APFS encryption and features

Hi community!

I know that APFS is a brand new file system and there is a lot confusing, especially regarding APFS (Encrypted) and FileVault. But I'm hoping that I understand it more or less. I still have a lot more questions that I couldn't find answers.

Ok, so first of all. I use MBP13 Late 2013 in top configuration (i7 2.7GHz, 16GB RAM, 1TB SSD).

I use my laptop a lot. I work a lot with photography (Lightroom and Photoshop), I work a lot with software development and even work with FinalCutPro for small video commercial productions. This is a reason why I decided to go with the most powerful configuration of the MBP available on market that is still very portable as I travel a lot too, working around the World, often during transportation (this means offline/on battery).

I needed a huge storage especially for my media files.

When I purchased the laptop, there was Mavericks available and this is what I was actually running since the purchased. Then, back to the 2013/2014 I decided that I will not use FileVault as the reason why I paid extra for the powerful spec is to get the performance back. Editing RAW files etc. is very very slow, and in my opinion loosing 5-10% of performance due to encryption means a lot. Lets say (I'm taking the numbers from nowhere now) that importing and rendering previews of1000 RAW image files into LR library takes 10 mins approx. This is means that by loosing 10% performance, and we are talking hear about heavy I/O operations (that means a lot of encryption involved), I need 1 extra minute to wait. This is a lot. Especially if you do a lot of operations like this. And in fact, the real time estimation is a way more than 10 mins that actually means I would loose more than 1 minute every time I do the process.

I was aware about security issues, stealing important files or identity etc. Honestly? I think this is exaggerated. Sure, it's better to promote this option especially for non aware users (and I am sure they cover a huge piece of the market). Most of your credentials are stored online anyway. There is not much to steal from the computer itself. A way more dangerous is what we store on websites (any e-commerce, social media etc.). Usually it's a way easier to steal these information & data remotely than stealing the notebook in-person. Even so, I am sure that most of this accidents is due to reselling hardware profits (Firmware password!) not collecting data about RANDOM person. It's different story when we talk about military, government, medical or other purposes. But this is not the case.

So, I had been using the Mavericks for few years and my SSD failed and decided to replace it via Apple to the same I had before. As I got new SSD and I got also a fresh installation of the macOS High Sierra. It's ok. Actually, this is a good sight of the situation that forced to move forward ;-)

So, here again I have a fresh system and before I start to use it heavily, I'm trying to figure out what options will be the best nowadays, especially as we got the APFS.

So, first of all, I am still not convinced to the idea of "encrypt everything". AFAIK my CPU supports AES-NI that means that the load shouldn't be huge. I found different comparisons about speed with and without FV this mostly they could be a bit outdated as based on the HFS+.

Does anyone know what real performance lost will be with encryption? I believe going with 2-3% is acceptable but closer to 10% is not an option.

Why the idea of encryption of the whole disk is that important (I know that it's still more important to encrypt the whole disk than just part that is covered by active data)? I mean why a regular user would need to encrypt anything our of his Home directory? I know that it's how the FV1 worked and aparat from the performance issues I don't get why there is huge hype for regular users to encrypt everything now.

I'm looking for convincing myself here ;-)

There is also some questions regarding the APFS in general. There is a cloning and snapshots feature. Do I understand correctly that enduser doesn't have anything to do with it? These features can be used by applications only or rather system itself, right? E.g. Time Machine could start to use snapshots. What about the clones? Does it happen automatically while I use Finder, Terminal or any other application while copying or saving as new file something on the same volume?

What about specific files/directories encryption? How can I start to use this feature? I don't see Encrypt option while right-clicking on directories in Finder.

This is what I think would be a solution to my encryption drama. The best what I could do is to select which directories I want to encrypt or at least select the directories that I do not want to encrypt such as mp3 files or raw images etc.

Is it possible?

The only solution I found so far is to create mounting disks with APFS and encrypt it. Well, this is a workaround. A bit messy for many other reasons (in fact I have a single file instead of directory). But I don't like workarounds.

Any thoughts? Any hints? And please don't propose the solution of "you can always disable FV if you don't like it" as there is more information about how this process can hang for weeks and I use my notebook for work and can't lack of performance for a month or something.

Thanks,

Bart