It generally is, because in the vast majority of cases users will not keep a local copy and will lose their data.
Most (though not all) users are looking for encryption to protect their data from a thief who steals their laptop and who could extract their passwords, banking info, etc. Not from the government using a warrant in a criminal investigation.
If you're one of the subset of people worried about the government, you're generally not using default options.
For laptops sure, but then those are not reasons for it to be default on desktops too. Are most Windows users on laptops? I highly doubt that. So it is not a sensible default.
> It generally is, because in the vast majority of cases users will not keep a local copy and will lose their data.
What's the equivalent of thinking users are this stupid?
I seem to recall that the banks repeatedly tell me not to share my PIN number with anyone, including (and especially) bank staff.
I'm told not to share images of my house keys on the internet, let alone handing them to the government or whathaveyou.
Yet for some unknown reason everyone should send their disk encryption keys to one of the largest companies in the world (largely outside of legal jurisdiction), because theythemselves can't be trusted.
Bear in mind that with a(ny) TPM chip, you don't need to remember anything.
Come off it mate. You're having a laugh aren't you?
> What's the equivalent of thinking users are this stupid?
What's the equivalent of thinking security aficionados are clueless?
Security advice is dumb and detached from life, and puts ubdue burden on people that's not like anything else in life.
Sharing passwords is a feature, or rather a workaround because this industry doesn't recognize the concept of temporary delegation of authority, even though it's the basics of everyday life and work. That's what you do when you e.g. send your kid on a grocery run with your credit card.
Asking users to keep their 2FA recovery keys or disk encryption keys safe on their own - that's beyond ridiculous. Nothing else in life works that way. Not your government ID, not your bank account, not your password, not even the nuclear launch codes. Everything people are used to is fixable; there's always a recovery path for losing access to accounts or data. It may take time and might involve paying a notary or a court case, but there is always a way. But not so with encryption keys to your shitposts and vacation pictures in the cloud.
Why would you expect people to follow security advice correctly? It's detached from reality, dumb, and as Bitcoin showed, even having millions of dollars on the line doesn't make regular people capable of being responsible with encryption keys.
So what happens if your motherboard gets fried and you don’t have backups of your recovery key or your data? TPMs do fail on occasion. A bank PIN you can call and reset, they can already verify your identity through other means.
It generally is, because in the vast majority of cases users will not keep a local copy and will lose their data.
Most (though not all) users are looking for encryption to protect their data from a thief who steals their laptop and who could extract their passwords, banking info, etc. Not from the government using a warrant in a criminal investigation.
If you're one of the subset of people worried about the government, you're generally not using default options.
For laptops sure, but then those are not reasons for it to be default on desktops too. Are most Windows users on laptops? I highly doubt that. So it is not a sensible default.
Most pc users are using laptops, yes. Above 60%.
Even offices usually give people laptops over desktops so that they can bring it to meetings.
Then don't enable encryption? Basically I cannot rescue the files on my own disk but the police can?
> Basically I cannot rescue the files on my own disk but the police can?
I think you're misunderstanding. You can rescue the files on your own disk when you place the key in your MS account.
There's no scenario where you can't but the police can.
2 replies →
> It generally is, because in the vast majority of cases users will not keep a local copy and will lose their data.
What's the equivalent of thinking users are this stupid?
I seem to recall that the banks repeatedly tell me not to share my PIN number with anyone, including (and especially) bank staff.
I'm told not to share images of my house keys on the internet, let alone handing them to the government or whathaveyou.
Yet for some unknown reason everyone should send their disk encryption keys to one of the largest companies in the world (largely outside of legal jurisdiction), because they themselves can't be trusted.
Bear in mind that with a(ny) TPM chip, you don't need to remember anything.
Come off it mate. You're having a laugh aren't you?
> What's the equivalent of thinking users are this stupid?
What's the equivalent of thinking security aficionados are clueless?
Security advice is dumb and detached from life, and puts ubdue burden on people that's not like anything else in life.
Sharing passwords is a feature, or rather a workaround because this industry doesn't recognize the concept of temporary delegation of authority, even though it's the basics of everyday life and work. That's what you do when you e.g. send your kid on a grocery run with your credit card.
Asking users to keep their 2FA recovery keys or disk encryption keys safe on their own - that's beyond ridiculous. Nothing else in life works that way. Not your government ID, not your bank account, not your password, not even the nuclear launch codes. Everything people are used to is fixable; there's always a recovery path for losing access to accounts or data. It may take time and might involve paying a notary or a court case, but there is always a way. But not so with encryption keys to your shitposts and vacation pictures in the cloud.
Why would you expect people to follow security advice correctly? It's detached from reality, dumb, and as Bitcoin showed, even having millions of dollars on the line doesn't make regular people capable of being responsible with encryption keys.
5 replies →
So what happens if your motherboard gets fried and you don’t have backups of your recovery key or your data? TPMs do fail on occasion. A bank PIN you can call and reset, they can already verify your identity through other means.
3 replies →