Well, given that Android doest not use systemd, yes, I agree.

Lots of what Lennart says here is true, but there are aspects to it that should be mentioned IMO:

• Per-user home directory encryption is available with ecryptfs. Setting it up is essentially seamless at least in Ubuntu (I haven't tried it in other distros) and can also be activated ex-post. It's not ideal because although it encrypts the contents of files as well as filenames, it preseves the folders structure so an attacker has a good chance of figuring out what a certain encrypted file likely is (and that could even enable known plaintext attacks on files like a .basrc that 99% of the users don't bother customising). Still, it's probably the right starting point and it could also be integrated with and managed by systemd-homed (for the devuan/k1ss etc. lovers out there, all I'm saying is that systemd-homed should offer transparent support for it, not that it should stop working outside of of systemd-homed).
• With grub2 it IS possible to encrypt /boot. I used it for a couple of years. But it's tricky to set up, error-prone and, to my knowledge, no distro installer offers to do it automatically. In some distros, like my current Silverblue, it's very likely not possible at all.
• There is a partial and limited mitigation to the problem of someone injecting malware into the boot sequence, through kernel module signature verification. The easiest and most obvious vector for an attack like that would be to add a spyware module into the initramfs image on an unencrypted /boot partition, and the module signature verification would block that. But again, it's only a partial solution, none of the major distros seem to enable sig_enforce by default (presumably because of nvidia drivers?) and using a signature key other than the distro's, even a TPM-stored one, is possible, but once again the setup is unnecessarily troublesome

you are not very smart. those corporations have to abide laws, people who steal your notebook don't, they'll get all your passwords and vacuum your bank accounts(but maybe you don't have any, or even you are the one trying to do something illegal, so google poses bigger threat to you)

no, they are not
did you read your link?

why you don't use lvm on linux? paired with filesistem which can be resized, like btrfs

Who doesn't have to abide laws? I honestly don't recall any clauses that exclude criminals from having to abide the law.

Those corporations pay to have laws written in their favor. That's basically the standard now, when big tech companies bribe the government, it is not only not illegal, but it is concerned a "political contribution". The laws they have to abide to are already heavily skewed in their interest at the expense of the rights and freedoms of regular citizens.

They also get to use "excuse" practically all their cockups with Russia / China, or individual scapegoat rogue employees occasionally.

Even when they caught breaking the law, the usual routine is to pay fines that are trivial relative to their profits, and that fines are always pocketed by the bureaucracy rather than reaching affected users in any meaningful capacity. Another way you can look at this is they are not being fined for breaking the law, but they break the law on credit, and occasionally do payments to regulators for that privilege. In most of the high profile cases, those corporations make way more on their unethical actions than what they are fined, and since those fines never really seem to change anything for the better, I am more willing to see that as a "pay a fee to do crime".

Big tech is actually a huge security threat to all the smaller, independent companies in the same sector. So maybe it is not the best idea to trust your private business data to a big tech company that may abuse that information at any time to eliminate them as competitors.

In the west, big tech is increasing acting as if it is the government, they apply censorship, they tells us what is hot and what is not, what is right and what is wrong. That doesn't make them trust worthy.

Finally, I dare say that when corporations use their position of power and influence to pass legislation that model society into ever more exploitable form, that's actually a lot worse with far more reaching repercussions than someone stealing your laptop. I have a much bigger issue with big tech abusing its influence to reduce people to mindless cogs, an act of even further robbing people off their humanity and I think that affects me far more than any isolated "illegal" theft would.

Hey guys,

I recently formatted my PC using BTRFS and noticed many guides dont even bother with encryption probably because its too hard

I have 3 partitions which I think are efi, boot and LUKS encrypted. I setup a keyfile to auto-unlock my LUKS partition because I dont want to put my password in twice

can someone just plug my hard drive into another machine, grab the keyfile which is probably on the boot partition and unlock the LUKS partition or is it a bit harder than that?

The same CCP/CIA/FBI/KGB/Stasi/MET (whatever) that will violate your rights, threaten your family,break your legs or keep you indefinitely in jail to get the password from you, and this is on any country.

Against a state actor there is no TPM, FDE or secureboot.

If you put your keyfile on your boot partition then you have no drive security at all. You only need two partitions if you're using Btrfs - an EFI partition and an encrypted Btrfs partition. If you want to use a keyfile then you should use one that's on a USB drive kept separate from your computer, but I would recommend just using a password. If you keep your computer in standby most of the time then you only need to enter it once.

How do Windows and Mac unlock the drive at startup?
Linux needs an encryption solution that's secure and easy to use