Comment by dijit

> nobody who is using Windows cares about encryption or even knows what it is!

Right, so the solution is to silently upload their encryption keys to Microsoft's servers without telling them? If users don't understand encryption, they certainly don't understand they've just handed their keys to a third party subject to government data requests.

> otherwise a regular user will happen to mess around with their bios one day and accidentally lock themselves permanently out of their computer.

This is such transparent fear-mongering. How often does this actually happen versus how often are cloud providers breached or served with legal requests? You're solving a hypothetical edge case by creating an actual security vulnerability.

Encryption by default and cloud key escrow are separate decisions. You can have one without the other. The fact that Microsoft chose both doesn't make the second one necessary, it makes it convenient for Microsoft.

> If you want regular FDE without giving Microsoft the key you can go ahead and do it fairly easily!

Then why isn't that the default with cloud backup as opt-in? Oh right, because then Microsoft wouldn't have everyone's keys.