Linux

I have stopped encrypting my drives, because if anything goes wrong and the system won't boot it makes recovery more difficult. It's a dual boot machine with Windows 11, and I had a lot of awkwardness with Bitlocker that led to me deciding to abandon encryption in both OSs. I save sensitive files to encrypted volumes in VeraCrypt.

I encrypt all my filesystems, boot partitions excluded. I started with my work laptop. It made the most sense because there is a real possibility that it gets lost or stolen at some point. But once I learned how simple encryption is, I just started doing it everywhere. It's probably not gonna come into play ever for my desktop, but it also doesn't really cost me anything to be extra safe.

It's one of those things where it depends on the computer. My old box that's running win 7 has nothing but music and backed up media files on it, isn't connected to the internet at all, and there's really no point to it being encrypted.

My laptop leaves the house, and is connected, so it gets the treatment. My general purpose PC is, though that was more just because of a random choice rather than a carefully chosen decision. I figured I'd try it for a few weeks, then nuke it if it was a problem. It hasn't been, and I haven't needed to do anything to it that would require a change.

The other people in the house have chosen not to.

I'm not certain I would encrypt my main desktop again, just because it's one more thing to do, and I'm getting lazy lol. I don't have any sensitive files at all, and if things in the world get so bad that some agency is after me, I'm going to be hiding out up in this holler I know, not worrying about leaving a computer behind. Won't be power anyway, and the only shit they'd find is some pirated files.

I'd be more worried about my phone and my main tablet than any of the PCs, and those would either go with me, or get melted down before I left. Thermite is cheap and easy.

I use encryption on laptops, because they can be stolen in the train, bus, etc. On work desktop, I do so as well, because there are many people around. However, on everything that stay at home, I prefer not to use it to simplifiy things and get more performance.

My drives are not encrypted because it's a hassle if things start going wrong. My NAS is software raid so the individual disks mean nothing anyway. The only drive that is encrypted is my backup disk and I'm not really sure if it was needed.

I encrypted my professional laptop's drive in order to prevent access to company data and code in case of theft. And I'll probably encrypt my personal laptop as well because the SSH key can access company code.

As for the desktop, I didn't and probably never will, because theft is less likely and that would be a pain to handle for nightly backups (it is turned on with Wake-on-LAN and then a cron backs up my home directory to my NAS).

Finally, I won't encrypt my NAS as well for the same reason: it would quickly become a hassle as I would have to manually decrypt the drives every time it boots after a power outage.

Yes, and for the life of me I don't understand why there isn't a default LUKS with hibernate partition in the Debian installer.

I do on all my devices that can as a matter of practice, not for any real threat. I'm interested to learn about how to set it up and use it on a daily basis including how to do system recoveries. I guess it's largely academic.

Once I switched to linux as my daily driver, I didn't have a need to do piracy anymore since all the software I need is FOSS.

Yeah, on my laptop - because I travel with it and confidential data (like from my customers) could land in hands its not supposed to

No, in case of my desktop, because it's easier to access it in case of failure

Had nosey cops trying to get into my phones illegally recently.. do not understand people that dont encrypt shit

Depends on the use case. Definitely for my laptop though. In fact the decryption keys only exist in two places:

1. Inside my TPM
2. In a safe deposit box at a bank.

I would strongly encourage people to encrypt their on site data storage drives even if they never leave the house and theft isn’t a realistic thing that can happen.

The issue is hard drive malfunction. If a drive has sensitive data on it and malfunctions. It becomes very hard to destroy that data.

If that malfunctioning hard drive was encrypted you can simply toss it into an e-waste bin worry free. If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.

I do encrypt my drives, and it’s not as transparent in Linux as it is in the others. I’m sure I could get a TPM setup for seamless boots, but I haven’t done that yet.

For mobile drivers, I still encrypt, but that locks them to one OS since LUKS isn’t cross platform. There is VeraCrypt for cross-platform encryption, but that’s one more thing to manage and install.

I used to, but then I nuked my install accidentally and I couldn't recover the encrypted data. I nuke my installs fairly regularly. I just did again this past week while trying to resize my / and my /home partitions. I've resigned myself to only encrypting specific files and directories on demand.

My phone is fully encrypted though.

Yes. I encrypt because theft. I know PopOS and Mint make it 1-click ez. ...unless of course you want home and root on a separate drives. That scales difficulty real fast. There's plenty of tutorials, and I managed, but I had to patch together different ones to get a basic setup-- Never mind understanding exactly what I did and repeating it (the latest challenge I've been dragging my feet on). I do hope this is an area that sees more development in the near future.

Doesn't Pop have that by default? I think others have too.

Anyway, yes for basically everything. Except my servers main partition, because otherwise recovering from crashes would be horribly annoying or unsafe if I'd use cryptssh. And if the dns+dhcp/gateway/VPN server crashes I'd definitely need 22 open.

I don't encrypt my entire drive, but I do have encrypted directories for my sensitive data. If I did encrypt an entire drive, it would only be the drive containing my data not the system drive.

Every endpoint device I use is using full disk encryption, yes.

Asahi Linux doesn't support encryption and getting it to work requires a lot of steps and that I reinstall it which I don't have time for, so I don't have it enabled on my laptop, and if it gets stolen or confiscated I'm fucked.

I have it enabled on my server and phone.

I don't even know how to do it

I encrypt my laptop and desktops and I think it’s worth it. I regret encrypting my servers because they need passwords to turn on.