News Windows 11 24H2 will enable BitLocker encryption for everyone — happens on both clean installs and reinstalls

[35below0]

Let's hope that's correct. However, I wouldn't put it past MS to eventually extend it to DIY systems too.

Neither would i. But it hasn't happened yet. DIY systems are the ones most likely to run multi boot, so probably Microsoft will be careful... but who knows.

Simple solution:
Disconnect the other drives during OS installs. As you should anyway.

This one is different. The flag is set during an update, not an installation.

It is them acted upon during a reinstall, whatever that actually means. Clearly it doesn't mean a clean install. So maybe it's a repair or something an OEM machine would have done to it.

It's possible to reinstall Windows on a custom built PC, even though a clean install is prefered. But it's possible a system with a bunch of drives can end up locked.

I don't think UEFI can turn off drives. I do know UEFI can have problems distinguishing between bootable and unbootable drives, depending on some settings.

Then there is Win 10. People can move to and from 10 and 11. What happens then? Is it a reinstall? Technically it's not, but what happens when going back to 10 and then upgrading to Win 11 that has had the flag set?

There's no details except that Microsoft is planning to do this.


Really, Microsoft should friggin get a hold of these stories and publish information themselves instead of gossip like this giving people ulcers.

 

[Shawn Eary]

From my understanding, total volume encryption doesn't work so great unless you use a PIN. Relying solely on TPMs for total volume encryption is not wise...

 

[TJ Hooker]

Because that would be, quite literally, stealing (data theft).

There's a tacit implication that MS cannot do that, or would not risk doing that, at the obvious consequence of a backlash and lawsuits. You giving MS the Key to your data is not you allowing MS to "get" your data, but quite literally they can lock you out from it for whatever one-sided reasons they want if you need the key and you don't have it or lose it.

Shouldn't that be obvious or am I missing something from what you're saying?

How exactly does backup up your bitlocker key with MS allow them to lock you out from your data? Do you mean that, in the case that something goes wrong an you do need your backup key (and haven't backed it up anywhere other than MS), they could refuse to provide you access to the backup up key? I guess that is possible. But if that were them actively trying to lock you out it's a pretty stupid way to do it, as it relies on you getting into a state where you need the backup key in the first place.

Ah, yes. The usual "there's always a backdoor" cope.

Let's go ahead with the house keys analogy then: "why do you need house keys when people can just break your windows to get in?!". Or also: "why do you need house keys when the lock manufacturers have the universal keys?!". And so on, and so on.

Your analogies don't seem to align with the situation in question here. If we take your analogy involving lock manufacturers, here's how I would rephrase it to represent this situation:

The manufacturer of your home lock have universal keys that can open your lock. They also provide an option for you to provide them a copy of your key, which they would then return to you in the case you lost your original.
Your argument: Giving them a copy of your key means they could unlock your door whenever they want and enter your house.
Other's argument in response to yours: They were already capable of unlocking your door whenever they want, giving them another key copy changes nothing.

The only threat model I can think of where backing up your BL key with MS would be an issue is if you're worried about a third party (i.e. government/law enforcement) attempting to access your offline machine/drive, and MS cooperating and giving them your key backup.

 

[Silas Sanchez]

What an awful mess windows has become.
All this new nefarious technology just gives the authorities more power and leads to more and more encroachments in all areas of life. Its disgusting how much of it there is, it all exits to control the masses and prevent one from having a life. I have seen first hand a few times what all this complicated stuff does in windows 10 and a few times come close to a bricked pc, windows 10 is unstable and is easily rendered unusable despite microsofts tools and tricks.
Every single thing I do is done manually and by some 3rd part software.

"Your computer could not be started"...
"Sorry, but recovery service is only available if you have an account"...
"Even though you OS is corrupted, please sign into your account"...
Boggles the mind how far backwards society has gone.

 

[Grzesiek11]

Encrypting all other attached drives will screw over people who dual-boot other operating systems!
I guess W11 is the one that will get wiped.

I don't think this will affect multiboot setups - "all attached drives" to my understanding really means "all available NTFS partitions". I assume anything non-NTFS is left untouched.
Well, I guess if you multiboot multiple Windows installs it could mess with the other ones...

 

[WonkoTheSaneUK]

so probably Microsoft will be careful... but who knows.

Why would they start now?

I assume anything non-NTFS is left untouched.

Windows Installer treats any non-NTFS drive as empty, and therefore fair game to format and install on.

 

[wpontius18]

Such a risky and important setting should not be turned on by default; I hope Microsoft does the usual "are you sure? are you absolutely sure? really really sure?" trio of questions for this instead. Specially when there's risk of data loss (very real and tangible one) if something does go wrong with the keys.

I hope this is not a "don't you guys have Phones Internet?" and push for online backups instead to upsell OneDrive or whatever they call it now. Nowadays, even the more asinine and tinfoil hat takes, are feasible >_<

Regards.

From what I've read there is no prompt, notice or indication of the encryption. Unless Microsoft changes this by release there are going to be a lot of people losing data.

 

[TechnologyInTheDinosaur]

getting new windows 11 home computer. can I turn ON bitlocker, AND enable the pre-boot authentication password/code (turns on blue screen, requires password entry, or recovery key entry), or do i still have to buy windows 11 pro to do this? I WANT bitlocker, i want my computers to be a brick if anyone steals them. haveing encryption turned on, without requiring that pre-boot authentication, i believe makes bitlocker, even in windows 11 pro, less effective.
thanks