this post was submitted on 26 Jan 2026
54 points (98.2% liked)

Privacy

3548 readers
231 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
54
How Microsoft stores and shares your encryption keys (ioplus.nl)
submitted 5 days ago by cm0002@no.lastname.nz to c/privacy@programming.dev
1 comments fedilink hide all child comments
top 1 comments
sorted by: hot top controversial new old
[–] sukhmel@programming.dev 2 points 4 days ago

When you log into Windows with a Microsoft account, your recovery key is often automatically uploaded to Microsoft’s servers as a backup in case you forget your password. Legally, this means Microsoft owns the key and must surrender it under the U.S. CLOUD Act.

Experts like Matt Green of Johns Hopkins University warn that, unlike Apple or Google, Microsoft does not encrypt these keys in a way that makes them unreadable even to the company itself. The result is a fundamental breach of data sovereignty