There’s no way to turn off the “recovery” feature that sends your disk encryption keys to Microsoft by default, without notice — though you can (and should) ask Microsoft to forget the keys later.

The new disk encryption protocol in Windows 10 is in stark contrast with Microsoft’s Bitlocker product, a hardcore, Fed-infuriating full-disk encryption system that allows you to decide whether or not to escrow your keys with Microsoft.

Windows 10 has many unprecedented anti-user features: a remote killswitch that lets it disable your hardware; keylogging and browser-history logging that, by default, sends it all to Microsoft, and a deceptive “privacy mode” that continues to exfiltrate your data, even when you turn it on.