While this post comes off as concern trolling, I still recommend to use full disk encryption (FDE) on your drives, even if you dont keep personal information there, it makes it much harder for someone to plant or tamper data with physical access. Even so, "evil maid" attacks have been demonstrated to sniff FDE passwords and get around that if they can get physical access, but that is much more complex to pull off.
You should have a backup of critical data on a separate storage media (separate HDD/SSD) that is encrypted as well. You should encrypt personal data on cloud storage also.
And always use a VPN to avoid further traffic analysis from your ISP, I prefer PIA because their claim of not keeping logs was proven in court - https://www.privateinternetaccess.com/
meh pia is hosted in the us so even if they don't keep logs they could be forced to cooperate with active profiling etc. also with FDE you may be obligated to give them access or maybe face an obstruction charge or something, not sure how it works in usa. Another option is a truecrypt hidden volume, they wouldn't even know it existed without the password.
view the rest of the comments →
throwaway89209834 ago
While this post comes off as concern trolling, I still recommend to use full disk encryption (FDE) on your drives, even if you dont keep personal information there, it makes it much harder for someone to plant or tamper data with physical access. Even so, "evil maid" attacks have been demonstrated to sniff FDE passwords and get around that if they can get physical access, but that is much more complex to pull off.
For windows I recommend - https://veracrypt.codeplex.com/
If you are on linux, i'd go with LUKS and these steps generally work - http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
You should have a backup of critical data on a separate storage media (separate HDD/SSD) that is encrypted as well. You should encrypt personal data on cloud storage also.
And always use a VPN to avoid further traffic analysis from your ISP, I prefer PIA because their claim of not keeping logs was proven in court - https://www.privateinternetaccess.com/
mysecretidentity ago
meh pia is hosted in the us so even if they don't keep logs they could be forced to cooperate with active profiling etc. also with FDE you may be obligated to give them access or maybe face an obstruction charge or something, not sure how it works in usa. Another option is a truecrypt hidden volume, they wouldn't even know it existed without the password.