SoylentNews is people
SoylentNews
I once read in a news article (can't find it now... sorry) that apparently if you overwrite data with other data on a hard drive that the previous data is unrecoverable. So, would overwriting the entire hard drive with cat videos be just as effective as all these other "professional" security protocols that are used?
janrinok: Data erasure is important when you want to prevent anyone from recovering whatever was written on the storage device in the first instance. But there are many potential problems including just how secure does the erasure have to be, what hardware is controlling the reading and writing to the disk, are you attempting to delete data on a spinning rust device, a more modern SSD , or a thumb drive, and who are you trying to prevent from reading the data? If you are just trying to prevent a regular Joe Soap from reading what you once securely stored on a hard drive then simple overwriting might be enough. However, if you are concerned that law enforcement or a government agency might be interested in the drive's contents then you will have to take more stringent precautions. Ultimately, many of the highest classifications of data can only be securely erased by full degaussing or the physical destruction of the device. The link details the various standards that are deemed as acceptable to securely erase data to meet specific documented requirements.
Presumably, if you are worried that someone might have access to your data then you have already taken the precautions of encrypting it. However, poor encryption is worse than no encryption at all - at least with the latter you know that your data is vulnerable. With a weak encryption you might incorrectly believe that your data is secure when, in truth, it is not. This might result in you taking risks that you wouldn't otherwise take with the physical protection of the drive itself. The military and government agencies often insist that drives are secured in an approved security container when not actually in use to prevent anyone actually getting to the data in the first instance. If at home you simply leave your drive in the computer or lying around in plain view then anyone entering your home can steal it. How much protection you need to give depends upon the value of the data to you and how much you need to ensure that no-one else can get to it.
Many proprietary encryption programs use an 'in-house' encryption scheme in the incorrect belief that it is more secure than the recognised encryption methods that have been rigorously tested and mathematically proven. Other systems might have back-doors or make the decryption algorithms available to LE or government agencies. I personally would strongly recommend against using these encryption systems because they might only be giving you a false sense of security. However, if your data is already encrypted with a recognised encryption system with a strong pass phrase and salt then you are well on your way to preventing anyone from ever getting access to the data even if they have the drive in their possession. Note that encryption that is 'unbreakable' today might not remain so with advances in computing and perhaps the discovery of encryption flaws. Essentially, if it is considered good enough for the military and government agencies then it is probably sufficient for your needs.
It is important to realise that, any time your data is inside your computer and viewable, then any encryption is already defeated. If you have valuable data that is protected by nothing more than a computer in hibernation then anyone who can awaken the computer has full access to the data.
So now we finally get to the question that the submitter asked. How secure is overwriting as a method of data deletion? If the data is already securely encrypted then perhaps no further action is required, or simply overwriting it with cat videos will probably be enough to prevent anyone but the most determined attacker from ever reading the data. It will certainly be enough to stop the vast majority of people from getting anything useful from the disk drive. If you believe that the data on the drive must never be recovered by anyone else then the physical destruction of the drive might be warranted. The actual requirement probably lies between those 2 extremes. Only you know the value of the data on the disk drive and how important it is that it is not disclosed.
I now invite everyone to contribute their own experiences, tips and advice regarding data erasure....
(Score: 4, Insightful) by WizardFusion on Tuesday April 17 2018, @04:38PM (15 children)
What a bloody stupid idea.
If you want to erase a storage device, use a proper tool for the job. Personally I use DBAN (https://dban.org/).
(Score: 2) by MichaelDavidCrawford on Tuesday April 17 2018, @04:43PM
Install MacPorts [macports.org]
Then:
$ sudo port install bcwipe
Yes I Have No Bananas. [gofundme.com]
(Score: 4, Insightful) by JoeMerchant on Tuesday April 17 2018, @05:48PM (1 child)
Really? Have you checked the source of DBAN to ensure it's really wiping everything you want to wipe?
No? As such, I would actually trust a drive full of cat videos to be more erased than a drive erased with an unverified "proper" tool. Bonus points if you know your block size and pad the video files to match.
Україна досі не є частиною Росії Слава Україні🌻 https://www.pravda.com.ua/eng/news/2023/06/24/7408365/
(Score: 4, Insightful) by driverless on Wednesday April 18 2018, @07:20AM
Plus, if someone wants to recover your data they'll say "ooh, look, cute cat videos" and forget what they're really there for.
(Score: 5, Interesting) by The Mighty Buzzard on Tuesday April 17 2018, @06:21PM (9 children)
I prefer the shotgun method.
My rights don't end where your fear begins.
(Score: 4, Funny) by DannyB on Tuesday April 17 2018, @06:45PM (3 children)
This approach might leave recoverable sectors on spinning rust.
Discharging a firearm within city limits is a big no-no. As it should be. From the 29th floor you probably can't hit a fence post accurately.
