2w ago

Do you encrypt your drives and why or why not?

I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I've encountered include the option to encrypt, it is not selected by default.

Whether it's a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won't end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.

But that's just me and I'm curious to hear what other reasons to encrypt or not to encrypt are out there.

231 comments

I don't https://xkcd.com/538/
I'm convinced the chances of me losing access to the data are higher than encryption protecting it from a bad actor.
Let's be real, full disk encryption won't protect a running system and if someone has physical access and really wants it, encryption won't protect you from the $5 wrench either.
I do encrypt my phone data though, as someone running away with my phone is more realistic.
- Who's gonna come at me with a $5 wrench because they really want my data, though? The attack I'm most likely to experience is someone stealing my laptop while I'm out traveling. That's what full filesystem encryption solves best.
  
  Or per XKCD, where are they finding a wrench for $5??
- I'm not worried about getting raided by the KGB or anything like that, but break-ins happen and my computer equipment would be a prime target for theft.
  I occasionally cycle my backup drives off-site, so I want those encrypted as well.
  The cost of encryption is very close to zero, so I don't even entertain the question of whether I should encrypt or not. I just encrypt by default.
- Possibly overestimating the value of the data entrusted to me, but whenever I see that xkcd, I like to think that I at least have the option to remain silent and die with dignity if I really don't want the contents of my disk out there.
  
  If I remember correctly, some USA agency said torture is ineffective because you will talk, you like it or not. When you are asking someone for a thing they don’t know they will say a lie just to stop the pain. So I guess anyone will give their password with enough time
  
  Nothing I have is worth dying over. I'd give up on the first threat.
  Drives in server are not encrypted but backups to the cloud are. Laptop used to but causes to many issues and it doesn't really leave the house much.
- It should be encrypted by default because most people don’t take care to dispose of their machines responsibly. I picked up a few machines destined for ewaste and the hard drives were full of tax returns.
- Lol police doesnt just use a hammer

I encrypt everything that leaves my house since it could be easily lost or stolen, but it is rather inconvenient.
If someone breaks into my house, I've got bigger problems than someone getting their hands on my media collection. I think it would be more likely for me to mess something up and loose access to my data than for someone to steal it.

laptop yeah
desktop nah
- Same here. My desktop is in a controlled environment, so I don't see a need. Plus, if I do have some sort of issue, I will still be able to access those files.
  Since I actually take my laptop places, I have that encrypted for sure.
- Yeah me too. It goes back to your threat level. How likely is it that someone is going to break into my home to steal my desktop all James Bond-like? The answer is, “not very.” Anything mobile has a significantly higher probability of falling into the wrong hands. These things are encrypted. Even the very old laptop that never leaves my house is encrypted because it could.

I encrypt all my drives. Me and the people I know get occasionally raided by the police. Plus I guess also provides protection for nosy civilians who get their hands on my devices. Unlike most security measures, there is hardly any downside to encrypting your drives—a minor performance hit, not noticeable on modern hardware, and having to type in a password upon boot, which you normally have to do anyway.
- Where do you live that you’re getting raided by the police? This sounds like one of those situations where they might use the wrench technique.
  
  I don't want to say where I live for anonymity reasons, but I will note that it's fairly standard for political dissidents to be raided by any government so it doesn't actually particularly narrow down my location.
  What's the wrench technique?

