How to prevent ID/Data theft when recycling electronics

Discussion in 'privacy general' started by Brosephine, Apr 20, 2018.

  1. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    181
    Location:
    Metropolis
    Hello,

    I have some old electronics that I plan on selling and/or trading in and want to insure that all of my data is securely off before doing so. I know that people often purchase used electronics with the intent of extracting hard to reach data that the previous owner thought was permanently deleted. I have factory reset all of the devices, but I know that simply doing that is not enough to prevent a motivated thief with forensic tools from extracting some data.

    What are the tools and techniques you deploy when in this situation?

    My devices range from PC's to Android Phones and Tablets.

    An article I read recommended Cybercide, Eraser, DeleteonClick, or KillDisk. I have also read about Privazeer on this forum.

    Thank you for your help!
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Use plain old Unix command (it is present in Gnu/Linux, *BSDs and maybe macOS) dd to wipe you HDD/SSD.
    You only need one, complete pass of overwriting to delete everything you can.
    SSDs are reallocating a lot of data, but you don't have access to cells marked as wear out anyway. Maybe secret services have modified firmware for SSD to extract that data. If your adversary is some secret service, it is better to phisycally destroy HDDs, SSDs.
    Code:
    # dd if=data_source of=/dev/sd"X" bs=sector_size
    On Arch Gnu/Linux wiki you can read more, but IMHO they recently slightly overcomplicated that article.
    https://wiki.archlinux.org/index.php/Securely_wipe_disk
     
    Last edited: Apr 21, 2018
  3. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    181
    Location:
    Metropolis
    I appreciate your response and the wiki. The information is slightly above my level of understanding and I do not use Linux/Unix yet. Ill graduate to it sooner or later but in the meantime I use Windows & Android OS. I'm looking for a recommendation of a user friendly program designed for Windows that will keep my data safe from would be ID thief's. I'm not worried about adversaries beyond that.
     
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Just keep in mind overwriting several times the same place on HDD, SSD is a waste of time. In SSD case it wears out cells reducing it's lifespan without any benefit.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    HDDs on PCs are easiest to deal with. Just overwrite the entire disk with garbage. There are Windows tools for doing that. Sure, determined adversaries could maybe read data from inter-track space. And there could be hidden areas. But not likely.

    SDDs on PCs are harder. Because of all the background block rotation to balance wear, and the swapping of bad blocks for spare ones. HDDs do stuff like that, but it happens rarely. And for SDDs, it's part of normal operation. So once blocks are no longer in active use, there's no way to erase them. So determined adversaries, with tools for low-level access to NAND chips, could extract some data from an overwritten drive.

    With iOS, the best approach is probably setting the device's password, and forgetting it. Then reinstall the OS. Any iCloud backups would be associated with the account, not the phone, right?

    Is that a workable solution for Android devices? I presume that there are apps for that. Maybe better if you root the device first. But then there's the risk of bricking it, so OS can't be reinstalled. Or at least, I've managed to brick Android devices :(
     
  6. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    I didn't seen any evidence of reading from inter-track space on modern HDDs. Maybe even NSA don't have tools for that after one pass of overwritting data.
    Because of bad blocks there are reallocation mechanisms on the HDD, too. I think this reallocation is the only valid concern. Fortunately reallocation occurs at the much lower (orders of magnitude) rate than SSD.

    If somebody wants to put sensitive data on HDD and then be able to sell HDD without that data being recoverable even for NSA - encrypt all HDD before putting sensitive data. Use HDD for several years. Then overwrite all data - it can be just one pass. Congratulations you can securely sell your HDD to NSA. Even reallocated data are not recoverable at this point - at least if you do not shared encryption/decryption key online.
     
  7. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    181
    Location:
    Metropolis
    Thank you @mirimir for your contributiion. Helpful as always!
    I didn't know SSD's had such a hard time erasing data. It kind of makes sense though because to properly wipe anything , whether it's a drive or a desk :p you're going to need some movement. If it's my dirty desk were speaking of then even more is required - elbow grease!
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    It's rather like the fundamental storage layer in SSDs is so flaky that they have this elaborate system to make sure that nothing gets lost. With lots of extra space. Like 40% for quality SSDs, as I recall. So it's hard to delete everything.
     
  9. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    181
    Location:
    Metropolis
    SSD's are still considered better than HDD's, correct? Newer technology.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes. They're obviously faster. And more reliable, it seems.

    But they're also harder to wipe completely.
     
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    I'd heed the suggestion to encrypt from the outset, it sidesteps so many problems, and sometimes, you can't erase downstream because of device failure.

    One thing that really peeves me is that modern operating systems - including Linux - refuse to delete things - I see no reason at all why deleted files should not be shredded in the background for example, if you toggle a setting. I realise there are tools for such, and privacy involves way more than that, but even so.
     
  12. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Even if OS would shred file, you can't be sure there is not another copy of that. Programs use cache, tmp directiories. OS use swap files, swap partitions (yep, they can be encrypted).
    Performance degradation (especially on HDD), much more wear out (especially SSD) sectors/cells without being certain it is going to help.

    Encrypt or overwrite all data on device or even better do both.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.