| ▲ | daemin 6 hours ago |
| One thing I disagree with the article about is that drives should not be encrypted by default. For the vast majority of people an encrypted drive is just data loss lying in wait. I prefer to use non-encrypted drives so I have the option of popping out the disk and reading it from another system with ease, which also means that I can recover files from drives of otherwise dead systems just as easily. This is a trade off I'm willing to make over losing access to data. I understand business uses for it, and for that they have an IT team to manage key backup and backups in general. Plus when you're using company equipment it is theirs, not yours. |
|
| ▲ | seethishat 5 hours ago | parent | next [-] |
| It's really about personal privacy. Your computer is likely to be stolen and sold. If you don't want others reading your email, viewing your pictures, seeing your tax returns, etc. then you should encrypt the drive. I call this "The Pawn Shop Threat Model" ;) And, IME it is likely to happen. |
| |
| ▲ | memcg 4 hours ago | parent | next [-] | | I have purchased 6 multi Tb external drives at estate sales. My son brought home a few from a summer working as a mover. In his experience it was divorcing spouses throwing out each others stuff. All of these drives had Pii and personal photos. Some of the estate sale drives included pii of children and grandchildren. | | |
| ▲ | abustamam an hour ago | parent [-] | | I feel like there's other solutions to protecting your and your family's PII than encryption by default. | | |
| |
| ▲ | JohnFen 4 hours ago | parent | prev | next [-] | | > Your computer is likely to be stolen and sold. Likely? How likely is it? I've never had a computer stolen, nor has anybody I personally know. So it doesn't seem to me like it's all that likely. Personally, I find whole disk encryption to be more risky than it's worth. I much prefer encrypting things on a file-level instead. | | |
| ▲ | ryandrake 3 hours ago | parent | next [-] | | OP might mean "laptop" instead of computer. Or more specifically, laptop that is regularly taken out of the home. I'm with you. If someone wanted to steal any of my computers, they'd have to break into my house. Possible, but also statistically unlikely, as I live in a reasonably safe community and lock my doors. I don't see the benefit of full disk encryption on a bunch of computers I keep in my home. For the special case of a laptop that is frequently taken out of the home and used in public, where thieves might be? Sure, encrypt it. | |
| ▲ | Symbiote 3 hours ago | parent | prev [-] | | In a small business, I've been responsible for buying laptops for a while. In about 300 person-years, we've had two laptops stolen. Both were stolen while the staff were on trips abroad, and the staff were both rather careless IMO. |
| |
| ▲ | abustamam an hour ago | parent | prev | next [-] | | It's been a while since I've set up a windows machine and this may already be mentioned, but when I sign up for signal I got lots of warnings that were like "warning if you lose your phone and encryption key you will lose your data" That way I know what I'm signing up for. Just put "encrypt? Yes no" in the on-boarding flow and let people know what the risks are and what they may be protecting against. I'd probably default to off because people don't read wizards and the last thing someone wants is to lose their entire HDD because they accidentally made a decision they didn't understand. And maybe for a certain period of time they can nudge users to read about encryption and decide if it's right for them, or just easily disable that nudge. Maybe even basic education like "if you find yourself forgetting your password often then maybe encryption is not for you" or something like that. Windows is already optimized for extracting as much value from customers as possible, may as well help them make at least one informed decision. | |
| ▲ | thundercleeze 3 hours ago | parent | prev | next [-] | | Your computer is not "likely" to be stolen and sold. | |
| ▲ | nicoburns 4 hours ago | parent | prev | next [-] | | > It's really about personal privacy. Your computer is likely to be stolen and sold. If you don't want others reading your email, viewing your pictures, seeing your tax returns, etc. then you should encrypt the drive. There is a very real security vs. availability trade-off though. Is the average person more concerned with others reading their emails, viewing their pictures, seeing their tax returns, or are they more concerned with losing access to those things themselves? Losing access to an encrypted drive is a very real possibility (people often forget their passwords, and are used to that being recoverable), and is the data loss is probably more impactful than privacy loss for many people. | |
| ▲ | patrakov 4 hours ago | parent | prev | next [-] | | And the worst part is, I have seen computer repair shops that refuse to work with a laptop if it has an encrypted system drive, under the guise of "how would we then validate the fix?" | |
| ▲ | 3 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | brookst 5 hours ago | parent | prev | next [-] | | For the typical user, this is far far far more likely to happen than that they would “pop out” the drive and read it in another machine. Defaults should be safe for most users. Power users are exactly the people who can deal with changing a setting. It’s constantly surprising to me when technical people insist that defaults should be optimized for technical people. | | |
| ▲ | hyperman1 an hour ago | parent [-] | | This is not the correct model. For a typical user, they can bring the laptop to someone knowledgeable, who will pop out the drive for them. The main question is: What is the biggest risk: theft or data corruption. In my experience, corruption and ransomware is more common so FDE should be off for households desktops or laptops, as these rarely leave the house. A business tends to have managed devices and data loss is a legal nightmare, so FDE should be on. The main thing is: people should be able to choose. |
