Linux

My drives are not encrypted because it's a hassle if things start going wrong. My NAS is software raid so the individual disks mean nothing anyway. The only drive that is encrypted is my backup disk and I'm not really sure if it was needed.

I encrypt all my filesystems, boot partitions excluded. I started with my work laptop. It made the most sense because there is a real possibility that it gets lost or stolen at some point. But once I learned how simple encryption is, I just started doing it everywhere. It's probably not gonna come into play ever for my desktop, but it also doesn't really cost me anything to be extra safe.

Full disk encryption on everything. My Servers, PCs etc. Gives me peace of mind that my data is safe even when the device is no longer in my control.

I use encryption on laptops, because they can be stolen in the train, bus, etc. On work desktop, I do so as well, because there are many people around. However, on everything that stay at home, I prefer not to use it to simplifiy things and get more performance.

Yes, and for the life of me I don't understand why there isn't a default LUKS with hibernate partition in the Debian installer.

I do on all my devices that can as a matter of practice, not for any real threat. I'm interested to learn about how to set it up and use it on a daily basis including how to do system recoveries. I guess it's largely academic.

Once I switched to linux as my daily driver, I didn't have a need to do piracy anymore since all the software I need is FOSS.

Yeah, on my laptop - because I travel with it and confidential data (like from my customers) could land in hands its not supposed to

No, in case of my desktop, because it's easier to access it in case of failure

I would strongly encourage people to encrypt their on site data storage drives even if they never leave the house and theft isn’t a realistic thing that can happen.

The issue is hard drive malfunction. If a drive has sensitive data on it and malfunctions. It becomes very hard to destroy that data.

If that malfunctioning hard drive was encrypted you can simply toss it into an e-waste bin worry free. If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.

I encrypted my professional laptop's drive in order to prevent access to company data and code in case of theft. And I'll probably encrypt my personal laptop as well because the SSH key can access company code.

As for the desktop, I didn't and probably never will, because theft is less likely and that would be a pain to handle for nightly backups (it is turned on with Wake-on-LAN and then a cron backs up my home directory to my NAS).

Finally, I won't encrypt my NAS as well for the same reason: it would quickly become a hassle as I would have to manually decrypt the drives every time it boots after a power outage.

I used to, but then I nuked my install accidentally and I couldn't recover the encrypted data. I nuke my installs fairly regularly. I just did again this past week while trying to resize my / and my /home partitions. I've resigned myself to only encrypting specific files and directories on demand.

My phone is fully encrypted though.

I do encrypt my drives, and it’s not as transparent in Linux as it is in the others. I’m sure I could get a TPM setup for seamless boots, but I haven’t done that yet.

For mobile drivers, I still encrypt, but that locks them to one OS since LUKS isn’t cross platform. There is VeraCrypt for cross-platform encryption, but that’s one more thing to manage and install.

Doesn't Pop have that by default? I think others have too.

Anyway, yes for basically everything. Except my servers main partition, because otherwise recovering from crashes would be horribly annoying or unsafe if I'd use cryptssh. And if the dns+dhcp/gateway/VPN server crashes I'd definitely need 22 open.

Yes. I encrypt because theft. I know PopOS and Mint make it 1-click ez. ...unless of course you want home and root on a separate drives. That scales difficulty real fast. There's plenty of tutorials, and I managed, but I had to patch together different ones to get a basic setup-- Never mind understanding exactly what I did and repeating it (the latest challenge I've been dragging my feet on). I do hope this is an area that sees more development in the near future.

Asahi Linux doesn't support encryption and getting it to work requires a lot of steps and that I reinstall it which I don't have time for, so I don't have it enabled on my laptop, and if it gets stolen or confiscated I'm fucked.

I have it enabled on my server and phone.

I don't encrypt my entire drive, but I do have encrypted directories for my sensitive data. If I did encrypt an entire drive, it would only be the drive containing my data not the system drive.

Every endpoint device I use is using full disk encryption, yes.

I don't even know how to do it

I encrypt my laptop and desktops and I think it’s worth it. I regret encrypting my servers because they need passwords to turn on.