New
#11
What I'm rethinking is the best approach to compartmentalizing/securing my own data as well as any client data I may process. I'd *like* to keep all of each entity's data in its own encrypted container with its own password... and not have to encrypt anything else. Practically speaking though, I still doubt it is possible to reliably prevent the OS and various applications from persisting unencrypted data to other media (such as the system partition). Encrypting that other media doesn't solve the leak problem, although it does to some extent mitigate it.
I don't know what you meant above. One approach to dealing with an OS and applications that leak data would be to put/run them in the encrypted containers along with the sensitive data. I need to learn more about VM platforms, but I suspect it might be possible to keep each person or entity's data compartmentalized and secured by having an encrypted virtual machine for each.