This makes a world of difference. I know many people may know of it but may not actually do it. It Protects your files in case your computer is ever stolen and prevents alphabet agencies from just brute forcing into your Laptop or whatever.
I found that Limine (bootloader) has the fastest decryption when paired with LUKS at least for my laptop.
If your computer isn’t encrypted I could make a live USB of a distro, plug it into your computer, boot, and view your files on your hard drive. Completely bypassing your Login manager. If your computer is encrypted I could not. Use a strong password and different from your login
Benefits of Using LUKS with GRUB Enhanced Security
- Data Protection: LUKS (Linux Unified Key Setup) encrypts disk partitions, ensuring that data remains secure even if the physical device is stolen.
- Full Disk Encryption: It can encrypt the entire disk, including sensitive files and swap space, preventing unauthorized access to confidential information.
Compatibility with GRUB
- Unlocking from Bootloader: GRUB can unlock LUKS-encrypted partitions using the cryptomount command, allowing the system to boot securely without exposing sensitive data.
- Support for LVM: When combined with Logical Volume Management (LVM), LUKS allows for flexible partition management while maintaining encryption.
Inserting relevant XKCD as is required by internet law: https://xkcd.com/538/
What would actually happen is a bios level rootkit that installs a nearly invisible tiny rootkit on your device everytime it starts, but this is only if you are an important target. Most police departments can also just pay a private hacking company to steal your keys by using undisclosed exploits. Encryption can work well for other things but anything you wouldn’t want state or corporations seeing, you are better off just not ever putting it on your machine.
You can be private somewhat through obscurity. Using free software that doesn’t log you, not using any machine that’s in anyway tied to you to do stuff, setting up your own point to point connection to use someone else machine as your access point. Never having a microphone or camera anywhere near your hacking machine. I’m not really that type of hacker, more of a programmer/hardware person, but it can be done somewhat safely if you take every effort to protect your identity.
This is what I would do if I want ed to do something on the internet that might actually really piss off the FBI and NSA. Something like releasing the Epstein files to dozens of independent journalists around the world or something.
I’d get cash, and leave my phone at home, go to a thrift store and buy an old laptop. Wait a couple of months, and never power it on. I download dozens of Linux distros a year before this, something as small as possible, and lightweight as possible. Nothing network, maybe even tails.
Then I’d have it sitting on a thumb drive for many months before I dropped the files. One day before a lot of rain was coming in, I’d walk, not drive or anything, without my cell phone, using the tree cover to avoid spy satellite rewind surveillance, to a location where there is open wifi or an Ethernet jack.
Then I’d use several layers of proxying and VPNs, although this would be slow as shit. All on fresh accounts. Using nested VMs, each carrying an additional layer of VPNs. I’d use this as my set up my own network, by exploiting some random machines in the wild to get my last couple layers of VPNs.
Being careful to only type one word per second and not misspelling anything or in anyway aiding in any type of correlation attack, I’d first upload it in an encrypted format to a web host to speed up the next part, then I’d copy it to many places. I would then send it to as many people as possible, probably using a script to hit many emails addresses at once. As soon as the files hit the drive, I would assume I had about 5 minutes before the black helicopters showed up. At 5 mines I’d take a super strong magnet and start destroying the laptop, then I’d run away, find another safe spot, and then incinerate it.
Then I’d never tell anyone, go home, take a nap, wake up, talk to chatGPT about my amazing nap that I overslept on, and carve out some hidden spaces at abandoned houses and stuff to stash the actual drives with the info.
If you do anything less then this, you will probably get caught. Legal evidence is one thing, but you should never underestimate the numerous surveillance technologies they employ for unconstitutional surveillance. You n leed to be mindful of fingerprinting, (using only a throw away device and destroying it afterwards in a way that it’s not obvious that it was you) nothing that has ever touched your network or any files that that came from your PC or anything. It needs to exist in a totally separate universe. No connection whatsoever) you need to be mindful of cameras, license plate scanners, cellular modem surveillance, spy satellites which can see back in time to follow someone’s footsteps back through time. Correlation attacks, common word usage that can denote your region, common misspellings that you do, the particular way you type, root kits, assume every device is compromised and if you buy a device with a camera, don’t even open it until it’s been sitting for months and then remove the cameras and microphones, and never power it up anywhere near your house.
Another thing to be mindful of is fingerprinting your downloads, don’t download something on your PC and use it on your device.
Be wary of your footprints, this is why I said you would want to do this before a storm but perhaps maybe you would even tie wood to your shoes.
