I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I’ve encountered include the option to encrypt, it is not selected by default.
Whether it’s a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won’t end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.
But that’s just me and I’m curious to hear what other reasons to encrypt or not to encrypt are out there.
Only encrypt the home partition, for the root partition it just unnecessarily slows down the system.
Also, I think, there could be different approaches instead of encryption. AFAIK, android doesn’t use encryption underneath, but uses a semi-closed bootloader (which means, if you install a different OS, all user data gets wiped). I’m currently investigating the feasibility of such an approach in the long term.
Android uses verified boot then encrypts the various profiles and the new private space seprately. This is how my GrapheneOS phone works.
Linux has a bunch of options. Ubuntu use to suggest per user encryption by ecryptfs but has since gone to partition based encryption via dm-crypt/LUKS. I still use either or both depending though ecryptfs seems depricated/discontinued and on the next upgrade I may discontinue.
Linux can support vaults too. Just locking certain folders. Encfs, and gocryptfs can do this for example. I use encfs though perhaps gocryptfs is a better choice these days. One can also use partition based solutions like dm-crypfs/LUKS or maybe even veracrypt too.
Android definitely has encrypion, but it is just the user data not the programs. It you ever run
mounton an android device you will see that it has lots of different partitions for that sort of stuff