One thing I disagree with the article about is that drives should not be encrypted by default. For the vast majority of people an encrypted drive is just data loss lying in wait.

I prefer to use non-encrypted drives so I have the option of popping out the disk and reading it from another system with ease, which also means that I can recover files from drives of otherwise dead systems just as easily. This is a trade off I'm willing to make over losing access to data.

I understand business uses for it, and for that they have an IT team to manage key backup and backups in general. Plus when you're using company equipment it is theirs, not yours.

It's really about personal privacy. Your computer is likely to be stolen and sold. If you don't want others reading your email, viewing your pictures, seeing your tax returns, etc. then you should encrypt the drive.

I call this "The Pawn Shop Threat Model" ;)

And, IME it is likely to happen.

I have purchased 6 multi Tb external drives at estate sales. My son brought home a few from a summer working as a mover. In his experience it was divorcing spouses throwing out each others stuff.

All of these drives had Pii and personal photos. Some of the estate sale drives included pii of children and grandchildren.

I've found a few cheap hard drives at thrift stores. I used to buy them just in case someone had left a crypto wallet on them.

They're usually formatted but not wiped, so even recuva was typically able to claw back all of the missing data and restore the whole drive.

Family photos, nudes, sex videos (homemade and professional), downloaded movies, pirated games, I've found them all.

If you're dumping a drive and you don't DBAN it first, other people getting to see your shit is 100% on you.

You left out the most interesting part - did you find any BTC?

Could you share them?

> Your computer is likely to be stolen and sold.

Likely? How likely is it? I've never had a computer stolen, nor has anybody I personally know. So it doesn't seem to me like it's all that likely.

Personally, I find whole disk encryption to be more risky than it's worth. I much prefer encrypting things on a file-level instead.

OP might mean "laptop" instead of computer. Or more specifically, laptop that is regularly taken out of the home.

I'm with you. If someone wanted to steal any of my computers, they'd have to break into my house. Possible, but also statistically unlikely, as I live in a reasonably safe community and lock my doors. I don't see the benefit of full disk encryption on a bunch of computers I keep in my home. For the special case of a laptop that is frequently taken out of the home and used in public, where thieves might be? Sure, encrypt it.

I knew a guy whose laptop was stolen and it had a major companies game engine source on it - which was not open source (he had done some contract work for them).

Personally I used LUKS encryption on a system76 laptop for 7 years and it worked fine - still going in fact. I was always worried about it failing especially after an update, but that never happened.

For backups to offline media I still do use file-level encryption though.

That's why I understand businesses requiring full disk encryption on their devices and on contractor devices, because in their case they are fine with losing data as they have many copies of it elsewhere.

In a small business, I've been responsible for buying laptops for a while.

In about 300 person-years, we've had two laptops stolen. Both were stolen while the staff were on trips abroad, and the staff were both rather careless IMO.

> It's really about personal privacy. Your computer is likely to be stolen and sold. If you don't want others reading your email, viewing your pictures, seeing your tax returns, etc. then you should encrypt the drive.

There is a very real security vs. availability trade-off though. Is the average person more concerned with others reading their emails, viewing their pictures, seeing their tax returns, or are they more concerned with losing access to those things themselves?

Losing access to an encrypted drive is a very real possibility (people often forget their passwords, and are used to that being recoverable), and is the data loss is probably more impactful than privacy loss for many people.

It's been a while since I've set up a windows machine and this may already be mentioned, but when I sign up for signal I got lots of warnings that were like "warning if you lose your phone and encryption key you will lose your data"

That way I know what I'm signing up for.

Just put "encrypt? Yes no" in the on-boarding flow and let people know what the risks are and what they may be protecting against. I'd probably default to off because people don't read wizards and the last thing someone wants is to lose their entire HDD because they accidentally made a decision they didn't understand.

And maybe for a certain period of time they can nudge users to read about encryption and decide if it's right for them, or just easily disable that nudge. Maybe even basic education like "if you find yourself forgetting your password often then maybe encryption is not for you" or something like that.

Windows is already optimized for extracting as much value from customers as possible, may as well help them make at least one informed decision.

Your computer is not "likely" to be stolen and sold.

And the worst part is, I have seen computer repair shops that refuse to work with a laptop if it has an encrypted system drive, under the guise of "how would we then validate the fix?"

For the typical user, this is far far far more likely to happen than that they would “pop out” the drive and read it in another machine.

Defaults should be safe for most users. Power users are exactly the people who can deal with changing a setting. It’s constantly surprising to me when technical people insist that defaults should be optimized for technical people.

This is not the correct model. For a typical user, they can bring the laptop to someone knowledgeable, who will pop out the drive for them.

