Like most topics in computing, encryption gets very complicated, very fast, the deeper you want to examine its inner workings.

Fortunately, on a surface level, it’s not too difficult to understand.

The basic idea is that when data is stored on your computer’s disks, it’s generally stored by default without encryption. What this means is that anyone who happened to have temporary physical access to your computer could pull out the hard drive, copy it, put it back, and you’d never have any idea all your files were now in someone else’s possession as well.

Another downside to not having your computer encrypted are situations where it’s stolen. This is more or less the same situation as above, except now you’d probably be aware (at least eventually) that your computer and its files were elsewhere, since they aren’t where you left them.

In both of these cases, without encryption it’s possible for someone to read virtually every file on the disk. From viewing your photographs to reading your Word documents; viewing your internet browsing history to possibly recovering passwords; reading emails stored in Apple Mail or Outlook (which is all of them, usually) to listening to your entire music collection.¹

Something that’s often overlooked though is that it opens up your Dropbox, Google Drive, Microsoft OneDrive, etc. to anyone who has physical access to the computer.

This is counterintuitive for many because in order to view those files normally you have to be logged in to the service. They’re password protected, right?

Not once they’re on your computer they’re not. Once you install the Dropbox application and log in, it downloads a copy of everything to your computer and keeps those files in sync with the ones that are up in the cloud behind password protection.²

What that means is that while someone on the internet couldn’t just open your Google Drive folders without having your Google account information, someone who has copied your unencrypted hard drive or stolen your computer gets a copy of all the files as they were at the last time of syncing with the server. If you’re like most people and leave the sync client running while your computer is on, they’ll have access to all the files in your cloud storage as they were the last time your computer was on and connected to the internet.

That’s not good!

It’s especially not good if you happen to share files with other people. Perhaps your family has a shared photo album where family members upload their vacation photos, or maybe you have a work folder synced up and there’s proprietary company data there. While you may have thought things were secure even though your computer is stolen because you need a password to access them online, you don’t need one to read them off of an unencrypted hard drive.

The most common argument I hear against encryption, aside from it being complicated (it’s not), is that it’s only for people who have things they need to hide. Well, perhaps you’re the sort of person who really wouldn’t mind if every document and photo you have on your computer was suddenly available to someone who stole it. There’s even some truth to that — what would they want with that information anyways?

There are a lot of things that can be done with seemingly innocuous data. A thief could find a list of your contacts on the computer and begin a phishing campaign, pretending to be you and asking them for money, passwords, etc. They could find your calendar information and track you down. They could go through that memoir you’ve been secretly writing for years and use it as a word list to guess your password. That chapter where you mentioned your mother’s maiden name, your first dog’s name, and your favorite band? Yeah, now they can reset your passwords and hijack numerous online accounts.

Even more than that though, while you may be fine with all your information being on display, the people who have shared documents with you — your friends, family, employer, etc. — may not be. Once you’ve accepted a file from someone you take a certain amount of responsibility for it and perhaps your cousin doesn’t want his honeymoon snaps from Aruba getting out. Or maybe your employer doesn’t want that finance Excel sheet you’ve been working on getting out. Even if there’s absolutely nothing harmful anyone can do with it, people deserve to have their desire for privacy respected.