I don't think I encrypt my drives and the main reason is it's usually not a one-click process. I'm also not sure of the benefits from a personal perspective. If the government gets my drives I assume they'll crack it in no time. If a hacker gets into my PC or a virus I'm assuming it will run while the drive is in an unencrypted state anyway. So I'm assuming it really only protects me from an unsophisticated attacker stealing my drive or machine.
Please educate me if I got this wrong.
Edit: Thanks for the counter points. I'll look into activating encryption on my machines if they don't already have it.
- is it’s usually not a one-click process
  It is, these days. Ubuntu and Fedora, for example. But you still have to select it or it won't happen. PopOS, being explicitly designed for laptops, has it by default.
  If the government gets my drives I assume they’ll crack it in no time.
  Depends on your passphrase. If you follow best practice and go with, say, a 25-character passphrase made up of obscure dictionary words, then no, even a state will not be cracking it quickly at all.
  If a hacker gets into my PC or a virus I’m assuming it will run while the drive is in an unencrypted state anyway.
  Exactly. This is the weak link of disk encryption. You usually need to turn off the machine, i.e. lose the key from memory, in order to get the full benefits. A couple of consolations: (1) In an emergency, you at least have the option of locking it down; just turn it off - even a hard shutdown will do. (2) As you say, only a sophisticated attacker, like the police, will have the skills to break open your screenlocked machine while avoiding any shutdown or reboot.
  Another, less obvious, reason for encrypting: it means you can sell the drive, or laptop, without having to wipe it. Encrypted data is inaccessible, by definition.
  Encryption of personal data should be the default everywhere. Period.
  
  Well said. LUKS implements AES-256, which is also entrusted by the U.S. government and various other governments to protect data from state and non-state adversaries.
- A big benefit of encryption is that if your stuff is stolen, it adds a lot of time for you to change passwords and invalidate any signed in accounts, email credentials, login sessions, etc.
  This is true even if a sophisticated person steals the computer. If you leave it wide open then they can go right in and copy your cookies, logins, and passwords way faster. But if it's encrypted, they need to plug your drive into their system and try to crack your stuff, which takes decent time to set up. And the cracking itself, even if it takes only hours, would be even more time you can use to secure your online accounts.
  On Linux, my installs always had a checkbox plus a password form for the encryption.
  
  I think this is true for computers that are in danger of being stolen. Laptops or PCs in dorms or other shared living spaces. But I live in a relatively secure area, burglaries are very rare and my PC never leaves the building. So the benefits of encryption are pretty much negligible.
- It is a one click process if you use user friendly distros
- GNOME disks is a nice GUI that lets you setup disks with ease. Encryption can be easily setup with it.

No.
I spend a significant amount of time on other things, e.g. NOT using BigTech, no Facebook, Insta, Google, etc where I would "volunteer" private information for a discount. I do lock the physical door of my house (most of the time, not always) and have a password ... but if somebody is eager and skilled enough to break in my home to get my disks, honestly they "deserve" the content.
It's a bit like if somebody where to break in and stole my stuff at home, my gadgets or jewelry. Of course I do not welcome it, nor help with it hence the lock on the front door or closed windows, but at some point I also don't have cameras, alarms, etc. Honestly I don't think I have enough stuff worth risking breaking in for, both physical and digital. The "stuff" I mostly cherish is relationship with people, skills I learned, arguably stuff I built through those skills ... but even that can be built again. So in truth I don't care much.
I'd argue security is always a compromise, a trade of between convenience and access. Once you have few things in place, e.g. password, 2nd step auth, physical token e.g. YubiKeyBio, the rest becomes marginally "safer" for significant more hassle.
- but if somebody is eager and skilled enough to break in my home to get my disks, honestly they “deserve” the content.
  The problem with "my disks" is there's always some other's people on it, in one way or another.
  But of course, it's your call. We all have gaps in our "walls" and it's not like I'd be pretending that LUKS is all that matters.

No. I break my system occasionally and then it's a hassle.

I don’t really see the point. If someone’s trying to access my data it’s most likely to be from kind of remote exploit so encryption won’t help me. If someone’s breaks into my house and steals my computer I doubt they’ll be clever enough to do anything with it. I guess there’s the chance that they might sell it online and it gets grabbed by someone who might do something, but most of my important stuff is protected with two factor authentication. It’s getting pretty far fetched that someone might be able to crack all my passwords and access things that way.
It’s far more likely that it’s me trying to recover data and I’ve forgotten my password for the drive.

