Microsoft is likely to have your Windows 10 Recovery Key: Report

It has been pointed out that Windows 10 users using their Microsoft account could be putting their privacy at risk as the built in disk encryption feature in Windows 10 is set to automatically upload your recovery key to Microsoft’s servers. According to a report by The Intercept, the fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts, something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud. If hacked, one can access the recovery key before you have time to delete it. In worse case scenario, Microsoft itself could get hacked, or could have hired a rogue employee with access to user data as well. Matthew Green, professor of cryptography at Johns Hopkins University said, “The gold standard in disk encryption is end-to-end encryption, where only you can unlock your disk. This is what most companies use, and it seems to work well. There are certainly cases where it’s helpful to have a backup of your key or password. In those cases you might opt in to have a company store that information. But handing your keys to a company like Microsoft fundamentally changes the security properties of a disk encryption system.”