Do you use encryption on your computer(s)?

[KleinesSinchen]

For me it is a clear decision: I want to keep my private data private – as much as possible: You never know what a browser might keep and reveal in history/cache without you realizing it. What is a simple, innocent statement today, might be Thoughtcrime tomorrow.

Most of the time I got called a paranoid weirdo even for using encryption in a casual way (main PCs only). Now I went much further
Lately I’ve zeroed out all old HDDs (which still turned on) and gave all others to the recycling.
All “vintage” computers are empty now or just contain a freshly installed OS. Still have to check a few SDs and flash sticks and perform full overwrite.
All newer machines which are strong enough have full disk encryption with very complex passphrase. Same goes for all backup copies.


Title says the most: I’m interested in the question if GBAtemp members encrypt some personal data or even their complete systems.


Would you feel comfortable if an unauthorized person had physical access to your computer(s)?
Would you feel comfortable that law enforcement would not find anything suspicious if your machine was confiscated? → "Somebody innocent doesn't have to fear anything."

Spoiler: Yes, I know this one

 

[sarkwalvein]

No, I don't. Well I do encrypt some things here and there, but nothing significant, I don't do full disk encryption, I don't shred disks I don't use anymore. I think doing this would be probably worth it, I don't say it is not a good idea, but it requires a discipline I just don't have.

So when I end up in Room 101 due to that controversial picture on my hard drive of me unironically enjoying a Beck's Green Lemon I will know it was all due to my laziness.

PS: Just to make it clear, I believe it makes complete sense to encrypt all your data and make it inaccessible for any unauthorized person, institution, law agency, spy agency, random hacker, opportunistic thief, etc.; but it is a damn hassle.

 

[Veho]

It's smart to never leave any private or critical information written down, and if you absolutely must have it written down, to have it encrypted.

Spoiler: If the government starts prosecuting people for thoughtcrimes, as seems to be suggested here...

However...


If it comes to the point where "thought crime" becomes a thing again, whoever is in charge of enforcing and prosecuting won't need evidence.

On an unrelated note, your ISP logs your browsing history and is legally obligated to turn that info over to the police if requested. VPNs as well. Even those that don't sell your info to third parties under the huge fucking weaselword of "legitimate interest" are still required to log it and hand it over to the authorities on request.
Websites will fork over your posting history and if your username ever gets connected to your real identity that's it.
Every bit of your online presence and can be tracked back to you so encrypting anything locally is a pretty empty gesture.

Which leaves shady private VPNs and encrypted browsers and unless you set up and developed both of them yourself, are to be trusted even less than the gubmint.

Your smartphone broadcasts every single piece of information it can gather to a whole bunch of third parties. The amount of information Google/Apple and their clients have on you is staggering. Everyone brings up TikTok as an example of spyware but it's nothing compared to what the OS itself has on you. "Open source" and "rooted" Android is supposed to be private, but every single app, service, snippet of code that you didn't write yourself is still keeping tabs and your packet sniffer has to stand in line to analyze what's being sent out because there are several more already crunching.

iOS is obscured by definition.

So unless your box is physically cut off from the outside world, there is a ton of information about your activity floating around that local encryption won't hide. The only safety is that so is everyone else's, so unless someone focuses on you in particular, you can get lost in the overall noise, like a fish in a large school.

So if it comes to the point where people are being prosecuted for something they have only on their computer but never said or posted or did online or in front of any living soul, whoever is in charge won't need any evidence.

 

[KleinesSinchen]

On an unrelated note, your ISP logs your browsing history and is legally obligated to turn that info over to the police if requested. VPNs as well. Even those that don't sell your info to third parties under the huge fucking weaselword of "legitimate interest" are still required to log it and hand it over to the authorities on request.
Websites will fork over your posting history and if your username ever gets connected to your real identity that's it.

That goes fully off-topic and depends on the country. Not all jurisdictions are the same in this regard.

Also: "You can't reach 100% security and 100% safety, so you might as well do not anything!" is a bad common fallacy. Also used as justification for carelessly signing up everywhere, not even trying to stay private online towards people/companies/institutions as much as possible. Result is such an article. Same for rubbish like: "You did not verify the complete Linux source, the complete desktop environment source, the Firefox source and the compiler source and build everything from scratch yourself. See: You are at risk of backdoors, why use software supposedly designed for privacy at all?"
Just because full verification of everything is completely impossible for a single person, that does not mean we should not try to counter common attacks.