The main question is: What is the biggest risk: theft or data corruption.

In my experience, corruption and ransomware is more common so FDE should be off for households desktops or laptops, as these rarely leave the house. A business tends to have managed devices and data loss is a legal nightmare, so FDE should be on. The main thing is: people should be able to choose.

There is a happy medium. Encrypt the user directory/s and leave the rest of the disk unencrypted. There is still a risk that the user loses valuable data due to corruption, but there is much less of a risk of the entire system being unusable or unrecoverable because of corruption or ransomware.

Surely not likely at all for a gaming desktop that's going nowhere in my home.

For business users with notebooks who fly around a lot or spend time in coffee shops, it's possible.

> Your computer is likely to be stolen and sold.

No, it’s not.

Users should be given a choice and clearly and concisely explain the consequences of choosing one or the other. Simple as that.

What it should definitely not happen is to do this behind scenes and store recovery codes on a microsoft account. Why those codes have to be stored on their servers?

A screen should display the recovery codes and instruct the user to print them and keep them in a safe place in case of requiring them. I should be able to recover my data completely offline. End of the story.

I believe users are given an option on Windows setup to encrypt the drive with Bitlocker or not. I've done an install in the last few months and seen it.

They should also be given an option of storing the keys in the cloud service tied to an account. Most would still click yes, but the fact that law enforcement can ask for those keys without your consent is an issue.

Here is a question for you though, you probably have those backup codes for services stored securely somewhere, but does everyone you know?

Obviously "physical access is full access", but it's shockingly easy to break into a Windows box if you have access to the unencrypted drive. I learned with I was a teenager how to use the recovery partition to mount the C: drive, then copy "cmd.exe" to "utilman.exe" or "sethc.exe" and get an instant root shell on the login page. Takes about 2-3 minutes, can be done in the time somebody leaves their laptop to go to the bathroom at Starbucks.

To me that's the main thing about disk encryption, it's to stop a nasty rootkit from being installed trivially as much as it is about stopping the guy at the pawn shop from getting your tax info. Whether you're on macos, linux, or windows, it's really quite easy to fully compromise a machine if you have hands on it.

Agreed, specifically about the tax info concerns. All my drives are encrypted with either luks, veracrypt, or native zfs encryption if my server data.

My primary concern is a robbery while I'm not home. It's trivial to break in, steal hard drives, and then go pop them into another machine on your own time to scan the files looking for tax or other sensitive docs.

While encryption keys are a risk, you can always save the random key file or passphrase in cloud storage (using symmetric encryption) and/or in your password manager.

Curious: Are you specifically worried about a robber who is targeting your tax information in particular? Home breakins are relatively rare, and when they do happen, for the vast majority of them, the robber grabs whatever cash, jewelry, and other small, easy-to-pawn valuables, and are probably not going to care about computers. And for those rare robbers who actually grab your computer, what percentage of them are really going to bother going through the hard drive looking for tax returns of all things?

This attack concern sounds like a small fraction of a small fraction of a small fraction!

Unless you are a celebrity or billionaire business mogul where your tax returns or other sensitive documents might be worth something...

Maybe I am the fool. :) I think about crime in the way I would do it, which is to grab the valuables police are unlikely to care about (hard drives) that allow me to quickly clone and encrypt myself, so I can destroy the tangible evidence, and then I have unlimited time to crack and review the information, and then even more time to execute my malicious attack against identities or whatever other I information I do find.

Only slightly better than this would be to break in, install a root kit, and then leave everything else untouched so as to try and minimize the knowledge that I was there, but I'd still be concerned that my c2 server would eventually point to me.

Maybe I should read about these actual crimes or get meds. The first couple years of my first kid's life were full of anxiety that someone would break in and steal my kid while I was sleeping at night.

Thieves are typically not technical people. If they were, they'd be using their technical skills at a legitimate job, not relying on burglarizing to make a quick buck.

They also are interested in getting in and out as quickly as possible. They're not going to take the time to disassemble a computer to remove just the hard drive, they're gonna steal the entire computer.

> Maybe I should read about these actual crimes

You should, especially on the kidnapping front. The extreme majority of kidnappings are from a relative or someone the child knows who will run off with them during the day, not break in at night.

...

Not sure that actually will make you feel better, tbh.

I think it's a mistake to assume that just because the initial burglar is technically unsophisticated, that's the end of the story. Crime can become surprisingly complicated, with its own supply chains, service providers and tool vendors, specializations, middlemen, etc. (Credit card fraud is a good example.)

