Comment by antiframe
6 hours ago
No, encryption keys should never be uploaded to someone else's computer unencrypted. The OOBE should give users a choice between no FDE or FDE with a warning that they should not forget their password or FDE and Microsoft has their key and will be able to recover their disk and would be compelled to share the key with law enforcement. By giving the user the three options with consequences you empower the user to address their threat model how they see fit. There is no good default choice here. The trade offs are too varied.
Always on FDE with online backups is a perfectly reasonable default. The OOBE does offer the users the choice to not back up their key online, even if it's displayed less prominently.
>By giving the user the three options with consequences you empower the user to address their threat model how they see fit.
Making it too easy for uneducated users to make poor choices is terrible software design.