
New Year's Resolution: Full Disk Encryption on Every Computer You Own - tobiasbischoff
https://www.eff.org/deeplinks/2011/12/newyears-resolution-full-disk-encryption-every-computer-you-own
======
ck2
It's sad we need encryption mostly for protection from not criminals, but our
own government for even trivial data.

What freaks me out most these days is how easily people fall into the belief
that "oh well traveling is not a right so you have to give up rights when you
fly or drive anywhere".

No, if you are a citizen of the United States and unless you are actually
crossing a border, you should have the unqualified protection against
unreasonable searches, especially without warrants.

I also don't accept the "well it's worse in other countries, be happy you are
not there" argument. This country is not even 250 years old. The laws we made
are pretty fundamental and not old at all. It's not some kind of game where
they should be allowed to dance around the edges to break them.

~~~
flipbrad
To be honest, I don't see why national borders are so strongly part of the
equation. I suppose that depends on your worldview. I live within the Schengen
Area, and to me it seem patently obvious that most 'bad things' in the world
are hardly affected by national borders. They're typically supra-national
(climate change, credit crunch, cracking, etc) or intra-national (most crime,
etc. I don't mean to argue for more checks / security measures, overall, but
why do you want them to be focused at the border?

~~~
icebraining
Drug trafficking and illegal immigration?

~~~
flipbrad
drug trafficking, illegal immigration don't serve as counterpoints; you're
putting the cart before the horse

The drugs trade is the flow of narcotics from source to sink. Stopping them at
a national border is one approach; stopping them elsewhere in transit (as it
leaves the source, on the open sea, at the destination by local police, etc)
is another. And then you have one more: tackling the existence of a source and
a sink. In other words, you look at supply (i.e. creation/generation of stock)
and demand. I believe that this is perhaps the best approach, and it is
definitely one to which borders are irrelevant. So I don't really accept that
as a counterpoint to what I was saying. In some ways, the fact you thought it
was illustrates my point: our focus on borders is simplistic and maybe
distracting us from finding more effective approaches that might be inspired
by a thorough analysis of the system dynamics.

People trafficking is to some extent the same thing: source, sink, and a flow
over many miles from one to the other (maybe across a border, maybe not).

As for illegal immigration, you have a flow that exists because of inequality
(i.e. it's a flow down a gradient) - a difference in living standards, job
opportunities, safety, etc. This inequality makes the recipient country a sink
and the donor country a source. But of course, once again we shouldn't be
talking about countries. Some regions are more attractive than others, and
people have always moved between them, generally to the gain of one region and
the detriment of another. Population flows can be cross-border, or not,
despite the similarity in causes. Once again; should borders really be the
focal point at which destabilising migrations are addressed by modern,
globalised societies?

~~~
icebraining
You got me wrong: I'm saying _why_ they are - I'm not saying they _should_ be.

------
DanielBMarkham
I'm not an expert on security, but I do know a bit about human nature. I'd
suggest a 2-level encryption scheme. Perhaps FDE and a BIOS password as level
1, and then a futher encrypted area of your HD as level 2.

Why? Because this allows you to appear to be cooperating with any request to
look at your computer. Simply type in the level 1 stuff and demonstrate the
system booting up. I bet 9 times out of 10 whoever is checking you over will
stop right there: it looks a lot like compliance. If they keep pushing for
total access to your data simply say "no" Whereas if you say "no" to begin
with, you're likely to attract more attention than if it appears you have
nothing to hide. In many cases people are working jobs where they only have so
much time to check things -- unless there appears to a be a person with a
problem, in which case they can take all day with you. So help them out. Give
them something to ask you for that you can produce. Then everybody can move
along and it's not a problem for anybody.

~~~
tocomment
Once you boot up and log in couldn't they see your whole system.

~~~
culturestate
Not if your secondary partition isn't mounted automatically. It's not a
stretch to assume that customs agents (or whomever) aren't going to look for
unmounted partitions when the computer is booting and running normally.

------
Jach
If you go full disk encryption with TrueCrypt, make sure you look into their
Hidden OS feature as well. A judge may be able to order you to give up the
decryption key to the OS when accessing the drive prompts for one (last I
checked the precedent is still somewhat shaky), because while they can't know
what's being encrypted they can infer something readable is. They can't prove
the existence of a Hidden OS, though, so your 'real' encrypted area is just
noise and can't be legally proved anything else so a second key can't be
demanded.

~~~
coob
The RIP Act in the UK allows for jail time for refusing to give a key.

