Microsoft is at the centre of a new dollop of controversy in the privacy and security stakes, with the revelation that the company automatically uploads a copy of the recovery key for its disk encryption on modern PCs to its own servers – apparently without informing the owner of the computer, or presenting a choice to opt out of said process.
What does this mean for the average user, exactly? If you've got a newer PC which supports TPM and you're running Windows 10 – and you've tied the OS into your Microsoft account for login – then you're automatically protected by Microsoft's device encryption, meaning the data on your disk is encrypted by default for security.
Relative risks
But the truth of the matter for the average user is that the risks of any such hacking are clearly outweighed by the potential risk of catastrophic data loss if something goes wrong with their PC and a backup of the recovery key isn't accessible. Which is why Microsoft made the decision to do this…
This is really more of an issue for a minority of users who have truly sensitive data (i.e. trade secrets and the like) on their machines, and, for example, if that PC was grabbed by a government, they wouldn't want said authorities to be able to strong-arm Microsoft for the decryption key to view the data.
But the overall thrust of the anti-Microsoft argument is that Redmond simply needs to make this process more transparent, and let the user know what's happening – or indeed give them a choice when it comes to uploading a recovery key to Microsoft's servers.
Note that it is possible to delete your recovery key from your Microsoft account – The Intercept details how to do this in its report. Bear in mind, though, that you'll need to keep a note of the key somewhere in case of a disaster in the future. The article suggests jotting it down on a piece of paper and keeping that somewhere safe, but that could come with obvious risks of its own.