1. Anything is better than no encryption at all
    Even though I consider the following points quite important, they really are just things you should be aware of. For example, I certainly wouldn't have encrypted all my devices if I had to enter my password each time or even click some additional button. The Gnome Encfs Manager can automatically mount and unmount the stashes on removable devices without any user activity, so it absolutely makes no difference whether they are encrypted or not. Just decide for yourself how much privacy you want for which data.
  2. Disable tracking and indexing
    Most desktop environments and applications are indexing / tracing / caching etc. all of your actions and files nowadays. Such mechanism are the natural enemy of privacy and encryption. It's normally a nice thing to have, but you don't want that for your private data. That's why I recommend to have only one folder (I use ~/Encfs) which contains all mount points (I also have my stashes in there because it is just a waste of time if your system indexes encrypted files and folders). It's easier to exclude one folder from indexing than to configure all of them separately. To sum it up, users of Nepomuk should take a look at "Customize index folders..." found in the file indexing settings and Zeitgeist-users, well, I don't really know. Ubuntu has a "Privacy"-panel in the system settings where you can exclude some folders from tracking. It's kind of minimalistic but seems to work ;-) IIRC, Ubuntu also enables mlocate by default. Does someone know whether the privacy settings affect that as well? (It's always among the first things I uninstall everywhere hence I am not really familiar with it)
  3. Use a sand-boxed environment
    Unfortunately most applications don't respect privacy settings and still cache data wherever they can. Especially file managers tend to cache lots of data. Again, it's normally a nice thing to have, but you don't want that for your private data. Have you ever wondered, why the Gnome Encfs Manager didn't have an "open in file manager when mounted"-option for a long time? There you have the reason. Of course you could use xdg-open "$MOUNT_DIR" as the post_mount_command if you really wanted do do that, but the ability to execute custom commands / scripts when mounting and unmounting allowed for better solutions. Actually #01 convinced me in the end to add it nevertheless. However, I recommend the usage of some scripts to set up and destroy a fitting environment to work with your mounted stashes. (For some inspiration, you can can take a look at my "cnemo"-script)
  4. Use the keyring wisely
    The Gnome Encfs Manager allows you to save the passwords for your stashes inside the keyring which is automatically unlocked when you log into your desktop. While this is undoubtedly convenient and practical for data you put on the internet (cloud-folders etc.) it might not be a good idea the save the passwords there when you want to protect the data from the people around you. Recent versions of GEncfsM allow the usage of separate keyrings through the variable "keyring_name" and you might want to use this option when you store the passwords for you devices etc.
  5. Unmount unused stashes
    As long as your stashes are mounted, they are not save! While this point is probably only relevant for stashes for which you didn't save the password in the keyring, it is something you should keep in mind. Even though the probability is rather low that someone unauthorized gets access to your computer, it's better to be on the save side and to keep at least your passwords and important documents always locked away and only mount them for a short amount of time when needed.

To be continued and please don't hesitate to leave your comments.


I respect your privacy
I don't run any trackers on this site.

Your questionable browsing-history should remain between you and the NSA ;-)
Contact