Imagine how your threat-model can change if the thief—still incurious and unsophisticated—just happens to "know a guy":

1. A thief steals your computer, with no thought to who you are or what you might have on it.

2. The computer is passed to a fence for a predictable immediate cut.

3. The fence sees a lot of these computers (or phones), and knows that there are ways to extract more profit.

4. The fence has a relationship with a data extractor, and runs a provided program that gleans as much exploitable data as possible before reselling the hardware.

5. The data-extractor sees those tax files pop up, and sells those details to another criminal group that specializes in tax fraud.

If a system exists to "use every part of the buffalo", then pretty much anything can cause you damage. I'm sure somebody is already developing tools to scan a drive trying to determine likely names of your first-pet for those stupid account recovery questions.

> I prefer to use non-encrypted drives so I have the option of popping out the disk and reading it from another system with ease, which also means that I can recover files from drives of otherwise dead systems just as easily.

Everyone has different security needs. But (maybe it's different on Windows), what's hard about popping the disk to another machine and then decrypting it with the key? Does Windows not give you access to the key?

Windows does give access to the key. The issue with Microsoft account and especially Windows Home onboarding is that it doesn't tell you that it encrypted the drive and there is a backup key (which it uploads to Microsoft account, often readable by authorities with a court order).

Many normie users not only get locked out of their laptops but they also forget their Microsoft account password causing complete loss of data.

Not your key, not your crypto. => Not your key, not your data.

Why would anyone want to encrypt their data and then hand their private key to anyone is mind boggling.

Same sort of reason that way more people use Microsoft Teams than Slack, because it's already there in something that you've paid for.

Personally I would not encrypt a whole disk, only the files I actually care about protecting.

Well they are not told. Our culture and Steve Jobs cult were magic-ifying computers as way to sell trivialized, unethical and anti-intellectual software (compared to earlier home computers). Software nowadays aim to give barebones information, doesn't encourage for making educated decisions while extracting as much as possible from users.

Microsoft was once made "intermediate" or "power user" possible. I know many tech literate GenXs and millenials who were able to learn to do relatively complicated things with computers, even when they could outsource the job to others. Now Microsoft is in the same bandwagon to shove crappy undone and idiotic software riddled with ads. It generates better revenue than designing better interfaces that educate the users while not looking down upon them.

Agreed, I have personally come to the same conclusion. I do not encrypt the drives in my home desktops and servers so that the recovery/migration is easier when the time comes. The risk of someone stealing my desktops from my home is very low and the impact of someone going through my family photos or Linux ISOs is nothing. I roll my eyes at my friend when he explains the solutions for how to input the encryption password when his server restarts.

At the time of writing, there are already other replies to this comment how "it's mandatory today to encrypt drives" without any qualifiers. I am growing more and more frustrated by people who try to force security measures like this "because it is more secure that way" without first taking a look at the risks, impacts and associated costs. I think they simply force these security measures on others to feel good about their choices.

It was a breath of fresh reasonability when I found out that apt intentionally uses only HTTP instead of blanket HTTPS everywhere because the packages are signed, therefore they can be verified by the client, and using HTTP allows easier caching with cache proxies and such.

> I roll my eyes at my friend when he explains the solutions for how to input the encryption password when his server restarts.

Isn't this rather trivial? You gen a keyfile, register it with luksAddKey, then update /etc/crypttab, no? The real concern is making sure that keyfile is stored securely, but you can simply symmetrically encrypt it and upload it to your favorite cloud storage provider.

Uuh, I am not sure. I believe that he was talking about having full disk encryption which means that he needs to input the password to unlock the boot partition.

You can use TPM2 to automatically unlock the root partition and not have to input a password manually at boot. This is how my laptop (running Arch, btw) is setup. Whether or not disk encryption is necessary for a system that is physically secure at home or elsewhere is debatable however. But a laptop can be easily left somewhere and disk encryption seems necessary unless it never leaves home.

I used to think that and then the authorities raided my house (for bullshit reasons that had nothing to do with me). Now I encrypt everything.

That's a valid point. I feel for you. Similar thing has happened to a friend because of his dorm roommate torrenting some ... not linux isos illegal stuff.

With that said, I still find this risk quite unlikely to happen (at least in my country) with data loss due to being unable to decrypt the drive being more likely due to me changing computers often. If I were in a country such as the current U.S. for instance, I would most probably encrypt everything I could get my hands on. In addition, I think it is one more reason to have good offsite backups and to invest time into those. For me, losing the data/not having access to it for a long time while the police have it is a bigger impact than them finding out what porn I watch in my opinion. I don't mean it in a "nothing to hide" kind of way, but in a "I don't think they could do much any/damage with that information" way.

