As mentioned in the article, FileVault is practically enabled by default during setup. IIRC you have to go out of your way not to have it enabled.<p>> Because users are encouraged during setup to configure FileVault on new devices it is uncommon to see devices without it
I don't get it, what's the problem with this? Did Apple' marketing materials suggest otherwise (ie. your data is safe even without a password)? Also, non-apple SSDs does this as well: <a href="https://superuser.com/questions/986387/why-does-my-ssd-internally-encrypt-data-even-without-a-password-set" rel="nofollow">https://superuser.com/questions/986387/why-does-my-ssd-inter...</a>
Encryption means speedy deletion so there is still value encrypting even if the key isn't protected. But that's probably not the reason for Apple always encrypting things with the key of the Secure Enclave. I think the reason for this design is to make the full system easier to reason about, which seems like best practice.
Does the encryption on a Mac SSD work as powerfully as on iOS devices? My understanding is that even government agencies can't decrypt iOS devices without the user's pin and it can't be brute forced. Is that true of Macs too?