~~~
Groxx
What if the key doesn't exist?

The point of a hidden OS is plausible deniability. When used correctly, there
shouldn't be _any_ evidence that another OS exists. For instance: what if
there _wasn't_ a hidden OS, and you _do_ keep random data in your unused HD
space? They'd be jailing you for refusing to give something that doesn't
exist.

~~~
FooBarWidget
It's unplausible for unused space on the harddisk to be random due to the way
filesystems work. Random data is likely to be encrypted data.

~~~
epochwolf
Except that some operating systems have a secure erase option for free space
(OSX for example).

------
trotsky
The feds and other serious folks are pretty careful these days not to turn off
anything until they've had forensics evaluate the situation. And not just
because of FDE, memory analysis very frequently yields the best evidence due
to it's timely and overlooked nature. Since most encryption systems retain
their keys during lock and sleep, unless you usually leave your system powered
off I wouldn't count on being afforded much privacy if you're interesting
enough to bother.

That said I still use it on both of mine and definitely suggest it, it's a
very small performance penalty for what will be a godsend if your laptop turns
up lost or stolen.

<https://code.google.com/p/cryptsetup/> It's an excellent precaution against
the much more mundane and common threats like loss or theft though

~~~
fl3tch
If you're worried about a state-level adversary, then yes, you should always
turn off your computer when not using it. They could still be spying on you
and wait until you turn it on to kick down the door. There are people who have
thought about these things, too. One suggestion is a dead man's trap, like a
pad that you sit on, so if the door gets kicked down (or they snipe you from
outside the window), as soon as you stand up (or fall off the stool) it
scrambles RAM and shuts down the system. That's a super high level of
paranoia, but still makes encryption useful.

~~~
epochwolf
You could just hold down the power button on your computer for 4 seconds and
require a password to boot the system.

~~~
pyre
That depends on how quickly they can get guns pointed at you once the door is
kicked in.

~~~
epochwolf
Okay, then you can set up your system to do a force shutdown if the power
button is hit. If you're on a desktop, have a power strip near your foot so
you can kick the toggle switch if the door comes down. (Or have a big red kill
switch wired into the power supply on the front of the case.)

The latter option probably won't earn you any favors with the judge or the
jury.

------
kia
_Microsoft BitLocker in its most secure mode is the gold standard because it
protects against more attack modes than other software. Unfortunately,
Microsoft has only made it available with certain versions of Microsoft
Windows._

Though MS says that BitLocker doesn't have back doors [1], I wonder how true
this actually is...

[1]
[http://blogs.msdn.com/b/si_team/archive/2006/03/02/542590.as...](http://blogs.msdn.com/b/si_team/archive/2006/03/02/542590.aspx)

~~~
slowpoke
Exactly. Trusting proprietary, closed source software (in other words, a third
party) for encryption is missing the point of encryption so hard, it's not
even funny.

~~~
cmos
I'm pretty sure everything has a back door. I was a consultant writing test
code for software that managed the license creation process for my state's DMV
and we had two separate doors for the FBI and CIA.

They could just type any information in they wanted to, upload a picture, hit
print, and the process would mail them a drivers license like everyone else.

~~~
mahyarm
That is like an organizational intranet interface, not a backdoor. A backdoor
would have to give access to an undesired third party by the end user.

------
tobiasbischoff
On OSX with Lion - there is no excuse

[http://osxdaily.com/2011/08/10/filevault-2-benchmarks-
disk-e...](http://osxdaily.com/2011/08/10/filevault-2-benchmarks-disk-
encryption-faster-mac-os-x-lion/)

~~~
nonane
Have you noticed crashes and general instability on OS X Lion + Filevault 2?

We've tried it on a Core2Duo Macbook Pro (early 2007) and MacBook (Mid 2010).
We've seen lots of OS crashes (Macbook) and general performance issues when
running XCode (Macbook Pro).

We're also running virtualization software on the Macs (Parallels and VMWare)
- I'm not sure if they're interacting with Filevault 2 (shouldn't be).

