Who uses encrypted devices? More people than you'd think

The popular image of someone using an encrypted phone is a spy, a criminal, or a paranoid tech enthusiast. The reality is considerably more ordinary — and more interesting. The actual user base for encrypted phones, laptops, and privacy routers is broad, professionally diverse, and largely motivated by practical risk rather than ideology. Here's who actually uses these devices and why.

Journalists and reporters

For journalists, source protection is not optional — it's an ethical and in many cases legal obligation. A source who trusts a reporter with sensitive information needs to know that information cannot be extracted from a device if the reporter is detained, has their devices seized, or is subject to a court order. Encrypted devices dramatically reduce the value of physical access to a journalist's hardware. Many working journalists — particularly those covering politics, security, and investigative topics — use GrapheneOS phones and encrypted laptops as standard equipment.

Legal professionals

Lawyers, barristers, and legal researchers handle client information protected by professional privilege. A stolen laptop containing unencrypted case files or privileged legal strategy is not just an IT problem — it's a professional conduct issue. Full-disk encryption means that if a device goes missing at an airport or hotel, the content is inaccessible. No client data. No privileged communication. No breach.

Healthcare professionals

Doctors, therapists, and healthcare administrators handle patient data governed by strict privacy regulations. Patient records, diagnosis information, and mental health notes are among the most sensitive categories of personal data that exist. Loss of a device containing this data constitutes a notifiable data breach in most jurisdictions. Encrypted devices are a standard part of a compliant data handling framework for healthcare professionals who work outside a secure office.

Business executives and high-value targets

Senior executives, board members, and founders travel frequently with devices containing merger discussions, acquisition strategies, and confidential client relationships. They are high-value targets for corporate espionage and competitive intelligence gathering. For this group, the question isn't whether they need encrypted devices — it's whether their existing devices are correctly configured. A laptop with encryption backed up to a cloud account provides significantly weaker protection than it appears.

Activists and civil society workers

People working in civil society — human rights organisations, political campaigns, advocacy groups — often operate in environments where their communications and contacts could put themselves or others at risk. In some contexts, a contact list or message history can be used to identify and target individuals. Encrypted devices limit what an adversary can obtain if a device is compromised.

Frequent international travellers

Border crossings present a specific risk that many people underestimate. Border agencies in numerous countries have broad powers to inspect, copy, and retain the contents of devices. Encrypted devices with strong passphrases significantly limit what can be obtained in these situations — protecting client data, employer confidential information, and privileged communications regardless of why you're crossing.

People who've experienced a breach

A significant portion of privacy device users aren't motivated by threat modelling in the abstract — they're motivated by a device having been stolen, a data breach, or an account compromised. The experience of real loss produces a clear understanding of what protection would have prevented it. For many people, an encrypted phone or laptop is a direct response to a specific incident.

Security researchers and IT professionals

Security researchers, penetration testers, and IT professionals use encrypted devices for reasons distinct from the groups above. Research environments often require a device that is completely clean — no vendor telemetry, no cloud-synced credentials, no background processes that might interfere with network analysis or make it difficult to attribute traffic to its source. A GrapheneOS device with no Google services provides a genuinely clean network environment: when you see network traffic from the device, you know what generated it. Researchers also benefit from GrapheneOS's advanced permission controls, which allow extremely granular control over what each application can access — essential for testing in controlled conditions. And for professionals who themselves handle or test security tooling, running that work on a device where the OS is open source and the entire attack surface is documented is a meaningful advantage over a proprietary OS where background behaviour is not fully disclosed.

The common thread

What these groups have in common isn't ideology — it's that they handle information valuable enough to warrant protecting correctly. The threat isn't theoretical. The data is real. The devices that carry it should match the value of what's on them.

If you're evaluating whether a Norypt device is right for your situation, get in touch and we'll help you assess what makes sense for your specific use case. Or browse the full range to see what's available. Most consultations are brief — the right answer is usually clear once we understand your work and the data you need to protect.