logoalt Hacker News

andrewpiroliyesterday at 4:53 PM4 repliesview on HN

Only if you store your key with Microsoft, which is not required or the default if you're using a local account which I assume most privacy sensitive people are.


Replies

Terr_yesterday at 7:11 PM

> if you're using a local account

Unfortunately Microsoft keeps working to destroy that option and force consumers to make a remote account. [0][1] Their consistent moves towards wanting to co-own my computer were one of the many last-straws that made me migrate everything to Linux this year.

> Local-only commands removal: We are removing known mechanisms for creating a local account in the Windows Setup experience (OOBE). While these mechanisms were often used to bypass Microsoft account setup, they also inadvertently skip critical setup screens, potentially causing users to exit OOBE with a device that is not fully configured for use. Users will need to complete OOBE with internet and a Microsoft account, to ensure device is setup correctly.

[0] https://blogs.windows.com/windows-insider/2025/10/06/announc...

[1] https://www.windowslatest.com/2025/10/07/microsoft-confirms-...

gruezyesterday at 5:17 PM

Not to mention that unless the bitlocker activation flow changed recently, it specifically asks you how to store your backup keys, with a choice given been local options (eg. usb drive, printing it off, etc.) and saving it to your microsoft account.

show 1 reply
Groxxyesterday at 6:59 PM

Agreed it's optional (I've seen and used that option), but are local accounts even a thing any more? Or are you just referring to "not MDM controlled" accounts?

show 1 reply
LtWorfyesterday at 11:11 PM

Like it's easy to create local accounts on windows 11… the default are microsoft accounts and microsoft having access to your key.

Also this: https://www.techspot.com/news/112410-security-researcher-mic...