Law enforcement – if you want to call it that now that they are representing more and more injustice – regularly uses forensic software on "suspect's" computers. They do so because… because… because they can receive all information they need from the ISP and elsewhere anyway without having access to the personal storage. All mails are stored for eternity on servers and NEVER encrypted and never removed.

Wait a moment. Something does not quite make sense here.

Every bit of your online presence and can be tracked back to you so encrypting anything locally is a pretty empty gesture.

I can hardly imagine a statement more wrong than this. Hardly worth the effort unpacking.
The browsing history is only a small part of data on a computer (albeit an important one). There are more threats for personal data on a computer than law enforcement.

[Removed politcal]

Your smartphone broadcasts every single piece of information it can gather to a whole bunch of third parties.

If this is targeted at me personally: No, it doesn't.

Spoiler

It is de-googled and offline

 

[Ryab]

For me it is a clear decision: I want to keep my private data private – as much as possible: You never know what a browser might keep and reveal in history/cache without you realizing it. What is a simple, innocent statement today, might be Thoughtcrime tomorrow.

Most of the time I got called a paranoid weirdo even for using encryption in a casual way (main PCs only). Now I went much further
Lately I’ve zeroed out all old HDDs (which still turned on) and gave all others to the recycling.
All “vintage” computers are empty now or just contain a freshly installed OS. Still have to check a few SDs and flash sticks and perform full overwrite.
All newer machines which are strong enough have full disk encryption with very complex passphrase. Same goes for all backup copies.


Title says the most: I’m interested in the question if GBAtemp members encrypt some personal data or even their complete systems.


Would you feel comfortable if an unauthorized person had physical access to your computer(s)?
Would you feel comfortable that law enforcement would not find anything suspicious if your machine was confiscated? → "Somebody innocent doesn't have to fear anything."

Spoiler: Yes, I know this one

I am managing and modifying my data too frequently. Encrypting it would just be too much of a hassle for me. I also really dont have much to hide past my browser cached login info.

 

[BigOnYa]

I am managing and modifying my data too frequently. Encrypting it would just be too much of a hassle for me. I also really dont have much to hide past my browser cached login info.

Ditto

 

[sno]

Windows was shown to have performance slowdowns with bitlocker enabled. Doubt it's all machines, but nonetheless. It's literally pointless if you got nothing you don't want people to see. Also depends if you're traveling or in a bad neighborhood. It should depend on the situation. Robbery would suck and if it's not some low iq meth head running to the pawn shop, I would be concerned about my credentials inside.

 

[Ryab]

Windows was shown to have performance slowdowns with bitlocker enabled. Doubt it's all machines, but nonetheless. It's literally pointless if you got nothing you don't want people to see. Also depends if you're traveling or in a bad neighborhood. It should depend on the situation. Robbery would suck and if it's not some low iq meth head running to the pawn shop, I would be concerned about my credentials inside.

Oh yeah Bitlocker is obviously going to have slowdowns. The system would have to decrypt and encrypt files back and forth very frequently.

 

[KleinesSinchen]

Oh yeah Bitlocker is obviously going to have slowdowns. The system would have to decrypt and encrypt files back and forth very frequently.

With a CPU from before 2007 or 2008 this is very, very true. I remember a noticeable slowdown on my 4*2TB hardware RAID 5 I used on an Athlon x2 6000+ (Linux, LUKS encryption)


With hardware accelerated AES there is no noticeable impact. Current CPUs can do multiple GB/s.
Did I say current CPUs? This is a screenshot from my 500€ laptop bought end of 2013:

Spoiler: /proc/cpuinfo

processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz stepping : 3 microcode : 0x28 cpu MHz : 800.000 cache size : 3072 KB physical id : 0 siblings : 4 core id : 0 cpu cores : 2 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt dtherm ida arat pln pts md_clear flush_l1d vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit srbds mmio_unknown bogomips : 4987.92 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management:

Would be interesting to see a benchmark from new show-off computer with latest Core i9 processor.
===================
===================
===================

All in all this thread/poll delivered what I expected (despite trying to make people think twice by being a little sarcastic in the poll with the trademark symbol ™ behind "nothing to hide"). I'm convinced everybody has something to hide – that does NOT mean something criminal – and often isn't even aware of this.

