It’s not a completely bad thing but ehh there are serious disadvantages, especially for gamers. I’m just glad I use Linux and will keep the change in mind in case I need to reinstall Windows on my gaming rig.
Btw TL;DR of the article is:
Windows 11 will automatically enable BitLocker on clean installs and re-installs.
OEMs will be able to enable it even on Windows 11 Home with a special UEFI flag (whatever that means).
BitLocker is a full-disk encryption technology by Microsoft. It provides better security since the data on the drive cannot be read without decrypting it (especially useful if someone steals the device) but the data cannot be recovered in case of forgetting the password or system malfunctions. Also it greatly decreases performance of the drive (by up to 45% on SSDs). This makes it unsuitable for many computer users.
The feature cannot be disabled by native means. If you want to disable it, use Rufus and select the appropriate flag when creating the bootable USB.
The question is will this encrypt other partition that have other OS such as Linux automatically especially for dual boot users?
Knowing Microsoft’s behavior for many years, it might. If I had a dual-boot, I’d make sure I have a backup of all the important data on a separate device
Bitlocker is a feature that relies on NTFS
Unless you’ve somehow been working with cthulhu and installed Linux on an NTFS partition, you’re probably golden
by up to 45% on SSDs
Excuse me, what!?!
I wonder where the average is for the performance reduction. Probably something I’ll look into but I’d be pissed if I bought a drive and instantly lost even 20%.
Luckily, I’m not on Windows so I have nothing to really worry about but damn.
Since most people sign into Windows with their Microsoft account, does that mean that MS holds the decryption keys for your local hard drive?
If you configure it to backup your keys to your account, yes.
This (at least used to be) an opt in configuration option
Idk. I just made a TL;DR. I’m not a Windows expert by any means. There’s no point for me in studying it cuz I only use it for gaming and don’t even consider it as my main OS
Took them long enough. Most Linux distros have a simple toggle for Disk encryption for years. And as far as i am aware Apple has it too. And basically every mobile OS is encrypted by default as well. iOS and Android
the thing is: it means that your hard drive gets encrypted. However, when that gets encrypted, besides creating a key to decrypt it, everything works perfectly. You then use that computer for 5 years and again, works great. But then the fan on the CPU gets clogged with dust and the CPU overheats and dies. No big deal, you just grab the hard drive and move it into your new computer, or you hook it up with USB to copy everything over to the new one. And that is the moment you find out it was encrypted 5 years ago. You didn’t store the key anywhere but on that disk. You can only read it with that original computer hardware because the key was made to lock that drive to that exact computer that died. And you slowly figure out that every photo, every document, everything critical to you is now protected from you and you can’t get it back.
Just as fun is making configuration changes just to upgrade your PC. Because Bitlocker uses the hardware in your computer to generate that key, some hardware changes will trigger it to need that key. Same situation where you need to revert the change to get your data.
Finally, now we need to actually bring home the issue. Drop that change into the lap of someone you know that uses a computer, but doesn’t understand the inner working of them. Maybe that’s your grandma, parent, or siblings. All of a sudden they upgrade and now have a Windows 11 time-bomb that could randomly lock them out of every file on their computer… that’s the real issue here.
Also a headache for the repair industry. If during repair the bios gets reset or the motherboard swapped, you’ll need the key to be able to boot in to windows again. And your customer is probably NOT aware.
Bitlocker is important for companies. They can have hundreds or thousands of laptops that contain files with intellectual property that could really damage the company. Laptops get stolen all the time and should be protected at the highest levels. But for normal people’s computers, the higher risk for losing data will be Bitlocker. That’s what makes this such a bad idea.
You didn’t store the key anywhere but on that disk.
Windows does not let you store the recovery key on an encrypted drive.
The rest only means, we need to deal better with our data. All the above basically also applies when you HDD or SSD dies, which can happen any time.
Backups is what you need, not an unencrypted drive.
not everyone is tech-savvy like folks on Lemmy. you can tell that to your grandma or your parents to do that to do regular backup. That is why it could cause a headache for repair business
Non tech-savvy folks aren’t transplanting their hard drives in the first place.
No, but when their computer dies they’ll take it to someone who does (Paid or not) to “Get their precious grandbaby photos back”
That person will inevitably ask for the key and Grandma is gonna go “What key?!?” And then when she’s told all those photos are lost she’s going to get pissed at the wrong person guaranteed.
These are also the same people that never change defaults soo yea this is stupid, just leave it as an easily accessible toggle for anyone who wants or needs it, but the default should be off.
They could add some kind of message that warns about this, but I think it’s a better idea to encrypt by default (warning or not) rather than not… at least for privacy reasons.
It really doesn’t matter what message they show during setup, you haven’t worked tech support or computer repair have you?
The non-savvy users rarely pay attention to shit, a message during setup will be nothing but a blip at best in their memory by the time something happens to the computer 2-4 years later.
We’ve been telling non-savvy users to make sure they backup their shit for literally decades now, they still don’t. Not even macOS encrypts the user data partition by default, this is gonna be a shit show and hell desks and computer repair shops everywhere are on the front line.
No but they’re taking it to repair shops who then find that they can’t recover their customers data because it’s encrypted and then they lose al their photos and data they never backed up, because they’re not tech-savvy.
This is 100% to try to force more OneDrive subs…
I wouldn’t fault a casual user for not backing up their encryption key because they wouldn’t be swapping hard drives in the first place. And the tech savvy people already know to backup keys.
Microsoft lets you look up your bitlocker key, this is not the catastrophic problem you’ve laid it out to be.
Unfriendly reminder that Bitlocker can encrypt your entire system drive and leave it in an unrecoverable state even if you have the correct recovery key. https://www.youtube.com/watch?v=pIRNpDvGF4w&t=528s The solution? Wipe. Your files? Fucked. Hotel? I’m too enraged to even make that joke.
Friends don’t let friends fall victim to Microsoft’s ineptitude.
They do not get to make that decision for my system. I’m already one game away from wiping my secondary drive, but they are making that decision even more easy for me.
To clarify, encryption is great. Options to enable it are great. Their encryption is both broken, worthless, and now enforced too, apparently
Try it windows, my tpm is off and i have a custom windows 11 os with a gun to its psu.
What about for users who only have local accounts? How would they provide the bit locker code? Its normally linked to your Microsoft account no? Maybe there is a local place to find it and its up to you to back it up just in case.
Me personally I have my 2TB ssd split into two partitions with windows on one and all my steam and bnet games on the other. If I ever lose my bit-locker code or it locks up I guess I can just reinstall.
I use my laptop with Linux on it for any personal data, my desktop is exclusively for gaming.
