I started encrypting once I moved to having a decent number of solid state drives as the tech can theoretically leave blocks unerased once they go bad. Before that my primary risk factor was at end of life recycling which I usually did early so I wasn’t overly concerned about tax documents/passwords etc being left as I’d use dd to write over the platters prior to recycling.

I don’t think I encrypt my drives and the main reason is it’s usually not a one-click process. I’m also not sure of the benefits from a personal perspective. If the government gets my drives I assume they’ll crack it in no time. If a hacker gets into my PC or a virus I’m assuming it will run while the drive is in an unencrypted state anyway. So I’m assuming it really only protects me from an unsophisticated attacker stealing my drive or machine.

Please educate me if I got this wrong.

Edit: Thanks for the counter points. I’ll look into activating encryption on my machines if they don’t already have it.

I don’t, I didn’t do it back then and I ended up using this system for much longer than I thought I would(4+ years). I want to do it next time but I don’t feel like reinstalling just for that.

Absolutely. LUKS full disk encryption. Comes as an opt-in checkbox on Ubuntu, for example.

And I too cannot understand why this is not opt-out rather than opt-in. Apparently we’ve decided that only normies on corporate spyware OSs need security, and we don’t.

I encrypt my home folder and Windows install just in case someone breaks into my house and steals my computer. Super annoying entering my password each boot though.

I don’t have FDE (BitLocker) enabled on my Windows 11 gaming PC. It sits in my house and has nothing on it but video games and video game related shit. I don’t even have my password manager installed for logging in to Steam, GoG or whatever other launcher. I manually type passwords in from the vault on my phone if the app doesn’t support QR code login like discord. Also I paid for this ridiculous m.2 nvme drive, I’m not going to just give up iops bc i want my game install files encrypted.

I don’t use FDE on my NAS. Again it doesn’t leave my house. I probably should I guess, bc there is some stuff on there that would cause me to have industry certs revoked if they leaked, but idk I don’t. Everything irreplaceable is backed up off site, but the down time it would take to rebuild my pirated media libraries from scratch vs just swapping disks and rebuilding has me leery.

I have FDE enabled on both my MacBooks. They leave the house with me, it seems to make sense.

I don’t use FDE on Linux VMs I create on the MacBooks, the disk is already encrypted.

My iphone doesn’t have the option to not use FDE I don’t think.

I use encrypted rsync backups to store NAS stuff in the cloud. I use a PGP key on my yubikey to further encrypt specific files on my MacBooks as required beyond the general FDE.

I have stopped encrypting my drives, because if anything goes wrong and the system won’t boot it makes recovery more difficult. It’s a dual boot machine with Windows 11, and I had a lot of awkwardness with Bitlocker that led to me deciding to abandon encryption in both OSs. I save sensitive files to encrypted volumes in VeraCrypt.

I don’t for a pretty simple reason. I have a wife, if something ever happened to me then she could end up a creek without a paddle. So by not having it encrypted then, anyone kinda technical can just pull data off the drive.

I don’t xkcd.com/538/

I’m convinced the chances of me losing access to the data are higher than encryption protecting it from a bad actor.

Let’s be real, full disk encryption won’t protect a running system and if someone has physical access and really wants it, encryption won’t protect you from the $5 wrench either.

I do encrypt my phone data though, as someone running away with my phone is more realistic.

Doesn’t Pop have that by default? I think others have too.

Anyway, yes for basically everything. Except my servers main partition, because otherwise recovering from crashes would be horribly annoying or unsafe if I’d use cryptssh. And if the dns+dhcp/gateway/VPN server crashes I’d definitely need 22 open.

Yeah, on my laptop - because I travel with it and confidential data (like from my customers) could land in hands its not supposed to

No, in case of my desktop, because it’s easier to access it in case of failure

Yes because it is one click

If I delete my drive, it is rubbish

It doesnt impact my performance much

I encrypted my professional laptop’s drive in order to prevent access to company data and code in case of theft. And I’ll probably encrypt my personal laptop as well because the SSH key can access company code.