If a minstrel has musical instruments attached to his bicycle, can it be called a minstrel cycle?
(Score: 2) by The Mighty Buzzard on Tuesday April 17 2018, @06:48PM
It's not so much the range that gets you as the elevation. Firing from well above or below a target will throw anyone who isn't used to doing so off for at least a few shots.
My rights don't end where your fear begins.
(Score: 2, Funny) by Anonymous Coward on Tuesday April 17 2018, @11:57PM (1 child)
Oh, the degradation of marksmanship among Americans! If only there was some national organization which could promote shooting skills, firearms safety, and data eradication.
(Score: 4, Funny) by chromas on Wednesday April 18 2018, @01:41AM
The FBI?
(Score: 3, Funny) by Azuma Hazuki on Tuesday April 17 2018, @07:24PM (2 children)
I don't trust that to truly get rid of all of it. If we're talking physical destruction of the drive, bloody well *destroy* it, with something like Thermite. Technically, the "information" is still out there, but good luck trying to reconstitute it :D
I am "that girl" your mother warned you about...
(Score: 1, Insightful) by Anonymous Coward on Wednesday April 18 2018, @04:22AM (1 child)
I guess what I find so puzzling is why somebody will take so much precaution with a piece of trash, but when it was alive and well, had it ONLINE in a system known to be insecure, and not be raising much of a ruckus about that.
I would posit that the drive is much more likely to be hacked, when it was online, spinning, and connected to the 'net, that it will ever be in the community dump. Even it it is still perfectly operational.
I can't tell you how many used hard drives I have purchased that had data still on them. The probability was whether or not it landed in the hands of a bad guy. In my case, it landed in the hands of someone who wanted a box for his bits, and the bits that were already in there were considered useless, the drive reformatted, and overwritten. I had no use whatsoever for a disk full of someone's real estate transactions.
Last year, I found a computer in a dumper.. looked like someone had at it with a sledgehammer. I took it anyway, thinking of it as a heatsink donor for some high power LED lights. Turns out I got about 10GB of memory, a six-core AMD processor, some useful USB to various forms of flash memory adaptors, and a 2TB hard drive out of it, still perfectly functioning. The only things ruined were the case was smashed, the motherboard was cracked, and the power supply was damaged. I was surprised - given how extensive the damage looked, as to how well the computer's innards simply bent under the external stress, and the disk drive survived intact. I wanted a hard drive for some low-level backup stuff, so it got wiped and is now storing some interim backup of some stuff that is too good to throw away, but too useless to keep. You know, stuff like old porn.
Funny thing, had I been employed by that company, I sure would not have spent all that time destroying a perfectly good computer; I would have DBAN'd the disk and repurposed the machine... It puzzles me why companies often choose extremely ineffective and costly methods. I guess a smashed computer case means a lot more to a lot of business folks than de-DBANning a disk. Good theater. Hollywood style.
Had I been malicious, I could have caused a lot of people headaches, but I do not do things like that. In creating that much shit, some is bound to come splatter ME as well! Best just take the drive and use it for its intended purpose: storing my bits. I have no use for the bits that was on it, so Format C: is good enough for me. Just gives me a blank slate to work with ( Yes, I know the old data is still there, but my OS considers it all available for overwrite, until I mark it off as in use. ).
My guess is a DBAN'd disk at the surplus store, sold to God-knows-who, is still several orders of magnitude more secure than that disk was when it was in the machine, all of its data intact, especially if it was running on a Microsoft system. All those damned backdoors, they find more every day, and even the security patches introduce more of them. Can't even trust the silicon anymore, with all this Intel Management Engine stuff that gives all appearances of being the poster child of No Such Agency.
(Score: 2) by Azuma Hazuki on Wednesday April 18 2018, @07:48PM
People Don't Get Computers. I think we're all a little solipsistic here about this, kind of implicitly assuming everyone has at least some bare basic knowledge of their computers and how the parts inside work. Nope. It's seriously worse than cars with these people, which is weird since a computer is way the hell less complicated.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @09:36AM (1 child)
Thermite is what you want. And when in doubt: C4. Shout-out to Mythbusters, of course ;)
(Score: 2) by The Mighty Buzzard on Wednesday April 18 2018, @10:58AM
I've already got the TLAs paying too much attention to me just for being a veteran, thanks. I'll stick with less flashy methods.
My rights don't end where your fear begins.
(Score: 2) by SomeGuy on Tuesday April 17 2018, @07:02PM (1 child)
Good luck using that on your work computer without permission. You will be escorted out of the door if not locked up in jail for "hacking" or some shit.
If it is your own personal hard drive then fine, but be aware that answer won't fit all needs.
The question had come up before where someone had stupidly placed personal information on the hard drive of their work computer. They were changing positions or leaving and wanted to "securely" remove the data from their computer.
