![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
A forthcoming version of Windows 11 known as 24H2 will enable Bitlocker device encryption (FDE) by default. This can be turned off if you want to get into Control Panel and deactivate it. The article notes that Tom's Hardware found that FDE can slow down disc access by 45% on solid-state drives. Additionally, Microsoft requires that the encryption key is uploaded to your Microsoft cloud account, meaning they have the means for decrypting your drive.
MS holding the key to your drive is a theoretical vulnerability. I have not read of them cooperating with authorities in the decryption of drives, much like Apple has not, though in Apple's case, they don't hold keys and cannot.
Personally, I don't think disk encryption is a good idea for the average home user. You should maintain good backups and keep them disconnected from your PC, preferably in a fire-proof lockbox or off-site. Have two sets (or more) and rotate between them so you have fall-back points if one of the backup sets fail.
We have a concept in IT that backups don't exist until you test them or need them, until that time they just exist in a void. When you pull them out and try to restore from them, that's when you find out whether or not they're any good. Backup disks and tapes fail, which is why if you value your data you want multiple copies to reduce the chance of one copy failing.
https://www.theverge.com/2024/8/14/24220138/microsoft-bitlocker-device-encryption-windows-11-default
https://tech.slashdot.org/story/24/08/14/1559240/microsoft-is-enabling-bitlocker-device-encryption-by-default-on-windows-11
MS holding the key to your drive is a theoretical vulnerability. I have not read of them cooperating with authorities in the decryption of drives, much like Apple has not, though in Apple's case, they don't hold keys and cannot.
Personally, I don't think disk encryption is a good idea for the average home user. You should maintain good backups and keep them disconnected from your PC, preferably in a fire-proof lockbox or off-site. Have two sets (or more) and rotate between them so you have fall-back points if one of the backup sets fail.
We have a concept in IT that backups don't exist until you test them or need them, until that time they just exist in a void. When you pull them out and try to restore from them, that's when you find out whether or not they're any good. Backup disks and tapes fail, which is why if you value your data you want multiple copies to reduce the chance of one copy failing.
https://www.theverge.com/2024/8/14/24220138/microsoft-bitlocker-device-encryption-windows-11-default
https://tech.slashdot.org/story/24/08/14/1559240/microsoft-is-enabling-bitlocker-device-encryption-by-default-on-windows-11
