Questions about disk encryption. .

What real protections does disk encryption give your computer? What does it protect and how does it prevent prying eyes of outside intruders? Seems to me there is a long chain of events just to get on the net and your provider is probably data mining your information as well as the big players like ‘Google’.

For one, if someone steals your computer your data are encrypted.

Data Mining on the other end does not mean that the browser has access to your data in your home folder beyond what you allow it to.

However, to me disk encryption is to avoid physical access to my data. For example I can now boot any iso and access my data in my home folder. You can’t do that if the disk is encrypted.

1 Like

Does the Endeavour installation walk you threw this process of encryption or is it a lot more complicated?

Rich :slight_smile:

This article maybe useful. You need to select and add a swap file. If you install only eos it is pretty straight forward. If you dual boot there maybe other requirements.

https://discovery.endeavouros.com/encrypted-installation/encrypted-installation/2021/03/

On a laptop you take with you outside, you should probably encrypt the drives, in case somebody steals it. You see, even though the thief does not have your user or root password, he can still boot up a live image ISO, mount your non-encrypted drive. Or he can physically remove the drive from your laptop and connect it to his computer. In either case, he gets access to all your files. On an encrypted drive, that data should be inaccessible, assuming you use a strong password for encryption.

The downside is that boot is slightly slower and if data somehow gets corrupted or deleted by mistake, data recovery from the drive is much more difficult (but you have a backup, so that’s not an issue, is it? :slight_smile: ). Also, don’t forget your password…

Your home or office desktop is much less likely to be stolen, so drive encryption is probably an overkill on those. Still, you should protect all the data that is sensitive and could be abused by a malicious party with physical access to the machine, but there are ways to encrypt individual files and directories on non-encrypted drives.

2 Likes

glowiefrog_incognito_72glowie

tinfoil < they are standing right behind me, aren’t they?

1 Like

That is a good point. If there is a reasonable chance for you to get raided by the police (either because you’ve been bad, or because you’ve been good and the regime is bad), it’s a good idea to encrypt everything, because taking all your computers will be the first thing they do.

On the other hand:

image

2 Likes

Exactly!

That’s why i much prefer “hide in a haystack” methods like Steganography

Coz usually you don’t have that much of really valuable information that you can’t hide in some family pictures or random movies directory using such methods…

What’s that officer?
No no of course, there’s nothing illegal it’s just my family pictures directory.

And if it’s get stolen - nobody would give a crap about your pictures / movies dir either, especially if you use something like argon2 to password hash such vault, even if someone would successfully scan-detect your pictures dir, which is very unlikely :joy:

2 Likes

For me ( i have all discs encrypted at home) the main purpose for encryption is to prevent access to my data when a burglar/thief gets access to the hardware. In our neighborhood it happened twice that burglars came into a house and stole things. I do not want to give them my data unencrypted. For the same reason I always encrypt all laptops. Just in case the laptop gets lost.

For online activities and hackers who got access to your PC encryption is not protecting a lot. When your PC is online and you are logged in or the hacker has logged in with your credentials, eventually with root access, the encryption is not protecting much.

3 Likes

Plus, if you want to sell your old “healthy” disk in the future, a hacker/buyer could probably recover your data in the disk with some recovery tools when the unencrypted disk was formatted quickly but your data was not completely erased, then the hacker sell this disk again after stealing your data.

If you want to sell your disk safely without recovering data,

  • you should format your unencrypted HDD two times completely, but it takes a long time. I am not sure, how to erase data in SSD.
    Or
  • The disk is encrypted and then formatted quickly or fully.
1 Like

https://wiki.archlinux.org/title/Securely_wipe_disk

1 Like

That’s the one!
I know quite a few cases where people had an oops moment after they realised that the PC they just put into trash still had it’s harddrive with customer/patient data on it.
So aside from mitigating theft, encrypting drives is especially important to those who have no clue about their PCs and just use it as a tool.

1 Like