Even if the machine is not locked down to forbid booting other OSes and wiping the drive, chances are doing so is against the rules. In some cases it might be OK to ask the IT folks to wipe the drive and re-load an image, but even that can raise unwanted red flags. Even if someone is leaving, that could affect severance pay or job references.
In such a case the "safest" thing to do is delete the files in question, and fill the drive with copies of large work-related files.
There is no guarantee that will really get everything. Modern OSes index the hell out of drives, and can leave hard to find temporary, backup copies, or related metadata sitting around. Of course, on a corporate network they may even create remote backups of user data.
Now, if the drive belongs to you, then normally wiping the entire drive with DBAN or similar should remove all data. There is also an IDE/SATA "secure erase" feature that should even wipe bad and reserved sectors. You have to sort of trust that. On normal hard drives it would be quite rare those would contain any of your sensitive data, but SSDs keep lots of random reserved space.
Anything beyond that is really just paranoia, but sending a drive in to a chipper-shredder is a nice simple way to get piece of mind (don't do that to vintage MFM/RLL/SCSI drives! those are in demand and worth the time to wipe!)
(Score: 2) by coolgopher on Wednesday April 18 2018, @01:43AM
I also seem to recall some harebrained indexing software which stored the indices on a *different* drive, so even if you properly wiped the drive where you'd stored the original files, there was plenty of things left on the drive with the indices. The name/OS of the software escapes me at the moment, but someone can fill in my blank?
(Score: 2) by Dr Spin on Tuesday April 17 2018, @04:40PM (6 children)
There is no way I would want to pollute my valuable data by exposing it to cat videos, no matter how valuable, or private.
Now, dog videos ... that is a completely different story!
Warning: Opening your mouth may invalidate your brain!
(Score: 0) by Anonymous Coward on Tuesday April 17 2018, @04:43PM
Surely as a genuine BOFH, you should consider this the perfect justification for filling your HD with pron!
--
Life is just a bowl, without the cherries!
(Score: 1, Insightful) by Anonymous Coward on Tuesday April 17 2018, @04:46PM (4 children)
Cat videos? Dog videos? Make them go through goatsie videos.
(Score: 2) by DannyB on Tuesday April 17 2018, @06:47PM
The ability to store very large collections of such videos was the primary motivation behind the development of ZFS.
If a minstrel has musical instruments attached to his bicycle, can it be called a minstrel cycle?
(Score: 2) by HiThere on Wednesday April 18 2018, @03:42AM (2 children)
No. Lots and lots and lots of copies of he same humorous cat video, each frame with a few random bits changed so that they won't be deduped. Perhaps 4 or 5 different "humorous cat videos" in a random mix, except that you don't use the same one twice in a row.
That way you can reasonably plead stupidly innocent. And nobodies going to watch all those cat videos over and over.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1) by anubi on Wednesday April 18 2018, @04:30AM (1 child)
Streaming video of some Internet preacher? Just record till the disk is full.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @01:34PM
NYC Subway preachers are better.
(Score: 4, Interesting) by frojack on Tuesday April 17 2018, @04:42PM (21 children)
Before anyone else suggests that three letter agencies can recover data with scanning electron microscopes even after it has been safely written over, I'd like to point out that such things are merely stories, and nothing more than a single bit or two have ever been recovered in this way. Not a byte, not a word, not a sector. DOES NOT HAPPEN.
No, you are mistaken. I've always had this sig.
(Score: 5, Informative) by Dr Spin on Tuesday April 17 2018, @04:48PM (2 children)
Not completely true. We managed to do this well enough to get the gist of text on 5MB ST506 hard drives in about 1980.
In those days, I designed my own data separator, and could tune it to do this. We also used to read 556 BPI tapes by sprinkling iron
filings on the tape and using a magnifying glass. Pretty sure its pointless trying this on LTO tapes.
I don't think it is worth trying on a SATA drive unless there is over $1M at stake, and it would probably better to take the money and run.
Warning: Opening your mouth may invalidate your brain!
(Score: 2, Touché) by Anonymous Coward on Tuesday April 17 2018, @09:36PM (1 child)
Yeah, but that's from a time when the bits recorded on a hard drive were practically visible to the naked eye. Nowadays, they're small enough that neighboring bits can have quantum effects on one another.
(Score: 1) by anubi on Wednesday April 18 2018, @04:39AM
The last I messed with it, Western Digital was working with a technology, PRML I think, (Partial-Response-Maximum_Likihood) where mathematical derivatives were very critical, so much so that the disk stream had to be run through reed-solomon lattice filters to recover the data. Everything depended on what data was both before and after the data being read to verify its correctness. All sorts of adaptive filters to compensate for magnetic distortions caused by the proximity of adjoining magnetized regions.
Very picky stuff. I thought the thing was way too Rube-Goldbergian to work. But they got it to work.
