I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I’ve encountered include the option to encrypt, it is not selected by default.
Whether it’s a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won’t end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.
But that’s just me and I’m curious to hear what other reasons to encrypt or not to encrypt are out there.
Asahi Linux doesn’t support encryption and getting it to work requires a lot of steps and that I reinstall it which I don’t have time for, so I don’t have it enabled on my laptop, and if it gets stolen or confiscated I’m fucked.
I have it enabled on my server and phone.
@sudoer777 @monovergent , create an encrypted container? It’s a little tedious, but fairly distro agnostic.
Edit: Definitely throw together scripts to simplify the process of unlocking and mounting.
I don’t encrypt because it’s too much effort to learn about it.
Id rather keep my filesystem unencrypted so that I can easily recover from problems and encrypt important files as needed, but let’s be real I don’t do that either.
I don’t really see the point. If someone’s trying to access my data it’s most likely to be from kind of remote exploit so encryption won’t help me. If someone’s breaks into my house and steals my computer I doubt they’ll be clever enough to do anything with it. I guess there’s the chance that they might sell it online and it gets grabbed by someone who might do something, but most of my important stuff is protected with two factor authentication. It’s getting pretty far fetched that someone might be able to crack all my passwords and access things that way.
It’s far more likely that it’s me trying to recover data and I’ve forgotten my password for the drive.
No. I break my system occasionally and then it’s a hassle.
This is one of those moments where “skill issue” fully applies 😁
Keep learning, friend, I’ve been there and Linux is a journey
yes. if you live in a country without democracy. it is the only way to protect yourself and your data from nsa agent kicking your door.
I use encryption on laptops, because they can be stolen in the train, bus, etc. On work desktop, I do so as well, because there are many people around. However, on everything that stay at home, I prefer not to use it to simplifiy things and get more performance.
For my laptop, yeah. I rarely actually use it though. For my desktop not so much. I really don’t keep that much personal information on it to begin with, and if someone breaks into my house they could probably get more by stealing the desk my computer is sitting on then by stealing the computer. It just feels like a silly thing to waste my time with.
It’s one of those things where it depends on the computer. My old box that’s running win 7 has nothing but music and backed up media files on it, isn’t connected to the internet at all, and there’s really no point to it being encrypted.
My laptop leaves the house, and is connected, so it gets the treatment. My general purpose PC is, though that was more just because of a random choice rather than a carefully chosen decision. I figured I’d try it for a few weeks, then nuke it if it was a problem. It hasn’t been, and I haven’t needed to do anything to it that would require a change.
The other people in the house have chosen not to.
I’m not certain I would encrypt my main desktop again, just because it’s one more thing to do, and I’m getting lazy lol. I don’t have any sensitive files at all, and if things in the world get so bad that some agency is after me, I’m going to be hiding out up in this holler I know, not worrying about leaving a computer behind. Won’t be power anyway, and the only shit they’d find is some pirated files.
I’d be more worried about my phone and my main tablet than any of the PCs, and those would either go with me, or get melted down before I left. Thermite is cheap and easy.
I don’t have FDE (BitLocker) enabled on my Windows 11 gaming PC. It sits in my house and has nothing on it but video games and video game related shit. I don’t even have my password manager installed for logging in to Steam, GoG or whatever other launcher. I manually type passwords in from the vault on my phone if the app doesn’t support QR code login like discord. Also I paid for this ridiculous m.2 nvme drive, I’m not going to just give up iops bc i want my game install files encrypted.
I don’t use FDE on my NAS. Again it doesn’t leave my house. I probably should I guess, bc there is some stuff on there that would cause me to have industry certs revoked if they leaked, but idk I don’t. Everything irreplaceable is backed up off site, but the down time it would take to rebuild my pirated media libraries from scratch vs just swapping disks and rebuilding has me leery.
I have FDE enabled on both my MacBooks. They leave the house with me, it seems to make sense.
I don’t use FDE on Linux VMs I create on the MacBooks, the disk is already encrypted.
