this post was submitted on 12 Oct 2025

299 points (98.4% liked)

Privacy

42512 readers

912 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

299

Encrypt your Linux with LUKS, like seriously. (lemmy.ml)

submitted 1 day ago* (last edited 1 day ago) by lunatique@lemmy.ml to c/privacy@lemmy.ml

109 comments fedilink hide all child comments

This makes a world of difference. I know many people may know of it but may not actually do it. It Protects your files in case your computer is ever stolen and prevents alphabet agencies from just brute forcing into your Laptop or whatever.

I found that Limine (bootloader) has the fastest decryption when paired with LUKS at least for my laptop.

If your computer isn't encrypted I could make a live USB of a distro, plug it into your computer, boot, and view your files on your hard drive. Completely bypassing your Login manager. If your computer is encrypted I could not. Use a strong password and different from your login

Benefits of Using LUKS with GRUB Enhanced Security

Data Protection: LUKS (Linux Unified Key Setup) encrypts disk partitions, ensuring that data remains secure even if the physical device is stolen.
Full Disk Encryption: It can encrypt the entire disk, including sensitive files and swap space, preventing unauthorized access to confidential information.

Compatibility with GRUB

Unlocking from Bootloader: GRUB can unlock LUKS-encrypted partitions using the cryptomount command, allowing the system to boot securely without exposing sensitive data.
Support for LVM: When combined with Logical Volume Management (LVM), LUKS allows for flexible partition management while maintaining encryption.

you are viewing a single comment's thread
view the rest of the comments

[–] rinze@lemmy.ca 16 points 1 day ago (3 children)

Also: encrypt everything you upload to the cloud with Cryptomator or something like that. I amazes me I used to put stuff directly in my pCloud folder.

[–] floofloof@lemmy.ca 14 points 1 day ago* (last edited 1 day ago) (1 children)

Cryptomator is good but it's important also to keep backups of the unencrypted content of the Cryptomator vault that are not encrypted by Cryptomator. (You could encrypt the backups with another system.) Cryptomator vaults are more fragile than the underlying file system, and it's easier for a glitch in the sync process to corrupt them so they're unrecoverable. I have lost data due to this in the past. So it's best to make sure all the contents of your vaults also exist somewhere else, encrypted in another way.

[–] rinze@lemmy.ca 3 points 1 day ago (2 children)

I used borg for my backups, but why do you say Cryptomator vaults are fragile?

[–] floofloof@lemmy.ca 4 points 1 day ago* (last edited 1 day ago) (1 children)

It's not that they're especially fragile. It's really only when you combine them with a sync process. I once had a sync go wrong and it resulted in the contents of a vault being unreadable. Because all you have are a bunch of encrypted files with meaningless names and a flattish structure, which Cryptomator interprets and mounts as a different directory structure, when something goes wrong it's not easy to know where in the vault files the problem lies. You can't say "ah, I'm missing the documents folder so I'll restore that one from backup" like you could with an unencrypted directory. And if you've made changes since the last vault backup you can't just restore the whole vault either. You could mount a backup of the vault from a time when it was intact, and then copy files across into your live copy, but I feel safer having a copy in another format somewhere else. Not necessary, I guess, but it can make recovery easier.

[–] rinze@lemmy.ca 3 points 1 day ago

Ok, I understand. In my particular use case that shouldn't be an issue. My Cryptomator folder is local and I use it only locally. Then there's a sync process to copy stuff to pCloud automatically, but that copy is never touched directly by my.

But in any case as you said, backups.

[–] Eheran@lemmy.world 0 points 1 day ago

Because he experienced data loss, as he says?

[–] relativestranger@feddit.nl 3 points 1 day ago

easy to use gui backup utilities (like pika and déjà dup) can also encrypt its backups

[–] lunatique@lemmy.ml 1 points 1 day ago (1 children)

Facts. I put everything on cloud (mega only) compressed with AES-256

[–] floofloof@lemmy.ca 8 points 1 day ago (1 children)

compressed with AES-256

I guess you mean encrypted.

[+] lunatique@lemmy.ml -6 points 1 day ago* (last edited 1 day ago) (1 children)

No I meant compressed, it comes with the encryption.

[–] Chewt@beehaw.org 16 points 1 day ago (1 children)

AES-256 is just an encryption algorithm, it doesn’t do any compression on it’s own, so it’s not quite right to say its compressed with it. Really it was compressed, then afterwards encrypted with AES-256.

[+] lunatique@lemmy.ml -20 points 1 day ago (2 children)

Sigh. I said i compress with AES-256. I compress my files with the compression that encrypts it. Just as the screenshot shows. (Compression+AES-256) I'm the OP of this post. Give me more credit. I know they are two different things. I think you just didn't get what I was trying to say

[–] JohnnyCanuck@lemmy.ca 24 points 1 day ago

I said i compress with AES-256

To avoid confusion you could say, "along with", or fully say, "I encrypt with AES-256 as I compress, in one step".

It's not necessarily about what you know, but about what readers will understand. (For example, someone who doesn't know better might read what you wrote and think there is some way to compress using AES-256 and go down a rabbit hole.)

[–] Chewt@beehaw.org 6 points 1 day ago* (last edited 1 day ago)

I understood what you meant, I was just pointing out that what you said was incorrect. Even in your reply you said

I compress my files with the compression that encrypts it.

Which is still not entirely correct. The compression is not doing any encrypting. They are two separate processes that the tool you are using is presenting as a single step for convenience. You seem to know what you are talking about, and I happen to know about cryptography, but as someone else in the thread mentioned not everyone knows how these things work. If we are trying to spread knowledge and tips in this community (like your post is doing) then I just saw this as an opportunity to clarify something that was incorrect. Not for your benefit, but for others.