It would be very hard for me to conceive that something that sophisticated could be injected with trash data, and still be recoverable.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by takyon on Tuesday April 17 2018, @05:09PM
Three letter agencies like the non-existent No Such Agency?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by All Your Lawn Are Belong To Us on Tuesday April 17 2018, @05:33PM (4 children)
'Always listen to experts. They'll tell you what can't be done, and why. Then do it.' - Robert A. Heinlein
I agree with you, only with the caveat that you cannot completely know what the TLA's are capable of or if they have found exploits to the hardware process of which you are unaware - on software side we know they do that all the time. Interesting article that I can't evaluate the credentials of from 2003: http://www.nber.org/sys-admin/overwritten-data-guttman.html [nber.org] . It asserts what you've said, though its references are old. (Then completely misses that if any such technology had been developed in secret by a government you wouldn't necessarily find literature in public about it.)
I'd look at the approach that if you've simply overwritten the data with a known cat video file that can be referenced to the odds improve of being able to reconstruct the underwritten data by those technologies as described (as opposed to an unknowable random pattern), but I'll readily stipulate that this is still theory and you're saying no proof has been offered. Get a bit wrong and you've screwed a byte, get a byte wrong and you may have screwed an instruction, get an instruction wrong and the program won't run. Though, "TfE N&CLE&R B*** GOEg OFF SUqDA*" is probably figurable... and is more suitable to an episode of 24 than real conversation. But I won't be the person recovering it... I'll stick to DOS "deletions" of overwriting the first filename character with a single reserved character - I saved several "deleted" documents that way back in the day and lost a few where the sectors were overwritten.
Besides, the TLA's don't need to do that if they already have a copy of everything they deem relevant.
This sig for rent.
(Score: 2) by driverless on Wednesday April 18 2018, @07:22AM (3 children)
That's a reference which originally goes back nearly 25 years, it's from something like 1995, not 2003. Read the supplementary notes to that for what the story is with current technology.
(Score: 2) by All Your Lawn Are Belong To Us on Wednesday April 18 2018, @06:50PM (2 children)
Thanks for the correction... Here's one of the links you mentioned: https://www.vidarholen.net/~vidar/overwriting_hard_drive_data.pdf [vidarholen.net] - which again reasserts OP with data.
Cite: Wright, C.; Kleiman, D, & Sundhar S. R. S.: (2008) "Overwriting Hard Drive Data: The Great Wiping Controversy". ICISS 2008: 243-257 http://portal.acm.org/citation.cfm?id=1496285 [acm.org] or http://www.vidarholen.net/~vidar/overwriting_hard_drive_data.pdf [vidarholen.net] . See also a summary at http://sansforensics.wordpress.com/2009/01/15/overwriting-hard-drive-data/ [wordpress.com]
This sig for rent.
(Score: 2) by driverless on Thursday April 19 2018, @03:38AM (1 child)
I mean the additional notes to the original paper [auckland.ac.nz], not the Wright et al stuff. In case you don't recognise the name, Wright is the fraud who claims to be Satoshi Nakamoto (he isn't), claims to have a PhD (he doesn't), has various convictions (fraud, contempt of court), etc. The Wright paper seems to be up to his usual standard, as Guttman points out "while it fairly convincingly demonstrates that applying the wrong technique to the wrong technology doesn't work, it unfortunately doesn't expand the body of knowledge of secure data deletion much".
(Score: 2) by All Your Lawn Are Belong To Us on Thursday April 19 2018, @09:47PM
"Having re-disposed of the monster, exit our hero through the front door..." [youtube.com] Thanks.
This sig for rent.
(Score: 4, Informative) by JoeMerchant on Tuesday April 17 2018, @05:54PM (2 children)
Actually, in the days of ginormous platter drives, it was a thing and might have happened a time or two in situations that mattered, not situations you're likely to read about in the "free" press, but a guy with a mag-reader head and a servo actuator arm could occasionally read between the tracks and pick up old data - if he was lucky about alignment shifts between the writing and overwriting.
By the time hard drives were down into the 3.5" form factor, I agree - unrealistic, and highly improbable - like I'm winning the lottery tomorrow and I haven't even bought a ticket improbable.
In SSD world - the best they might pull off is a reflash of the controller to get access to the sectors that have been rotated out of service for wear leveling.
Still, a 10-penny nail and a 3 pound sledgehammer will securely erase just about any device out there, electron microscopes be damned, no data is worth that much effort to anyone.
Україна досі не є частиною Росії Слава Україні🌻 https://www.pravda.com.ua/eng/news/2023/06/24/7408365/
(Score: 2) by frojack on Wednesday April 18 2018, @06:54AM (1 child)
Find one documented example of this being done and data being recovered by people who didn't already know what was on the drive.
I look high and low. It hadn't been done as of 2008, and drives have gotten more sense since.
Does not happen.
No, you are mistaken. I've always had this sig.