My iphone doesn’t have the option to not use FDE I don’t think.
I use encrypted rsync backups to store NAS stuff in the cloud. I use a PGP key on my yubikey to further encrypt specific files on my MacBooks as required beyond the general FDE.
Yes, and for the life of me I don’t understand why there isn’t a default LUKS with hibernate partition in the Debian installer.
I used to, but then I nuked my install accidentally and I couldn’t recover the encrypted data. I nuke my installs fairly regularly. I just did again this past week while trying to resize my / and my /home partitions. I’ve resigned myself to only encrypting specific files and directories on demand.
My phone is fully encrypted though.
Your recovery problem was a backup issue not an encryption issue. Consider addressing the backup issue.
I have and I’ve concluded that I’m not made of money and therefore can’t afford to have multiple terabyte drives just lying around with redundant data just in case.
If I could afford it, then I wouldn’t have been resizing my ‘/’ partition to free up 80GB of space.
I would strongly encourage people to encrypt their on site data storage drives even if they never leave the house and theft isn’t a realistic thing that can happen.
The issue is hard drive malfunction. If a drive has sensitive data on it and malfunctions. It becomes very hard to destroy that data.
If that malfunctioning hard drive was encrypted you can simply toss it into an e-waste bin worry free. If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.
If your drive starts malfunctioning, then without encryption you might be able to read some sectors and recover a few things. With encryption you are SOL.
This is why backups are important. But even if the drive is encrypted recovering data is exactly as easy as recovery from a non encrypted drive.
- Do a ddrescue of the drive.
- Re apply the luks header.
- decrypt all non corrupt sectors
- Use appropriate tools to recover files.
Like you lose the same sectors if those sectors are encrypted or not.
1 torx screwdriver 1 hammer
not the hardest thing to scratch up the platters and then fold them into abstract art
True. This does work. But it is less secure and much harder than just tossing an encrypted HDD into an e-waste bin. It probably is more fun though. 🤔
I don’t bother to take out the screws. I just drill handful of holes trough the whole thing. Or if you’re really paranoid a MAP torch is enough to melt the whole thing (don’t breath the smoke).
Great point.
I provided reasons why I encrypted my drives but this one is even better.
(Another one could be if you need to get your computer to a repair shop, and for some reason you can’t just remove the drive.)
Another one is that if you delete a file on an encrypted drive it can’t be undeleted later on. Lots of benefits.
I just encrypt devices that leave the house. I do have access to a hard drive crusher if I lose a drive (recently crushed a tablet that wouldn’t power on)
Fair. If you have access to a crusher then maybe I can see not encrypting. But even then with non encrypted drives files can be recovered even after deleting etc.
If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.
If by heavy tools, you mean a screwdriver and an angle grinder, then yeah, but it’s not that hard in reality.
I mean if you have an angle grinder and a space to safely use it sure. But it’s still harder than just dropping the HDD off at an e-waste bin.
I have stopped encrypting my drives, because if anything goes wrong and the system won’t boot it makes recovery more difficult. It’s a dual boot machine with Windows 11, and I had a lot of awkwardness with Bitlocker that led to me deciding to abandon encryption in both OSs. I save sensitive files to encrypted volumes in VeraCrypt.
Bittlocker is a pain. Simply booting a maintainance disk requied me to use the recovery codes to get back into windows.
It has locked me out for attaching a USB device once or twice. Seems a bit extreme.
I assume it has something to do with how secure boot, the TPM, and Bitlocker interact.
My laptops are encrypted in case they get stolen or someone gets access to them at uni.
Its that simple.
I can expand my own creativity and store every thought and creative Art, without anybody being able to find out after my death or while someone raids me.
Maybe I stored an opinion against some president, and maybe the government changed its working, which allows police to raid someone for little suspection.
You never know if you ever have something to hide. While things are okay now and today, it might be highly illegal tomorrow.
Those are ideas. But generally its only about the feeling of privacy.