As for the desktop, I didn’t and probably never will, because theft is less likely and that would be a pain to handle for nightly backups (it is turned on with Wake-on-LAN and then a cron backs up my home directory to my NAS).

Finally, I won’t encrypt my NAS as well for the same reason: it would quickly become a hassle as I would have to manually decrypt the drives every time it boots after a power outage.

No need as none of them are networked

Mostly I don’t, but I want to start to. I only have one laptop encrypted and of course I keep my phones encrypted.

Yes because my distro also have encrypted /boot included

Because it requires generating, memorizing and entering a secure password. Because Linux typically doesn’t support fingerprint readers or other biometrics.

i’d really like to. but there is ONE big problem:

Keyboard layouts.

seriously

I hate having to deal with that. when I set up my laptop with ubuntu, I tried at least 3 thymes to make it work, but no matter what I tried I was just locked out of my brand-new system. it cant just be y and z being flipped, I tried that, maybe it was the french keyboard layout (which is absolutely fucked) or something else, but it just wouldnt work.

On my mint PC I have a similar problem with the default layout having weird extra keys and I just sort of work around that, because fuck dealing with terminals again. (when logged in it works, because I can manually change it to the right one.)

Now I do have about a TerraByte of storage encrypted, just for the… more sensitive stuff…

While dealing with the problems I stumbled across a story of a user who had to recover their data using muscle-memory, a broken keyboard, the same model of keyboard and probably a lot of patience. good luck to that guy.

Depends. On external drives yes. On internal boot drive no. I had performance issues and thermal issues with it so stopped on boot drives.

I encrypt all my filesystems, boot partitions excluded. I started with my work laptop. It made the most sense because there is a real possibility that it gets lost or stolen at some point. But once I learned how simple encryption is, I just started doing it everywhere. It’s probably not gonna come into play ever for my desktop, but it also doesn’t really cost me anything to be extra safe.

I don’t do it for my desktop because 1) I highly doubt my desktop would get stolen. 2) I installed Linux before I was aware of encryption, and don’t have any desire to do a reinstall on my desktop at this time.

For my laptop, yes, I do (with exception of the boot partition), since it would be trivial to steal and this is a more recent install. I use clevis to auto-unlock the drive by getting keys from the TPM. I need to better protect myself against evil maids, though - luckily according to the Arch Wiki Clevis supports PCR registers.

It’s one of those things where it depends on the computer. My old box that’s running win 7 has nothing but music and backed up media files on it, isn’t connected to the internet at all, and there’s really no point to it being encrypted.

My laptop leaves the house, and is connected, so it gets the treatment. My general purpose PC is, though that was more just because of a random choice rather than a carefully chosen decision. I figured I’d try it for a few weeks, then nuke it if it was a problem. It hasn’t been, and I haven’t needed to do anything to it that would require a change.

The other people in the house have chosen not to.

I’m not certain I would encrypt my main desktop again, just because it’s one more thing to do, and I’m getting lazy lol. I don’t have any sensitive files at all, and if things in the world get so bad that some agency is after me, I’m going to be hiding out up in this holler I know, not worrying about leaving a computer behind. Won’t be power anyway, and the only shit they’d find is some pirated files.

I’d be more worried about my phone and my main tablet than any of the PCs, and those would either go with me, or get melted down before I left. Thermite is cheap and easy.

laptop yeah

desktop nah

Yes, and for the life of me I don’t understand why there isn’t a default LUKS with hibernate partition in the Debian installer.

Yes. I encrypt because theft. I know PopOS and Mint make it 1-click ez. …unless of course you want home and root on a separate drives. That scales difficulty real fast. There’s plenty of tutorials, and I managed, but I had to patch together different ones to get a basic setup-- Never mind understanding exactly what I did and repeating it (the latest challenge I’ve been dragging my feet on). I do hope this is an area that sees more development in the near future.