My laptops are encrypted in case they get stolen or someone gets access to them at uni.

i'd really like to. but there is ONE big problem:
Keyboard layouts.
seriously
I hate having to deal with that. when I set up my laptop with ubuntu, I tried at least 3 thymes to make it work, but no matter what I tried I was just locked out of my brand-new system. it cant just be y and z being flipped, I tried that, maybe it was the french keyboard layout (which is absolutely fucked) or something else, but it just wouldnt work.
On my mint PC I have a similar problem with the default layout having weird extra keys and I just sort of work around that, because fuck dealing with terminals again. (when logged in it works, because I can manually change it to the right one.)
Now I do have about a TerraByte of storage encrypted, just for the... more sensitive stuff...
While dealing with the problems I stumbled across a story of a user who had to recover their data using muscle-memory, a broken keyboard, the same model of keyboard and probably a lot of patience. good luck to that guy.
- Have you tried peppermint or maybe coriander?
  Jokes aside, I believe the password entry stage is before any sort of localization happens, meaning what your keyboard looks like doesn't matter and the input language defaults to English. You have to type as if you're using an English keyboard. That's hardly a good solution if you're unfamiliar with that layout of course.
  
  Initrd has support to configure the keyboard layout used. Consult your initrd generator's documentation for this

I used to, but it's proven to be a pain more often than a blessing. I'm also of the opinion that if a bad actor capable of navigating the linux file system and getting my information from it has physical access to my disk, it's game over anyway.
- I'm also of the opinion that if a bad actor capable of navigating the linux file system and getting my information from it has physical access to my disk, it's game over anyway.
  I am sorry but that is BS. Encryption is not easy to break like in some Movies.
  If you are referring to that a bad actor breaks in and modifies your hardware with for example a keylogger/sniffer or something then that is something disk encryption does not really defend against.
  
  That's more what I mean. They won't break the encryption, but at that point with physical access to my home/ computer/ servers, I have bigger problems.
  There's very little stored locally that could be worse than a situation where someone has physical access to my machine.

I started encrypting once I moved to having a decent number of solid state drives as the tech can theoretically leave blocks unerased once they go bad. Before that my primary risk factor was at end of life recycling which I usually did early so I wasn’t overly concerned about tax documents/passwords etc being left as I’d use dd to write over the platters prior to recycling.
- This is the primary reason for me as well. Drive disposal. Also since we only get electronic statements, want to encrypt those.
- You got me curious. Passwords yeah, but tax documents? Why?
  
  This was a few drives ago but there was a point in time when most places were giving me digital copies of tax documents which I could upload to tax prep software but things like TurboTax didn’t have an auto import. So you’d need to download them then re-upload them to the correct service. Now they do it automatically so the only thing that would match that now now is receipts for expenses/donations and what not that I need to keep track of for manual entry.

Honestly... Why bother? If someone gains remote access to my system, an encrypted disk won't help. It's just a physical access preventer afaik, and I think the risk of that being necessary is very low. Encrypted my work computer because we had to and that environment also made it make more sense, I technically had sensitive customer info on it, though I worked at Oracle so of course they had to make it as convoluted and shitty as possible.
- You're somewhat right in the sense that the point of disk encryption is not to protect from remote attackers. However, physical access is a bigger problem in some cases (mostly laptops). I don't do it on my desktop because I neither want to reinstall nor do I think someone who randomly breaks in is going to put in the effort to lug it away to their vehicle.
  
  Certainly didn't mean to say it's never useful, just not useful for me
- Can you explain why if someone get access to your encrypted disk, they would have access to its contents?
  
  If someone can execute arbitrary code on my computer, it doesn't matter that the disk is encrypted, because I've already booted the machine up and entered the key. I'm certainly not the most cryptographically knowledge but using LUKS on Oracle Linux, I'd enter the key once while starting up, past that point there was no difference between an encrypted and unencrypted system. It seems logical to me, then, that if something can execute arbitrary code, it's after that point, so encryption won't matter to it. Encryption is more of a solution to someone physically obtaining your hard drive and preventing them from having access to the contents simply by plugging it into their system.
  Or at least that's my understanding, please correct me if I'm mistaken.

