of your important data!
I jumped through the hoops required to set up a Windows 11 laptop without a Microsoft account for a relative only for them to get that blasted Bitlocker screen months later out of nowhere.
Had to reset the PC, losing all data and learned how to manually get the goddamned recovery because it was never volunteered by the system.
Thankfully they didn't have anything important on the device, but damn that was a chilling experience. Fuck Microsoft.
I never got that period lol
This happened to me too. This is what forced me to learn Linux, and I'm glad I did.
If you save the recovery key you’re fine. But most users probably are t aware of the recovery key during setup and end up with a bricked disk.
For the average user it's much better to just setup MS account.
Seriously? The standard behavior has been to not enable BL by default when running setup with a local account, even on compliant devices. At least not unless the vendor set a key to ensure it's enabled.
That's good to know and I'm glad that the people I've had to setup just wanted to use their old account. Just another reason I'll never use this f'in operating system on anything I own.
It's baffling that microsoft avertises this as secure in any way when I not even a week ago saw a video of a guy using a raspberry pi pico with spring contacts to rip bitlocker keys while they were being moved from the TPM to the CPU at boot. It took him forty seconds to bypass this feature, let that sink in.
Video here for those who want to watch it: ua-cam.com/video/wTl4vEednkQ/v-deo.html
Modern cpus have the TPM on die, good luck intercepting that.
@@JohnBlackCyberSec Still, the fact that they store the keys unencrypted on the computer itself and still have the balls to call it "secure" is wild.
This is a manufacturer specific implementation and as the video states you can also use a pin to secure the key on the TPM if you wish. And it still is a very difficult attack on a modern processor which will have an integrated TPM.
That's assuming you don't have a pin on boot and have it essentially auto decrypt at start which you'd assume is insecure @@Spessman
Cool cherrypicked example. Won't work on many, likely most, TPM / Bitlocker implementations though.
Hey, thanks for the heads-up! I'll be sticking to Windows 10 from now on, thank you. Subscribed! 😎
I had an internship at a small data recovery company and a lot of devices we had coming in, were because people spilled coffee over their laptops.
Generally no biggie, just pop the drive out, dock it, clone it and then start recovery on the clone.
Most people didn't run encryption, so recovering their holiday pictures and what not, was generally a breeze.
This change, however, will make things quite a lot more difficult...
If you get paid then who cares lol.
@@LordCoeCoe Everyone that knows how a business works?
We'd lose potential customers (and thus, revenue) because a job that would normally have costed them 150 euro will either be "not possible" or cost 1K+ because Windows turned on a feature for them they probably didn't even know existed.
@@LordCoeCoe You don't get paid if they know that your business can't recover data, because surprise surprise, customers doesn't have the recovery key to unlock the encrypted data. Why don't you use your brain more?
People like @@LordCoeCoe is why Windows users keep being victims.
Except, now, 99% of people upload their photos to iCloud, Onedrive or Google Drive, either on their phone when they take the pic or on their Windows device, where for 10 years now Onedrive has been a no-brainer for anyone who uses Office.
I just couldn't suffer windows 11 anymore. My asus zenbook kept constantly crashing despite resetting it multiple times. Heated up like a kettle on idle workloads and the battery kept draining very quickly (within 2-3 hours).
I nuked everything on my hard drive and installed linux. What a god damn difference! All of the above issues are gone and my battery now actually lasts 5-6 hours.
laptop issue tbh
@@anon1963 at first, I thought the same but its been 2 weeks now and the difference in performance, back up and stability is like night and day. My laptop literally had been kept crippled by Windows 11 + ASUS bloatware.
@@oneinazillion yes. this is why you don't want to install windows on shit hardware (stores don't know that)
Already happened to with a preinstalled windows 11, the bios got updated and it asked for bios key, so I had to reinstall, thx for keeping the pc safe from it's owner.
I’ve been using Windows 10 for half a decade now, and it’s worked great, but if this is how they’re gonna treat Windows 11 I might as well switch to Linux when they stop updating 10.
My computer won't even let me upgrade to windows 11 because I won't enable my boards TMP.
I already made the switch a month ago, I regret nothing.
I'm very grateful to Microsoft for this change. This is the single best thing to happen to Windows in a long time. Because of this change, my dad has switched to Linux. If a nearly 70 year old man who only knows how to use Windows XP for taxes and web browsing can switch to Linux, so can you.
XP can still go online? Didn’t know that.
