Linux

I don't think I encrypt my drives and the main reason is it's usually not a one-click process. I'm also not sure of the benefits from a personal perspective. If the government gets my drives I assume they'll crack it in no time. If a hacker gets into my PC or a virus I'm assuming it will run while the drive is in an unencrypted state anyway. So I'm assuming it really only protects me from an unsophisticated attacker stealing my drive or machine.

Please educate me if I got this wrong.

Edit: Thanks for the counter points. I'll look into activating encryption on my machines if they don't already have it.

I would strongly encourage people to encrypt their on site data storage drives even if they never leave the house and theft isn’t a realistic thing that can happen.

The issue is hard drive malfunction. If a drive has sensitive data on it and malfunctions. It becomes very hard to destroy that data.

If that malfunctioning hard drive was encrypted you can simply toss it into an e-waste bin worry free. If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.

All my important files are on a NAS, so if someone steals my laptop, there's nothing of value there without being able to log in and mount the remote file systems

Almost everything that can be is: laptops, desktop, servers (LUKS), phone (grapheneos)

i'd really like to. but there is ONE big problem:

Keyboard layouts.

seriously

I hate having to deal with that. when I set up my laptop with ubuntu, I tried at least 3 thymes to make it work, but no matter what I tried I was just locked out of my brand-new system. it cant just be y and z being flipped, I tried that, maybe it was the french keyboard layout (which is absolutely fucked) or something else, but it just wouldnt work.

On my mint PC I have a similar problem with the default layout having weird extra keys and I just sort of work around that, because fuck dealing with terminals again. (when logged in it works, because I can manually change it to the right one.)

Now I do have about a TerraByte of storage encrypted, just for the... more sensitive stuff...

While dealing with the problems I stumbled across a story of a user who had to recover their data using muscle-memory, a broken keyboard, the same model of keyboard and probably a lot of patience. good luck to that guy.

I don't even know how to do it

Every endpoint device I use is using full disk encryption, yes.

I started encrypting once I moved to having a decent number of solid state drives as the tech can theoretically leave blocks unerased once they go bad. Before that my primary risk factor was at end of life recycling which I usually did early so I wasn’t overly concerned about tax documents/passwords etc being left as I’d use dd to write over the platters prior to recycling.

Only encrypt the home partition, for the root partition it just unnecessarily slows down the system.

Also, I think, there could be different approaches instead of encryption. AFAIK, android doesn't use encryption underneath, but uses a semi-closed bootloader (which means, if you install a different OS, all user data gets wiped). I'm currently investigating the feasibility of such an approach in the long term.

I used to, but then I nuked my install accidentally and I couldn't recover the encrypted data. I nuke my installs fairly regularly. I just did again this past week while trying to resize my / and my /home partitions. I've resigned myself to only encrypting specific files and directories on demand.

My phone is fully encrypted though.

It's one of those things where it depends on the computer. My old box that's running win 7 has nothing but music and backed up media files on it, isn't connected to the internet at all, and there's really no point to it being encrypted.

My laptop leaves the house, and is connected, so it gets the treatment. My general purpose PC is, though that was more just because of a random choice rather than a carefully chosen decision. I figured I'd try it for a few weeks, then nuke it if it was a problem. It hasn't been, and I haven't needed to do anything to it that would require a change.

The other people in the house have chosen not to.

I'm not certain I would encrypt my main desktop again, just because it's one more thing to do, and I'm getting lazy lol. I don't have any sensitive files at all, and if things in the world get so bad that some agency is after me, I'm going to be hiding out up in this holler I know, not worrying about leaving a computer behind. Won't be power anyway, and the only shit they'd find is some pirated files.

I'd be more worried about my phone and my main tablet than any of the PCs, and those would either go with me, or get melted down before I left. Thermite is cheap and easy.

I encrypt all my filesystems, boot partitions excluded. I started with my work laptop. It made the most sense because there is a real possibility that it gets lost or stolen at some point. But once I learned how simple encryption is, I just started doing it everywhere. It's probably not gonna come into play ever for my desktop, but it also doesn't really cost me anything to be extra safe.

I don't for a pretty simple reason. I have a wife, if something ever happened to me then she could end up a creek without a paddle. So by not having it encrypted then, anyone kinda technical can just pull data off the drive.

Of course, I'm paranoid and don't trust the US government. Or any government really. "First they came for _____" and all that; Id rather just tell them to pound sand immediately instead of get caught with my pants down.

I encrypt my laptop and desktops and I think it’s worth it. I regret encrypting my servers because they need passwords to turn on.