I used to, but not anymore, except for my laptop I plan on taking with me travelling. My work laptop and personal laptop are both encrypted.
I figure my home is safe enough, and I only really need encryption if I'm going to be travelling.
One of my friends locked himself out of his PC and all his data because he forgot his master password, and I don't want to do that myself lol
- Exactly the same rationale as mine.

I don't wanna risk losing anything on the drive thats important .
- May i suggest a technique for remembering the password?
  write it down
  but instead of writing down the password, write down questions that only you can reasonably answer. For example:
  what was the name of the first girl i kissed?
  where did i go to on summer camp?
  which special event happened there?
  and the answer would be: "mary beach rodeo" or idk what. this way, you construct a password out of multiple words that each are an answer to a simple question.
  
  Maybe I might try this, and am open to advice :)
  
  mary beach rodeo
  thank you for sharing your password 😜
- That is a good reason to backup, but has nothing to do with encryption.
  
  That is a good reason to backup
  This is true.
  but has nothing to do with encryption.
  I disagree with this. If you forget the password for decrypting your drive, then you will have lost "anything on the drive that's important". I know because it happened to me long ago, and so now I too have been wary of disk encryption ever since then.
  
  I meant if I lose my encryption key I lose the data on the disk.

I wanted to but everyone on Lemmy told me I was an idiot for wanting a feature Mac and Windows have had for a decade (decrypt on login) .
But seriously it's just not there on Linux yet. Either you encrypt and have two passwords, or give up convenience features like biometrics. Anything sensitive lives somewhere else.
- You're an idiot, go back to macOS you fucking normie
  (/s, I'm also waiting for TPM encryption + user home encryption)
  
  Clevis pretty much does TPM encryption and is in most distros' repos. I use it on my Thinkpad. It would be nice if it had a GUI to set it up; more distros should have this as a default option.
  You do have to have an unencrypted boot partition, but the issues with this can at least in be mitigated with PCR registers, which I need to set up.

My Laptop and Phone have encrypted drives, my Desktop doesn't.

Most mobile/laptop devices should be encrypted by default. They are too prone to loss or theft. Even that isn't sufficient with border crossings where you are probably better off wiping them or leaving them behind.
My desktop has no valuable data like crypto, sits in a locked and occupied house in a small rural community with relatively low crime (public healthcare, social security, aging population). I have no personal experience of property theft in over half a decade.
I encrypt secrets with a hardware key. They are only accessed as needed. This is a much more appropriate solution than whole disk encryptiom for my circumstances. Encrypting Linux packages and steam libraries doesn't offer any practical benefit and unlocking my filesystem at login would not protect from network exfiltration which is a more realistic risk. It adds overhead.and another point of failure for no real benefit.

Its that simple.
I can expand my own creativity and store every thought and creative Art, without anybody being able to find out after my death or while someone raids me.
Maybe I stored an opinion against some president, and maybe the government changed its working, which allows police to raid someone for little suspection.
You never know if you ever have something to hide. While things are okay now and today, it might be highly illegal tomorrow.
Those are ideas. But generally its only about the feeling of privacy.

I don't for a pretty simple reason. I have a wife, if something ever happened to me then she could end up a creek without a paddle. So by not having it encrypted then, anyone kinda technical can just pull data off the drive.
- If that's the only reason, it's not a great one. You could solve it by storing the password with your important documents.
  
  It is the largest reason. Storing the password is one thing but to make the device reasonable to use I would likely store the key's in TPM with a backup key. I don't think she would be technical enough to use the backup keys were something additional to happen.
- Give her and your personal representatives the keys or access to the keys. Problem solved.
  Same problem as you passwords and password manager.
  
  BioMyth
  I understand that giving the keys can partially solve the access problem. But she would still possibly be unable to use the device. Additionally, I don't know that she would be capable of using the keys without additional assistance and we don't have other techies in our community who could step up in that capacity.