Just wonder if anyone else has noticed this.

~~~
maukdaddy
I use Lion's Filevault 2 on an early 2009 MBP and have not had any crashes or
stability problems at all. FV2 on Lion is light years ahead of the broken
Filevault 1 (Snow Leopard) implementation.

------
finnw
I am not convinced by one of the quiz answers:

> _Our calculations confirm that a relatively short series of truly randomly
> chosen English dictionary words is secure; many people find these somewhat
> more memorable. Above we used "In the jungle! The mighty Jungle, the lion
> sleeps tonight!" The important thing is to choose enough words and to choose
> them in a random un-guessable way, such as by changing the spacing,
> punctuation, spelling, or capitalization._

The problem with this example is that the 10 words are not chosen
independently. Type "in the j" into a google search box and the whole phrase
will appear in the drop-down box. So the entropy for the choice of that phrase
is about lg2(37^8) or about 42 bits.

So an approximation of the total entropy is:

Choice of source phrase = lg2(37^8) ~= 41.7 bits

Choose one of the 10 suggestions from the drop-down box = lg2(10) ~= 3.3 bits

Permutation of words = lg2(10! / 2! / 3!) ~= 18.2 bits

Spacing (assume each word may independently be precedeed by a space with
probability 0.5) =10 bits

Punctuation (each word may be independently followed by '!') = 10 bits

Capitalization: independently choose one of {lowercase, camelcase, uppercase)
for each word = lg2(3^10) ~= 15.8 bits

Total so far: 98 bits.

Now consider the third option: a mixture of 16 independently-chosen letters,
numbers and symbols. Assume most ASCII characters are available (lets
eliminate single quote, backslash and $ which cause problems for some web
apps) and we have

lg2(92^16) ~= 104.4 bits, which wins.

~~~
dlytle
The point is that "In the jungle" etc can actually be reliably remembered by a
large portion of the population, whereas 16 independently chosen
letters/numbers/symbols usually can not.

Humans are great at remembering phrases, quotes, etc. Think about how
widespread referential humor is, where the joke is just a reference to/quote
from another work. That's something the brain is great at. Random or semi-
random jumbles of letters? Not so much.

~~~
Cyranix
In illustrated fashion: <http://xkcd.com/936/>

------
bengl3rt
Unfortunately, full-disk encryption absolutely kills SSD performance because
it makes the data look random (i.e. incompressible). It will wear out the SSD
much faster than using it without would, because the hardware compression unit
in the controller can sometimes achieve 8:1, and therefore have to rewrite
only 1/8th of the NAND cells that it otherwise would.

~~~
gojomo
I think you're right on the effect but wrong on the implied grave magnitudes
"absolutely kills" and "much faster", because:

• not all SSDs even have hardware compression

• modern workloads have less highly compressible data than in the past: large-
media formats include their own compression, and bulk data processing often
does its own application-level compress/decompress on store/load

I'd be interested to see any benchmarks that quantify the speed/lifetime hit
that whole-disk encryption might cause for SSDs, but my hunch is that the
effect would be slight in normal scenarios.

~~~
culturestate
Anand benchmarked FileVault(1) and his conclusion was "Overall the hit on pure
I/O performance is in the 20 - 30% range. It's noticeable but not big enough
to outweigh the benefits of full disk encryption."

1\. [http://www.anandtech.com/show/4485/back-to-the-mac-
os-x-107-...](http://www.anandtech.com/show/4485/back-to-the-mac-
os-x-107-lion-review/18)

~~~
kgtm
Yes, but that result is most likely on a Sandforce-powered SSD, which sports
different transfer speeds based on the payload (compressible/incompressible).
Like the GP notes, this is not a problem with SSDs in general.

~~~
culturestate
That benchmark is with a stock Apple SSD, which IIRC are not Sandforce-based.
To be clear, I'm actually in agreement with Anand and OP - the benefits of FDE
far outweigh the consequential I/O hit.

------
josscrowcroft
Enlightening (and scary) stuff.

Encryption is great but won't save you if they ask for your password
(honestly, I'd prefer to give them the password and circumvent using online
storage.)

With that in mind - what advice would all you security buffs have on the best
way to back up your hard drive to an online disk? Specifically using a basic
hosting account as opposed to SAAS or cloud service?

~~~
po
I actually trust tarsnap more than setting up a host and having to maintain
it:

<http://www.tarsnap.com/>

~~~
josscrowcroft
Looks very interesting, as services go. For this kind of thing, I'm strangely
less inclined to trust a slick-looking, well-designed and heavily-marketed
backup "solution"..

If I do fork out for a service, I would probably rather go with the kind of
company that has as their tagline: _"Online backups for the truly paranoid"_ ,
like them.

Pricing's not a killer either.

