![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneA forthcoming version of Windows 11 known as 24H2 will enable Bitlocker device encryption (FDE) by default. This can be turned off if you want to get into Control Panel and deactivate it. The article notes that Tom's Hardware found that FDE can slow down disc access by 45% on solid-state drives. Additionally, Microsoft requires that the encryption key is uploaded to your Microsoft cloud account, meaning they have the means for decrypting your drive.
MS holding the key to your drive is a theoretical vulnerability. I have not read of them cooperating with authorities in the decryption of drives, much like Apple has not, though in Apple's case, they don't hold keys and cannot.
Personally, I don't think disk encryption is a good idea for the average home user. You should maintain good backups and keep them disconnected from your PC, preferably in a fire-proof lockbox or off-site. Have two sets (or more) and rotate between them so you have fall-back points if one of the backup sets fail.
We have a concept in IT that backups don't exist until you test them or need them, until that time they just exist in a void. When you pull them out and try to restore from them, that's when you find out whether or not they're any good. Backup disks and tapes fail, which is why if you value your data you want multiple copies to reduce the chance of one copy failing.
https://www.theverge.com/2024/8/14/24220138/microsoft-bitlocker-device-encryption-windows-11-default
https://tech.slashdot.org/story/24/08/14/1559240/microsoft-is-enabling-bitlocker-device-encryption-by-default-on-windows-11
MS holding the key to your drive is a theoretical vulnerability. I have not read of them cooperating with authorities in the decryption of drives, much like Apple has not, though in Apple's case, they don't hold keys and cannot.
Personally, I don't think disk encryption is a good idea for the average home user. You should maintain good backups and keep them disconnected from your PC, preferably in a fire-proof lockbox or off-site. Have two sets (or more) and rotate between them so you have fall-back points if one of the backup sets fail.
We have a concept in IT that backups don't exist until you test them or need them, until that time they just exist in a void. When you pull them out and try to restore from them, that's when you find out whether or not they're any good. Backup disks and tapes fail, which is why if you value your data you want multiple copies to reduce the chance of one copy failing.
https://www.theverge.com/2024/8/14/24220138/microsoft-bitlocker-device-encryption-windows-11-default
https://tech.slashdot.org/story/24/08/14/1559240/microsoft-is-enabling-bitlocker-device-encryption-by-default-on-windows-11
no subject
Date: 2024-08-16 08:26 pm (UTC)I don't pay for OneDrive, the free level is quite sufficient to my needs. But I'm comfortable reinstalling from scratch and downloading my data back to where it should be. No idea what tests or hardware Tom's was using, I didn't pursue that angle. We don't use drive encryption at my campus, main campus might use it on some of their systems, perhaps in research labs and such, I don't know.
no subject
Date: 2024-08-16 11:50 pm (UTC)I believe that what Tom's is saying is true: they find massive slowdown on some hardware. That some hardware is doing quite a lot of heavy lifting though, and I wonder if it's very likely that somebody would find that hardware in a system capable of running Windows 11. In other words, I think that article is clickbait.