This could lead to more data being lost than from ransomware.
The best part is Windows doesn't even notify you about it. It will show you numerous useless notifications and now even ads, but it won't notify you that it has encrypted all your data. As that would be too "intrusive".
I already know of one case where all data was lost. Somehow recovery key was not stored in Microsoft account.
I tried to help someone who had a Windows update freeze for several _days_, and after force rebooting the PC it bluescreened and went to a BitLocker recovery screen, and he had no recovery keys in any of his accounts, and all data was lost.
I think it's absurd this kind of thing would be enabled by default without very explicit warnings about the possible reprucussions of not backing up your recovery keys
Maybe not surprisingly, I've had a couple of tech-literate friends where they thought they were the only ones with a recovery key but it turned out (luckily, here) that MS had a copy after all.
If MS has a copy then the Russians who hacked MS might also have one. This is not actual security, but rather a security circus. Windows 11 comes bundled with spyware and now ransomware and people pay for it.
If you are worried about the Russians stealing your computer to decrypt the hard drive, you should be expected to have solid understanding of where all the potential decryption keys are kept.
I personally am happy for my Microsoft account to contain a copy. Yes it is an issue if I were to need security from a government, (either from subpoena or espionage). But it provides a very convenient backup of the recovery key, and security from random theft, which is my actual concern.
Also you can disable backing up the keys if you want to. People who need security from state level actors should be expected to take responsibility for proper configuration themselves.
I am personally not happy about that at all but my choice doesn't get any support. Not even registering Windows and turning off s-mode is possible without an account or with severe hacks that do involve deactivating secure boot anyway.
Microsoft is the security flaw here, they were even deemed a threat to national security in the US.
It is a complete circus and it lessens security compared to your average Windows 7 MBR installation while it was supported.
Microsoft forcing you to register to deactivate their presents pretty clearly line out their motivation here.
Definitely save those recovery keys, because BitLocker loves freaking out after BIOS updates or minor hardware changes. I think I had to enter mine after a GPU firmware update.
I think it will lead to lots of lost data. Kind of like how your kid's old ipad loses its mind and your apple id password doesn't work and the data is lost.
This kind of thing should be super-explicit when setting things up, and they should provide a way out.
No. That doesn’t help anyone other than computer nerds that have the background understanding to have usefully thought through the pros and cons. The reality is data is effectively “lost” all the time already when a laptop’s display fails, or some other problem that’s left the actual data completely in tact, because most people don’t know what to do about that and a sizeable portion of those people won’t bother to ‘take it in to the shop’.
non-computer nerds cannot remember any account credentials and if they use any hardware key their chances of recovery are way worse than restoring any failed archaic system. This is to get people into the MS ecosystem. It isn't about growth or providing a service.
I guess it's because measured boot doesn't like the new system state? But then I wonder: Whose responsibility is it to tell the TPM that the system has been legitimately changed? (Or am I completely off track here?)
The current approach (as I understand it) for Windows is to turn off measured boot for bitlocker, do the update that's likely to cause the issue, and then turn it back on again after the update has completed.
Hence you'll often notice UEFI updaters turning off bitlocker.
I've seen HP devices tell you what the value of PCR0 will be for each given update, meaning you can know beforehand what that will be, and prepare by locking measured boot to that value before rebooting.
In Linux with systemd-measure, there's an option to lock to a signed manifest for PCR11, so you can have updated kernels (UKIs, for example), able to boot, while still locking the measured boot to the kernel image, initrd, cmdline, and public key used to sign the values. At that point, your OS distribution (or yourself) can take control of that process. It doesn't help for firmware updates though, as far as I know, unless you can prepare and ship an updated PCR policy, and your OS distribution is unlikely to be tightly integrated with your hardware vendor to do that, so it will likely fall onto the user, or to unlock the disk while doing those updates.
For everyone I know, their personal PCs don't store data that's valuable to criminals who might steal their PC, but do store personally important data like family photos, etc.
They all would much rather have the disk exposed to anyone with physical access and have their data recoverable in the much more likely case where the PC suffers physical damage or some other kind of software/hardware failiure.
Account passwords and session tokens can be reset, photos of loved ones can't can't be retaken
Account passwords and session tokens belong to secure local storage anyway. For personal PCs unencrypted personal data and encrypted secure local storage would make most sense as default configuration IMO.
Am I understanding the article correctly that it's for new installs only?
Also is "on by default" the right wording for something that needs a registry change to turn off? That just seems like it's forced with a workaround that they'll remove at some point.
Last point, does that mean that windows is going to take a massive speed penalty going forward since they also default to their slow software encryption over hardware encryption?
Man this kinda blows. I'm hoping that W12 will have all this Vista-esk transition crap sorted out by the time it launches.
Fresh installs and resets according to the article. Although I had to help a family member set up a new computer in January. I set it up with a local account and device encryption was "on" but checking with command prompt revealed that with local account it wasn't actually encrypted since a Microsoft Account hadn't been submitted, and there was no Bitlocker key.
There are so many problems with this that are stupid but that's par for the course when it comes to tech corps these days, they have all the leverage, so their fuckup is your problem, and what is this customer support you speak of.
Don't hold your breath on Microsoft actually improving any of its offerings.
So whose computer is it at this point? MS encrypts your data, but keeps the recovery key.
Let's say you encrypt the drive, and then travel outside the country and come back. The border patrol officer says "I want to see everything on your hard drive" and you refuse, being an American citizen and all.
I mean if you’re that worried about ms having your keys, you can always encrypt with a local account and save the key somewhere else. But also if you’re that worried about v someone having access to your data, why are you using a non open source OS anyways?
The issue is lots of folks create Microsoft Accounts then promptly forget the password, then set up the auto-login they know and love. I bet there are millions of forgotten / zombie Microsoft Accounts.
A lot of people are about to have nasty surprises the next time they reinstall Windows because their kid downloaded some malware and realize their data is all gone.
Great to see that it's no longer a pro only / enterprise feature. I've long left Windows behind for Linux (with very few regrets) but the paywalled FDE was definitely a motivating factor at the time - it felt like a table stakes feature for a modern OS to me.
If they started offering reasonable ways to opt out of all telemetry and advertising (ie: without buying enterprise/using third party software and crossing your fingers) I could almost be tempted to dual boot for the games/software that don't run well in wine/proton.
I wouldn't be particularly opposed to paying for the privilege either, but don't make me buy X copies to be eligible.
I mean between bitlocker and T2 I’d rather have T2. At least with bitlocker the key is in my Microsoft account so if something happened to my pc and the drive was still intact I can easily access the data again. On a T2 secured Mac, if something happened then I’m screwed.
Disk encryption is useful if your data falls into the wrong hands. Having an unencrypted disk is useful if you need to do data recovery and have no backups.
Very few people have backups... OTOH, SSDs tend to fail as bricks with no hope of any data recovery.
The best part is Windows doesn't even notify you about it. It will show you numerous useless notifications and now even ads, but it won't notify you that it has encrypted all your data. As that would be too "intrusive".
I already know of one case where all data was lost. Somehow recovery key was not stored in Microsoft account.