FATAL SECURITY FLAW - Still No Full Disk Encryption

[twelph]

This needs to always be at the top. Having to rely on third party scripts that I can't get to work, or just settle with home partition encryption is just not cutting it anymore. If you happen to be paying attention to the news in the United States lately, our privacy is under constant attack. Having full disk encryption available can no longer be considered a feature, it's a security flaw without it. This is my favorite distribution, but I can no longer accept this omission. I'm switching back to a Debian install and adding the LMDE repository in the meantime.

[catweazel]

-1

The world does consist of only the United States.

[martensjd]

I agree that FDE is a must-have feature--a deal-breaker for me. I left Mint for Lubuntu and Xubuntu a year ago over this deficiency, but am now back to Mint because (a) I like Mint and (b) an encrypted LVM is easy to set up--see http://community.linuxmint.com/tutorial/view/1166 for an easy four-step process at install time.

It still strikes me as exceedingly odd that it's not a standard install option. Debian was offering this years ago.

[twelph]

-1

The world does consist of only the United States.

I assume you mean "The world does not consist of only the United States."

How is this relevant?

[catweazel]

-1

The world does consist of only the United States.

I assume you mean "The world does not consist of only the United States."

How is this relevant?

My government doesn't spy on its own citizens like yours does. Your premise revolves around what your government does to justify full disk encryption. If you want full disk encryption, install it. Alternatively, wear a tinfoil hat.

[twelph]

-1

The world does consist of only the United States.

I assume you mean "The world does not consist of only the United States."

How is this relevant?

My government doesn't spy on its own citizens like yours does. Your premise revolves around what your government does to justify full disk encryption. If you want full disk encryption, install it. Alternatively, wear a tinfoil hat.

Because my country is the only country to do this, and your country could never possibly do this? Am I being called paranoid for requesting something that is becoming standard in most distributions and required by many businesses? Since when did implementing best security practices equate to tinfoil hat?

[catweazel]

B<snip>

Would you like me to report you to the moderators for trolling?

A simple yes or no will do.

[twelph]

B<snip>

Would you like me to report you to the moderators for trolling?

A simple yes or no will do.

Yes please. I obviously don't understand the term trolling, and would like a moderator to clarify it for me. Wikipedia must not have all the answers: https://en.wikipedia.org/wiki/Troll_%28Internet%29

I guess someone needs to add "having a disagreement" to that page.

[eanfrid]

FDE is neither the only one mean to protect your data privacy nor sufficient by itself to (try to) achieve this goal. If FDE were an installation option it would be fine, of course, but making it mandatory may kill the performances of many older computers.

[twelph]

FDE is neither the only one mean to protect your data privacy nor sufficient by itself to (try to) achieve this goal. If FDE were an installation option it would be fine, of course, but making it mandatory may kill the performances of many older computers.

No one made any mention of making it mandatory. Only that the distribution has it as an option.

[eanfrid]

Sorry, but "FATAL SECURITY FLAW" and "full disk encryption available can no longer be considered a feature" told me that you did absolutely not consider FDE as an option.

[twelph]

Sorry, but "FATAL SECURITY FLAW" and "full disk encryption available can no longer be considered a feature" told me that you did absolutely not consider FDE as an option.

Notice the very important word that I bolded.

[kurotsugi]

I'm switching back to a Debian install and adding the LMDE repository in the meantime.

I do agree that LMDE should include FDE as an option for the the installation but IMO this forum isn't the right place. this is a forum mostly for "MINT USER", not "MINT DEVS". if you have any idea/suggestion then I believe the correct place should be here --> http://community.linuxmint.com/

[Oscar799]

Lively debate is fine but lets not have a flame war
Thanks

[MtnDewManiac]

Lively debate is fine but lets not have a flame war
Thanks

Without trying to fan any flames, and meaning no disrespect to any individuals or countries:

I think it not at all unlikely that the US government devotes at least as many resources toward spying(?), collecting data on, et cetera the citizens - and governments - of other countries as it does on the same activities domestically.

For one, there'd be less (US) laws to have to circumvent (or would have before the P Act was passed, I suppose).

