Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's an optional feature -- it asks you if you want to backup your key to your online account.


So you know that if you click 'no', it definitely isn't sent anyway (perhaps with some "MS/NSA use only" bit set to distinguish it from user-accessible ones)?

Thought not.


You previously said it "definitely sends your recovery key to MS." Sounds like you don't actually mean that.

It's fine and perfectly reasonable not to trust closed-source code, but no reason to spread half-truths about it.


The very ability to send it to MS is worrying; doing it automatically is more so. If they were honest about the key, it'd say "put this on a flash drive/hardcopy in a safe deposit box".


Lift with your knees, not your back. Those goalposts are heavy.


You'd make an amazing PM.

"Hey, how should we deal with resetting people's passwords and keys when they forget them?"

"Tell them to get a safe deposit box"

"And when they're traveling or really need a report and the bank's closed?

"They shouldn't have lost their keys. Stupid lusers."


"We could just make it upload all the secret goodies to us for safe keeping."

"Hey, who are you and how did you get in this meeting?"

"I'm the new intern. From the CIA."

"Oh, okay, yeah, let's do that."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: