[zigzag312]

This could lead to more data being lost than from ransomware.

The best part is Windows doesn't even notify you about it. It will show you numerous useless notifications and now even ads, but it won't notify you that it has encrypted all your data. As that would be too "intrusive".

I already know of one case where all data was lost. Somehow recovery key was not stored in Microsoft account.

[yonatan8070]

I tried to help someone who had a Windows update freeze for several _days_, and after force rebooting the PC it bluescreened and went to a BitLocker recovery screen, and he had no recovery keys in any of his accounts, and all data was lost.

I think it's absurd this kind of thing would be enabled by default without very explicit warnings about the possible reprucussions of not backing up your recovery keys

[numpad0]

Windows had been data loss positive for a while. I've lost files on Desktop and under C:\ couple times from trying to disable OneDrive.

[baobun]

Maybe not surprisingly, I've had a couple of tech-literate friends where they thought they were the only ones with a recovery key but it turned out (luckily, here) that MS had a copy after all.

[petre]

If MS has a copy then the Russians who hacked MS might also have one. This is not actual security, but rather a security circus. Windows 11 comes bundled with spyware and now ransomware and people pay for it.

[spacemanspiff01]

If you are worried about the Russians stealing your computer to decrypt the hard drive, you should be expected to have solid understanding of where all the potential decryption keys are kept.

I personally am happy for my Microsoft account to contain a copy. Yes it is an issue if I were to need security from a government, (either from subpoena or espionage). But it provides a very convenient backup of the recovery key, and security from random theft, which is my actual concern.

Also you can disable backing up the keys if you want to. People who need security from state level actors should be expected to take responsibility for proper configuration themselves.

[raxxorraxor]

I am personally not happy about that at all but my choice doesn't get any support. Not even registering Windows and turning off s-mode is possible without an account or with severe hacks that do involve deactivating secure boot anyway.

Microsoft is the security flaw here, they were even deemed a threat to national security in the US.

It is a complete circus and it lessens security compared to your average Windows 7 MBR installation while it was supported.

Microsoft forcing you to register to deactivate their presents pretty clearly line out their motivation here.