I used to, but then I nuked my install accidentally and I couldn’t recover the encrypted data. I nuke my installs fairly regularly. I just did again this past week while trying to resize my / and my /home partitions. I’ve resigned myself to only encrypting specific files and directories on demand.

My phone is fully encrypted though.

No. I prefer the quickest way to share my data between different computers and operating systems on my home network. I will also mention that my network is not accessible over the internet.

I encrypt my laptop and desktops and I think it’s worth it. I regret encrypting my servers because they need passwords to turn on.

I encrypt my laptop and desktops and I think it’s worth it. I regret encrypting my servers because they need passwords to turn on. I couldn’t figure out how to handle it when away.

I encrypt my desktop and laptop but not my servers. On desktop, that excludes drives that aren’t my OS/boot drive.

I encrypt all my drives. Me and the people I know get occasionally raided by the police. Plus I guess also provides protection for nosy civilians who get their hands on my devices. Unlike most security measures, there is hardly any downside to encrypting your drives—a minor performance hit, not noticeable on modern hardware, and having to type in a password upon boot, which you normally have to do anyway.

Almost everything that can be is: laptops, desktop, servers (LUKS), phone (grapheneos)

I encrypt everything that leaves my house since it could be easily lost or stolen, but it is rather inconvenient.

If someone breaks into my house, I’ve got bigger problems than someone getting their hands on my media collection. I think it would be more likely for me to mess something up and loose access to my data than for someone to steal it.

Yes absolutely, it is the building block of my security posture. I encrypt because I don’t want thieves to have access to my personal data, nor do I want law enforcement or the state to have access if they were to raid my house. I’m politically active and a dissident so I find it vital to keep my data secure and private, but frankly everybody should be doing it for their own protection and peace of mind

Of course, I’m paranoid and don’t trust the US government. Or any government really. “First they came for _____” and all that; Id rather just tell them to pound sand immediately instead of get caught with my pants down.

I always encrypt my computer SSD as well as my external backup drive. I just wish that when installing a Linux distro and when selecting encryption that it would work with multiple drives

Every endpoint device I use is using full disk encryption, yes.

I was recently intrigued to learn that only half of the respondents to a survey said that they used NO disk encryption.

Is the other half alright?

My Laptop and Phone have encrypted drives, my Desktop doesn’t.

I don’t wanna risk losing anything on the drive thats important .

encrypted | backed up
----------|----------
       no |        no
       no |       yes
      yes |        no
      yes |       yes

Yeah all my drives are encrypted with LUKS mostly because of home burglaries (bad area and whatnot). I still keep backups regardless on drives that are also encrypted

Had nosey cops trying to get into my phones illegally recently… do not understand people that dont encrypt shit

I would strongly encourage people to encrypt their on site data storage drives even if they never leave the house and theft isn’t a realistic thing that can happen.

The issue is hard drive malfunction. If a drive has sensitive data on it and malfunctions. It becomes very hard to destroy that data.

If that malfunctioning hard drive was encrypted you can simply toss it into an e-waste bin worry free. If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.

I use encryption on laptops, because they can be stolen in the train, bus, etc. On work desktop, I do so as well, because there are many people around. However, on everything that stay at home, I prefer not to use it to simplifiy things and get more performance.

My laptops are encrypted in case they get stolen or someone gets access to them at uni.

I don’t even know how to do it

I don’t really see the point. If someone’s trying to access my data it’s most likely to be from kind of remote exploit so encryption won’t help me. If someone’s breaks into my house and steals my computer I doubt they’ll be clever enough to do anything with it. I guess there’s the chance that they might sell it online and it gets grabbed by someone who might do something, but most of my important stuff is protected with two factor authentication. It’s getting pretty far fetched that someone might be able to crack all my passwords and access things that way.

It’s far more likely that it’s me trying to recover data and I’ve forgotten my password for the drive.

Its that simple.

I can expand my own creativity and store every thought and creative Art, without anybody being able to find out after my death or while someone raids me.

Maybe I stored an opinion against some president, and maybe the government changed its working, which allows police to raid someone for little suspection.