It's literally pointless if you got nothing you don't want people to see. […] Robbery would suck and if it's not some low iq meth head running to the pawn shop, I would be concerned about my credentials inside.

It's literally pointless if you have nothing to hide™ vs. credentials on the computer. Robbery is a nice example.



My approach is "better safe than sorry" as encrypting is a one time effort with no downsides I can think of¹. For the widespread Windows OS it is very, very easy. A few clicks and Bitlocker is on². I did it on my mum's computer recently (and there isn't even a TPM inside that PC which means changing policies with gpedit.msc before running Bitlocker.) It was roughly five minutes of work to start encryption for the SSD, HDD and external HDD – including creation of a tiny Veracrypt container to store the recovery keys in online storage.




======================================================
Thank you all for the comments and for participating in that poll.

Cryptography is an interesting topic regardless of any security
concerns. So much cool stuff to read.
======================================================




________________________
¹ Okay, I can think of something if trying hard enough: Header corruption is enough for 100% data loss. Backups are even more important than without encryption. But backups are mandatory anyway, so I don't count this for me. Besides: Current media tend to fail completely anyway instead of losing single sectors so the difference is more academic or historical. To prevent 100% loss on things that become gradually worse, like optical discs, additional ECC can be used to circumvent "header gets hit by corruption".
² Microsoft should be ashamed for not making this available in the home editions of Windows

 

[Ryab]

With a CPU from before 2007 or 2008 this is very, very true. I remember a noticeable slowdown on my 4*2TB hardware RAID 5 I used on an Athlon x2 6000+ (Linux, LUKS encryption)


With hardware accelerated AES there is no noticeable impact. Current CPUs can do multiple GB/s.
Did I say current CPUs? This is a screenshot from my 500€ laptop bought end of 2013:
View attachment 409262

Spoiler: /proc/cpuinfo

processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz stepping : 3 microcode : 0x28 cpu MHz : 800.000 cache size : 3072 KB physical id : 0 siblings : 4 core id : 0 cpu cores : 2 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt dtherm ida arat pln pts md_clear flush_l1d vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit srbds mmio_unknown bogomips : 4987.92 clflush size : 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management:

Would be interesting to see a benchmark from new show-off computer with latest Core i9 processor.
===================
===================
===================

All in all this thread/poll delivered what I expected (despite trying to make people think twice by being a little sarcastic in the poll with the trademark symbol ™ behind "nothing to hide"). I'm convinced everybody has something to hide – that does NOT mean something criminal – and often isn't even aware of this.

It's literally pointless if you have nothing to hide™ vs. credentials on the computer. Robbery is a nice example.



My approach is "better safe than sorry" as encrypting is a one time effort with no downsides I can think of¹. For the widespread Windows OS it is very, very easy. A few clicks and Bitlocker is on². I did it on my mum's computer recently (and there isn't even a TPM inside that PC which means changing policies with gpedit.msc before running Bitlocker.) It was roughly five minutes of work to start encryption for the SSD, HDD and external HDD – including creation of a tiny Veracrypt container to store the recovery keys in online storage.




======================================================
Thank you all for the comments and for participating in that poll.

Cryptography is an interesting topic regardless of any security
concerns. So much cool stuff to read.
======================================================




________________________
¹ Okay, I can think of something if trying hard enough: Header corruption is enough for 100% data loss. Backups are even more important than without encryption. But backups are mandatory anyway, so I don't count this for me. Besides: Current media tend to fail completely anyway instead of losing single sectors so the difference is more academic or historical. To prevent 100% loss on things that become gradually worse, like optical discs, additional ECC can be used to circumvent "header gets hit by corruption".
² Microsoft should be ashamed for not making this available in the home editions of Windows

Yeah my main problem still though is I commonly swap drives between machines and change hardware.

 

[tech3475]

One problem with the "Thought Crime" premise is that under such a scenario, chances are courts could just compel you to unlock the machine or hold you in contempt i.e. you end up in prison anyway.

Looking around, there's already this in the UK:

What if my phone is password protected? Can the police force me to give it to them?​

If the police caution you and say, “you do not have to say anything”, arguably this affords you some protection from having to answer their questions. It also means you do not have to give them your password or any other login details.

