Privacy

42484 readers

1508 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

162

Encrypt your Linux with LUKS, like seriously. (lemmy.ml)

submitted 12 hours ago* (last edited 12 hours ago) by lunatique@lemmy.ml to c/privacy@lemmy.ml

60 comments fedilink hide all child comments

This makes a world of difference. I know many people may know of it but may not actually do it. It Protects your files in case your computer is ever stolen and prevents alphabet agencies from just brute forcing into your Laptop or whatever.

I found that Limine (bootloader) has the fastest decryption when paired with LUKS at least for my laptop.

If your computer isn't encrypted I could make a live USB of a distro, plug it into your computer, boot, and view your files on your hard drive. Completely bypassing your Login manager. If your computer is encrypted I could not. Use a strong password and different from your login

Benefits of Using LUKS with GRUB Enhanced Security

Data Protection: LUKS (Linux Unified Key Setup) encrypts disk partitions, ensuring that data remains secure even if the physical device is stolen.
Full Disk Encryption: It can encrypt the entire disk, including sensitive files and swap space, preventing unauthorized access to confidential information.

Compatibility with GRUB

Unlocking from Bootloader: GRUB can unlock LUKS-encrypted partitions using the cryptomount command, allowing the system to boot securely without exposing sensitive data.
Support for LVM: When combined with Logical Volume Management (LVM), LUKS allows for flexible partition management while maintaining encryption.

you are viewing a single comment's thread
view the rest of the comments

[–] Eheran@lemmy.world 6 points 11 hours ago (3 children)

What about data safety, backups etc.? If someone has access to my PC, that is already pretty catastrophic.

[–] lunatique@lemmy.ml 7 points 11 hours ago

They can't access your files, they just have your computer. They could delete your files by wiping your drive but they don't have your files, ensuring your privacy

[–] RotatingParts@lemmy.ml 6 points 11 hours ago (3 children)

Good question. Along the same lines, if your disk is encrypted and you make a simple backup (say using cp) is the backup encrypted and if so, how do you restore from that?

[–] relativestranger@feddit.nl 7 points 11 hours ago

if your system uses full disk encryption (such as via LUKS) and you simply copy files off to an external or a secondary drive for a 'backup', no. the copy is not encrypted unless the destination has encryption set up on it, too.

the alternative would be using a backup program, instead of a simply file copy, that encrypts its backups.

[–] floofloof@lemmy.ca 5 points 11 hours ago* (last edited 9 hours ago)

It depends how the backup is encrypted. Most backup solutions will give you an encryption key, or a password to a key, that you have to keep safely and securely somewhere else. If you have an online password manager or a Keepass database in cloud storage, that would be a reasonable place to keep the key. Or on a USB stick (preferably more than one because they can fail) or a piece of paper which you mustn't lose.

[–] ruby@lemmy.dbzer0.com 2 points 9 hours ago

the backup wouldn't be encrypted but you can use luks to encrypt the backup drive too, the same way as you'd do with a drive in your computer.

i use rsync to send off my /home to an encrypted backup drive and restoring it you just reverse the source and destination and copy the stuff back.

[–] raspberriesareyummy@lemmy.world 1 points 11 hours ago

dmcrypt for backup drives. Ideally with detached encryption header, stored separately.