As a gamer, I don't want Linux because of the ridiculous hassles of trying to run Windows games on Linux. yes, there's Proton, yes there's WINE, but they are not perfect and require lots of fiddling, and of course, the hurdles of trying to learn how to install everything whilst on Linux, blah blah blah.
@@Hbcfrtyujjbbcxdtmnggyuoopit can, but with struggles
just give Arch a try. You'll like it
@@MakeItWork256 Maybe someday, maybe on a test bench, if I had one. Haven't had the room lately to justify having another PC sitting around set up, as that takes up a lot of room, and I don't wanna put it on my main PC because dual booting is a lot of work and as mentioned before, it'd be easier to just do everything on Windows rather than having to swap between OS's regularly.
the recovery key not being the admin user password is a good idea for professionally or techie managed machines, terrible for literally the other 90% of humans
Windows wants to become macos, but it's entirely different paradigm:
Windows laptops will still be stolen and even decrypted(via vulnerability), unless Microsoft starts doing "genuine part" crap like apple does.
And it will reduce gaming performance (probably the reason #1 why people use windows computers at home).
TBF I do believe the #1 reason why people use Windows is just because it's what you get off the shelf. My grandma and aunt used a Kubuntu laptop I set up for them for like 8 years and they were none the wiser because all they did was go on Firefox to read their mails / watch UA-cam with the odd Libreoffice letter from time to time
#2 is definitely compatibility issues between Linux / Mac and most Windows software though
The whole idea is to force you to use a Microsoft account so that your data is "backed up" to onedrive - This way they can charge you for the service and make more money!
Which makes me wonder:
Microsoft announced plans to make Windows 11 licenses a monthly subscription in the future. So, will they make Microsoft online accounts a part of that subscription then? Because you can't use Windows without Microsoft account, nor do you need a Microsoft online account, if you don't use Windows, so why wouldn't they integrate them into one product?
However, it would turn Windows into LITERAL ransomware, imagine that! 🤣
Or you could just like, buy an external hard drive and do backups yourself, which you should do anyway.
@@LRM12o8 it's already is, that shit
And sell your data! Mmmmmmm
Nobody forces you to use Onedrive, this isn’t the problem. The problem is privacy invasion and forcing things. Onedrive is just convenient.
I do IT support for work. Ive seen bitlocker prompts come up for literally no reason at all.. I expect some boomers will just buy a new laptop when that screen comes up.
so it's a win-win
REBOOT!
Why wouldn’t they just find a friend or family member to reload it?
@@thepathnotfoundcuz they're clueless
@@joeykeilholz925 The so called "boomers" at MIT's Project Athena and CMU's Project Andrew have a radical clue. In fact much of what Gates stole for his products was plagiarized from those and associated projects.
I hate when bitlocker was enabled by default on a dell laptop. In first day, i wanted to disable it right away.
So many of my clients lost their data on windows 10 HOME dell laptops without even knowing it was enabled
Welp.
Time to switch to linux. Really is the year of linux.
My business runs mostly on Linux.
@@DogDooWinner that's because Linux is just plain better for businesses and technical users than windows, even Microsoft uses Linux in their servers
@@timecubedlinux is better for everyone, from grandmas to gamers. Mass media hypes up how hard it is
I've been on it full time for 2 years. Haven't looked back.
Just don't get the update?
This news makes me happy. It's always a step forward for Linux overtaking the workstation monopoly. Once windows 11 becomes obligatory, I will be getting my entire work to switch to Linux workstations and thin clients. Just gonna leave windows server terminals so people still have windows as their "OS"
As an IT Security Professionial that utilizes Bitlocker for most of my clients i can tell you that Microsoft started enabling Bitlocker by default awhile back but NOT in the form that is discussed here. Systems would come with it set up but NOT activated. That setup allowed the system to unlock itself without a dedicated password which seems completely useless to me since it protected nothing upon startup. Now if you altered the BIOS it would trigger the Blue Bitlocker screen requiring the key. So what i did to elevate this problem completely is disable Bitlocker in it's default form for anyone that didn't want to use it. And for those that did, i would disable and then reenable it with additional security measures within the policy editor so that the client could have a defined password with the backup key printed out to be put into a safe within their home if they ever forgot their pass phrase.
Of course as a Linux user i would always recommended switching over to Linux to use LUKS since it's NON propriety but since most users won't do that, i made Bitlocker work to best fit their needs.
What extra security settings would you set up before enabling bitlocker on their systems?
This video is nothing more than introducing panic for clicks.