Problems may arise if the investigation relates to child sex offences or terrorism. If you are served with a S49 RIPA Notice (Regulation of Investigatory Powers Act 2000), you must legally disclose passwords for your electronic devices. Failing to do so is a criminal offence punishable with between two and five years’ imprisonment. This type of notice must be given by specialist police officers.

Under Schedule 7 of the Terrorism Act 2000, the police, and customs and immigration officials have powers to detain individuals at borders and demand any information they wish. They have the power to do this even if they have no evidence the person concerned is involved in a crime.

Additionally, the police have powers to seize someone’s property under S22 of the Police and Criminal Evidence Act 1984 (PACE) if they believe it to be relevant to an investigation.

Source:https://www.suttondefencelawyers.co.uk/about/blog/can-the-police-make-me-unlock-my-phone-if-investigating-sexual-offences.html#:~:text=If you are served with,given by specialist police officers.

Also, you can set web browsers to auto-delete cache/history.

Personally, I encrypt anything on the cloud where I can with the private key stored elsewhere, but locally I don't because I have a feeling it would cause too many issues e.g. sometimes I do stuff from different OSs, drive images, move drives around, etc.

Yes I'm aware of the risks but it's a conscious decision, although realistically I could see a casual break in thief targeting things like laptops, phones, etc. As opposed to my desktops.

To be clear, I hold nothing against people who use full disk encryption and it is something that has crossed my mind, as there are still security benefits to doing so, especially on aforementioned portable devices like laptops, smartphones, etc.

Post automatically merged: Dec 18, 2023

Plot Twist, it turns out OP is secretly our FBI agent and he's making a list .

 

[KleinesSinchen]

Yeah my main problem still though is I commonly swap drives between machines and change hardware.

Nothing that can't be handled, but indeed quite some work – if the main drive is encrypted it may contain keys for other drives. Building chains unlocking each other.
Pretty much all my stuff auto-unlocks on my computers. Encryption is transparent. Only time I have to provide a passphrase is unlocking on boot.
As far as I know Bitlocker gets a hysteric panic attack when relying on TPM based security and you swap things or change settings or boot order. With the standard password method this is no concern.

When swapping too much hardware with Windows my main concern would be the device ID changing and the activation going down the drain.

[Removed politcal]

Also, you can set web browsers to auto-delete cache/history.

Yes. No. Yes. Well. Deleted files not overwritten? Operating system protocols? Windows registry?
Wiping stuff is hard. Not having anything visible in the first place is easier.

Plot Twist, it turns out OP is secretly our FBI agent and he's making a list *****.

This is not funny! Even with "" at the end. Not EOF.

 

[tech3475]

Yes. No. Yes. Well. Deleted files not overwritten? Operating system protocols? Windows registry?
Wiping stuff is hard. Not having anything visible in the first place is easier.

True, although this is only true for as long as the encryption isn't defeated, either via technical or legal means.

Arguably, you'd need to start doing things like 'secure erase' of drives 'free space' (not recommended for SSDs), using RAM Drives, easily deleted/overwritten encrypted volumes, etc. If you're truly concerned because there would be no data to decrypt/recover.

 

[impeeza]

Yeah, I have a Hardware Encryption External Harddrive.

 

[The Catboy]

I use Apple’s encryption on my MacBook. I just tend to prefer keeping my stuff encrypted

 

[tech3475]

PSA: make sure to have a backup copy of your bitlocker keys (or equivalent) handy somewhere, especially if you think you might be offline.

I've had issues at my retail job where I've been unable to do relatively simple fixes for computers because of this issue (not even safe mode works).

 

[eternal]

the best way to save yourself after any issues arise...(truck kun or other issues lol) "quote unquote", and/or is to encrypt your drives (especially with those high speed ones), and also buy a very good hand drill that can destroy small ssds, and big 3.5" and below hdds.

Seriously physically destroy them, even if youre not zeroing drives.
If you are, and you are not zeroing old drives, destroy them physically with a hand drill still.
Almost everything can be recovered nowadays. And if you dont believe me, destroy it anyways, what do you have to lose besides the initial price of a high quality batter powered hand drill? lol

 

[SAIYAN48]

Most of my encryption is not using English