They should, but then it only takes one misconfigured, or misbehaving machine to cause a data breach that, depending on the industry, could be a big headache and cost. At scale, with many employees, the chances of this happening approach 1.
Physical destruction is cheap and effective insurance against this.
From reliability perspective an used SSD is not a bad idea. Average SSD that has seen typical business / home use will become obsolete long before it reaches its TBW rating, and many drives last way beyond that. Keyboard, screen or even the motherboard are more likely to give up before the SSD.
Having IT roll up into me, I've seen way, way more batteries fail than SSDs. Screen failure [and hinge failure] is far more common than SSDs failing. Keyboard/touchpads fail more often. Charging bricks/cables also fail somewhat more than SSDs. Beyond that, in the low end of the laptop re-use market, "just blindly always buy and install a new SSD" breaks the economics pretty badly.
Look at the SMART stats, format the drive, and install your OS. For people shopping laptops under $250, that seems like a better path than a new SSD.
Why take the risk? If you remove the drive when decommissioning a machine you now have 100% certainty that there is no possible data leak and it costs nothing but two minutes of labor.
If you care at all about data leaks, there's literally no reason to not destroy decomissioned frives and a lot of very real potential risks in not destroying it.
It may be "nicer" to a hypothetical second user, but you don't care about them and new drives are dirt cheap anyway.
I don't trust HP firmware to wake the laptop from sleep in one attempt, let alone trust them to securely store their telemetry (that they won't let me see directly).
> Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change.
And in any event, I would tend to argue that the matter of reselling is secondary: The problem is that the affected disks are effectively unencrypted, and that's a problem regardless. If your disks are properly encrypted, then reselling them should be safe.
This is incorrect and not how Bitlocker operates at all. Bitlocker doesn't operate with self encrypted drives, instead the encryption happens on the OS level.
What's incorrect? The part of the official MS announcement that it's done in software now, or that it used to trust drive-level hardware encryption (as shown in the above vulnerability)?
There's a possibility that unencrypted data could be in a sector marked "bad" (if plaintext data was present before encryption was turned on). It's just not worth it. I always take my drives out and put a few holes on them on the drill press before disposing/donating computers.
Physical destruction is cheap and effective insurance against this.