this post was submitted on 08 May 2024
135 points (96.6% liked)

Technology

34894 readers
871 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 6 months ago (2 children)

You didn’t store the key anywhere but on that disk.

Windows does not let you store the recovery key on an encrypted drive.

The rest only means, we need to deal better with our data. All the above basically also applies when you HDD or SSD dies, which can happen any time.

Backups is what you need, not an unencrypted drive.

[–] [email protected] 10 points 6 months ago (1 children)

not everyone is tech-savvy like folks on Lemmy. you can tell that to your grandma or your parents to do that to do regular backup. That is why it could cause a headache for repair business

[–] [email protected] 6 points 6 months ago* (last edited 6 months ago) (3 children)

Non tech-savvy folks aren't transplanting their hard drives in the first place.

[–] [email protected] 3 points 6 months ago (1 children)

No, but when their computer dies they'll take it to someone who does (Paid or not) to "Get their precious grandbaby photos back"

That person will inevitably ask for the key and Grandma is gonna go "What key?!?" And then when she's told all those photos are lost she's going to get pissed at the wrong person guaranteed.

These are also the same people that never change defaults soo yea this is stupid, just leave it as an easily accessible toggle for anyone who wants or needs it, but the default should be off.

[–] [email protected] -2 points 6 months ago (1 children)

They could add some kind of message that warns about this, but I think it's a better idea to encrypt by default (warning or not) rather than not... at least for privacy reasons.

[–] [email protected] 3 points 6 months ago (1 children)

It really doesn't matter what message they show during setup, you haven't worked tech support or computer repair have you?

The non-savvy users rarely pay attention to shit, a message during setup will be nothing but a blip at best in their memory by the time something happens to the computer 2-4 years later.

We've been telling non-savvy users to make sure they backup their shit for literally decades now, they still don't. Not even macOS encrypts the user data partition by default, this is gonna be a shit show and hell desks and computer repair shops everywhere are on the front line.

[–] [email protected] 0 points 6 months ago (1 children)

I consider that a separate issue.

IMO OS vendors pushing for full disk encryption is light years better than simply shrugging and saying "well people might be dumb so we shouldn't do it at all".

[–] [email protected] 2 points 6 months ago (1 children)

Just turning it on for everyone like they're planning is what I have issues with.

macOS does prompt the user to enable FileVault during initial setup, but it defaults to disabled. The other thing users do, is default to the default when they don't understand something.

So by defaulting to disabled, not many people enable FileVault without actually knowing what it's talking about. If they do know what it's talking about then all's good because they'll probably actually write down the recovery key.

MS's plan so far is "On the next update we'll just turn it on for everyone everywhere and (maybe) display a fast message with a recovery key, YOLO"

[–] [email protected] -1 points 6 months ago (1 children)

Maybe educating people about backups (in general) is a better approach than being averse to increasing security/privacy.

I still prefer MS pushing updates to people that never update vs the alternative of them getting viruses and such all the time. I just wish there was an easier way for advanced users to turn it off permanently, but it's still not impossible so I still prefer this to people not updating at all.

[–] [email protected] 1 points 6 months ago (1 children)

Maybe educating people about backups (in general) is a better approach than being averse to increasing security/privacy.

Like I said, there's been various backup your shit campaigns for decades now, why do you think the next time is going to be different? One of my windows PCs literally just sent a notification about backing things up (it's what reminded me of this lmao), I wonder how many non-savvy users got that and completely ignored it?

I still prefer MS pushing updates to people that never update vs the alternative of them getting viruses and such all the time. I just wish there was an easier way for advanced users to turn it off permanently, but it's still not impossible so I still prefer this to people not updating at all.

Agreed, but this is not a matter of updates, it's a matter of how they're handling this specific update. I personally just don't see the benefits of forcing FDE on for everyone outweighing the risks.

Your average home user is going to primarily get their data stolen via malware or social engineering, both of which FDE does nothing to protect against.

[–] [email protected] -1 points 6 months ago* (last edited 6 months ago)

All we can do is try. If we warned them and they still don't do it, well you just can't fix stupid and it's not our problem anymore, plus they have bigger issues if they can't read. That's still better than doing nothing. And still better than not having device encryption IMO.

[–] [email protected] 1 points 6 months ago

No but they’re taking it to repair shops who then find that they can’t recover their customers data because it’s encrypted and then they lose al their photos and data they never backed up, because they’re not tech-savvy.

[–] [email protected] 1 points 6 months ago

I don't see what that has to do with the drive dying. Every drive dies at some point, even if left in it's place

[–] [email protected] 3 points 6 months ago (1 children)

Well, it kinda does. If you choose to print your keys, you can use print to file and safe them to the encrypted drive, if you really want to for some reason.

[–] [email protected] 0 points 6 months ago

Yep but at this point it is obvious to the user that this is not the way it is supposed to be. When you want to shoot yourself in the foot...