~~~
merijnv
The reason I trust (to the extend I trust anything on this planet) Tarsnap is
that Colin Percival (the creator) is a cryptographer and the FreeBSD security
officer. Leading to me have a higher confidence in him than most of the other
"secure" backup services I have seen.

~~~
josscrowcroft
Yeah that's what I mean - it looks more trustworthy than something over-
designed with 5 carefully-crafted price plans. Think I'll give it a shot soon.
Thanks!

~~~
polymatter
and when there was a critical security bug in Tarsnap, he behaved with
extraordinary integrity and openness
([http://www.daemonology.net/blog/2011-01-18-tarsnap-
critical-...](http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-
security-bug.html)).

More than anything else, cpercival earned my trust simply by being honest.
There are precious few companies I could say this about.

------
code4pizza
I wonder if there would be significant environmental implications if everyone
switched to full disk encryption...

Does this impose a significant processor load and does that translate to
greater power consumption?

~~~
sitkack
An idling CPU and a slightly loaded CPU use about the same amount of energy. I
think my Q6600 quad used 190W @ idle and running full tilt cpu (ray tracing)
it was using 220W. For FDE it depends on how much IO you are doing. I doubt it
will make even a 0.01 difference in your daily power consumption.

~~~
mikeash
I don't think so. On my laptop, fully loading the CPU takes it from silent to
screaming fans in about two minutes. That's clearly a big change in heat
production and therefore power consumption.

~~~
sitkack
You should use a kill-a-watt and measure it. Probably less than you think.
Laptops already on the edge of their thermal envelopes, anything above their
low steady state (browsing, listening to music) will cause the fans to spin.

~~~
mikeash
The battery time remaining will also drop by a factor of 4 or more. This is
large enough that I don't think a more precise instrument is needed to
determine that the effect is significant.

~~~
sitkack
If I have time this weekend I will pop the battery on my macbook and do an
erlang compile on an encrypted sparse image both on the rotational drive and
the ssd. I'll report back on how much energy was consumed for (encrypted,non-
encrypted) x (ssd,rotational)

batteries derate rapidly as the current draw goes up. They are not linear. For
my own edification it would be nice to know what kind of energy hit encryption
takes on both storage mediums.

~~~
mikeash
I would definitely be interested in hearing. I don't expect that the overhead
of encryption will cause much additional power draw, simply because encryption
doesn't require all that much CPU power. The stuff about fully loaded CPUs was
wandering off into the theoretical realm about CPU power consumption variance
in general.

For whatever it may be worth, I couldn't find idle power consumption for my
notebook's CPU, but it is possible to come up with a worst-case estimate by
taking the battery capacity and dividing by the runtime. Apple specifies "up
to" 7 hours. While that is of course hard to achieve, I think it's fair to use
that figure when looking at idle power use. The battery is 50Wh, so we can
figure that the computer as a whole is using at most about 7W when idle. The
i7-2677M CPU is specced to use up to 17W all by its lonesome when running flat
out, so that's a substantial increase, especially when you take into account
the fact that the base 7W idle-ish consumption is for everything in the
computer, not just the CPU.

------
samstave
What about on my mobile? I am not aware (as I havent looked) of any encryption
available to the data on my iPhone, or MyTouch 4G.

Further, I use Gmail - I have zero expectation of privacy from google.

I also store all my important docs for work and personal on DropBox.

What will I gain from encrypting my laptop? aside from it being stolen/lost -
I dont see any added security/benefit from doing this.

I am not trying to be obtuse - but can one explain to me why I would want to
do this, other than expressing my tech savvy?

~~~
culturestate
iPhone data is encrypted by default - remote wipe works by destroying the key.
Unfortunately, the key is obviously only protected by a user's passcode, if
they've even set one. The 4-digit pin codes have been shown to be broken, but
I've not seen (maybe I missed it?) evidence of those with alphanumeric
passcodes being compromised.

~~~
rdl
The issue is that I can conduct an unlimited-attempts brute force attack
against the passcode. I can do about 10 per second on an iPhone 4S, but I do
need access to the machine, unless I'm willing to crack open the iPhone and do
a destructive hardware attack.

At 10 per second, I feel ok with an 8-10 character numeric passphrase, or a
7-8 character lowercase-only passcode.

I just wish the iPhone had some intelligence about adaptive locking -- lock
faster when it's outside my home/car, don't go from unlocked to locked very
fast, if at all, if docked in secure places inches from a 9mm. Or pairing with
an RF device attached to me, like the Blackberry CAC reader.