You never know if you ever have something to hide. While things are okay now and today, it might be highly illegal tomorrow.

Those are ideas. But generally its only about the feeling of privacy.

No. I break my system occasionally and then it’s a hassle.

Only encrypt the home partition, for the root partition it just unnecessarily slows down the system.

Also, I think, there could be different approaches instead of encryption. AFAIK, android doesn’t use encryption underneath, but uses a semi-closed bootloader (which means, if you install a different OS, all user data gets wiped). I’m currently investigating the feasibility of such an approach in the long term.

No.

I spend a significant amount of time on other things, e.g. NOT using BigTech, no Facebook, Insta, Google, etc where I would “volunteer” private information for a discount. I do lock the physical door of my house (most of the time, not always) and have a password … but if somebody is eager and skilled enough to break in my home to get my disks, honestly they “deserve” the content.

It’s a bit like if somebody where to break in and stole my stuff at home, my gadgets or jewelry. Of course I do not welcome it, nor help with it hence the lock on the front door or closed windows, but at some point I also don’t have cameras, alarms, etc. Honestly I don’t think I have enough stuff worth risking breaking in for, both physical and digital. The “stuff” I mostly cherish is relationship with people, skills I learned, arguably stuff I built through those skills … but even that can be built again. So in truth I don’t care much.

I’d argue security is always a compromise, a trade of between convenience and access. Once you have few things in place, e.g. password, 2nd step auth, physical token e.g. YubiKeyBio, the rest becomes marginally “safer” for significant more hassle.

I used to, but it’s proven to be a pain more often than a blessing. I’m also of the opinion that if a bad actor capable of navigating the linux file system and getting my information from it has physical access to my disk, it’s game over anyway.

All my important files are on a NAS, so if someone steals my laptop, there’s nothing of value there without being able to log in and mount the remote file systems

Full disk encryption on everything. My Servers, PCs etc. Gives me peace of mind that my data is safe even when the device is no longer in my control.

Yes. Encrypting your entire hard drive has basically been a tickbox in the Fedora installer for a long time now. No reason why I wouldn’t do it. It’s, easy, doesn’t give me any problems and improves my devices security with defence-in-depth. No brainer.

are you guys using the bios ssd encryption option or a software solution?

Honestly… Why bother? If someone gains remote access to my system, an encrypted disk won’t help. It’s just a physical access preventer afaik, and I think the risk of that being necessary is very low. Encrypted my work computer because we had to and that environment also made it make more sense, I technically had sensitive customer info on it, though I worked at Oracle so of course they had to make it as convoluted and shitty as possible.

I do, laptops and workstations.

It’s just too easy not to, and there’s almost no downsides to it. (I only need to reboot, once a month or two.)

Well, unless you consider the possibility of forgetting the password a downside, so for that reason I keep the password in a password manager.

In case my laptop was stolen, there would quite a couple fewer things to worry about. Especially things like client’s data which could be under NDA’s, etc…

I encrypt everything, with unique complex passwords, that I have a safe mnemonic system for remembering and retrieving.

I have no significant private data on my disks. They can be wiped whether encrypted or not if they’re stolen. And I like that in theory if my pc explodes I can recover the data with only the drive.

I encrypt my workstations and backups thereof on external devices. To protect against theft or a lazy state-level adversary

I don’t but admittedly I don’t do much stuff on my laptop that’s super secure. it’s mainly for gaming and the odd programming project.

My drives are not encrypted because it’s a hassle if things start going wrong. My NAS is software raid so the individual disks mean nothing anyway. The only drive that is encrypted is my backup disk and I’m not really sure if it was needed.

My issue is that I can never remember “a couple more commands” for the life of me. And I use Arch BTW, so the likelihood of me needing those is a bit higher than usual.

I wanted to but everyone on Lemmy told me I was an idiot for wanting a feature Mac and Windows have had for a decade (decrypt on login) .

But seriously it’s just not there on Linux yet. Either you encrypt and have two passwords, or give up convenience features like biometrics. Anything sensitive lives somewhere else.

