Hacker News new | ask | show | jobs
by klodolph 1318 days ago
> Solutions, that don't involve someone being an unpaid 24/7 infrastructure support tech, on a postcard please!

One step at a time!

1. Back up your data.

2. Test restoring your data.

3. Automate your backups.

4. Automate your test restores.

5. Now you are ready for full-disk encryption.

It is okay if you do not complete all steps. More steps is better. Do not skip ahead.
1 comments
marginalia_nu 1317 days ago
So as long as you keep your data unencrypted next to your encrypted data, you're fine. Checks out.
link
klodolph 1317 days ago
I get it, it’s fun to make jabs at posts on HN. You don’t need to lean so hard into the trope.

I may have assumed that your backups were encrypted, just because so many backup tools do it automatically. And I didn’t put that in the post. Predictably, I get some kind of jerk replying to the comment with a sarcastic jab, rather than any kind of interesting discussion.

Accidental data loss is the big risk, and for most people, it’s a bigger risk than any risk of someone reading your unencrypted data. It makes sense to start with the most serious risks (data loss), and work your way down to the minor risks (compromise).

It makes not sense to start by encrypting your data, because it significantly increases your risk of data loss, in the absence of good backups. That’s what the article is talking about.

link
marginalia_nu 1317 days ago
I legitimately didn't, and still don't, see how this solves the problem of less technical users losing their encryption keys.
link
klodolph 1317 days ago
Because it gives you a longer period of time to learn the keys without consequences if you forget.

If you encrypt your HD, you’re suddenly in a position where forgetting your key will lose all your data. It’s like walking off a cliff and hoping you can fly.

If you start by making backups and doing test restores, there’s a period of time where you are still forced to remember the key (to do the restore), but the consequences for losing it are low.

link
marginalia_nu 1317 days ago
Yeah I don't think this would help my mother.
link
klodolph 1317 days ago
Your mother wouldn’t benefit from backups? The idea here is that you get backups working first, because data loss is the most serious risk, and then you later consider whether you want full disk encryption once you have backups working.

Encryption is designed to make data difficult to access, so it makes sense to consider backups and encryption jointly. I don’t understand why someone would consider this controversial.

link