If you did this you could leak something like the Epstein files and probably get away with it, but if you are one of the few people who live in a neighborhood who is a hacker, I would expect that you’d have dozens of FBI agents watching every move you do and combing through your past to find any infraction that they could try to blackmail you with.
Never ever, trust an electronic device is better advice.
idk man, but I’d still much rather have encryption, even if I’m up against the alphabet boys:
You know you’re fucked if they use a wrench. That means you don’t have to be seen publicly ever again. There’s a chance for you if they’re using a rubber hose…
Not much good if they only have your laptop and not you.
Removed by mod
Encrypting your drives is a very sensible step to take, and it’s so low effort that it’s a no brainer in most cases. It’ll stop casual thieves stealing you machine and reading your files, and combining your password with a TPM encrypted one will mean your data isn’t readable on any machine except yours, even if the attacker has your password, which adds a little extra protection.
Unfortunately, none of that protects you against an adversary who is willing to kidnap and torture you to get your files. At that point you have to make a choice, which is more important; your files or your life/not being tortured. Fortunately, most people will never be in that situation, so should encrypt their drives and accept they’ll reveal their encryption passphrase if taken hostage/arrested.
If they are willing to torture you to get the data. Then there is also a very real chance that you would still get the same treatment or just killed even if you give the password.
That’s absolutely possible, but there’s not much you can do about that really. My point was simply in response to OP’s assertion about encryption protecting your data from ‘alphabet agencies’. It wont because it is very unlikely you consider keeping your data confidential more important than your life.
A more common case I’ve heard of is law enforcement using face id without permission. They can also compel people to give up passwords too which is why duress passwords and panic buttons exist to wipe everything
You want to think very carefully before giving a duress password, or using a destructive panic button when dealing with law enforcement. If you do, you will be charged with, at least, destruction of evidence. You have to decide if your data is worth that. A duress password that only decrypts part of your data is probably safer if twinned with deniable encryption, although you still risk legal trouble.
This is in the US, in a lot of countries, even in EU ones, refusing to reveal your password is used as part of the case against you (not as proof but as a suspicious attitude that can, combined with other facts, bring a certainty of culpability).
So be careful and check out your local laws before following US laws concerning this.
Yeah thanks pal. It helps you from someone who doesn’t know your password. You all give the most extreme examples. That example applies to biometrics, normal passwords without encryption, bank pins, etc. What was the point of saying it? What technology would help you from that
I was actually largely agreeing with you, but responding to the bit where you said:
It’ll stop alphabet agencies from brute forcing it, sure, but that’s not how they would approach extracting the information.
I see ~
you’ve~ the mod has deleted this comment thread though, so it’s unlikely anyone else will see it.As to your question about what technology would stop it, I think you may need to think differently as no technology will stop a determined enough opponent torturing you for a password, but they’re much more likely to attempt a malware style attack against you to skip all that bother. So countermeasures would involve a well locked down system (think about things like SELinux with MLS enabled and using VMs to isolate processes) and good information hygiene practices to reduce the risk of infection and the risk of it spreading if you are infected.
the thread is visible here, just a single comment was deleted
I know this. Was never confused about it. You just came out of no where telling me. I don’t delete comments, look at how many people try to debate me, those comments are still up and still stupid lol. Also luckily the FBI or CIA or whatever demon inspired agency won’t just torture you as an everyday citizen doesn’t matter what they want on your top. If it was that bad the USA would be JUST like North Korea. Here they have some rules still they are just burning them away as the years go by.
I edited my comment, it was the mod who deleted your comment.
I don’t see many people debating you, but I do see a number of comments, including my own, that are pointing out things that need to be considered, or expanding on what you’d said. I don’t see much that could be called ‘stupid’, but you seem to be carrying a lot of pent up frustration and anger. You’ll probably find you have much more productiv£ and pleasant exchanges if you dump that on other people though.
One need only read or watch the news to know that a disturbingly large number of people are being abducted, predominantly under the umbrealla of ICE, but also for political reasons. It seems likely that if an agency has interest in the data of someone like that, presure of various sorts will be brought to bear on them. Most people will hand over their passwords long before the threat of physical violence is manifested, but the threat is there none-the-less. As you say, this won’t apply to most everyday citizens, for now at least.
Ultimately, it’s a case of setting up your security posture to match your own threat models. Encryption is an excellent step, but only addresses some threats, online attacks being the most obvious set that it does not help with.