I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I’ve encountered include the option to encrypt, it is not selected by default.
Whether it’s a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won’t end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.
But that’s just me and I’m curious to hear what other reasons to encrypt or not to encrypt are out there.
I don’t encrypt my entire drive, but I do have encrypted directories for my sensitive data. If I did encrypt an entire drive, it would only be the drive containing my data not the system drive.
My drives are not encrypted because it’s a hassle if things start going wrong. My NAS is software raid so the individual disks mean nothing anyway. The only drive that is encrypted is my backup disk and I’m not really sure if it was needed.
My issue is that I can never remember “a couple more commands” for the life of me. And I use Arch BTW, so the likelihood of me needing those is a bit higher than usual.
I don’t but admittedly I don’t do much stuff on my laptop that’s super secure. it’s mainly for gaming and the odd programming project.
I have no significant private data on my disks. They can be wiped whether encrypted or not if they’re stolen. And I like that in theory if my pc explodes I can recover the data with only the drive.
I do, laptops and workstations.
It’s just too easy not to, and there’s almost no downsides to it. (I only need to reboot, once a month or two.)
Well, unless you consider the possibility of forgetting the password a downside, so for that reason I keep the password in a password manager.
In case my laptop was stolen, there would quite a couple fewer things to worry about. Especially things like client’s data which could be under NDA’s, etc…
Full disk encryption on everything. My Servers, PCs etc. Gives me peace of mind that my data is safe even when the device is no longer in my control.
No.
I spend a significant amount of time on other things, e.g. NOT using BigTech, no Facebook, Insta, Google, etc where I would “volunteer” private information for a discount. I do lock the physical door of my house (most of the time, not always) and have a password … but if somebody is eager and skilled enough to break in my home to get my disks, honestly they “deserve” the content.
It’s a bit like if somebody where to break in and stole my stuff at home, my gadgets or jewelry. Of course I do not welcome it, nor help with it hence the lock on the front door or closed windows, but at some point I also don’t have cameras, alarms, etc. Honestly I don’t think I have enough stuff worth risking breaking in for, both physical and digital. The “stuff” I mostly cherish is relationship with people, skills I learned, arguably stuff I built through those skills … but even that can be built again. So in truth I don’t care much.
I’d argue security is always a compromise, a trade of between convenience and access. Once you have few things in place, e.g. password, 2nd step auth, physical token e.g. YubiKeyBio, the rest becomes marginally “safer” for significant more hassle.
but if somebody is eager and skilled enough to break in my home to get my disks, honestly they “deserve” the content.
The problem with “my disks” is there’s always some other’s people on it, in one way or another.
But of course, it’s your call. We all have gaps in our “walls” and it’s not like I’d be pretending that LUKS is all that matters.
No. I break my system occasionally and then it’s a hassle.
Its that simple.
I can expand my own creativity and store every thought and creative Art, without anybody being able to find out after my death or while someone raids me.
Maybe I stored an opinion against some president, and maybe the government changed its working, which allows police to raid someone for little suspection.
You never know if you ever have something to hide. While things are okay now and today, it might be highly illegal tomorrow.
Those are ideas. But generally its only about the feeling of privacy.
I use encryption on laptops, because they can be stolen in the train, bus, etc. On work desktop, I do so as well, because there are many people around. However, on everything that stay at home, I prefer not to use it to simplifiy things and get more performance.
I don’t https://xkcd.com/538/
I’m convinced the chances of me losing access to the data are higher than encryption protecting it from a bad actor.
Let’s be real, full disk encryption won’t protect a running system and if someone has physical access and really wants it, encryption won’t protect you from the $5 wrench either.
I do encrypt my phone data though, as someone running away with my phone is more realistic.
Who’s gonna come at me with a $5 wrench because they really want my data, though? The attack I’m most likely to experience is someone stealing my laptop while I’m out traveling. That’s what full filesystem encryption solves best.
Or per XKCD, where are they finding a wrench for $5??
I’d imagine you could get a decent bludgeoning wrench for around that at a pawn shop. Doesn’t need to be super functional. A pipe wrench in need of some rehabilitation would work nicely.
I’m not worried about getting raided by the KGB or anything like that, but break-ins happen and my computer equipment would be a prime target for theft.
I occasionally cycle my backup drives off-site, so I want those encrypted as well.
The cost of encryption is very close to zero, so I don’t even entertain the question of whether I should encrypt or not. I just encrypt by default.
Possibly overestimating the value of the data entrusted to me, but whenever I see that xkcd, I like to think that I at least have the option to remain silent and die with dignity if I really don’t want the contents of my disk out there.
Tackling the real issues right here!
It should be encrypted by default because most people don’t take care to dispose of their machines responsibly. I picked up a few machines destined for ewaste and the hard drives were full of tax returns.
Lol police doesnt just use a hammer
I encrypt all my drives. Me and the people I know get occasionally raided by the police. Plus I guess also provides protection for nosy civilians who get their hands on my devices. Unlike most security measures, there is hardly any downside to encrypting your drives—a minor performance hit, not noticeable on modern hardware, and having to type in a password upon boot, which you normally have to do anyway.
I would strongly encourage people to encrypt their on site data storage drives even if they never leave the house and theft isn’t a realistic thing that can happen.
The issue is hard drive malfunction. If a drive has sensitive data on it and malfunctions. It becomes very hard to destroy that data.
If that malfunctioning hard drive was encrypted you can simply toss it into an e-waste bin worry free. If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.
If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.
If by heavy tools, you mean a screwdriver and an angle grinder, then yeah, but it’s not that hard in reality.
If your drive starts malfunctioning, then without encryption you might be able to read some sectors and recover a few things. With encryption you are SOL.
This is why backups are important. But even if the drive is encrypted recovering data is exactly as easy as recovery from a non encrypted drive.
- Do a ddrescue of the drive.
- Re apply the luks header.
- decrypt all non corrupt sectors
- Use appropriate tools to recover files.
Like you lose the same sectors if those sectors are encrypted or not.
Great point.
I provided reasons why I encrypted my drives but this one is even better.
(Another one could be if you need to get your computer to a repair shop, and for some reason you can’t just remove the drive.)
1 torx screwdriver 1 hammer
not the hardest thing to scratch up the platters and then fold them into abstract art
True. This does work. But it is less secure and much harder than just tossing an encrypted HDD into an e-waste bin. It probably is more fun though. 🤔
Every endpoint device I use is using full disk encryption, yes.