------
nohat
One thing that worries me is how difficult it makes it if you get some data
corruption. For example, I had a hardrive that had full disk encryption start
to fail, and found pulling the data off much more difficult because I had to
decrypt the whole lvm to get any access. I'm actually not confident how
exactly corruption maps from cyphertext to plaintext in various modern crypto
systems. I would guess that you would get out gibberish though.

~~~
spindritf
I would rather back my data up than hope to retrieve it from a corrupted fs
or, worse, a failing disk.

------
phillmv
What's the performance penalty like? That's pretty much the only thing holding
me back.

~~~
tcas
Pretty minimal. If you have TrueCrypt installed you can run a benchmarks of
various algorithms. It's especially fast if you have a modern processor with
AES-NI (hardware AES instructions) -- I get around 1GB/s Encrypt/Decrypt using
AES on a Core i5.

------
codesuela
I got myself an SSD for Christmas and that is why I moved off full disk
encryption on home computer and instead encrypt almost everything except the
system. However I've turned off the page file and I'm trying to set up pre
boot authentication for non system volumes.

On another note, I plan to slowly switch to Ubuntu and I wonder how secure the
home folder encryption is?

~~~
mike-cardwell
There's nothing stopping you using FDE on an SSD...

~~~
codesuela
FDE on a SSD negates the gained speed advantage

~~~
mike-cardwell
Does it? Even if you have a CPU with AES-NI instuctions like an Intel Core i5
or i7?

~~~
codesuela
unfortunately yes, see <http://blog.siyuz.net/2010/11/17/truecrypt-7-0a-fde-
on-ssd/#>

~~~
arthurschreiber
I encrypted my SSD using BitLocker, and for me, the performance hit is not
really noticable in my day-to-day work (programming + running a virtual
machine). Your SSD will still be A LOT faster than a regular, unencrypted HDD.
But YMMV.

------
casca
It's nice that computers are now powerful enough that full disk encryption is
almost performance-neutral. But realistically, if they want your data then
they can get it. Spear phishing works very well and if not, there's always
indefinite detention.

Technology is only a small part of the solution to warrantless border
searches.

~~~
mike-cardwell
What encryption gives you is choice. If you don't use it, then you _never_
have the choice of whether or not to give up data. The choice is taken for
you. If you use encryption there are many attackers that you will be able to
prevent being able to access the data.

------
Havoc
I'm concerned about privacy too but none of the worrisome areas would be
improved by FDE. Facebook/Google, tracking, keyloggers etc is where the main
problem lies.

------
pasbesoin
Can anyone comment on the speed/performance of TrueCrypt, EncFS, and similar
on older systems, e.g. a 5 - 7 year old laptop? I'm considering carrying a
"sacrificial" machine in case it is, um, "indefinitely detained", but I'm
uncertain what kind of a performance hit full disk (or partition -- though I'm
inclined to encrypt the entire disk) encryption will incur. (I currently have
Core Duo and P4 candidates for the job.)

~~~
tjoff
Truecrypt has a simple benchmark that you can try (and I think it has a
portable installation option so you don't even have to install it on the
system to try it out).

My core duo 1.6 GHz laptop gets about 60 MB/s of AES encryption/decryption
speeds on battery (which I think reduces the clock to 1 GHz).

I consider the impact negligible.

However if you have an SSD in your system and do full-disk-encryption you will
loose potential TRIM-support which can have a significant performance penalty
depending on drive.

~~~
pasbesoin
Thank you for the response. These are both "spinning plates" machines. Part of
what would keep their loss a minor financial hit.

I wonder whether the dual cores help significantly. (As I'm more inclined to
make the P4 the sacrifice.) However, if your observation is that the perceived
impact is "negligible", this encourages me that it will be acceptable, if more
significant, on the P4.

I hadn't noticed the benchmark utility you describe. I'll have a look for/at
it. Thanks!

------
SickAnimations
My system triple boots into OS X, Windows and Ubuntu. I have a home partition,
formatted in HFS+.

What would be the best strategy for me to use? Should I just encrypt the home
volume using something cross-platform like TrueCrypt, or is it practical (an
maintainable) to do full-disk encryption in such an environment?

