Regarding security in general, it is very hard to make everything bulletproof. It either costs too much to do or becomes too inconvenient. Either way, there is a price to pay and those who are willing to pay it enjoy the most security. (It is quite possible to make credit cards secure, but it costs to much to do, and I am certain the "math" has been done by actuaries to show that the cost of tolerating problems is lower than the cost of a bulletproof system. I could be wrong.) On Linux, you want "crypto" and it is mainly through LUKS and the mapper. I use this and I am a strong advocate of it. At the very core of security lies the user... Whatever lives outside of the LUKS "container" is not to be trusted. I can elaborate to a state of nausea, but I will spare you. At the core of what I do are Linux LUKS-encrypted containers. They are partitions that have been turned into LUKS containers (not to be confused with containers that jail processes, like lxc/docker). I keep the home directories in a LUKS partition. I manually bring them up ('cruptsetup luksOpen /dev/sda2 CRYPTFS') and mount them ('mount /dev/mapper/CRYPTFS /home') when the system starts up. I do a very similar thing with backups. This method offers protection from anyone who can have physical access to your system, say the FBI raiding and taking your hardware with them, or a burglary. You want to use the crypto.