| |
| ▲ | docmars 4 hours ago | parent | prev | next [-] | | Surely not likely at all for a gaming desktop that's going nowhere in my home. For business users with notebooks who fly around a lot or spend time in coffee shops, it's possible. | |
| ▲ | nandomrumber 4 hours ago | parent | prev [-] | | > Your computer is likely to be stolen and sold. No, it’s not. |
|
|
| ▲ | liendolucas 5 hours ago | parent | prev | next [-] |
| Users should be given a choice and clearly and concisely explain the consequences of choosing one or the other. Simple as that. What it should definitely not happen is to do this behind scenes and store recovery codes on a microsoft account. Why those codes have to be stored on their servers? A screen should display the recovery codes and instruct the user to print them and keep them in a safe place in case of requiring them. I should be able to recover my data completely offline. End of the story. |
|
| ▲ | yabones 5 hours ago | parent | prev | next [-] |
| Obviously "physical access is full access", but it's shockingly easy to break into a Windows box if you have access to the unencrypted drive. I learned with I was a teenager how to use the recovery partition to mount the C: drive, then copy "cmd.exe" to "utilman.exe" or "sethc.exe" and get an instant root shell on the login page. Takes about 2-3 minutes, can be done in the time somebody leaves their laptop to go to the bathroom at Starbucks. To me that's the main thing about disk encryption, it's to stop a nasty rootkit from being installed trivially as much as it is about stopping the guy at the pawn shop from getting your tax info. Whether you're on macos, linux, or windows, it's really quite easy to fully compromise a machine if you have hands on it. |
| |
| ▲ | hellojesus 4 hours ago | parent [-] | | Agreed, specifically about the tax info concerns. All my drives are encrypted with either luks, veracrypt, or native zfs encryption if my server data. My primary concern is a robbery while I'm not home. It's trivial to break in, steal hard drives, and then go pop them into another machine on your own time to scan the files looking for tax or other sensitive docs. While encryption keys are a risk, you can always save the random key file or passphrase in cloud storage (using symmetric encryption) and/or in your password manager. | | |
| ▲ | ryandrake 3 hours ago | parent [-] | | Curious: Are you specifically worried about a robber who is targeting your tax information in particular? Home breakins are relatively rare, and when they do happen, for the vast majority of them, the robber grabs whatever cash, jewelry, and other small, easy-to-pawn valuables, and are probably not going to care about computers. And for those rare robbers who actually grab your computer, what percentage of them are really going to bother going through the hard drive looking for tax returns of all things? This attack concern sounds like a small fraction of a small fraction of a small fraction! Unless you are a celebrity or billionaire business mogul where your tax returns or other sensitive documents might be worth something... | | |
| ▲ | hellojesus 3 hours ago | parent [-] | | Maybe I am the fool. :) I think about crime in the way I would do it, which is to grab the valuables police are unlikely to care about (hard drives) that allow me to quickly clone and encrypt myself, so I can destroy the tangible evidence, and then I have unlimited time to crack and review the information, and then even more time to execute my malicious attack against identities or whatever other I information I do find. Only slightly better than this would be to break in, install a root kit, and then leave everything else untouched so as to try and minimize the knowledge that I was there, but I'd still be concerned that my c2 server would eventually point to me. Maybe I should read about these actual crimes or get meds. The first couple years of my first kid's life were full of anxiety that someone would break in and steal my kid while I was sleeping at night. | | |
| ▲ | Sohcahtoa82 an hour ago | parent [-] | | Thieves are typically not technical people. If they were, they'd be using their technical skills at a legitimate job, not relying on burglarizing to make a quick buck. They also are interested in getting in and out as quickly as possible. They're not going to take the time to disassemble a computer to remove just the hard drive, they're gonna steal the entire computer. > Maybe I should read about these actual crimes You should, especially on the kidnapping front. The extreme majority of kidnappings are from a relative or someone the child knows who will run off with them during the day, not break in at night. ... Not sure that actually will make you feel better, tbh. |
|
|
|
|
|
| ▲ | antiframe 5 hours ago | parent | prev | next [-] |
| > I prefer to use non-encrypted drives so I have the option of popping out the disk and reading it from another system with ease, which also means that I can recover files from drives of otherwise dead systems just as easily. Everyone has different security needs. But (maybe it's different on Windows), what's hard about popping the disk to another machine and then decrypting it with the key? Does Windows not give you access to the key? |
| |
| ▲ | okanat 4 hours ago | parent | next [-] | | Windows does give access to the key. The issue with Microsoft account and especially Windows Home onboarding is that it doesn't tell you that it encrypted the drive and there is a backup key (which it uploads to Microsoft account, often readable by authorities with a court order). Many normie users not only get locked out of their laptops but they also forget their Microsoft account password causing complete loss of data. | | |
| ▲ | antiframe 28 minutes ago | parent [-] | | Not your key, not your crypto. => Not your key, not your data. Why would anyone want to encrypt their data and then hand their private key to anyone is mind boggling. |
