This could lead to more data being lost than from ransomware.
The best part is Windows doesn't even notify you about it. It will show you numerous useless notifications and now even ads, but it won't notify you that it has encrypted all your data. As that would be too "intrusive".
I already know of one case where all data was lost. Somehow recovery key was not stored in Microsoft account.
I tried to help someone who had a Windows update freeze for several _days_, and after force rebooting the PC it bluescreened and went to a BitLocker recovery screen, and he had no recovery keys in any of his accounts, and all data was lost.
I think it's absurd this kind of thing would be enabled by default without very explicit warnings about the possible reprucussions of not backing up your recovery keys
Maybe not surprisingly, I've had a couple of tech-literate friends where they thought they were the only ones with a recovery key but it turned out (luckily, here) that MS had a copy after all.
Definitely save those recovery keys, because BitLocker loves freaking out after BIOS updates or minor hardware changes. I think I had to enter mine after a GPU firmware update.
I guess it's because measured boot doesn't like the new system state? But then I wonder: Whose responsibility is it to tell the TPM that the system has been legitimately changed? (Or am I completely off track here?)
For everyone I know, their personal PCs don't store data that's valuable to criminals who might steal their PC, but do store personally important data like family photos, etc.
They all would much rather have the disk exposed to anyone with physical access and have their data recoverable in the much more likely case where the PC suffers physical damage or some other kind of software/hardware failiure.
Account passwords and session tokens can be reset, photos of loved ones can't can't be retaken
Account passwords and session tokens belong to secure local storage anyway. For personal PCs unencrypted personal data and encrypted secure local storage would make most sense as default configuration IMO.
Am I understanding the article correctly that it's for new installs only?
Also is "on by default" the right wording for something that needs a registry change to turn off? That just seems like it's forced with a workaround that they'll remove at some point.
Last point, does that mean that windows is going to take a massive speed penalty going forward since they also default to their slow software encryption over hardware encryption?
Man this kinda blows. I'm hoping that W12 will have all this Vista-esk transition crap sorted out by the time it launches.
Fresh installs and resets according to the article. Although I had to help a family member set up a new computer in January. I set it up with a local account and device encryption was "on" but checking with command prompt revealed that with local account it wasn't actually encrypted since a Microsoft Account hadn't been submitted, and there was no Bitlocker key.
There are so many problems with this that are stupid but that's par for the course when it comes to tech corps these days, they have all the leverage, so their fuckup is your problem, and what is this customer support you speak of.
Don't hold your breath on Microsoft actually improving any of its offerings.
So whose computer is it at this point? MS encrypts your data, but keeps the recovery key.
Let's say you encrypt the drive, and then travel outside the country and come back. The border patrol officer says "I want to see everything on your hard drive" and you refuse, being an American citizen and all.
I mean if you’re that worried about ms having your keys, you can always encrypt with a local account and save the key somewhere else. But also if you’re that worried about v someone having access to your data, why are you using a non open source OS anyways?
The issue is lots of folks create Microsoft Accounts then promptly forget the password, then set up the auto-login they know and love. I bet there are millions of forgotten / zombie Microsoft Accounts.
A lot of people are about to have nasty surprises the next time they reinstall Windows because their kid downloaded some malware and realize their data is all gone.
Great to see that it's no longer a pro only / enterprise feature. I've long left Windows behind for Linux (with very few regrets) but the paywalled FDE was definitely a motivating factor at the time - it felt like a table stakes feature for a modern OS to me.
If they started offering reasonable ways to opt out of all telemetry and advertising (ie: without buying enterprise/using third party software and crossing your fingers) I could almost be tempted to dual boot for the games/software that don't run well in wine/proton.
I wouldn't be particularly opposed to paying for the privilege either, but don't make me buy X copies to be eligible.
I mean between bitlocker and T2 I’d rather have T2. At least with bitlocker the key is in my Microsoft account so if something happened to my pc and the drive was still intact I can easily access the data again. On a T2 secured Mac, if something happened then I’m screwed.
Disk encryption is useful if your data falls into the wrong hands. Having an unencrypted disk is useful if you need to do data recovery and have no backups.
Very few people have backups... OTOH, SSDs tend to fail as bricks with no hope of any data recovery.
zigzag312|1 year ago
The best part is Windows doesn't even notify you about it. It will show you numerous useless notifications and now even ads, but it won't notify you that it has encrypted all your data. As that would be too "intrusive".
I already know of one case where all data was lost. Somehow recovery key was not stored in Microsoft account.
yonatan8070|1 year ago
I think it's absurd this kind of thing would be enabled by default without very explicit warnings about the possible reprucussions of not backing up your recovery keys
numpad0|1 year ago
baobun|1 year ago
TillE|1 year ago
badlucklottery|1 year ago
And, since Microsoft likes to pretend an account is required to even install Windows now, most people will likely have a linked account.
vaylian|1 year ago
yonatan8070|1 year ago
They all would much rather have the disk exposed to anyone with physical access and have their data recoverable in the much more likely case where the PC suffers physical damage or some other kind of software/hardware failiure.
Account passwords and session tokens can be reset, photos of loved ones can't can't be retaken
zigzag312|1 year ago
Account passwords and session tokens belong to secure local storage anyway. For personal PCs unencrypted personal data and encrypted secure local storage would make most sense as default configuration IMO.
PrivateButts|1 year ago
Also is "on by default" the right wording for something that needs a registry change to turn off? That just seems like it's forced with a workaround that they'll remove at some point.
Last point, does that mean that windows is going to take a massive speed penalty going forward since they also default to their slow software encryption over hardware encryption?
Man this kinda blows. I'm hoping that W12 will have all this Vista-esk transition crap sorted out by the time it launches.
CatWChainsaw|1 year ago
There are so many problems with this that are stupid but that's par for the course when it comes to tech corps these days, they have all the leverage, so their fuckup is your problem, and what is this customer support you speak of.
Don't hold your breath on Microsoft actually improving any of its offerings.
Alifatisk|1 year ago
justinclift|1 year ago
blegr|1 year ago
[1] https://www.tomshardware.com/news/bitlocker-encrypts-self-en...
shrubble|1 year ago
Let's say you encrypt the drive, and then travel outside the country and come back. The border patrol officer says "I want to see everything on your hard drive" and you refuse, being an American citizen and all.
They call Microsoft and recover all the data...
gjsman-1000|1 year ago
Flameancer|1 year ago
gigel82|1 year ago
A lot of people are about to have nasty surprises the next time they reinstall Windows because their kid downloaded some malware and realize their data is all gone.
mnahkies|1 year ago
If they started offering reasonable ways to opt out of all telemetry and advertising (ie: without buying enterprise/using third party software and crossing your fingers) I could almost be tempted to dual boot for the games/software that don't run well in wine/proton.
I wouldn't be particularly opposed to paying for the privilege either, but don't make me buy X copies to be eligible.
baobabKoodaa|1 year ago
unknown|1 year ago
[deleted]
Flameancer|1 year ago
betaby|1 year ago
fowl2|1 year ago
Theoretically this was already on for “new” devices since sometime in the Windows 10 timeframe.
toast0|1 year ago
Very few people have backups... OTOH, SSDs tend to fail as bricks with no hope of any data recovery.
redder23|1 year ago
[deleted]