(Score: 2) by JoeMerchant on Wednesday April 18 2018, @11:54AM
For perspective, I'm talking about the platter drives like on our VAX from the 1970s - measured in kilobytes of capacity and pounds per spool.
Also - that's ~20 years before the sum of all knowledge was captured by Google.
Україна досі не є частиною Росії Слава Україні🌻 https://www.pravda.com.ua/eng/news/2023/06/24/7408365/
(Score: 2) by DannyB on Tuesday April 17 2018, @06:49PM (3 children)
Yeah, yeah. Just like all the conspiracy theories about No Such Agency turned out to be true when the Snowden documents were revealed. In fact, the conspiracy theories turned out to be pretty tame compared to reality.
If a minstrel has musical instruments attached to his bicycle, can it be called a minstrel cycle?
(Score: 2) by edIII on Tuesday April 17 2018, @08:22PM (2 children)
Meh, you don't need to worry about it. We vastly outnumber the TLAs, and this recovery method does not seem to be automated, nor cheap, nor quick. Which means mass surveillance is out the picture, as well as any Big Data technologies to make predictions from those large data sets.
I don't think you need a conspiracy theory to see the great value in being able to read data off storage devices, even after countermeasures were taken. So, I agree it is most likely possessed by the TLAs. That being said, full drive encryption is a bitch, and the real game is in the TPM modules or whatever is storing the encryption keys. If they were after somebody taking measures to prevent eavesdropping or data theft, then it stands to reason that being able to read a bit off a storage device is akin to the first step in a long journey. One that makes a little trip to Mordor seem banal.
Lastly, why the fuck would it matter if they can read our hard drives? We store all the juicy, salacious, and often incriminating evidence on Facefuck, or Twatter :) If it's not the government, it's somebody trying to manipulate you to buy X or vote for candidate Y.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by DannyB on Tuesday April 17 2018, @09:21PM
I usually say FaceTwit to refer to both.
If a minstrel has musical instruments attached to his bicycle, can it be called a minstrel cycle?
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @04:43AM
About the TLA capability.... the most important Top Secret is what's bullshit and what's not.
They seem to leak a lot of bullshit - which the uncleared accept as Gospel, and that way are controllable through fear and ignorance.
(Score: 0) by Anonymous Coward on Tuesday April 17 2018, @10:13PM (3 children)
Absolutely correct.
With the older drives of the 1990 and bellow it was *kinda* possible. These days if you dd it to zero out a drive. There is pretty much 0% chance you can recover it.
(Score: 2) by HiThere on Wednesday April 18 2018, @03:47AM (1 child)
Yes, but if you zero it out and then fill it with cat videos not only will they not be able to recover the data, they'll also get sick of looking at cat videos.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1, Funny) by Anonymous Coward on Wednesday April 18 2018, @07:12AM
You don't want cat videos for that. You want goatse, lemon party, two girls one cup, tubgirl...
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @03:51AM
If I just hollered was that sufficient?
(Score: 3, Interesting) by TheRaven on Wednesday April 18 2018, @08:06AM
The problem is not so much using a STEM to read the data (I've seen that done in the lab, but it was so laborious and had such high error rates that I doubt that you'd be able to do it usefully at a commercial scale), it's the remapped sectors. Old hard disks would report failed sectors to the OS and rely on the OS avoiding writing data there. That still happens with disks sold for RAID use, where you want to avoid the same sector on all drives to avoid performance problems, but for most consumer drives the controller handles this for you. The disk contains more sectors than are reported to the OS and when one fails it will switch the mappings to use one of the reserved ones. With high-density disks, this can be quite a large proportion of the total size. When you erase, you will overwrite the sectors that are part of the current mapping, but you won't erase any of the re-mapped one. These will still contain whatever data was stored in them, though typically with some errors. If you either load custom firmware onto the controller board, or remove the controller board and drive the motor and head directly, you can read them and attempt to reconstruct something.
This problem is even worse for SSDs, where the controller performs wear levelling. If you overwrite with zeroes, a lot of controllers will turn this into the equivalent of a TRIM operation and not actually write anything - just mark the cells as unused and wait for a background task to erase them. Worse, a lot of controllers also do block-level deduplication. If you write the same block multiple times, then they'll just update the remapping tables - they're typically doing copy-on-write internally anyway, because it's faster (and safer) to read the contents of a flash cell and write the unmodified blocks to a new cell along with the new blocks than to do an in-place erase and rewrite, and just incrementing the refcount for a cell is a lot cheaper than writing the same data again. This has bitten a few people using ZFS's copies= property, where it keeps multiple copies of the same data on a single disk to protect against block failures: the disk reports that the block is written, but when one copy fails checksum then the other copies mysteriously fail checksums in exactly the same way. Again, if you have custom firmware for the SSD, or you attach the flash chips directly to something else, then you can access a lot of 'erased' blocks.
