Comment by MattSteelblade
1 day ago
Based on the comments in the thread, I sense I will be in the minority, but for most consumers this is a reasonable default. Broadly speaking, the threat model most users are concerned with doesn't account for their government. The previous default is no encryption at rest, which doesn't protect from the most common threats, like theft or tampering. With BitLocker on, a new risk for users is created: loss of access to their data because they don't have their recovery key. You are never forced to keep your recovery keys in Microsoft's servers and it's not a default for corporate users.
It's certainly a reasonable default. People lose or have their laptops stolen much more often than they get targeted by their governments.
Though that doesn't mean Microsoft couldn't implement a way of storing these keys so that they can't be accessed by Microsoft. Still better than nothing though.
I think it’s a reasonable default if Microsoft weren’t able to access your encryption keys.
Apple has that figured out. Your keys can be stored in your cloud synced keychain but only you can decrypt that keychain.
That’s why they couldn’t help the FBI to decrypt devices even when compelled.
Microsoft should have done the same. They should never find themselves in a place where they can be compromised like this.
I'll always remember - when I was first learning about it, one of the interesting counter-arguments to ignoring privacy was "what if the Nazis come back, would you want them to have your data?". I suppose there's some debate these days, but hostile governments seem a lot closer than they were 10-15 years ago.
Will this make people care? Probably not, but you never know.
"Closer"? They're already here. Trusting corporations or governments is inherently moronic.
Even in the best of times. Why widen your attack surface unnecessarily? Do you tell people your passwords and PINs at parties?
What governments and corporations (and plenty of bad actors in the FOSS world) have done is make this the default; made it easy to mindlessly hand people your privacy without even knowing. Opt-out, if you know the setting exists, and can find it.