Like with any industry, the information security industry, more commonly referred to as “cybersecurity,” for all its raging debates, has rallied around a small corpus of best practices.

One of the highest on this list is full-disk encryption, which security experts regard as sacrosanct, a no-brainer that everyone should use at the barest of minimums. This is the encryption that ensures that someone who snatches your device won’t be able to know everything you’ve got saved on it.

I’m here to make the case that most of you are better off not using it. I know this might sound crazy, since I’m kind of the security guy here, but hear me out.

I am in no way about to talk you out of using encryption — without it, the digital tools that we rely on every day would be unusable. That’s why I’m not arguing against encryption, period; but specifically against full-disk encryption, and only for certain users.

What I contend is that, for most people facing the overwhelmingly most common use cases, full-disk encryption is overkill. These users enjoy no measurable gain in security compared to alternative data at rest encryption, yet they pay for it with a measurable performance hit. This isn’t just a matter of efficiency or load times, but literal increased cost to users, too.

Alternatives exist which afford normal everyday users, with normal everyday security concerns, a level of protection commensurate with what full-disk encryption offers. They are admittedly a bit off the beaten path, as most consumer tech companies have adopted full-disk encryption, but they’re out there.


Leave a Reply

Your email address will not be published. Required fields are marked *