Skip to main content

Privacy advocates protest Microsoft’s backup of user encryption keys

In the climate of government spying, and the ever present threat from nefarious hackers, encryption is a hot topic. Politicians don’t like it, privacy campaigners claim it’s a must, and end users are left worried about who to trust. Microsoft aimed to help make that decision easy with Windows 10 by having certain content, like corporate apps, emails and other sensitive data, encrypted by default.

You might know about this if you tuned in to some of Microsoft’s pre-release PR for the new operating system, but what you probably didn’t know is that Microsoft created a backup key (should you lose your password to decrypt the data), which it then stores remotely on its own servers.

Recommended Videos

This may well be a feature that was put in place to help protect those that might not otherwise have their decryption key stored safely. As ransomware victims no doubt can attest too, nothing much is worse than having your data encrypted and unrecoverable. However, some have suggested that this is a security risk in itself, and Microsoft hasn’t been very forthcoming.

With a remotely stored decryption key, there is always the danger of someone hacking the server where it’s stored or grabbing it during its transfer from your system to Microsoft’s servers. And as the Intercept points out, Microsoft has also been forced to give data on citizens to the NSA and other intelligence agencies in the past. If it stores customer decryption keys, it seems possible that it could be forced to hand those over to the authorities, too.

You can delete the back up key that Microsoft holds. To do so, simply login to your Microsoft account on the OneDrive page and you are quickly given access to all of the keys Microsoft stores for you. Deleting them there is just a few clicks away.

Privacy advocates still aren’t satisfied with this solution, though, because there’s no way to ensure the key was completely deleted. It may in fact still be available, but only to Microsoft. That’s a bit paranoid, but Microsoft didn’t volunteer the encryption key’s storage location in the first place, so trust is definitely an issue.

Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
A coding blunder just ruined a moment of joy for lottery winners
Eurojackpot lottery slips.

Imagine the joy of being notified of a huge lottery win. What would be the first thing you’d do? Get the champagne in? Book a fancy vacation? Call your boss and tell him where to go?

And then imagine being informed that the notification had, in fact, been sent in error. Well, you can always send the booze back and cancel the holiday, but trying to convince your boss that you were just joking ... well, that may be a bigger challenge.

Read more
This TP-Link Wi-Fi 6 router is 45% off in early Prime Day deal
The TP-Link AX1800 Archer AX21 Wi-FI 6 Router on a white background.

If you're planning to buy a new router to improve your home's Wi-Fi network, the good news is that you don't have to wait for Prime Day 2025 to take advantage of huge discounts on router deals from Amazon. Here's an excellent offer — the TP-Link Archer AX21 with an eye-catching 45% discount, which drops its price from $100 to just $55. The $45 in savings will only be available for a limited time though, so you better act fast and proceed with your purchase immediately as this early Prime Day deal may disappear at any moment.

Buy Now

Read more
Watch these AI humanoid robots play soccer like Mbappé … sort of
Humanoid robots playing soccer.

Watching these humanoid robots battle it out on the soccer field, you quickly realize that Kylian Mbappé and his fellow professionals really have little to worry about. At least, for now.

The footage (top) was captured last week in Beijing at the RoBoLeague World Robot Soccer League, China's first-ever three-on-three humanoid robot soccer league.

Read more