The difficulty with these approaches is that you typically can't get useful inter-block information, so you have to try to reassembly files one block at a time. If your threat model is anything less than a nation-state attacker then it's probably too expensive.
Generally the best way of securely erasing a disk is to encrypt it with block-level encryption, never write the keys to the disk (store them either on a separate USB drive or in the TPM or equivalent) and then either erase the TPM or physically destroy the USB drive. Even if someone can read all of the current blocks and an arbitrary set of erased blocks, they won't be able to reconstruct any of your data (unless your encryption is buggy / broken).
sudo mod me up
(Score: 2) by looorg on Tuesday April 17 2018, @04:50PM (3 children)
Is the cat video important somehow? Is cat video data better or more efficient at overwriting data then other some other data? Are cat images better then say Goatse? The whole overwriting thing is like getting a lock on your door, you use it to keep out the amateurs -- the professionals will find a way to by pass your little protection scheme.
Personally I don't overwrite data for security reasons. I prefer thermite. That is if I had to destroy data and make sure ... I'm sure there is some less invasive and dangerous method around but I doubt it will be as much fun.
(Score: 3, Funny) by bob_super on Tuesday April 17 2018, @05:18PM
The art of recovering data is to line it up and do neat tricks to reveal its secrets.
I'd say a cat is a pretty good line of defense against this process.
(Score: 2) by zocalo on Tuesday April 17 2018, @05:53PM (1 child)
No, it's not as fun as thermite or using it as a clay pidgeon, but if you're looking to resell the drive then that's not really an option, is it? Although it'd also be a whole lot easier to just grab a suitable tool like BleachBit of the Internet regardless of your specific usage case, of course.
UNIX? They're not even circumcised! Savages!
(Score: 3, Interesting) by TheRaven on Wednesday April 18 2018, @08:13AM
sudo mod me up
(Score: 0) by Anonymous Coward on Tuesday April 17 2018, @05:04PM (3 children)
You can be much more confident in your data erasure if you always use full disk encryption.
Erasing the disk then becomes a fairly simple matter of "forgetting" the encryption key. Feel free to also zero/randomize the drive or whatever suits your fancy...
This is especially important with SSDs where it is generally not even possible to ensure that you have actually overwritten any particular data.
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @04:21AM (2 children)
With SSDs and their dirty voodoo this advice makes much more sense but the problem still is what if you actually do forget the pass?
I wonder whether encrypting SSD with some lame short easy to remember password would do any good. Would it make it harder to recover pieces from the hidden areas?
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @05:34AM
Depends. If you use something like LUKS, the master key is stored in a header, encrypted with your passphrase. If your passphrase is very weak, someone with access to the LUKS header could probably guess your passphrase and decrypt the master key (and therefore the rest of the drive). If you can successfully wipe the LUKS header then it's unlikely that the master key can be recovered by anyone even with the right passphrase, but this doesn't help on an SSD because you have no real way to be sure you've destroyed the header without destroying the drive too.
So, you should always use a strong passphrase. For this purpose you can certainly write it down somewhere -- "forgetting" the passphrase then involves one extra step: burn the post-it note.
Another option would be to use key files on a $5 USB stick, this setup can avoid the need to type any passphrases (good for unattended boot) while offering a similar "forgetting" method: burn the usb stick.
(Score: 2) by TheRaven on Wednesday April 18 2018, @08:22AM
If you might forget your pass phrase, typically there's a mechanism for backing up a recovery key. Your best bet is to create a backup and leave a copy of it with someone you trust. Unless they're cooperating with the attacker, then you're probably safe. If you're really paranoid, stick it in a safety deposit box in Zurich...
sudo mod me up
(Score: 3, Informative) by Thexalon on Tuesday April 17 2018, @05:08PM (10 children)
When you really really need to destroy a hard drive, remember that hard drives make good targets for firearms training purposes.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 3, Informative) by draconx on Tuesday April 17 2018, @05:29PM (3 children)
Also with magnetic media, you can disassemble the drive and you will find one or more powerful permanent magnets, which can be useful in their own right.
Then shoot it up :)
(Score: 2) by Freeman on Tuesday April 17 2018, @05:35PM
Nothing like a bit of recycling. Especially when it's a cool magnet.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by The Mighty Buzzard on Tuesday April 17 2018, @06:29PM (1 child)
Or just give the platters to a pre-teen relative who will think they're nifty and ensure the unrecoverability of your data within a few minutes.
My rights don't end where your fear begins.
(Score: 5, Interesting) by draconx on Tuesday April 17 2018, @06:38PM
They are very nifty.
The drive platters are incredibly smooth and manufactured to such tight tolerances that (at least until you grime them up with fingerprints...) you can actually form a rather strong vacuum between them just by touching the platters together. They will stick tightly just from air pressure and it is very hard to get them apart again!
