1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12

Day 4

Encrypt your hard drive


From Micah Lee’s “Encrypting Your Laptop Like You Mean It”,

how can ordinary people get started using encryption? …One obvious place to start, where the privacy benefits are high and the technical learning curve is low, is something called full disk encryption. …it’s built into all major operating systems, it’s the only way to protect your data in case your laptop gets lost or stolen, and it takes minimal effort to get started and use.

If someone gets physical access to your computer and you aren’t using disk encryption, they can very easily steal all of your files… It doesn’t matter if you have a good password… Encrypting your disk will protect you and your data in case your laptop falls into the wrong hands, whether it’s because you accidentally left it somewhere, your home or office was burglarized, or it was seized by government agents at home or abroad.

I recommend reading the entire article; it’s short and gives a great overview of foundational concepts. Your homework below is a summary of the actions described in that article, but:

If you want to encrypt your hard disk and have it truly help protect your data, you shouldn’t just flip it on; you should know the basics of what disk encryption protects, what it doesn’t protect, and how to avoid common mistakes that could let an attacker easily bypass your encryption.


Break out your dice, because it’s time to create another passphrase. This one will be used to derypt your hard drive.

Once you’ve created a new passphrase, it’s time to encrypt your drive. A quick note on recovery keys: you may be prompted to store a copy of your key in the cloud. Doing so is not advised:

I recommend that you don’t save a copy of your recovery key to your account. If you do, [Microsoft, Apple] — and by extension anyone (they) are compelled to share data with, such as law enforcement or intelligence agencies, or anyone who hacks into [Microsoft, Apple]’s servers and can steal data — will have the ability to unlock your encrypted disk. Instead, you should save your recovery key to a file on another drive or print it. The recovery key can unlock your disk, so it’s important that it doesn’t fall into the wrong hands.

The encryption process varies depending on whether you’re running Windows, OS X, or Linux.


Full disk encryption on Windows is called BitLocker. The process varies slightly depending what version of Windows you’re running.

Windows 10

Follow Microsoft’s guide, then read through the “Windows <10” section for additional background and recommendations.

Windows <10

Follow the Intercept’s guide; it’s thorough and concise.


Full disk encryption on OS X is called FileVault.

First, update your password to the passphrase that you just generated:

  1. Open System Preferences
  2. Click on the Security & Privacy icon
  3. Switch to the General tab
  4. Click the lock icon in the bottom left so you can make changes
  5. Click “Change Password…”

Once you’ve updated your password:

  1. Switch to the FileVault tab
  2. Click “Turn On FileVault…”[1]
  3. Run through the steps shown on screen.


Follow the Intercept’s guide; it’s thorough and concise.

  1. If the option instead says “Turn Off FileVault”, congratulations! You have full disk encryption enabled already. ↩︎