Nice to know things from a pro
Many laptops and brand PCs come pre-encrypted where hard disk is already encrypted but it's in "unsealed" state where decryption key is saved at the start of the disk. When you log in with MS Account or 365 account it will seal the decryption key to TPM chip and backup recovery key to cloud account. I suppose this is to speed up device setup so that you don't need to wait disk encryption.
During Bios upgrades etc you can set Bitlocker to suspended state where where it pulls decryption key back to start of the disk and it won't ask recovery key if bios upgrade wipes the TPM chip. Some vendor software like Dell Command Update or Lenovo System Update should do this automatically bet they still manage to mess it up sometimes.
@@ReptilianXHologram You can "Harden" Bitlocker by turning on certain perimeters within the Policy Editor BEFORE you enable it. Some of the hardening i do is increasing the encryption from AES 128 to AES 256 to decrease the lightihood of government agencies running brute force attacks on a client's machine. I also increase the password length and special characters requirements when creating a password at enablization. I also decrease the number of password attempts by the user incase someone does try to brute force the computer they will be locked out much earlier than normal. What you will find is that Microsoft errors on the side of customer useability instead of security. I change all that since i want to maximize FDE.
Security also stands for Availability, and they are forgetting that when your average user has the risk of losing their information
CIA, you mean
@@stuartcarter4139the good version of that acronym (confidentiality, integrity, availability)
Everyday, what Windows does nowadays just encourages me more to use linux.
I never made myself dependent on Window$, because I learnt computing on a RasPi running RasPiOS (and at some point breaking the install every ~24h) and then used Window$ for a while. Then I switched back to Linux and am happy with it since years. Even though I've encountered my fair share of problems on Linux too I have never lost any data because of it and at some point even repaired a Linux install that refused to boot because of FS errors. That installation still runs, over two years after I fixed it and more than five years after I installed it.
Give it a try, PopOS ftw
How to implicitly state you don't have any Windows-only programs.
Linux needs Wine/compatibility built-in first. Most Windows-users are sick of newer Windows versions too, but have little choice.
@@CnCDune
Well, I use some Window$-only programs like e.g. IrfanView or 7zip. I just use them through WINE which works fine for programs that don't mess that up on purpose.
But because I learnt computing on Linux I mostly use programs that offer a native Linux version.
This is an example of why I’ve made a rule for family and friends that if I didn’t set up the computer or if someone else has done ANY configuration work on it then I won’t fix any problems. Even if I know how to fix it. I’ll wipe back to bare metal and reinstall, that’s it.
Bitlocker makes sense in a corporate environment, where you’ll probably have a similar rule around support and be restricted from being able to do anything too destructive, not on a home PC.
I'll agree to this.. to a certain extent. Home Desktops? Nah! Home Laptops? Yes.. especially if you travel to other countries.
Why can't it be a one click choice in the install menu, something like "Use Bitlocker, keep your data secure" or "Don't use BitLocker, protect against data loss"
idk if this is mentionned later in the video but, this is especially infuriating for me because turning off bitlocker once its already enabled takes HOURS to de-encrypt even on an ssd. i recently had to swap drives for more storage space and apparently my device had it enabled, it took SO LONG to finish, im talking hours
Microsoft never fails when it comes to taking Ls
I guess you could say "Microsoft never takes an L when it comes to taking Ls"
In my opinion, Microsoft behaves as if it knows what's best for every user.
Steinberg took years to release a version of thier Cubase music production software that could remotely run on windows 10, and as a musician who does nothing but browse the internet and make music on my PC, I'm sticking with windows 10... the nightmare I've had every time I "upgrade" windows with audio interfaces is soul destroying!
6:37 Windows doesn't let you store your recovery key on the encrypted partition, it requires that the key will be on an unecrypted device, internal or external
This is not enforced past the singular save dialog. It won't refuse to move the key after that. People are still going to fuck this up.
Another reason why I’ll never upgrade to windows 11 from 10 since it’s easy to despook it.
theyll get you eventually
*impossible
yeah the day i die.
@@tylerb2523fr fr
Windows 10 will soon be unsupported and very very vulnerable. Also programmers are already beginning to make most APIs and webapps unsupported for Windows 10. You will either upgrade or any apps or appliances currently running on your Windows 10 machine is not going to work...most apps and installations require updating to work and to secure their end users and apps as new and evolving vulnerabilities are found. So....this I feel is why so many are now looking to Linux. 🐧
Microsoft Bitlocker once destroyed my company laptop, now we use LUKS
Yup!