Almost everything that can be is: laptops, desktop, servers (LUKS), phone (grapheneos)

No, I don't encrypt. I am a grown ass man and I rarely take my laptop out of my home. I don't have any sensitive data on my various machines. I do use secure and encrypted cloud services to store things that I consider a security risk. Everything else is useless to a potential intruder.

I use encryption on laptops, because they can be stolen in the train, bus, etc. On work desktop, I do so as well, because there are many people around. However, on everything that stay at home, I prefer not to use it to simplifiy things and get more performance.

I encrypt all my filesystems, boot partitions excluded. I started with my work laptop. It made the most sense because there is a real possibility that it gets lost or stolen at some point. But once I learned how simple encryption is, I just started doing it everywhere. It's probably not gonna come into play ever for my desktop, but it also doesn't really cost me anything to be extra safe.

It's one of those things where it depends on the computer. My old box that's running win 7 has nothing but music and backed up media files on it, isn't connected to the internet at all, and there's really no point to it being encrypted.
My laptop leaves the house, and is connected, so it gets the treatment. My general purpose PC is, though that was more just because of a random choice rather than a carefully chosen decision. I figured I'd try it for a few weeks, then nuke it if it was a problem. It hasn't been, and I haven't needed to do anything to it that would require a change.
The other people in the house have chosen not to.
I'm not certain I would encrypt my main desktop again, just because it's one more thing to do, and I'm getting lazy lol. I don't have any sensitive files at all, and if things in the world get so bad that some agency is after me, I'm going to be hiding out up in this holler I know, not worrying about leaving a computer behind. Won't be power anyway, and the only shit they'd find is some pirated files.
I'd be more worried about my phone and my main tablet than any of the PCs, and those would either go with me, or get melted down before I left. Thermite is cheap and easy.

Full disk encryption on everything. My Servers, PCs etc. Gives me peace of mind that my data is safe even when the device is no longer in my control.

My drives are not encrypted because it's a hassle if things start going wrong. My NAS is software raid so the individual disks mean nothing anyway. The only drive that is encrypted is my backup disk and I'm not really sure if it was needed.

I have stopped encrypting my drives, because if anything goes wrong and the system won't boot it makes recovery more difficult. It's a dual boot machine with Windows 11, and I had a lot of awkwardness with Bitlocker that led to me deciding to abandon encryption in both OSs. I save sensitive files to encrypted volumes in VeraCrypt.
- Bittlocker is a pain. Simply booting a maintainance disk requied me to use the recovery codes to get back into windows.
  
  It has locked me out for attaching a USB device once or twice. Seems a bit extreme.

I used to, but then I nuked my install accidentally and I couldn't recover the encrypted data. I nuke my installs fairly regularly. I just did again this past week while trying to resize my / and my /home partitions. I've resigned myself to only encrypting specific files and directories on demand.
My phone is fully encrypted though.
- Your recovery problem was a backup issue not an encryption issue. Consider addressing the backup issue.
  
  I have and I've concluded that I'm not made of money and therefore can't afford to have multiple terabyte drives just lying around with redundant data just in case.
  If I could afford it, then I wouldn't have been resizing my '/' partition to free up 80GB of space.

I do encrypt my drives, and it’s not as transparent in Linux as it is in the others. I’m sure I could get a TPM setup for seamless boots, but I haven’t done that yet.
For mobile drivers, I still encrypt, but that locks them to one OS since LUKS isn’t cross platform. There is VeraCrypt for cross-platform encryption, but that’s one more thing to manage and install.

Yes, and for the life of me I don't understand why there isn't a default LUKS with hibernate partition in the Debian installer.

I do on all my devices that can as a matter of practice, not for any real threat. I'm interested to learn about how to set it up and use it on a daily basis including how to do system recoveries. I guess it's largely academic.
Once I switched to linux as my daily driver, I didn't have a need to do piracy anymore since all the software I need is FOSS.

Depends on the use case. Definitely for my laptop though. In fact the decryption keys only exist in two places:
Inside my TPM
In a safe deposit box at a bank.

