Privacy in Ubuntu 12.10: Full Disk Encryption
See part 1 of Privacy in Ubuntu 12.10: Amazon Ads and Data Leaks.
Full Disk Encryption (FDE) is one of the best ways you can ensure all of the private information on your laptop stays private in case it's lost, seized, stolen, or if you choose to sell or give away your computer in the future. This feature has been built-in to many GNU/Linux distributions, including Ubuntu, for many years. But until the recent release of Ubuntu 12.10, it was hidden away in the "alternate" text-mode installer of Ubuntu that many non-technical users don't even know exists.
At EFF we believe that powerful encryption should be available to everyone, including people who want to use a computer that "just works," and that security should be turned on by default. So in May of 2011, we encouraged Ubuntu developers to build user-friendly FDE options into the graphical Live CD installer that they encourage everyone to download.
It took a year and a half, but the Ubuntu developers finally delivered, and they did an excellent job. When you install Ubuntu, now there's a checkbox to "Encrypt the new Ubuntu installation for security." Users who are new to GNU/Linux and just making the switch can easily have the same level of security against physical-access attacks as seasoned nerds.
It's important to pick a good passphrase that's hard to guess. If you have a weak passphrase, attackers will be able to guess it and access all your data anyway. But on the flip side, if you forget your passphrase yourself, all of your data will be lost. After setting up FDE for the first time, you might consider writing your passphrase down and keeping it somewhere safe, and only destroying it if you're certain you have memorized it. You'll need to type this passphrase each time you boot up your computer.
Ubuntu FDE is Good For Other Distributions Too
This is good news not just for Ubuntu users, but for users of all GNU/Linux distributions that are downstream from Ubuntu. The above screenshots come from ubiquity, the simple graphical live CD installer that Canonical developed. Every distribution that uses ubiquity as an installer will soon also make it easy for users to use FDE. The up-and-coming distribution Linux Mint, for example, is based on Ubuntu, but there is currently no simple way to install it with disk encryption. However, Linux Mint 14, scheduled for release at the end of this month, will be based on Ubuntu 12.10 and should include the new version of ubiquity, therefore making it easy for users of that operating system to use FDE as well.
How This Came to Be
For years, Ubuntu users have been hoping for FDE support in ubiquity, but not enough people were demanding this feature to make it a high priority for Ubuntu. In May of 2011, shortly after the release of Ubuntu 11.04, EFF wrote a blog post that encouraged people to upvote this feature request on the Ubuntu Brainstorm website. Thousands of users who wanted better security quickly upvoted this idea, making it one of the most popular feature requests ever on Ubuntu Brainstorm.
Ubuntu developers quickly responded by creating a blueprint for the feature on their bug tracker, ensuring that it would eventually make it into a release. They didn't start it in time for the Ubuntu 11.10 release, so they pushed it into 12.04 instead. But because 12.04 was a Long Term Support release they decided it was too large a feature, and finally pushed it back to the 12.10 release.
FDE support in ubiquity finally shipped last month when Ubuntu 12.10 came out. We would like to thank Canonical and the ubiquity team for listening to their users and helping to keep their private data private! We hope Canonical will also listen to their users and protect the privacy of their search terms by default.
Encryption for the People
Ubuntu had good timing with including FDE in this release too.
In the last few months there has been a resurgence in crypto-related activism and education, largely through local events called CryptoParties. According to the CryptoParty.org wiki, "CryptoParties are meetups to share and learn basic cryptographic tools such as PGP/GPG, Tor, OTR, TrueCrypt, etc. - the CryptoParty idea was a response to the Australian government passing new data retention laws - it has now become a global, decentralised movement." EFF activists sent a message of support to CryptoParty Melbourne, and EFF staff have spoken at CryptoParty Oakland and are helping organize CryptoParty San Francisco.
One of EFF's missions has been to encrypt as much of the web as possible, and with the browser extension HTTPS Everywhere for Firefox and Chrome we have been encrypting the connections to thousands of websites for millions of users. We also created a Surveillance Self-Defense site to educate the public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.
We think encrypting your hard drive is a fundamental privacy safeguard. In fact, we think it's so important that we challenged Internet users to make a New Year's resolution for 2012 to encrypt their devices.
Now that Ubuntu has made disk encryption more accessible and user-friendly, we're hoping all Ubuntu users will encrypt their hard drives. Many other GNU/Linux distributions also support FDE in their installers. If you're using Windows, you can encrypt your hard drive with TrueCrypt or the builtin but proprietary BitLocker (only available in Windows 7 Ultimate and Enterprise, and in Windows 8 Pro and Enterprise). If you use Mac OS X Lion or newer you can encrypt your hard drive by turning on FileVault, which is also proprietary.
We also hope that users will install HTTPS Everywhere in their web browser, start using Off-the-Record to encrypt their instant messages, and use Tor if they wish to protect their anonymity online. Open source encryption tools are getting easier to use and more widespread all the time. Strong encryption is one of our main hard-fought tools that we can use to protect our:
- Data in case our hard drives end up in other people's hands (particularly important when bringing a laptop across the U.S. border)
- Privacy against warrantless wiretapping, deep packet inspection, session hijacking, and other types of attacks
- Free speech rights and open access to information
When you use encryption you're not only improving your security, you're also asserting your rights. Let's make encryption ubiquitous.
Recent DeepLinks Posts
Aug 31, 2015
Aug 31, 2015
Aug 31, 2015
Aug 31, 2015
Aug 28, 2015
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Defending Digital Voices
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2015 Copyright Review Process
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games