(Score: 2) by insanumingenium on Tuesday April 17 2018, @06:11PM (2 children)
Belt and braces is the way to go, zero out the drive 57 times, drill a hole through the platters and then spin them up until horrible noises are heard, pour acid in the hole and give that time to stew, place the drive in an electromagnetic can crusher, go for target practice and don't neglect the tannerite, thermite the remains, finally shred the whole mess. Most importantly, ensure this whole process is billable by the hour.
(Score: 2) by Thexalon on Tuesday April 17 2018, @06:25PM (1 child)
The "shooting it" solution was something I picked up from one of the sysadmins I worked with, who was also really into target shooting. So he used this as an excuse to mix work and play.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by insanumingenium on Tuesday April 17 2018, @09:16PM
Huzzah to that!
(Score: 5, Funny) by turgid on Tuesday April 17 2018, @06:35PM (2 children)
Nah, the NSA has quantum computers which they can use to work backwards from the sound waves and air currents produced when shooting a hard drive to recreate the patterns of zeros and ones on the platters to 98% accuracy. I have friend who told me. He held the ladder for Neil Armstrong too.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 4, Funny) by Thexalon on Tuesday April 17 2018, @07:12PM (1 child)
You're friends with Buzz Aldrin? That's amazingly cool!
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by turgid on Tuesday April 17 2018, @08:58PM
Damn, that's my cover blown. They'll have to shoot me.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2, Funny) by Anonymous Coward on Tuesday April 17 2018, @05:39PM
Cat video don't do shit. Use a nuke video - it's the only way to be sure.
(Score: 3, Insightful) by captain normal on Tuesday April 17 2018, @05:40PM (1 child)
Wonder if that AC's real name is Sean or Michael...or Donald?
Really now if you seriously want to destroy data on a drive the old HHB method (Hacksaw,Hammer, Blowtorch) seems to work pretty well. That method is almost as good as tossing the drive into the ocean a couple of miles offshore. Then there is always just drop the drive into bucket of Liquid Plumber for an hour or so. Battery acid also works.
Of course if it's data on a drive that is in anyway connected to a wireless network, that data is likely already on cloud servers in China and Russia as well as Facebook, Google, Amazon and the big TelCos (ATT, Verizon, Comcast etc.) So you may as well give up because you are screwed.
"It is easier to fool someone than it is to convince them that they have been fooled" Mark Twain
(Score: 2) by Osamabobama on Tuesday April 17 2018, @06:10PM
Even with the cloud data, it may be worth destroying the hard drive so the data can't be tied to you in a legal sense. (Not that the physical device is the only way to do that...)
Appended to the end of comments you post. Max: 120 chars.
(Score: 5, Interesting) by All Your Lawn Are Belong To Us on Tuesday April 17 2018, @05:41PM
Our secure shredding company has a couple of trucks that have a drive/tape shredding portal to their grinder. One of the most wicked things I ever saw was to hand them a box of drives (20+ - a couple of them old IDE's), watch them feed them one by one into the slot whole, hear the grinder crunch, and then open the compartment below and see that each one had been shredded into component material about 3/8 inch 9 mm) wide. The operator had a wide freakin grin on his face.... and so did I.
To me, that's now the gold standard.
This sig for rent.
(Score: -1, Troll) by Anonymous Coward on Tuesday April 17 2018, @06:04PM
"An Anonymous Coward poses a question that is asked every few months or so:"
An windows/mac user poses a question that is asked every few months or so:
FTFY
(Score: 2, Disagree) by bzipitidoo on Tuesday April 17 2018, @07:29PM (5 children)
But, overwriting just once isn't enough. Nor is writing a bunch of zeros over the data all that great. The cat videos are actually better than zeros, as they are compressed, and the bulk of compressed data can look rather random. Thing is, because hard drives microscopically shift position, a particular bit is not going to be written in exactly the same spot every time. It's like printing another letter on top of an existing letter, can still be possible to tell what the original letter was. Overwrite ten times, fill the hard drive up with different cat videos or random garbage each time, and that should make it impossible for anyone to recover the original data. And, you'll still have a functioning hard drive.
(Score: 4, Insightful) by tangomargarine on Tuesday April 17 2018, @08:00PM (3 children)
This whole argument is rather pointless as there's only 2 extremes.
1) You want to erase it so that short of TLAs nobody can read it. Just dd'ing over the whole disk a single pass of zeroes is more than enough for this. *Old* hard drives from the 80s, no, but now it's fine.
2) You don't want anyone anywhere to be able to read it ever, in which case you have to physically destroy the platters.
Any waffling in between is just foolish.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by bzipitidoo on Wednesday April 18 2018, @12:47AM (2 children)
Funny how we're exhorted to back up data regularly because hard drives are fragile and can corrupt data at any moment, or in a span of a few seconds, crash and lose everything. Better run a RAID, too.
But, when we want to lose the data, then hard drives are amazingly difficult to clean.