I encrypted my professional laptop's drive in order to prevent access to company data and code in case of theft. And I'll probably encrypt my personal laptop as well because the SSH key can access company code.
As for the desktop, I didn't and probably never will, because theft is less likely and that would be a pain to handle for nightly backups (it is turned on with Wake-on-LAN and then a cron backs up my home directory to my NAS).
Finally, I won't encrypt my NAS as well for the same reason: it would quickly become a hassle as I would have to manually decrypt the drives every time it boots after a power outage.

Had nosey cops trying to get into my phones illegally recently.. do not understand people that dont encrypt shit

I would strongly encourage people to encrypt their on site data storage drives even if they never leave the house and theft isn’t a realistic thing that can happen.
The issue is hard drive malfunction. If a drive has sensitive data on it and malfunctions. It becomes very hard to destroy that data.
If that malfunctioning hard drive was encrypted you can simply toss it into an e-waste bin worry free. If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.
- 1 torx screwdriver 1 hammer
  not the hardest thing to scratch up the platters and then fold them into abstract art
  
  I don't bother to take out the screws. I just drill handful of holes trough the whole thing. Or if you're really paranoid a MAP torch is enough to melt the whole thing (don't breath the smoke).
  
  True. This does work. But it is less secure and much harder than just tossing an encrypted HDD into an e-waste bin. It probably is more fun though. 🤔
- If your drive starts malfunctioning, then without encryption you might be able to read some sectors and recover a few things. With encryption you are SOL.
  
  This is why backups are important. But even if the drive is encrypted recovering data is exactly as easy as recovery from a non encrypted drive.
  Do a ddrescue of the drive.
  Re apply the luks header.
  decrypt all non corrupt sectors
  Use appropriate tools to recover files.
  Like you lose the same sectors if those sectors are encrypted or not.
- Great point.
  I provided reasons why I encrypted my drives but this one is even better.
  (Another one could be if you need to get your computer to a repair shop, and for some reason you can't just remove the drive.)
  
  Another one is that if you delete a file on an encrypted drive it can’t be undeleted later on. Lots of benefits.
- I just encrypt devices that leave the house. I do have access to a hard drive crusher if I lose a drive (recently crushed a tablet that wouldn't power on)
  
  Fair. If you have access to a crusher then maybe I can see not encrypting. But even then with non encrypted drives files can be recovered even after deleting etc.
- If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.
  If by heavy tools, you mean a screwdriver and an angle grinder, then yeah, but it's not that hard in reality.
  
  I mean if you have an angle grinder and a space to safely use it sure. But it’s still harder than just dropping the HDD off at an e-waste bin.

Yeah, on my laptop - because I travel with it and confidential data (like from my customers) could land in hands its not supposed to
No, in case of my desktop, because it's easier to access it in case of failure
- My thinking is similar. I've seen this news story more than once:
  laptop stolen containing customer data... hard drive was not encrypted
  I don't generally have customer data, but it can happen every once in a while.

Every endpoint device I use is using full disk encryption, yes.

yes. if you live in a country without democracy. it is the only way to protect yourself and your data from nsa agent kicking your door.

I don't encrypt my entire drive, but I do have encrypted directories for my sensitive data. If I did encrypt an entire drive, it would only be the drive containing my data not the system drive.
- but I do have encrypted directories for my sensitive data
  What do you use for encrypted directories? Ecryptfs?
  
  I use Linux and it's built in to my desktop environment. I just create a new vault.

Asahi Linux doesn't support encryption and getting it to work requires a lot of steps and that I reinstall it which I don't have time for, so I don't have it enabled on my laptop, and if it gets stolen or confiscated I'm fucked.
I have it enabled on my server and phone.
- @sudoer777 @monovergent , create an encrypted container? It's a little tedious, but fairly distro agnostic.
  Edit: Definitely throw together scripts to simplify the process of unlocking and mounting.
  https://null-byte.wonderhowto.com/how-to/hide-sensitive-files-encrypted-containers-your-linux-system-0186691/

I don't even know how to do it
- Tick a box when installing some distros. Like OoenSUSE.
  
