Ubuntu – Is the encrypted home folder open to other users when I am logged in

If you enable Ubuntu's Home Directory Encryption, your $HOME directory will have permissions 700 (rwx------) when its mounted, and permissions 500 (r-x------) when it's not mounted. This meaning that you are the only non-root user who will be able to read/write/browse your home directory when its mounted. And when it's not mounted, you'll be able to read/browse, but not modify the contents of your home directory. This is intended to prevent you from inadvertently writing unencrypted data to your home directory.

This is in contrast to the default Ubuntu Home Directory permissions, which are 755 (rwxr-xr-x). That permission allows any local user on the system to read and browse your home directory. This default was chosen for Ubuntu long, long ago in the interest of "sharing" and "openness".

These are called Discretionary Access Controls (DAC), and come from the earliest days of UNIX itself.

The root user (perhaps via sudo as you mentioned above), is privileged in a way that allows them access to any file or directory, regardless of the DAC permissions in place. That means that yes, while your home directory is mounted, the root user is able to browse your home directory.

However, when your home directory is not mounted, the root user would need your login passphrase (or, more specifically, your randomly generated mount passphrase) in order to mount and decrypt your data.

In general, the encrypted filesystem that we use (eCryptfs) is intended to protect your data at rest on the hard drive, rather than protect you from your own root user.

Full disclosure: I am the author of Ubuntu's Encrypted Home Directory feature, and the current maintainer of eCryptfs.