Today i took my first steps into the world of Linux by creating a bookable Mint Cinamon USB stick to fuck around on without wiping or portioning my laptop drive.
I realised windows has the biggest vulnerability for the average user.
While booting off of the usb I could access all the data on my laptop without having to input a password.
After some research it appears drives need to be encrypted to prevent this, so how is this not the default case in Windows?
I’m sure there are people aware but for the laymen this is such a massive vulnerability.
No, it’s a choice, because:
History… encryption didn’t exist in the beginning. Upgrades won’t enable it.
Recovery… try telling the people that didn’t backup the encryption key - outside of the encrypted vault - that their data’s gone.
Performance… not such an issue these days, but it does slow your system down (and then everyone complains)
So, please continue to encrypt your data as you choose and be less judgemental on others, esp. anyone new
Blah blah blah. Unencrypted data is the wrong default in 2025 for any OS. Linux should not be a poor man’s OS.
It depends on your use-case.
Encryption of data at rest (this discussion) is mostly helpful for physical theft, so a device that never leaves the house, there’s little reason for encryption.
Similarly, on a lower powered mobile device, maybe you only want / need user data to be encrypted, and there’s no need to encrypt the OS, which keeps the performance up.
Maybe you want the whole thing encrypted on your high performance laptop.
So, it’s difficult to define a sane default for everyone, thus making it an option for the end user to decide on.
Linux has more choice than Windows - and the encryption algorithm(s) can be verified - so it’s definitely the better choice.
I will definitely say I wish encryption setup was a lot easier in Linux. Windows is like “wanna Bitlocker?” Done.
With most Linux installers, if you’re not installing in a very default way, and clicking that box to encrypt the drive, it’s time to go seriously digging. For a while.
I managed to encrypt a secondary drive with the same password on my EndeavourOS laptop, but I still need to enter the same password 2 times before getting into the OS.
I consider that a feat, and I’m not touching it for fear of losing everything lol.
Yes, I feel your pain.
Encryption drives sound like a good idea until the subject of unlocking them comes up… and automatically unlocking the drive for the OS isn’t really helping.
But, for user data, it can be unlocked automatically during login. The Arch wiki covers this.
But backup your data 😉
You can’t enable encryption after the fact? What a backwards system…
For which OS?
It can be enabled at any time on Windows & Linux. It’s just optional.
It’s your bullet point number 1