  Never got it when installing Ubuntu. Any way of enabling it after install?

Doesn't Pop have that by default? I think others have too.
Anyway, yes for basically everything. Except my servers main partition, because otherwise recovering from crashes would be horribly annoying or unsafe if I'd use cryptssh. And if the dns+dhcp/gateway/VPN server crashes I'd definitely need 22 open.

Yes. I encrypt because theft. I know PopOS and Mint make it 1-click ez. ...unless of course you want home and root on a separate drives. That scales difficulty real fast. There's plenty of tutorials, and I managed, but I had to patch together different ones to get a basic setup-- Never mind understanding exactly what I did and repeating it (the latest challenge I've been dragging my feet on). I do hope this is an area that sees more development in the near future.
- That does make encryption was less appealing to me. On one of my machines / and /home are on different drives and parts of ~ are on yet another one.
  I consider the ability to mount file systems in random folders or to replace directories with symlinks at will to be absolutely core features of unixoid systems. If the current encryption toolset can't easily facilitate that then it's not quite RTM for my use case.

Yep. Everything except my server, which needs to be able to boot without my help. Because why not? I rarely ever reboot anything, so it doesn’t really hurt, and if anyone steals my shit they won’t get my wife’s noods.

I don't encrypt because it's too much effort to learn about it.
Id rather keep my filesystem unencrypted so that I can easily recover from problems and encrypt important files as needed, but let's be real I don't do that either.

I encrypt my laptop and desktops and I think it’s worth it. I regret encrypting my servers because they need passwords to turn on.

I don't, I didn't do it back then and I ended up using this system for much longer than I thought I would(4+ years). I want to do it next time but I don't feel like reinstalling just for that.
- Good news, you can use cryptsetup to do it in place! https://unix.stackexchange.com/questions/444931/is-there-a-way-to-encrypt-disk-without-formatting-it
  
  I wish I found a guide like that back when I first made the move to FDE. Regardless, I was adamantly against reinstalling and painstakingly replicating my customizations, so I came up with a hacky way of tacking on FDE.
  It went something along the lines of:
  Shrinking the root partition as much as possible
  From Live CD, dd root partition to external drive
  Perform minimal encrypted install of Debian
  From Live CD, open LUKS container of the newly-installed Debian and overwrite the root partition within with my old root partition.
  Update fstab, crypttab, initramfs, and grub
  Cross my fingers and reboot

Yes absolutely, it is the building block of my security posture. I encrypt because I don’t want thieves to have access to my personal data, nor do I want law enforcement or the state to have access if they were to raid my house. I’m politically active and a dissident so I find it vital to keep my data secure and private, but frankly everybody should be doing it for their own protection and peace of mind

Yes because my distro also have encrypted /boot included

Of course, I'm paranoid and don't trust the US government. Or any government really. "First they came for _____" and all that; Id rather just tell them to pound sand immediately instead of get caught with my pants down.

Yes. I have sensitive info in my PC (work credentials) and in the case of a break-in, last thing I want is to jeopardize my job.

I encrypt my home folder and Windows install just in case someone breaks into my house and steals my computer. Super annoying entering my password each boot though.

Absolutely. LUKS full disk encryption. Comes as an opt-in checkbox on Ubuntu, for example.
And I too cannot understand why this is not opt-out rather than opt-in. Apparently we've decided that only normies on corporate spyware OSs need security, and we don't.
- Because when shit breaks nobody wants to hear that their data is gone forever
  
  And yet somehow on mobile, where most personal computing is now done, this is not a problem.
  
  People, listen to Juvenile and "back that thang up!" That man understand the importance of data redundancy.
- There is a major downside to encryption: If you forget your password or your tpm fails and you've not backed things up, then that data is gone forever. If someone doesn't have anything incriminating or useful to theives on their device, the easier reparability might justify not enabling it.
  
  Why is this a problem for us and not for ordinary dummies on Android? It's been the default there for years already.

Yes because it is one click
If I delete my drive, it is rubbish
It doesnt impact my performance much

231 comments