this post was submitted on 14 Aug 2024
1 points (100.0% liked)

Technology

61263 readers
3388 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
1
Microsoft is enabling BitLocker device encryption by default on Windows 11 (www.theverge.com)
submitted 5 months ago by mr_MADAFAKA@lemmy.ml to c/technology@lemmy.world
112 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] Romkslrqusz@lemm.ee 0 points 5 months ago (1 children)

[…] device encryption will be enabled by default when you first sign in or set up a device with a Microsoft account or work / school account.

For devices with a TPM, this has literally been the case since Windows 10 1803 back in 2018.

[–] bandwidthcrisis@lemmy.world 0 points 5 months ago (1 children)

But that's not the case for Windows Home, is it? The FDE setting just takes me to a page to upgrade to Pro. My laptop does have TPM.

[–] Romkslrqusz@lemm.ee 0 points 5 months ago

It is, Secure boot and the TPM must both be enabled.

If you check Msinfo32 / “System Information” with admin rights, there is a “device encryption” listing that maybhave additional information.

There are rare instances where a device won’t support automatic encryption due to “Un-allowed DMA capable bus/device(s) detected” which requires a registry tweak to work around

[–] robber@lemmy.ml 0 points 5 months ago (1 children)

I think this is a step in the right direction. Everyone can lose a portable device or it can get stolen, so protecting the potentially sensitive data is important.

I think what people are complaining about is not full-disk encryption itself, but the fact that people are not used to being responsible for their cryptographic keys.

I think we should educate people regarding this responsibility. We did it with regular keys we use to unlock our homes.

[–] Appoxo@lemmy.dbzer0.com 0 points 5 months ago (3 children)

Are they even saved by default in an MS account? Because if I'd link one, I would expect them to at least prompt me

load more comments (3 replies)
[–] moe90@feddit.nl 0 points 5 months ago (1 children)

I hope it does not affect performance

[–] 9point6@lemmy.world 0 points 5 months ago (1 children)

If you read that article it's only slow on systems that don't have hardware acceleration, which basically isn't any system from the past half a decade at least (and definitely not anything that would have a compatible TPM)

load more comments (1 replies)
[–] db2@lemmy.world 0 points 5 months ago (6 children)

Clownstrike taught them nothing..

load more comments (6 replies)
[–] Brkdncr@lemmy.world 0 points 5 months ago (4 children)

The anti-MS here is annoying. They set up online accounts by default to improve usability and its complaints about privacy. They set up full disk encryption at rest by default to improve privacy and its complaints about usability.

[–] IHawkMike@lemmy.world 0 points 5 months ago (9 children)

Agreed. The immature iamsosmart user base is making me strongly consider leaving Lemmy for good. There just aren't enough actual professionals here for any serious discussion in a technical community. It's just a bunch of 20-year-olds who think they have the world figured out. And they all downvote based on emotion rather than facts (which I am quite prepared for).

Microsoft accounts, OneDrive, and BitLocker are absolutely great features for the average user providing SSO, cloud storage with ransomware-proof backups, and seamless full-disk encryption.

I love Linux too, but there seems to be no room for nuance on Lemmy. These children are insufferable.

[–] dogslayeggs@lemmy.world 0 points 5 months ago (9 children)

I lost all of my data on a tablet that had Bitlocker installed without my knowledge. Not one time was I ever told that my drive was encrypted or that there was even something called Bitlocker or that I should write down some password or code. Bitlocker activated because of an OS update, and I had no way to unlock it so I had to wipe the drive. I don't have an MS account, because I have no need to give MS all of my data, so I couldn't unlock it that way either. And no, I'm not a 20 year old; I'm someone who has used computers since before the internet and have no interest in setting up a corporate account for every watch, shoe, phone, video game, car, etc. I have no interest in giving MS all of my pictures, documents, emails, and browsing history.

load more comments (9 replies)
load more comments (8 replies)
[–] gentooer@programming.dev 0 points 5 months ago (5 children)

These are valid complaints tho.

load more comments (5 replies)
load more comments (2 replies)
[–] Magister@lemmy.world 0 points 5 months ago (17 children)

It's good, for privacy and all of course, but I remember here a Dell BIOS upgrade that basically wiped the TPM2.0 and so windows was asking for the recovery bitlocker key at boot. I have them on a encrypted USB key and anyway I can access my MS account from another device to find the key and type it.

But I'm sure a lot of people will basically say "well, fuck, I don't have the key", guaranteed.

[–] csm10495@sh.itjust.works 0 points 5 months ago (1 children)

I always worry the the backup USB drive would be dead.

I guess I'm one minority but kind of like an ability to fetch the key from the web. Doing that securely of course can be tough.

load more comments (1 replies)
load more comments (16 replies)
load more comments
view more: next ›