I’ve encountered that bitlocker screen once while helping a friend to backup his dead laptop but thankfully he knew what it was and had a backup of the key
I've had a management person, who's laptop required the recovery key to be entered at boot, file a complaint because I could not unlock it without the recovery key.
I used to work for Microsoft and Costco tech support, ran into that crap all the time, trying to walk the customer over the phone to get their bitlocker key to do a reset..pain int he backside..
Eww. I turned this off after my laptop randomly started timing my logins out (fucking local windows logins even though I had the password!) up to an hour, entirely locking me away from my data and after logging in saying that I'd only be able to get the key if I logged in to Microsoft account.
Regardless even if it was probably caused by false fingerprint logins being logged by a power button that tries to be too smart (reads the fingerprint on press, caches it, then tries to feed it when windows asks even if I likely didn't use the right finger or pose to press the button), being locked out of my own device and the key being unextractable was just entirely unacceptable.
Gross. Think the only solution is not to feed it a MS account, am on local now. Can probably still use a LInux usb to boot into but I hope I never find out, assuming that one is ready for the next bitlocker lockout. I don't like the idea of not owning your own pc and not having control.
A power button with a fingerprint reader is such a stupid design.
@@roflBeck It really isn't a bad design per se, actually it's genius as it effectively allows for authenticated windows login from a fully powered off state with one button press. I could turn it off but won't as I'm no longer in danger of being locked out of my data in the corner case it submits enough login requests for windows to do stupid windows things like the lockout.
But it becomes a problem in the case where windows arbitrarily locks you out from too many login attempts while keeping your data hostage in a by-default encrypted BitLocker volume that is inaccessible and even the decryption key is kept behind basically a paywall you pay with your privacy. This is a Windows problem, not a hardware design problem.
Bitlocker is great if you know what youre doing, and how to make sure you never lose access.
But it is sooooo unnecessary for an everyday person, and honestly such an overkill.
Just dont forget, its still windows, you can customize EVERYTHING. Its a bit more difficult than just ticking checkboxes on or off, but you can change whatever the hell you want. Registry and policy editing are your friend.
I haven't seen such a stupid idea in a good while to be honest
That's just because you missed that the EU court just allowed states to store IP traffic for any reasons including searching for the One Piece
I'm sure that grandma will navigate this situation flawlessly. 😂
Everybody gangsta until granny pulls out her own mouse and keyboard.
Drive Encryption should never be an automatically applied feature of your Operating System, it should be a conscious decision you make during device setup and you should have the option to decline the feature. I will certainly immediately disable it if an update turns it on. One Drive is also pretty much automatically turned on when you set up your device with a Microsoft Account Login , this also causes many headaches as you most assuredly know, ask the average person if he is using One Drive, most reply that they don't know. I have to deal with these issues almost daily.
Yeah it seems like Microsoft tries to shepherd the user through the setup as quickly as possible without ever explaining how important it is to keep your key. Furthermore it seems from some comments like they even enable it automatically in some cases! So people have absolutely no familiarity with what BitLocker even is.
If they want everyone to use encryption then they must prompt people to backup their passkey multiple times and perhaps even ask for it as a test, similarly to how Signal does. And if it's not working offer users to disable it. As it is now it might very well block more people from their own data, rather than blocking outsiders from it.
I'm an average user.
I have a 1st gen Microsoft Surface Go that can't be updated to 11 without a bunch of hassle.
So I switched to Apple.
I update my Surface Go once a month, but I was considering wiping it and donating it to the local library since I rarely use it anymore.
After this bit of news, I'm definitely going to do it.
Time for a class action lawsuit
I can pretty much guarantee that this will happen once it rolls out.
I've needed to get someone else's BitLocker recovery key once. My mom bought a Windows laptop that, after testing a Linux Mint live environment, triggered BitLocker recovery. The hardest part of getting her computer back up and running was getting her Microsoft account information, which she completely forgot. It was a six-hour chase, but we found it.
The funniest part about BitLocker is that you can still boot from USB when it's triggered, so we actually used the very same Linux Mint live environment on the locked computer to browse the web with our more familiar friend, Firefox. Thought that was always funny. What broke the computer, we used to fix it. Crazy.
Haven't used Windows unironically since. That was probably the biggest push to Linux for me.
michaelsoft binbows at it again
even michealsoft binbows was less evil than micro$haft
Windows 11 is an insult to Michaelsoft Binbows
It was just a japanese pun@@私は犬のうんちが大好きです
Great video sharing for Windows user before update to Windows 1124 H2