That’s extraordinary, even for Microsoft.
If you’re on Win 11 Pro, up to 23H2, follow these steps to prevent 24H2:
win+R, type GPEDIT.MSC, press enter Locate “Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Update\Select the target feature update version”
Now click the “Enabled” button, type “Windows 11” in the first prompt and “23H2” in the second prompt and click “Apply”
That will prevent 24H2 from being downloaded and installed. When they’ve fixed this and the “Recall” mess, you can go back and undo the setting.
You can still do the “bypassnro” thing, it’s just a script that’s been removed. All it did was write a registry entry and reboot. This is the registry key entry - you can still press shift-F10 at the same point and type this manually:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f shutdown /r /t 0another method to try is this, instead of the registry entry:
start ms-cxh:localonlybut I haven’t tried that one yet.
I’ve fixed it by axing my bitlocker encrypted partition that contained my Pro version OS and just installed arch.
I love how Windows fix has terminal and GUI configurations mixed as an unholy concoction directly from the HQ.
Yeah it can happen, when you force people without their consent encrypting their data.
Forcing people is one thing, not telling them its a thing is completely different. Most Windows users dont even know their Windows has bitlocker enabled and those keys are out of their sight
Isn’t that what Iphone and Android already do?
One major difference is that it is so much easier to lock yourself out of the desktop TPM chip compared to mobile device security chips because they’re not tightly coupled.
and phones make you use your unlock pin often, so people are forced to remember it. on the other hand windows lets you use a short pin instead of your full account password pretty much forever which results in people forgetting the password completely.
That isnt even the part it is encrypted, the TPM encryption is either “Automatic” or over a password (any length) on startup so far i know it from my work with Bitlocker (tpm 2.0) on windows 10. Idk if this is different on windows 11.
deleted by creator
No you’re right, nobody has precious photos or videos on their phone 🙄
deleted by creator
This is a post about people who don’t understand encryption.
You’re assuming they actually understand proper data protection procedures. You have a very misplaced amount of faith in the knowledge of the average person. Plenty of people just expect stuff to work and are horrified when they realize they’re not.
I saw that all the time when I worked in mobile phone sales/support.
I backup my precious dick pics at several offsite locations by sending them to as many people as possible as often as possible.
8-
For many, a mobile device is their sole computer, and things of importance to them are stored on it.
Le banking app.
But THAT is recoverable EASILY, not like lost forever if you dont recover data from that phones storage.
Something like OTP are rather more important.
Well, I wasn’t talking about recovery, but need for encryption.
Yeah, nothing important. Just your banking apps, personal documents, photos, government apps, emails, all the services linked to your phone via mobile number, personal chats, work chats, 2fa codes, some other not important stuff. But at least it doesn’t have your games. Unless you play games on your phone, then you are fucked.
The only phone manufacture that does that is Google with pixel. Any other phone is for my knowledge either “weakly” encrypted or not at all.
Still your Mobile OS isnt just upgrading and encrypting your SD card and main drive. Thats the point.
All devices launching with Android 10 and higher are required to use file-based encryption.
To use the AOSP implementation of FBE securely, a device needs to meet the following dependencies:
- Kernel Support for Ext4 encryption or F2FS encryption.
-
Keymaster Support with HAL version 1.0 or higher. There is no support for Keymaster 0.3 as that does not provide the necessary capabilities or assure sufficient protection for encryption keys. -
Keymaster/Keystore and Gatekeeper must be implemented in a Trusted Execution Environment (TEE) to provide protection for the DE keys so that an unauthorized OS (custom OS flashed onto the device) cannot simply request the DE keys. - Hardware Root of Trust and Verified Boot bound to the Keymaster initialization is required to ensure that DE keys are not accessible by an unauthorized operating system.
https://source.android.com/docs/security/features/encryption/file-based?hl=en
Android I think just uses same credentials you use to unlock account, at least I am not aware of any recovery key. And you are prompted for credentials from time to time so it is harder to forget. I use fingerprint as main unlock + pattern and I have to enter pattern roughly once a week I think.
