I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I’ve encountered include the option to encrypt, it is not selected by default.
Whether it’s a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won’t end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.
But that’s just me and I’m curious to hear what other reasons to encrypt or not to encrypt are out there.
All my important files are on a NAS, so if someone steals my laptop, there’s nothing of value there without being able to log in and mount the remote file systems
I used to, but it’s proven to be a pain more often than a blessing. I’m also of the opinion that if a bad actor capable of navigating the linux file system and getting my information from it has physical access to my disk, it’s game over anyway.
No.
I spend a significant amount of time on other things, e.g. NOT using BigTech, no Facebook, Insta, Google, etc where I would “volunteer” private information for a discount. I do lock the physical door of my house (most of the time, not always) and have a password … but if somebody is eager and skilled enough to break in my home to get my disks, honestly they “deserve” the content.
It’s a bit like if somebody where to break in and stole my stuff at home, my gadgets or jewelry. Of course I do not welcome it, nor help with it hence the lock on the front door or closed windows, but at some point I also don’t have cameras, alarms, etc. Honestly I don’t think I have enough stuff worth risking breaking in for, both physical and digital. The “stuff” I mostly cherish is relationship with people, skills I learned, arguably stuff I built through those skills … but even that can be built again. So in truth I don’t care much.
I’d argue security is always a compromise, a trade of between convenience and access. Once you have few things in place, e.g. password, 2nd step auth, physical token e.g. YubiKeyBio, the rest becomes marginally “safer” for significant more hassle.
No. I break my system occasionally and then it’s a hassle.
I don’t really see the point. If someone’s trying to access my data it’s most likely to be from kind of remote exploit so encryption won’t help me. If someone’s breaks into my house and steals my computer I doubt they’ll be clever enough to do anything with it. I guess there’s the chance that they might sell it online and it gets grabbed by someone who might do something, but most of my important stuff is protected with two factor authentication. It’s getting pretty far fetched that someone might be able to crack all my passwords and access things that way.
It’s far more likely that it’s me trying to recover data and I’ve forgotten my password for the drive.
My laptops are encrypted in case they get stolen or someone gets access to them at uni.
Only encrypt the home partition, for the root partition it just unnecessarily slows down the system.
Also, I think, there could be different approaches instead of encryption. AFAIK, android doesn’t use encryption underneath, but uses a semi-closed bootloader (which means, if you install a different OS, all user data gets wiped). I’m currently investigating the feasibility of such an approach in the long term.
Android uses verified boot then encrypts the various profiles and the new private space seprately. This is how my GrapheneOS phone works.
Linux has a bunch of options. Ubuntu use to suggest per user encryption by ecryptfs but has since gone to partition based encryption via dm-crypt/LUKS. I still use either or both depending though ecryptfs seems depricated/discontinued and on the next upgrade I may discontinue.
Linux can support vaults too. Just locking certain folders. Encfs, and gocryptfs can do this for example. I use encfs though perhaps gocryptfs is a better choice these days. One can also use partition based solutions like dm-crypfs/LUKS or maybe even veracrypt too.
Android definitely has encrypion, but it is just the user data not the programs. It you ever run
mounton an android device you will see that it has lots of different partitions for that sort of stuff
Its that simple.
I can expand my own creativity and store every thought and creative Art, without anybody being able to find out after my death or while someone raids me.
Maybe I stored an opinion against some president, and maybe the government changed its working, which allows police to raid someone for little suspection.
You never know if you ever have something to hide. While things are okay now and today, it might be highly illegal tomorrow.
Those are ideas. But generally its only about the feeling of privacy.
I use encryption on laptops, because they can be stolen in the train, bus, etc. On work desktop, I do so as well, because there are many people around. However, on everything that stay at home, I prefer not to use it to simplifiy things and get more performance.
I don’t even know how to do it
Tick a box when installing some distros. Like OoenSUSE.
Never got it when installing Ubuntu. Any way of enabling it after install?
I don’t wanna risk losing anything on the drive thats important .
May i suggest a technique for remembering the password?
write it down
but instead of writing down the password, write down questions that only you can reasonably answer. For example:
- what was the name of the first girl i kissed?
- where did i go to on summer camp?
- which special event happened there?
and the answer would be: “mary beach rodeo” or idk what. this way, you construct a password out of multiple words that each are an answer to a simple question.
Maybe I might try this, and am open to advice :)
That is a good reason to backup, but has nothing to do with encryption.
That is a good reason to backup
This is true.
but has nothing to do with encryption.
I disagree with this. If you forget the password for decrypting your drive, then you will have lost “anything on the drive that’s important”. I know because it happened to me long ago, and so now I too have been wary of disk encryption ever since then.
Encryption and backup are orthogonal domains. If you don’t understand why, I’m sure you’re not going to take a random strangers’ opinion on the subject.
Mind expanding just a bit through? IMHO it’s not orthogonal in the sense that either your backups are :
- unencrypted and thus your is are safe (you have copies you can access despite losing your keys) but not secure (someone else can read the content too)
- encrypted and thus your data is NOT safe if you lose your keys but secure
Isn’t it?
I keep backups (regular, incremental, remote) to keep my data safe in case something happens to my local data. This protects me from things like theft, hardware failure, accidental deletion of some important files. Having multiple generations (daily, weekly, monthly) will protect me when I delete some files and only realize weeks later.
All of this is a separated issue to having encryption or not. I encrypt both local and backup copies, and store the keys in a password manager.
See what works for you, but don’t confuse the issues.
I meant if I lose my encryption key I lose the data on the disk.
That is a good reason to backup, but has nothing to do with encryption.
(For real though I have a backup of all of my drive LUKS headers stored on several media types on and off site.)
My Laptop and Phone have encrypted drives, my Desktop doesn’t.
I encrypt everything that leaves my house since it could be easily lost or stolen, but it is rather inconvenient.
If someone breaks into my house, I’ve got bigger problems than someone getting their hands on my media collection. I think it would be more likely for me to mess something up and loose access to my data than for someone to steal it.
I would strongly encourage people to encrypt their on site data storage drives even if they never leave the house and theft isn’t a realistic thing that can happen.
The issue is hard drive malfunction. If a drive has sensitive data on it and malfunctions. It becomes very hard to destroy that data.
If that malfunctioning hard drive was encrypted you can simply toss it into an e-waste bin worry free. If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.
1 torx screwdriver 1 hammer
not the hardest thing to scratch up the platters and then fold them into abstract art
I don’t bother to take out the screws. I just drill handful of holes trough the whole thing. Or if you’re really paranoid a MAP torch is enough to melt the whole thing (don’t breath the smoke).
True. This does work. But it is less secure and much harder than just tossing an encrypted HDD into an e-waste bin. It probably is more fun though. 🤔
I encrypt all my drives. Me and the people I know get occasionally raided by the police. Plus I guess also provides protection for nosy civilians who get their hands on my devices. Unlike most security measures, there is hardly any downside to encrypting your drives—a minor performance hit, not noticeable on modern hardware, and having to type in a password upon boot, which you normally have to do anyway.
Where do you live that you’re getting raided by the police? This sounds like one of those situations where they might use the wrench technique.
I don’t want to say where I live for anonymity reasons, but I will note that it’s fairly standard for political dissidents to be raided by any government so it doesn’t actually particularly narrow down my location.
What’s the wrench technique?