Then there are articles such as this one

Code: Select all

http://www.independent.co.uk/news/uk/politics/prism-scandal-foreign-secretary-william-hagues-vagueness-on-us-spying-fails-to-reassure-mps-and-public-over-covert-gchq-deal-with-nsa-8651896.html

which discusses concerns that the GCHQ (UK Government Communications Headquarters which is the centre for Her Majesty's Government's Signal Intelligence (SIGINT) activities) is getting data from that US federal agency that's been freaking so many people out all of a sudden (said people having just crawled out from under a rock for the very first time, I'm guessing ) in order to circumvent British laws. That seems completely feasible to me; "data" a commodity that can be bought, sold, or traded for favors. Also... Consider this: In my country - and, I would guess, in at least a few others - if a police officer were to break into a house without a search warrant and discover evidence of a crime, that evidence cannot (legally) be used in a court of law. But if someone else, such as a thief, were to break into that house, discover that same evidence, and disclose it to LEO, then the evidence is considered to be admissible (with the usual debate as to the reliability of the source).

I once read that the US government picked up a sizable portion of the expenses that the telephone companies incurred in spreading the telephone and its infrastructure to other countries because it was a device that made it easier to spy on people. That's probably not true. Probably.

(Finally, it seems logical - at least at this point in time - that there are more non-US entities wishing to do harm to the US than there are US entities wishing to do so. Or, at least, both wishing to and likely to, lol; as someone once stated, "Americans are likely to b!tch and moan... but others are just as likely to quietly reach for the nearest rock.")

That's got me wondering... Which country's random citizen is most likely to be spied upon? And which country's random citizen is most likely to be spied upon by the United States government? (Those questions may well have two different answers, lol.)

- - - - -

DISCLAIMERS:
I am a US citizen.
While I am not thrilled - to put it mildly - about the thought of my government spying on me (or any of my fellow citizens), I seriously doubt that it's a new phenomenon. I'm guessing that governments have been spying - on everyone that they could - since the first minute after the first ever government was formed on this planet. While there may have been a government that did not, any such government probably did not last long enough to leave its mark on history.
I debated posting this for fear that it might be thought to be off-topic; but the fact that a moderator cautioned us to avoid flaming each other but did not at the same time state that the thread was in danger of - or already had - going/gone off-topic, coupled with the fact that ~16.6% of the OP's sentences mentioned a government spying, led me to believe that it would be acceptable to post it.

- - - - -

Somewhat(?) more on-topic content: I think that having an option of full-drive encryption is an idea that has merit. But I do question whether or not such a thing should rightly be the responsibility of those who provide us with our OS. It seems to me that such a thing should be... well... again, meaning no disrespect, but not tied to the OS in any way, shape, or form, and that it ought to be done on a "lower level," just as certain things are done that way, such as much of what is already addressed between the time the user presses the power button and the OS boots. Perhaps somewhere between the "BIOS routines" (I know that's not a technically-accurate term) and the initial boot menu or OS boot phase, perhaps in the BIOS, perhaps even before that.

One last thing to think about (may or may not be off-topic): To everyone that is worried about the NSA and its activities, are you using a distro or kernel (which would be every one from 2.6.0-test3 and above, I believe) that includes Security-Enhanced Linux (SELinux), lol? If so, just who do you think was the original primary developer of it and released it to the open source community in the first place? And do you suppose that the entity that created - and released - it would have done so without either a backdoor, the power to make the "security" in SELinux transparent, or both? Think about it...

EDIT: I meant to include a link to the Wikipedia article on SELinux for those who have never heard the term:

Code: Select all

http://en.wikipedia.org/wiki/Security-Enhanced_Linux

Best regards,
MDM

PS While some level of 'paranoia" is probably healthy for everyone (and it is up to each individual to decide what the proper level is), I have always thought that the one thing that "wearing a tinfoil hat" guarantees... Is to make one much easier to pick out of a crowd, lol.

EDIT: While I'm thinking about it, those of you in the audience who are concerned about (any entity) spying, collecting data, and/or profiling you: How many of you run use a web browser without a good script-blocker installed, therefore allowing every website you visit to run any script it wishes on your computer? How many of you encrypt the signals between your computer and your wireless router? And how many of you use (any facet of) Google? If you think about it, the situation where full-disk/drive encryption is useful is one in which an adversary(?) actually has physical possession of your hard drive - but these other things require no such possession of your hardware.

[TomRoche]

Just to get back on topic: feel free to contribute/fork this LUKS/LVM2 installer for LMDE. I'd definitely like to see the "real" LMDE installer provide this functionality.

[cyb3rc0de]

I must agree. FDE should be listed on installer as an option.

[namarie]

Is it possible to finance a bounty for this feature ?

[namarie]

I know bumping is not very kind but I don't see any about this topic. There are several (not very friendly) outdated how-to about FDE on old version of Mint. There is also a feature request (http://community.linuxmint.com/idea/view/2144) with 'Selected' status.

Is there any news about full disk encryption in default installer for Linux Minut Debian ?