Comment by MoltenMan

> Right, so the solution is to silently upload their encryption keys to Microsoft's servers without telling them? If users don't understand encryption, they certainly don't understand they've just handed their keys to a third party subject to government data requests.

What exactly are you hoping Windows does here? Anyone who knows anything about Bitlocker knows Microsoft has the keys (that's where you get the key when you need it, which I have needed it many times because I dual boot!) Microsoft could put a big screen on install saying 'we have your encryption keys!' — would this change literally anything? They would need to also explain what that means and what bitlocker is. And then after all of that, the only people who are going to decide 'actually I want to set up FDE myself' are going to be the technical people who already knew all of this already! This is just a non-issue.

> This is such transparent fear-mongering. How often does this actually happen versus how often are cloud providers breached or served with legal requests? You're solving a hypothetical edge case by creating an actual security vulnerability.

This is not fear mongering at all! The nice thing about Bitlocker is that you don't need to put in your key 99% of the time (and in fact 99% of Windows users — who are not technical! — don't even know they have Bitlocker). But occasionally you do need to put it in. Once or twice I've booted to the bitlocker screen and I actually don't even know why. Maybe my TPM got wiped somehow? Maybe my computer shut down in a really weird way? But it happens enough that it's clearly necessary! That big Crowdstrike screwup a year ago; one of the ways to fix it required having your Bitlocker key!

> Encryption by default and cloud key escrow are separate decisions. You can have one without the other. The fact that Microsoft chose both doesn't make the second one necessary, it makes it convenient for Microsoft.

Again, this is not true for a product like Windows where 99% of users are not technical. Remember, Bitlocker does not require your key on startup the vast majority the time! However, there is a chance that you will need the key at some point or you will be locked out of you data permanently. Where should Microsoft give the user the key? Should they say on install 'hey, write this down and don't lose it!' Any solution relying on the user is obviously a recipe for disaster. But again, let me remind you that encryption by default is important because you don't want any old random laptop thief to get access to your chrome account! So yes, I think Microsoft made the best and only choice here.