I don’t encrypt my entire drive, but I do have encrypted directories for my sensitive data. If I did encrypt an entire drive, it would only be the drive containing my data not the system drive.

Asahi Linux doesn’t support encryption and getting it to work requires a lot of steps and that I reinstall it which I don’t have time for, so I don’t have it enabled on my laptop, and if it gets stolen or confiscated I’m fucked.

I have it enabled on my server and phone.

I do not as I do not have any sensitive data and what data is sensitive are the digital documents which are securely encrypted by default via id card and its passwords.

If I start having something worth protecting I will turn on fedoras encryption. But until then anyone who manages to steal my 100 eur thinkpad and guess its password is welcome to try out linux and see if they like it I guess.

I made the mistake of not setting up encryption on my main 45TB zfs pool so I’m currently backing up everything on there to tape so I can recreate the pool (also need to change from mirrored to raidz) and then copying everything back to the drives. Although writing and reading each are around 6 days continuesly. Didn’t want to bite the bullet and pay more then I absolutely had to and only got a LTO-4 drive and tapes.

Yes. I have sensitive info in my PC (work credentials) and in the case of a break-in, last thing I want is to jeopardize my job.

Most mobile/laptop devices should be encrypted by default. They are too prone to loss or theft. Even that isn’t sufficient with border crossings where you are probably better off wiping them or leaving them behind.

My desktop has no valuable data like crypto, sits in a locked and occupied house in a small rural community with relatively low crime (public healthcare, social security, aging population). I have no personal experience of property theft in over half a decade.

I encrypt secrets with a hardware key. They are only accessed as needed. This is a much more appropriate solution than whole disk encryptiom for my circumstances. Encrypting Linux packages and steam libraries doesn’t offer any practical benefit and unlocking my filesystem at login would not protect from network exfiltration which is a more realistic risk. It adds overhead.and another point of failure for no real benefit.

No, I don’t encrypt. I am a grown ass man and I rarely take my laptop out of my home. I don’t have any sensitive data on my various machines. I do use secure and encrypted cloud services to store things that I consider a security risk. Everything else is useless to a potential intruder.

I do on all my devices that can as a matter of practice, not for any real threat. I’m interested to learn about how to set it up and use it on a daily basis including how to do system recoveries. I guess it’s largely academic.

Once I switched to linux as my daily driver, I didn’t have a need to do piracy anymore since all the software I need is FOSS.

I do encrypt my drives, and it’s not as transparent in Linux as it is in the others. I’m sure I could get a TPM setup for seamless boots, but I haven’t done that yet.

For mobile drivers, I still encrypt, but that locks them to one OS since LUKS isn’t cross platform. There is VeraCrypt for cross-platform encryption, but that’s one more thing to manage and install.

I used to, but not anymore, except for my laptop I plan on taking with me travelling. My work laptop and personal laptop are both encrypted.

I figure my home is safe enough, and I only really need encryption if I’m going to be travelling.

One of my friends locked himself out of his PC and all his data because he forgot his master password, and I don’t want to do that myself lol

Yep. Everything except my server, which needs to be able to boot without my help. Because why not? I rarely ever reboot anything, so it doesn’t really hurt, and if anyone steals my shit they won’t get my wife’s noods.

Depends on the use case. Definitely for my laptop though. In fact the decryption keys only exist in two places:

1. Inside my TPM
2. In a safe deposit box at a bank.

I don’t encrypt because it’s too much effort to learn about it.

Id rather keep my filesystem unencrypted so that I can easily recover from problems and encrypt important files as needed, but let’s be real I don’t do that either.

For my laptop, yeah. I rarely actually use it though. For my desktop not so much. I really don’t keep that much personal information on it to begin with, and if someone breaks into my house they could probably get more by stealing the desk my computer is sitting on then by stealing the computer. It just feels like a silly thing to waste my time with.

yes. if you live in a country without democracy. it is the only way to protect yourself and your data from nsa agent kicking your door.