BudMan, on 10 December 2012 - 20:39, said:
Your point of identity theft is a valid one for sure. But I am curious what is on that computer that could be used for that means? I only have what is on mine and ones I have access to as examples.
I'd be curious to see what information I could pull off your hard disk. Even in private browsing mode, your web browser still writes cache files to the disk (I should write an article proving this - I tested it in a virtual machine once). Even if you manage to secure all your sensitive files (there's bound to be a few things you missed), there's very likely sensitive information in the free space between files. When you move a file into an encrypted container, do you shred it afterwards?
Simply put, full disk encryption is the most fail-safe solution there is. It's practically guaranteed (I'm choosing my words carefully) that your information is secure should the physical medium ever be stolen.
I don't store my SS# on my PC, nor any sort of account numbers to banks etc. If they broke into my home - they would have mail laying around with my full name in plain site, along with most bills and account statements have your account number on them. These are not encrypted and could be very easily stolen and used for that purpose. If their goal is identity theft - my hard copy tax returns are sitting there in file cabinet right next to computer. Much easier to just grab those I would think if that is the goal.
Neither do I. Any sensitive information of that nature, I'll store encrypted. But it's simply too likely that the OS or software will leak the information; most developers don't think about these things or don't understand. Suppose you scanned some documents with sensitive information and saved them as image files to an encrypted container, then your image viewer stores thumbnails of those documents somewhere. Heck, even some PDF/document readers store thumbnails.
If a someone stole my PC they would have access to pictures and videos of my grand daughter, family trips and gatherings. They could view my browser history and find out I like to visit neowin and reddit, etc. All passwords to sites are encrypted via lastpass - so they wont have any of those to access any accounts or email to be used in the theft of my identity.
Unless you logout of all of those websites every time, valid cookies could still exist somewhere in the free space on your disk.
With encryption you add risk, the stuff your encrypting should warrant the extra risk. If it does then more power to you - there are great tools out there to accomplish it. TrueCrypt being one of them, great product. You could use bitlocker as well very easy to use.
In an encrypted volume, the most vulnerable part is the header where the keys are stored. Keep a backup of those (email them to yourself) and your files are no more at risk than without encryption.
But I am not going to encrypt the TBs of home video for one - because for one the loss of said data well surpasses any loss if stolen for sure if something went wrong with encryption. Kind of pointless to encrypt the original and not the backup, so what happens if something goes wrong with my encryption - I loose the key, forget the password?
I guess it's a matter of risk assessment here. But if somebody steals my laptop or hard disk, I don't want them gaining insight on my life. It happens that criminals will rob the same place twice, and the more they learn about you, the easier it is for them. And even if the person has no malicious intent and digs into my life for their own amusement, I still don't care for them to look through all my personal photos and videos.
I can see your point of whole disk encryption makes it easy not to have to worry about what warrants encryption and what doesn't or what might not be encrypted that should be, etc. And yes its a valid point - Then again your going a bit over the top to be honest if your thinking not doing so you should have to secure wipe your free space just in case your machine gets stolen and some Chinese hacker gets the disk and pulls up some info they can use to steal your ident.
And therein lies the problem - assuming that these abilities are out of reach of common criminals and limited to "chinese hackers." The person who breaks into your house is unlikely to know much about computers. But as I stated before, they could simply sell off the hard disk to others with the skills to do so.
But I think we both agree - encryption is not something to play without fully understanding what your doing, or yes the normal user could quite easy secure themselves out of their own files
I am more worried about billy encrypting his home video and pictures and then loosing them vs the "possible" breaking to his home and someone stealing his ident because there is some privacy information on the machine.