You don't see an installer when you buy a new Mac. I just installed 5 new computers in an office, and none of them had a mechanism for enabling FileVault other than going into sysprefs and turning it on myself.
Wow, I'm actually surprised this is true. I didn't believe you, except I went into System Preferences on my new Mac and saw that FileVault wasn't enabled. That greatly surprises me because I've definitely seen the FileVault FDE option, with it being on by default, in the setup wizard before.
Does anyone know where/when this occurs? If you install macOS from scratch on a computer?
I thought it was the default too but now I'm thinking I've just been conditioned into accepting it as a sensible default* and might have automatically enabled it on my own accord after reading the instructions.
Of course I like to poke around a new system and reconfigure everything only to immediately forget I made that change.
I started using full drive encryption as soon as I started getting faster devices (i.e., not the Nexus 4) - in fact I've only not too long ago reformatted an external backup HDD (WD Green - unremarkable) to use LUKS encryption, and haven't really noticed a noticeable performance hit (Phoronix has some good benchmarks on various types of disk/folder encryption). It's laughable now to think I left it on the floor ("secured" by the 5-pin tumbler lock in my front door) without any kind of data/identity theft* protection for so long.
* As an aside, here's a vaguely-relevant #1 trending story in Australian media for the past few days (related in a general security sense which most people neglect - not necessarily disk encryption): https://www.smh.com.au/business/companies/masterchef-finalis...
As others have pointed out, it seems that FileVault is not enabled by default on new Macs. You have to go to System Preferences and find the option enable it.
However, when running the macOS installer, either when installing a fresh copy of macOS or when performing an upgrade, the default is to turn FileVault on unless you uncheck it.
I guess there are valid reasons why Apple don't ship new Macs with FileVault enabled from the factory. But it is strange that it doesn't at least prompt you / encourage you to enable it in the initial setup wizard, like the macOS installer does.
> I guess there are valid reasons why Apple don't ship new Macs with FileVault enabled from the factory.
Should we assume that when it could also be likely there's no good reason? Especially given common practices like this - which I also experienced when I had my entire 2016 MBP in for a battery (and therefore full topcase) replacement: https://www.troyhunt.com/apples-desensitisation-of-the-human...
(In own my case, after questioning,
I gave them a non-admin test account after I modified ~/ permissions away from 744 - yet, it was I who felt like the crazy one for not simply handing over all my active browser/email login sessions. Imagine what a great attack vector that would be for most Apple customers.)
I could be mistaken, but I could have sworn it was a checked-by-default checkbox in the welcome to macOS app that runs when you open a new machine from the factory. I don't recall having to go into system preferences to turn it on with my most recently purchased machine.