On Windows if you set up Windows Hello (fingerprint or PIN usually), you are not reminded to enter password afterwards so eventually you can forget it. And if you do not know your password and cannot recover account, you will not be able to retrieve BitLocker recovery key. So fix to this problem could be another annoyance to users if it would be implemented as Android does it.
Huh … I never noticed. Probably because my phone OS never failed to boot, requiring me to pull data off the HDD directly.
Samsung is notorious for this.
Different threat model and usage scenario. See the spilled milk comment.
Surprise, surprise.
Forcing security measures onto someone who doesn’t understand them or know how to recover their data if something goes wrong is a bad idea.
deleted by creator
Must have been a massive monitor.
How are these people losing access to their MS accounts on their computers?
All the time, then people get ran around in circles, are given a too technical explanation and give up more often than not.
The encryption is not inherently a bad thing, but forcing people into account creation is where the trouble starts. With piss-poor customer support as the cherry on top, this should never be allowed.
I’d say it’s a bad thing because it’s the wrong threat model as a default.
More home users are in scenarios like “I spilled a can of Diet Sprite into my laptop, can someone yank the SSD and recover my cat pictures” than “Someone stole my laptop and has physical access to state secrets that Hegseth has yet to blurt on Twitch chat”. Encryption makes the first scenario a lot harder to easily recover from, and people with explicit high security needs should opt into it or have organization-managed configs.
I agree, the encryption should be deliberate choice. And we’ve said nothing yet about the impact on performance.
You used to almost be forced to make a recovery CD or USB when encrypting a drive, now people don’t even know how ‘important’ the MS account actually is.
“Someone stole my laptop and has physical access to state secrets that Hegseth has yet to blurt on Twitch chat”.
Thanks for making laugh. It’s been a while.
I’m in favor of a heavy handed push towards encryption, I think most people don’t realize how important this is (now more than ever), but windows should be guiding and educating on this not requiring, and it should have absolutely nothing to do with an email address or online account.
On a home PC, what for? The only data that really matters to be encrypted is my keepass database file. Giving the option is fine but I don’t think it should done without asking the user to choose.
That’s what I said.
Im unfortunate to live in a country where the police can now quite easily enter a residents home and take their computer and use any data on it against them. Encryption can at least slow their nefarious efforts. I think most people should utilize encryption.
I live in one where refusing to decrypt it for them results in a 2 year prison sentence.
And yes, if you forget you will still be charged.
I didn’t expect Windows to become THAT shit. Well it’s good for Linux I guess.
All of the data I actually care about is stored on a NAS and backed up in triplicate. The only data actually on my PC are program files.
Something broke.
I blame bitlocker.
If they are still using windows, their privacy and data safety was never of importance to them, anyway.
Or just get the data back from the backups they made.
Data privacy != Documents/data on hard disk
If I have documents on my harddisk, they are private. If a windows 11 user has documents on their harddisk, they are not.
What do you smoke exactly?
Windows is malware.
I remember when Linux users used to say that, but it turns out they were right.
I’m glad I leaved that cursed OS behind.
I am LITERALLY in the process of migrating my servers to my new NixOS server after months of prep work. This couldn’t have been more timely lol Funniest part is, I just did my own TPM based encryption on my drives.
SERVERS???
Just one server, but multiple “services” (i.e. Jellyfin, Minecraft, Discord bots, Wordpress, etc). Server is kind of a misnomer there
What a stinker of an OS. Linux never looked so good
Its why I switched to Linux.
I’ve been a Linux user since 2010 and I’m glad I developed that skillset
Same. Except my first pc was running DOS on a black and amber CRT…so switching to Linux even part time in 2010 was pretty easy for me to wrap my head around in terms of CLI stuff.
We use Linux by the way.
But I use arch BTW
