Encryption, sensible or not?

[Duveltje]

When you install Linux Mint, you can choose to encrypt, everything, home or nothing. The encryption slows down, your system. Is it necessery or desirable to encrypt your system (partially). Linux has the reputation of being fairly safe and usually your router has a firewall and if not so you can turn on ufw. Isn't it true that a hacker breaks through the encryption anyway? What is the sensible thing to do?

[xenopeek]

Either form of encryption is only a protection against people with physical access to your computer. Not against remote attacks.

1. If others also use your computer (like family members or roommates) and you're the only user with administrator access you can just change the permissions on your home directory so the other users on your computer can't access it. No encryption needed.
2. if there are other users with administrator access this won't suffice. Home directory encryption would be the option in that case; it would keep your files inaccessible to all other users on your computer—whether they have administrator access or not.
3. Full disk encryption is faster than home directory encryption and you should prefer this to keep your files inaccessible from all people that can physically get to your computer (like burglars). You can combine it with option 1. It's only not a good option if there are other users on your computer with administrator access that you wouldn't trust with your files.

Using both full disk encryption and home directory encryption doesn't make much sense; it will be tardy slow. Both will keep your files safe except from state agents (assuming strong passwords). Neither will keep you safe from remote attackers.

[Cosmo.]

Linux has the reputation of being fairly safe

Encryption does not enhance the security, but the privacy.

usually your router has a firewall and if not so you can turn on ufw.

As long as your computer is turned off, it does not matter, if the router has a firewall. If the computer is running and you have full encryption, it is unlocked; if you re locked in and you have your home encrypted, this will be unlocked. Unlocked means, the data are for an attacker as well as for yourself reachable (assumed, an attacker would at all be able to break in).
A firewall helps as you can e.g. block all incoming traffic, but allow outgoing traffic.

Isn't it true that a hacker breaks through the encryption anyway? What is the sensible thing to do?

Yes, this is true, if you mean with "hackers" attackers from the distance / via web. Out of the above given reasons.

If the sensibility of your data is a special concern for you it might be worth, to store the especial sensitive in encrypted file or folders, which you unlock only in case, that you actually need them.

[Duveltje]

I am the only user of my lap. I am connected to the internet, nothing else. I want to be as certain as possible, that I can't be hacked and that I don't get crapware on my lap, especially since I use internet banking. I don't think that encrypting (part of) my computer is of use to me. So I leave it as it is, unless someone can tell me good reasons why I should encrypt (part of) my computer.

[Cosmo.]

I don't think that encrypting (part of) my computer is of use to me.

You are right.

[rene]

I am the only user of my lap.

Well, you, and the thief or honest finder that gets your "lap" after you. That I would feel is in fact the main reason to use encryption for regular users. If you use the laptop in in fact mobile manner, chances that you at some point will forget it somewhere or that it gets stolen are significant. Without encryption the new owner is going to have access to all of your data.

I would therefore personally always encrypt my home directory on an actually mobile system. Not the entire system. Admittedly, the system not even booting up when using the latter option makes for some additional peace-of-mind, but I'm just not able to get past the sillyness of encrypting /bin/ls.

[xenopeek]

Then one you can look at is running your web browser in a security sandbox. Something like firejail (I have a tutorial viewtopic.php?t=202735). That limits what the web browser can do so if you end up on a web page with some malware at most it can try and mess up your web browser configuration. With default configuration of firejail your web browser can only write files in its user configuration and cache directories and in your Downloads directory. It can't access your Documents and Pictures directory for example. Your web browser is the most exposed part of your computer. You can also look into extensions for Firefox like uBlock Origin (to block ads; as most malware is distributed through ad networks) or NoScript (to block untrusted websites from running code on your computer).

[Duveltje]

I am the only user of my lap.

Well, you, and the thief or honest finder that gets your "lap" after you. That I would feel is in fact the main reason to use encryption for regular users. If you use the laptop in in fact mobile manner, chances that you at some point will forget it somewhere or that it gets stolen are significant. Without encryption the new owner is going to have access to all of your data.

I would therefore personally always encrypt my home directory on an actually mobile system. Not the entire system. Admittedly, the system not even booting up when using the latter option makes for some additional peace-of-mind, but I'm just not able to get past the sillyness of encrypting /bin/ls.

I always leave my computer at home and is not very likely that someone breaks into my house. So I feel safe about that.

[Duveltje]

Then one you can look at is running your web browser in a security sandbox. Something like firejail (I have a tutorial viewtopic.php?t=202735). That limits what the web browser can do so if you end up on a web page with some malware at most it can try and mess up your web browser configuration. With default configuration of firejail your web browser can only write files in its user configuration and cache directories and in your Downloads directory. It can't access your Documents and Pictures directory for example. Your web browser is the most exposed part of your computer. You can also look into extensions for Firefox like uBlock Origin (to block ads; as most malware is distributed through ad networks) or NoScript (to block untrusted websites from running code on your computer).

I often use a VPN and also I sometimes use the tor-browser, to be anonymous. I'll try firejail and firejail-tools to investigate it. Thnx.

[rene]

Then I would certainly feel free to not encrypt. As long as you are aware that your password will not keep your data safe: anyone with physical access to the machine gets your data.