Yes, would be a better start. Even better would be to build my own hardware, to be sure to understand what it does and be safe. Or I could just stop using stuff I do not fully understand. But this all for me is not practical.
Also I do not write my own software and I have to trust Microsoft, Google, Debian or Purism. I decided to try PureOS.
And I think from the way Purism presents themselfs I owe them my positive friendly mistrust.
As I wrote: The information about how that default encryption works and which compromises are taken should be given to the user.
Let’s say you’d want to make sure that you’d have access to the data on disk drives of Purism customers at some point in the future if needed. What would you do? Alter some software on the notebook being delivered and taking the risk of that being uncovered? Would you build some hardware device into those notebooks and take the risk that being uncovered?
The way you’d do it now you would simply copy the master key for disk encryption without anybody ever being able to prove that you did so. You couldn’t be uncovered or detected taking this step by checking on the hardware or software of those notebooks.
Later, if you’d get into the need to read users data, you could decide which measures and risks to take to get your hands on the raw data on that harddrive.
If the user changed the master key for disk encryption this wouldn’t work.
In the end you’re right. This is just one little step improving one aspect of security. But knowing this everybody can make their own decisions.