Linux

I encrypt my laptop and desktops and I think it’s worth it. I regret encrypting my servers because they need passwords to turn on.

Yes, and for the life of me I don't understand why there isn't a default LUKS with hibernate partition in the Debian installer.

I have stopped encrypting my drives, because if anything goes wrong and the system won't boot it makes recovery more difficult. It's a dual boot machine with Windows 11, and I had a lot of awkwardness with Bitlocker that led to me deciding to abandon encryption in both OSs. I save sensitive files to encrypted volumes in VeraCrypt.

Of course, I'm paranoid and don't trust the US government. Or any government really. "First they came for _____" and all that; Id rather just tell them to pound sand immediately instead of get caught with my pants down.

I encrypted my professional laptop's drive in order to prevent access to company data and code in case of theft. And I'll probably encrypt my personal laptop as well because the SSH key can access company code.

As for the desktop, I didn't and probably never will, because theft is less likely and that would be a pain to handle for nightly backups (it is turned on with Wake-on-LAN and then a cron backs up my home directory to my NAS).

Finally, I won't encrypt my NAS as well for the same reason: it would quickly become a hassle as I would have to manually decrypt the drives every time it boots after a power outage.

Yeah, on my laptop - because I travel with it and confidential data (like from my customers) could land in hands its not supposed to

No, in case of my desktop, because it's easier to access it in case of failure

Yes. I encrypt because theft. I know PopOS and Mint make it 1-click ez. ...unless of course you want home and root on a separate drives. That scales difficulty real fast. There's plenty of tutorials, and I managed, but I had to patch together different ones to get a basic setup-- Never mind understanding exactly what I did and repeating it (the latest challenge I've been dragging my feet on). I do hope this is an area that sees more development in the near future.

I encrypt my desktop and laptop but not my servers. On desktop, that excludes drives that aren't my OS/boot drive.

I encrypt my laptop and desktops and I think it’s worth it. I regret encrypting my servers because they need passwords to turn on. I couldn’t figure out how to handle it when away.

Yeah all my drives are encrypted with LUKS mostly because of home burglaries (bad area and whatnot). I still keep backups regardless on drives that are also encrypted

Doesn't Pop have that by default? I think others have too.

Anyway, yes for basically everything. Except my servers main partition, because otherwise recovering from crashes would be horribly annoying or unsafe if I'd use cryptssh. And if the dns+dhcp/gateway/VPN server crashes I'd definitely need 22 open.

I always encrypt my computer SSD as well as my external backup drive. I just wish that when installing a Linux distro and when selecting encryption that it would work with multiple drives

I don't do it for my desktop because 1) I highly doubt my desktop would get stolen. 2) I installed Linux before I was aware of encryption, and don't have any desire to do a reinstall on my desktop at this time.

For my laptop, yes, I do (with exception of the boot partition), since it would be trivial to steal and this is a more recent install. I use clevis to auto-unlock the drive by getting keys from the TPM. I need to better protect myself against evil maids, though - luckily according to the Arch Wiki Clevis supports PCR registers.

Yes because my distro also have encrypted /boot included

Mostly I don't, but I want to start to. I only have one laptop encrypted and of course I keep my phones encrypted.

Yes because it is one click

If I delete my drive, it is rubbish

It doesnt impact my performance much

I don’t have FDE (BitLocker) enabled on my Windows 11 gaming PC. It sits in my house and has nothing on it but video games and video game related shit. I don’t even have my password manager installed for logging in to Steam, GoG or whatever other launcher. I manually type passwords in from the vault on my phone if the app doesn’t support QR code login like discord. Also I paid for this ridiculous m.2 nvme drive, I’m not going to just give up iops bc i want my game install files encrypted.

I don’t use FDE on my NAS. Again it doesn’t leave my house. I probably should I guess, bc there is some stuff on there that would cause me to have industry certs revoked if they leaked, but idk I don’t. Everything irreplaceable is backed up off site, but the down time it would take to rebuild my pirated media libraries from scratch vs just swapping disks and rebuilding has me leery.

I have FDE enabled on both my MacBooks. They leave the house with me, it seems to make sense.

I don’t use FDE on Linux VMs I create on the MacBooks, the disk is already encrypted.

My iphone doesn’t have the option to not use FDE I don’t think.

I use encrypted rsync backups to store NAS stuff in the cloud. I use a PGP key on my yubikey to further encrypt specific files on my MacBooks as required beyond the general FDE.