this post was submitted on 02 May 2025
343 points (87.2% liked)
Technology
69658 readers
3238 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm of the opinion that encryption based security should be compartmentalized. IE, an encrypted folder, or "safe" app. Safes in housing are already a concept that is already commonly known so it would be natural to extend a safe into the digital realm. This would also help in the idea that safes are locked with a key, so if the user loses their keys, whatever is inside the safe, might as well be lost.
Now if EVERYTHING is a safe, (always on encryption). People will never known the difference. Its a dangerous type of security that is likely to be more a loss than a benefit.
But, houses have locks on the doors. The whole point of the house is to be a safe for people. Security is all about the threat model, your risk assessment should inform the security measures that make sense in the security/convenience continuum. Not everyone will be equally well served by the exact same risk mitigation methods.
The point of whole disk encryption is to delay or nullify physical device control. If your disk is not encrypted, but you have a single encrypted file a bad actor wants to access. If they get physical control, then it is game over. They have all the time and power in the world to crack down that one file. Now, most people don't have any one file(s) like that, but instead are worried about their private life in general. Without encryption, physical access to the device means total access to their entire life, the house had no locks and the thieves just waltzed in and took everything of value. Whole disk encryption is opting for a sturdier door, with better locks. Physical control is still bad, but access is orders of magnitude harder. Sure, if you lose the only key to your house, you better be prepared to break windows or walls to get in, but that is a user responsibility.
For most folks they could just write down their encryption passphrase in a secure location with the rest of their papers since 99.9% of the risk is thieves stealing their laptops. For most folks the biggest secure item they have is the one they use constantly their browser and all the passwords it stores to all their services. You know the thing they use constantly.
A compartmentalized approach makes sense when the laptop contains really vulnerable data like laptops which have been stolen with bunches of client data on it or a journalists communication with confidential sources etc etc. In that case you STILL want to encrypt the whole thing but you want to separately encrypt the really important stuff with a different key so that every time you open your laptop to watch cat videos on youtube you aren't also unlocking all the data you will have to tell your companies users you lost.
You are arguing for selective encryption, but I can't really find any technical argument in your comment.
Whether we are speaking of encryption at transit or rest, there's a general consensus that encrypting everything is best in every way except possibly performance for select cases.
For example, it allows hiding (meta)data about the really important bits, and with computers it's really difficult to tell which bits of (meta)data could be combined to abuse. Tampering is a consideration as well.