| |
| ▲ | nandomrumber 4 hours ago | parent | prev [-] | | [dead] |
|
|
| ▲ | chaz6 2 hours ago | parent | prev | next [-] |
| When an SSD fails it often reverts to read-only mode. The manufacturers may require you to return the drive to receive a replacement or refund. By which point it is too late. You now have the choice of potentially risking the disclosure of your personal data to a third-party (and your shipment could end up on a lost-parcel auction of it did not get delivered) or missing out on your warranty. |
|
| ▲ | saltcured 3 hours ago | parent | prev | next [-] |
| My solution for your concerns is twofold: 1. Use a password-based encryption method (not tied to hardware identity) if you prioritize moving the disk around. Then it is just as readable in a spare machine. 2. Use an easy to remember password/passphrase and write it down somewhere you keep paper documents, if you prioritize recovery. This still provides meaningful protection when you need to discard the drive. The random downstream recipient of the hardware will not know your password, even if you skip the step where you "crypto-shred" the drive by setting a new random password. |
|
| ▲ | kubik369 5 hours ago | parent | prev | next [-] |
| Agreed, I have personally come to the same conclusion. I do not encrypt the drives in my home desktops and servers so that the recovery/migration is easier when the time comes. The risk of someone stealing my desktops from my home is very low and the impact of someone going through my family photos or Linux ISOs is nothing. I roll my eyes at my friend when he explains the solutions for how to input the encryption password when his server restarts. At the time of writing, there are already other replies to this comment how "it's mandatory today to encrypt drives" without any qualifiers. I am growing more and more frustrated by people who try to force security measures like this "because it is more secure that way" without first taking a look at the risks, impacts and associated costs. I think they simply force these security measures on others to feel good about their choices. It was a breath of fresh reasonability when I found out that apt intentionally uses only HTTP instead of blanket HTTPS everywhere because the packages are signed, therefore they can be verified by the client, and using HTTP allows easier caching with cache proxies and such. |
| |
| ▲ | hellojesus 4 hours ago | parent | next [-] | | > I roll my eyes at my friend when he explains the solutions for how to input the encryption password when his server restarts. Isn't this rather trivial? You gen a keyfile, register it with luksAddKey, then update /etc/crypttab, no? The real concern is making sure that keyfile is stored securely, but you can simply symmetrically encrypt it and upload it to your favorite cloud storage provider. | | |
| ▲ | kubik369 4 hours ago | parent [-] | | Uuh, I am not sure. I believe that he was talking about having full disk encryption which means that he needs to input the password to unlock the boot partition. | | |
| ▲ | drnick1 3 hours ago | parent [-] | | You can use TPM2 to automatically unlock the root partition and not have to input a password manually at boot. This is how my laptop (running Arch, btw) is setup. Whether or not disk encryption is necessary for a system that is physically secure at home or elsewhere is debatable however. But a laptop can be easily left somewhere and disk encryption seems necessary unless it never leaves home. |
|
| |
| ▲ | microgpt 5 hours ago | parent | prev [-] | | I used to think that and then the authorities raided my house (for bullshit reasons that had nothing to do with me). Now I encrypt everything. | | |
| ▲ | kubik369 4 hours ago | parent [-] | | That's a valid point. I feel for you. Similar thing has happened to a friend because of his dorm roommate torrenting some ... not linux isos illegal stuff. With that said, I still find this risk quite unlikely to happen (at least in my country) with data loss due to being unable to decrypt the drive being more likely due to me changing computers often. If I were in a country such as the current U.S. for instance, I would most probably encrypt everything I could get my hands on. In addition, I think it is one more reason to have good offsite backups and to invest time into those. For me, losing the data/not having access to it for a long time while the police have it is a bigger impact than them finding out what porn I watch in my opinion. I don't mean it in a "nothing to hide" kind of way, but in a "I don't think they could do much any/damage with that information" way. |
|
|
|
| ▲ | smallnix 5 hours ago | parent | prev | next [-] |
| > popping out the disk and reading it from another system The vast majority of people don't know that this is an option or how to do it. |
| |
| ▲ | recursive-call 5 hours ago | parent [-] | | plus, my first windows machine went through a botched windows update and got stuck in an encryption key doom loop. now matter how many times i entered the key, it won’t let me into the computer. had to take it to the shop (tbf it had a lot of other issues too). when i got a new one the first thing i did was turn off encryption | | |
| ▲ | hellojesus 4 hours ago | parent [-] | | I'd argue the proper solution here is backup, as a hdd could die at anytime and leave you with approximately the same outcome. While encryption adds some overhead and increases the surface area for failure, it ultimately requires the same backup solution as anything else. |
|
|
|
| ▲ | greenicon 5 hours ago | parent | prev [-] |
| Windows gives you recovery keys for each encrypted drive. With those you can even access tpm-protected drives on another machine. I'd say it's mandatory today to encrypt drives. In the age of SSDs it's not really possible anymore to delete files and to be sure they are in no way recoverable by an adversary. |
