I appreciate your reply!
I wasn’t thinking of using Veracrypt/Truecrypt to encrypt my Windows drive, but external USB drives that are plugged into my Windows PC’s USB ports.
1 Like
1 Like
I’ve used Linux in the past. I’m wanting to make the switch to a Nix, particularly Linux, but it’s taking me time to transition.
I’m trying to choose which Linux distro I should go with. I wish there was a company similar to Apple, who sell both hardware and software together just to make sure the hardware and software are 100% compatible.
system76.
1 Like
Off topic- System76
Off topic, but system 76 does not control the hardware. Their laptops are rebranded clevo laptops. If it’s just packaging software and hardware together, then yes system76, framework, Purism, etc. all qualify.
As far as I know, Framework does work with first party vendors which is better than whitelabelling clevo laptops, but still doesn’t manufacture its own hardware.
Apple is very unique in it’s ecosystem integration and control, with Google and Microsoft being close second and third (and both being very far from Apple).
1 Like
Still, it ensures that the OS is fully compatible with the hardware and that everything will work as expected out of the box
1 Like
Off topic - System 76
Then any custom laptop manufacturer would qualify, including purism, novacustom, system76, framework, etc.
Also perfect compatibility is not a fact. Do check out their forums for fingerprints not being compatible at all for years till like 2020 I think?
This is a quote from a conversation on hn:
User:
I think you exaggerating your current work with the upstream manufactures a little bit, otherwise you wouldn’t have completely unsupported things like fingerprint reader in your laptops.
System76:
Sometimes we have to make hard decisions like that where the upstream manufacturer insists on a feature in order to get a certain class of design (because then they can resell it to Windows companies and have it be an extra selling point). That sort of thing is happening less and less, though, as we continue to do well and help design successful products.
Source: General FYI: most/all System76 hardware is actually rebranded models from Clevo,... | Hacker News
So they actually don’t have perfect compatibility. The issue with them is the order size. Clevo won’t make exclusive runs of laptops for them, so they can’t promise perfect compatibility. I think since Lemur this has improved a lot though.
1 Like
I’ve been researching System76 so thanks for all the recommendations!
It’s a shame they’re not based locally.
I can’t find much discussion on System76 on PrivacyGuides though?
Maybe because their gear can get pricey and escape most people’s budgets. But it’s good hardware nonetheless.
1 Like
Veracrypt is gold standard for encryption. I think they even offer disk encryption for Windows users (they use to anyways). I would opt for that every time. And even for Linux, it offers a user friendly (you don’t have to learn cryptsetup commands) way for encrypting folders and USB’s. Their hidden volume option can even allow you to open encrypted partitions without compromising yourself.
I’m not some expert in cryptography, far from it. But I don’t see how you can do better unless you start talking about advanced setups, like using encrypted keyfiles to prevent your operating system from mounting for unauthorized individuals.
I think the only reason why people still proclaim Truecrypt is superior is because of those alleged reports of the FBI failing to open a Truecrypt partition. Those are very old reports now, lol. And in truth, using an outdated encryption program is never good practice.
1 Like
It doesn’t make sense to use anything else than Bitlocker for a Windows boot drive.
Sure it does. For one, Bitlocker is only available for Pro and Enterprise editions of Windows. So technically, not even all Windows users have access to Windows encryption. Whereas all Windows users have access to encrypt their system with Veracrypt. Also Bitlocker is proprietary, and, by definition, less trustworthy. Its like the debate yesterday with WA messaging. Why should we trust the code when it’s not made available to us? And perhaps most importantly, it doesn’t make good sense for someone to endorse Truecrypt as “the best” and not give that same extension to Veracrypt when the developers of Veracrypt actually took Truecrypt’s security audits into account to improve their own product. Just because you’re already trusting Microsoft, that doesn’t lend credence to trust them even further. Go with the FOSS alternative.
2 Likes
Just because something is proprietary doesn’t mean that it’s a black box that can’t be audited or pen tested.
There are some valid reasons to use BitLocker over VeraCrypt.
I guess if someone wanted to upload their keys to Microsoft or use TPM then Windows encryption would better suit their needs. But these are more “anti-features” than features in my opinion, lol. Making data recovery easier is not the purpose of encryption software, and against the right type of adversary, might just mean it’s less secure. If I get locked out of my own drive, I take full responsibility for such carelessness.
1 Like
I have a very strong preference for open source encryption and security tools generally. But I’d apply the same reasoning to using Bitlocker or Windows defender on Windows, as I apply to using Safari on iOS.
That is, if you’ve already committed to using an entire closed source operating system from Microsoft, its not a very significant extension of trust to also trust Microsoft to handle Encryption and Anti-Malware.
- Users that deeply distrust Microsoft or closed source software shouldn’t be using their proprietary OS in the first place,
- And users who don’t deeply distrust Microsoft or their closed source operating system, don’t really have a reason to be any more concerned about bitlocker or windows defender unless they have specific articulatable concerns.
(this is not an argument against Veracrypt, which I think very highly of)
1 Like
What about for external HDDs or SSD’s that are connected via USB? Surely VeraCrypt would always be the best choice?
Yes.
Why do you prefer Veracrypt?
I was thinking of buying a tiny new mini PC with a small inbuilt SSD and then use an external USB dock that’s AC powered by the wall so that devices like USB SSD’s or external USB-C/Thunderbolt etc SSD’s will have enough power.
I think this thread has run it’s course.
There is no reason to use Truecrypt, it’s unmaintained. Use Veracrypt, or better yet, if you’re on Linux use LUKS. Bitlocker has some advantages on Windows, for the C:\ due to hardware backing and TPM usage.
5 Likes