Do you encrypt your drives and why or why not?
Do you encrypt your drives and why or why not?
I was recently intrigued to learn that only half of the respondents to a survey said that they used disk encryption. Android, iOS, macOS, and Windows have been increasingly using encryption by default. On the other hand, while most Linux installers I've encountered include the option to encrypt, it is not selected by default.
Whether it's a test bench, beater laptop, NAS, or daily driver, I encrypt for peace of mind. Whatever I end up doing on my machines, I can be pretty confident my data won't end up in the wrong hands if the drive is stolen or lost and can be erased by simply overwriting the LUKS header. Recovering from an unbootable state or copying files out from an encrypted boot drive only takes a couple more commands compared to an unencrypted setup.
But that's just me and I'm curious to hear what other reasons to encrypt or not to encrypt are out there.
You're viewing a single thread.
I encrypt all my drives. Me and the people I know get occasionally raided by the police. Plus I guess also provides protection for nosy civilians who get their hands on my devices. Unlike most security measures, there is hardly any downside to encrypting your drivesâa minor performance hit, not noticeable on modern hardware, and having to type in a password upon boot, which you normally have to do anyway.
Where do you live that youâre getting raided by the police? This sounds like one of those situations where they might use the wrench technique.
I don't want to say where I live for anonymity reasons, but I will note that it's fairly standard for political dissidents to be raided by any government so it doesn't actually particularly narrow down my location.
What's the wrench technique?
Ah lol sure. It depends on what level of state repression you're looking at. Regular cops will just not bother trying to decrypt a drive if they don't have the password and you don't freely give it up (you have the right to refuse to provide a password here, it's under the same kind of principle as having the right to not incriminate yourself), but I'm sure military intelligence etc will go to the wrench technique. Also deniable encryption for anything particularly sensitive is good for the old wrench technique.
How do you achieve the deniable encryption on you Linux machine?
I don't do deniable encryption on my root drives, just on external drives, and store the headers on my (non-deniably encrypted) computers. But if you want to deniably encrypt your root drive, Arch Wiki has some info:
https://wiki.archlinux.org/title/Dm-crypt/Specialties#Encrypted_system_using_a_detached_LUKS_header
You would still ultimately need an unencrypted header somewhere in order to boot your computer, so if it's your main daily computer you'd likely carry around the USB stick all day and therefore it wouldn't work against a state adversary who would obtain the USB stick with your header when they arrest you, if it's on your person.
Also, it's much more plausible that an external drive is genuinely just random data with no encrypted contents than that the drive installed into a computer has no data. I do have some USB sticks etc with genuinely nothing on them because I wiped them with /dev/urandom at some point, and they're lying around waiting for me to need an unused USB drive. The average person doesn't have an "unused computer" with nothing on it, just random data on the drive. Especially if you are an activist/organiser, if the state finds your computer with just pure random data on it and no encryption header I think they will assume it is deniably encrypted.