Is there some problem with setting a passphrase for recovery, beyond just the risk of forgetfulness or loss?

I'm not sure how BitLocker compares with LUKS, but the ability to set (or revoke) multiple keys in the drive header gives a lot of flexibility.

For example, The same drive could be unlocked multiple ways:

* A passphrase that you memorize or metaphorically throw in a vault somewhere.

* A key tied to the hardware so that it is automatically supplied, or requires a lesser input like a PIN.

* Same as above, but added to support another computer you anticipate swapping the drive to.

My solution for your concerns is twofold:

1. Use a password-based encryption method (not tied to hardware identity) if you prioritize moving the disk around. Then it is just as readable in a spare machine.

2. Use an easy to remember password/passphrase and write it down somewhere you keep paper documents, if you prioritize recovery.

This still provides meaningful protection when you need to discard the drive. The random downstream recipient of the hardware will not know your password, even if you skip the step where you "crypto-shred" the drive by setting a new random password.

When an SSD fails it often reverts to read-only mode. The manufacturers may require you to return the drive to receive a replacement or refund. By which point it is too late. You now have the choice of potentially risking the disclosure of your personal data to a third-party (and your shipment could end up on a lost-parcel auction of it did not get delivered) or missing out on your warranty.

> popping out the disk and reading it from another system

The vast majority of people don't know that this is an option or how to do it.

plus, my first windows machine went through a botched windows update and got stuck in an encryption key doom loop. now matter how many times i entered the key, it won’t let me into the computer. had to take it to the shop (tbf it had a lot of other issues too). when i got a new one the first thing i did was turn off encryption

I'd argue the proper solution here is backup, as a hdd could die at anytime and leave you with approximately the same outcome. While encryption adds some overhead and increases the surface area for failure, it ultimately requires the same backup solution as anything else.

To add to this, a Google search now is answering your question in an incorrect way rather than merely bringing you to a site with incorrect information on it.

They are also no longer covered by safe harbour provisions because it is them answering it, not some content they refer you to.

Very much like gambling, you can hit the jackpot, or just have continuous near (and far) misses.

In the Russian-Ukrainian war the GPS guided shells that the USA was sending to Ukraine cost about $40k a pop, where as you can get at least a dozen drones for that price.

Even the fanciest self propelled artillery is getting destroyed by these little cheap buggers.

A key point here is open in terms of being able to download and use it, not open as knowing what data and instructions were fed into it when training.

A paranoid part of me thinks that these models are all inherently biased and instructed to be pro CCP, with specific gaps in their training data related to undesirable historic events and political ideas.

The same thing applies to US models. Check out various system prompt leak repos on github. There are also prompt injections by various parallel "alignment" models that pre-process the prompt before it's sent to the main one with questionable guidance.

You'd be surprised how much of bias exists in easily extractable information. Now imagine how much of that happens during training, that you can't easily extract.

So this is largely a moot point. Yes, Chinese models will likely have some weird things injected into them. But so do the US models. Do I care? Not in the slightest. Models are my code monkeys, and if the code leaves my machine, I assume IP is leaked be it a Chinese model that clearly tells me they do use the data, or US models that pinky promise they don't.

Sure but that goes both ways. Any dataset has a bias. My coding doesn’t need to know about Tienamen square.

Applies both ways, ask it about Israel.

They aren't going to make _this_ show, they might make another show in the future, one catering to a broader (non-core-fan) audience.

One concern I've heard about the move to ARM cores is that it is done in order to lock down the devices more so they're more like a phone rather than a computer.

Recent Surface ARM laptops do not seem to be locked in any way.

ARM based devices don't have boot anything you want like x86 platform - in practice.

Adding to this.

x86 Most random Linuix ISOs will boot on anything. I've seen software compiled before the hardware had finished being designed boot just fine. (in the latest case lstopo was very confused, but everything still worked!)

ARM, I go looking for a build for my chip/device in particular.

x86 I just buy hardware and it works, ARM I check for OS builds before buying, and wonder if the builds will continue to get updates.....

I would have thought that the default 5V coming through the cable should be enough to power on the chip and negotiate power delivery though?

Or was it actually working but charging only on 5V and taking a long time to wake up?

Perhaps this was the case.

Bare metal or bare bootloader only right?

Or stuff like FreeRTOS, NuttX, Zephyr, and co.

There's definitely some form of addictive behaviour going on in a similar vein to poker/slot machines. There are studies and anecdotes that I've heard where the most thrill and reward comes not from the wins at gambling but from the near-wins, those close calls and near misses. It seems very similar to the kind of output that an LLM generates where it looks like what you want but is not quite there so you try to fix it by going again.