EFF: vote for easy full-disk encryption in Ubuntu!

The Ubuntu Live CD is the excellent, free installer disk for the Ubuntu GNU/Linux OS; it has a variety of disk tools as well as a fully functioning version of the OS so that you can test-drive it before you install it. However, the standard Live CD image doesn't come with disk encryption tools; to use these, you presently have to download the "alternate CD" and fiddle around with the command line. The Electronic Frontier Foundation thinks that more people would use disk encryption to protect their data if it was easier to do so, and is hoping to get the Live CD changed to include the disk encryption stuff as standard.

Changes to the Ubuntu Live CD are voted on in the Ubuntu Brainstorm site. EFF is asking people who like this idea to upvote it there. I just did -- will you?

Encrypting your hard drive protects your privacy and your data in case your computer is lost, seized, stolen, or otherwise ends up in someone else's hands. Police are unlikely to access your encrypted data without your cooperation or a court order, so using disk encryption makes it much more difficult for them to violate your Fourth Amendment rights that protect you from unreasonable search and seizure.

In addition to being simpler and easier than only encrypting documents that you consider sensitive, full disk encryption protects you in a variety of ways that partial encryption does not. Sensitive data ends up on your hard drive that you might not think about or realize is there, including your browser history, cookies, and saved passwords. Full disk encryption also prevents attackers from changing operating system or application files to compromise your security. Federal government laptops have been encrypted since 2006. Shouldn't yours be as well?

Help bring disk encryption to the Ubuntu Live CD


  1. It depends.

    I just moved from my old computer which ran Ubuntu 9.04. I had home directory encryption enabled, and it was a pain in the butt: dropping the loop mount at odd moments, slowing everything down.

    For my new computer I’ve stayed well away from that and I’ll just use Truecrypt as and when.

    But, that said, if you have a fast computer with a lot of sensitive data, and don’t want the hassle, then it’s a good idea.

    1. I’ve had full disk crypto on my home partition for several years now, over several machines and never experienced any slowdowns. Though I must say that it is a PITA to enter a password every time I power up — luckily, I almost never have to reboot.

  2. Ubuntu 10.10 offers transparent home partition encryption on installation, slows nothing down (I’m on a netbook), doesn’t appear to eat any battery and is stable and reliable. No command line fiddling.

    It’s not full disk but it is easy.

  3. Hi there.

    Home directory encryption through ecryptfs is already a one-click operation at setup time since 9.10 thanks to the work of Dustin Kirkland.
    That’s not -exactly- full-disk encryption, but you shouldn’t store personal files outside of ~ , so this implementation is actually an excellent security/performance tradeoff. A possible remaining issues is swap , and for this yes you’d have additional work to do (or just run swapless if you have a decent machine –I do it on my 4GB machine–)

    See http://dustinkirkland.wordpress.com/2009/11/03/register-bloodied-by-lack-of-research/

  4. Hacking and censure would be gone if PGP email, Disk Encryption, and Thor over SSL would be standard for everyone. As simple as that.

  5. I’m not so sure this is a good idea. The ‘alternate’ CD is very easy to use and provides (apart from encryption options) a better way to partition your HDDs.

    If you can’t manage the ‘alternate’ CD then it could well be that an encrypted /home isn’t what you want or need.

    Let’s face it: When we’re talking about your average user, encrypting /home is somewhat paranoid behaviour.

    1. Maybe, but making it easier for the average user would help spread awareness. Data privacy doesn’t have to be exclusive to the paranoid. That said, it would then be necessary to warn users that they would not be able to recover their data if something goes horribly wrong… I could see people complaining about that.

      On another note, the Fedora 15 beta already offers this. Not sure about previous versions.

    2. I believe that is what the EFF is trying to address.

      We will all be safer when everyone routinely encrypts everything.

  6. I haven’t tried it, but I’ve read reports that SSD disks significantly reduce any performance hit that might normally be associated with full-disk encryption. So perhaps it is destined for increased relevance.