My home partition has very sensitive data and I've been putting off creating a
TrueCrypt container for this data.

~~~
nonane
This is probably not answering your question but a possible solution is to
switch to using OSX 100% of the time and then use Parallels/VMWare/VirtualBox
to virtualize Windows and Ubuntu. It's much more practical than having to
worry about partitions / boot volumes and general sharing problems. This way
you can even encrypt your entire OS X volume and not use encryption on the
VMs.

------
brador
I just use two RAIDed NAS boxes, one as a long term, large file media/data
store and another for small files on SSD RAID. All my comps are now dumb
terminals, booting an OS and software. Works well and was surprisingly cheap
for what is essentially a complete, hassle free system.

------
dicroce
I did this over a year ago and am very happy. I use TrueCrypt. I have not
noticed any slow downs (even for gaming)... That said, you should probably not
do this if your drives are failing (or you tend to suffer a lot of disk
failures).

------
wazoox
None of my current computers is powerful enough for that without it being a
serious hassle. And I'm pretty sure it will drain my laptop battery much
faster...

~~~
sitkack
It looks like many people assume this to be so but haven't done the
benchmarks. FDE is going to be a much smaller hit than say anti-virus
software. Encryption routines have been highly optimized into the multi
gigabytes per second range.

~~~
wazoox
> _FDE is going to be a much smaller hit than say anti-virus software._

But I don't run any anti-virus, this is even one of the good reasons why I
stopped using windows aeons ago. I tried LUKS with AES a few years ago, and
though the performance was good it comes with a really significant hit.

------
bumbledraven
It's great to see the EFF recommending <http://diceware.com> for secure
passphrase generation.

------
quinndupont
Does anyone have any thoughts on Apple's File Vault? I assume the crypto is
perfectly fine, but I worry about bugs destroying my data.

~~~
quinndupont
Apparently FileVault has been much improved in OS X Lion:
[http://www.maclife.com/article/howtos/how_use_filevault_and_...](http://www.maclife.com/article/howtos/how_use_filevault_and_time_machine)

------
rogerbinns
So how do you encrypt a home server? Any device that has to be bootable
without human intervention will have to store the encryption keys on the
device somewhere making the encryption merely obfuscation.

It is possible for "swap" RAM to be encrypted on Linux and it could generate a
random per boot key, also being a form of obfuscation.
<https://lkml.org/lkml/2011/12/28/69>

------
jrgifford
Unfortunately, the amount of time I spend running/breaking the development
version of Ubuntu prohibits _full_ disk encryption, but I do have /home
encrypted. Is that "good enough"?

~~~
morsch
That's what I intend to do the next opportunity I get. Your swap space could
still leak confidential information, though.

~~~
jrgifford
I'm willing to risk that since I rarely use any of my swap.

~~~
slug
You can and should encrypt your partition, since your home key might end up
there.

<https://help.ubuntu.com/community/EncryptedFilesystems>

If you want hibernate to work you can use uswsusp for example:
<https://we.riseup.net/debian/encrypted-swap>

Sleep always works, but as mentioned above, your key will be in memory...

~~~
jrgifford
Interesting.... I think i'll stick with user directory encryption, but thanks
for those links.

~~~
slug
Well, I use /home with luks on some machines and user directory (encfs) on
others, but have _all_ of them with swap encrypted or no swap partition at
all.

Since the keys/other private info might leak there, you are _not_ doing it
right, unless you have sysctl swappness level set to 0.

Not only that, /tmp and other temporary directories might also be another
leaky place...

------
paulhauggis
This is all good, until you get any kind of disk corruption. Good luck getting
any of your data back.

~~~
paulhauggis
Why am I down voted?

My laptop HD was encrypted, it got corrupted, and I lost the entire drive. If
even a few bytes are corrupted, you are SOL.

Luckily, I had an offsite backup (unencrypted) I'm just warning people about
the dangers of not keeping an unecrypted backup.

~~~
mike-cardwell
Why isn't your offsite backup encrypted too? Yes, if your data is corrupted,
and your backups are corrupted, then you lose your data. That's the case
regardless of whether or not you're using encryption.

I use FDE on my laptop. My backups are also encrypted. I use duplicity which
basically tars up the files and then encrypts using GnuPG. It only tars up the
changes between each run, so I have incremental backups, and version history
of every single file on my system. All encrypted -
[https://grepular.com/Secure_Free_Incremental_and_Instant_Bac...](https://grepular.com/Secure_Free_Incremental_and_Instant_Backups_for_Linux)

------
justatdotin
do most people really have private information on their computer? I don't
think I do ...

~~~
baq
depends what you consider private. for me, everything is private as long as i
don't put it online consciously. yes, even that photo of me sitting on a
chair.