  7. Modern hardware (anything that’s been made in the past four years) is capable of supporting on-the-fly disk encryption without a performance hit during non-startup use (After the authentication and decryption, a fallthrough matrix is set up that is supported by the hardware, and the process is then pipelined so that it is not interruptable by such things as drawing a window on the screen, and is very much a straightforward bit-shift operation.)

    The utility of including full-disk encryption on the default LiveCD would be to secure one’s operating system from being tampered with (a worthy aim), and to secure what operating system is installed / what operating system additions and modifications exist on the system (which could tip off oppressive regimes, causing them to flag someone for “interrogation” – file access datestamps and intellectual property only available in certain places, not protected by home directory encryption).

    The upside is, that the more people who have encryption, use encryption, and refuse to give out passwords, the more accepted it will be to have a device that is not auditable by a third party (PRIVACY!).

    The downside is, for Ubuntu, that if they make it straightforward and simple for someone to pick full-disk encryption and the particular machine’s hardware doesn’t support the pipelining that makes encryption a non-issue for modern hardware, then their machine’s performance is going to take a significant hit, and the person will come away from their first use of Ubuntu thinking it’s far sub-standard (because the encryption is transparent to the end-user, it is unfortunately very transparent to the end-user).

  8. I tried to vote but you have to be registered…

    I’m not going through that much work!

  9. “Sensitive data ends up on your hard drive that you might not think about or realize is there, including your browser history, cookies, and saved passwords. ”

    EFF seems to have set themselves up a straw man here, given that homedir encryption is already imminently possible. This data ought all be stored in your home dir, at least for Firefox & Chrome. Shame on EFF for FUD’ing this issue up.

  10. I tried going down the route of full disk encryption when I upgraded to 10.04. After several failed attempts, it dawned on me that most of the stuff outside of /home is free and open source anyway. So I gave up and just went with encrypted home.

    Still, I’d rather have my whole drive as random noise.

  11. It sounds like a great idea, until you realize half the population forgets their password to login. Your mom will be really distressed when she realizes she’s lost all the photos she took of her grandchildren because the disk is encrypted, and there’s npthing anyone can do. Most of the population doesn’t need disk encryption.

  12. I can’t see myself ever wanting to use full disk encryption, or even home directory encryption. Disks are already too slow. Why would I make them even slower?

  13. While I might have files which I want to keep really private I think it is a good idea not to give the police the idea I have gigabytes of super sensitive information on my computer. So most of my systems I leave unencrypted. If I had to hide something I would be looking at Steganography.

  14. I’d like to point out that eCryptfs is the technology underlying the home directory encryption capability mentioned in comments #7 and #8. It’s an upstream Linux kernel feature originally developed by Michael Halcrow based on Erez Zadoc’s Cryptfs work and now maintained by Tyler Hicks. Dustin Kirkland developed the excellent integration for Ubuntu and additionally made contributions to the eCryptfs project. Note that eCryptfs is _not_ whole-disk encryption but per-file encryption. There are both benefits and risks to the approach.

  15. I can’t imagine what practical scenario would possess someone to use a livecd in this way, but whatever.

    It’s open source and all the tools are readily available. Do it yourself. And if “command line fiddling” is beyond your technical abilities, you shouldn’t be encrypting your filesystem. You’re Gonna Have a Bad Time.

    I’m all for encryption mechanisms to protect data and would LOVE it if more people took privacy more seriously, but the reality is this: chances are, no one wants your data.

  16. This is a misleading summary.

    As an early Anon says, ecryptfs support for $HOME has been a tickbox away since late 2009.

    If you are using alternate CD encryption, you are using dm-crypt/luks. If you are only encrypting $HOME, you can avoid typing your passphrase twice by unlocking on login via libpam-mount.

    If you are encrypting more than $HOME, why?

  17. > If you are encrypting more than $HOME, why?

    1: corporate requirements. Either you encrypt your Linux box according to their requirements, or you get stuck with their pre-configured and horrid Corporate XP image with the encryption built in.

    2: the /tmp dir

    3: the swap partition, or swap file if you have added that.

    4: who knows how any of your proprietary software configures itself.

Comments are closed.