If it was so easy to recover overwritten data, don't you think hard drive manufacturers would have noticed and seen in that an opportunity to increase capacity? A few overwrites and even TLAs aren't going to get any old data from the drive.
(Score: 2) by tangomargarine on Wednesday April 18 2018, @04:38PM (1 child)
We are?
We have this thing called journaling filesystems to deal with this now.
From accounts I've heard that Winchester drives don't usually just fail out of the blue; you'll hear warning noises out of them when you powercycle them when they're threatening to fail. This is why it's a good idea to not leave (personal) computers running for years at a time, as the spin-up mechanisms can completely fail but you won't be aware of it until the next time you go to powercycle it and it's just dead.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by tangomargarine on Wednesday April 18 2018, @04:41PM
I'm much more concerned about user error where *I* accidentally all my data, than my filesystem suddenly deciding to eat itself. But that's why I'm on ext4, not btrfs, after btrfs ate itself twice in the space of a month or two when I tried it years ago.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @07:32AM
That was true 30 years ago, when a hard drive held a megabyte and was the size of a washing machine. Nowadays, the data is packet so closely that nearby bits overlap unless you read in exactly the right spot, and even then the drive needs error correction to ensure that it actually got the right bits.
Remapped sectors are what you need to worry about, but multiple passes doesn't help with erasing those.
(Score: 2) by darkfeline on Tuesday April 17 2018, @08:18PM (5 children)
Easiest way to delete sensitive data is to delete the encryption key (sensitive data is encrypted at rest by definition; if it's not encrypted, it must not be sensitive).
The concept of overwriting sensitive data is misguided. There are so many ways it can go wrong. If the data was ever stored unencrypted, there's always the possibility of physical restoration by well-funded attackers. There are side channel attacks, unencrypted cache and temp files. There may be bad sectors that have been ignored by the drive controller and are no longer accessible normally, but may still be keeping a copy of the unencrypted data. It takes a lot of time; overwriting a 1 TB HDD is going to take much longer than deleting the key. And the mere act of overwriting a large amount of data could uncover bad sectors that get silently preserved.
0. The data is encrypted.
1. Delete the encryption key.
2. Destroy the drive if you need that level of paranoia.
Join the SDF Public Access UNIX System today!
(Score: 2) by coolgopher on Wednesday April 18 2018, @01:54AM (3 children)
And how do you securely delete the encryption key? What if the disk controller rotates in a different block as you're overwriting the one containing the key?
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @04:40AM
If I ever saw a +1 Touché post! :)
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @05:46AM
This is simple enough if you don't trust your passphrase: you store the encryption keys on a different device. dm-crypt supports this easily and the cheapest USB stick you can find at the local shop will do. You can destroy that USB stick when you are done -- then the (presumably much more expensive) drives can be repurposed for something else with no worry that the former encryption keys might still be accessible on them.
(Score: 2) by darkfeline on Wednesday April 18 2018, @06:32AM
Various ways, depending on your needs.
1. Forget the password (of course you used a strong password).
1b. Use raw dm-crypt and forget where you put the key/encrypted partition.
2. Delete the key, which is much smaller than all of the encrypted data so there's a much lower chance of that specific block getting rotated out (i.e., you winning the lottery vs someone winning the lottery).
3. Store the key on a USB stick or SD card, destroy the stick or card.
4. Destroy the entire drive if you need that level of paranoia.
Even 1. is more reliable than trying to overwrite any substantial amount of data.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @07:29AM
Oh a laptop, that makes sense.
On a server, locking the door to the server root and placing a couple of armed security guards outside is better than any encryption. The servers will be running when the intruders break in, so the decryption key is available in memory, and as long as you don't shut down the server, the drives can be cloned without the encryption getting in the way.
Your highest risk is probably remote attacks anyway, and neither encryption nor armed guards will prevent those.
(Score: 5, Insightful) by anotherblackhat on Tuesday April 17 2018, @09:17PM
Like always, it depends.
Simply deleting the files doesn't (typically) remove the data.
The guy at the computer repair place might undelete them.
Overwriting the files once will eliminate them from all real, practical, attacks.
This makes you safe from that computer repairman.
There are theoretically attacks that might, maybe, be able to recover overwritten data.
The idea is that overwriting a '1' with a '0' leaves a slightly different magnetic signature than writing a '1' over a '1'.
However, as densities increase this becomes harder to do.
With any drive over a terabyte, I'd say it's impossible.
There is, however, another problem.
Some sectors on a disk might not be available to overwrite.
If a sector goes "bad" it's marked as such, and you can't write to it anymore, or overwrite it with cat pictures.
But "bad" sectors might still be readable, and might contain (old) data you don't want anyone to see... or it might be useless junk.
Is your information so important that you can't afford your enemy getting even a single sector of it?
If you're a nation-state and your enemy is another nation-state, and the drive has ever contained sensitive information, the only way to be sure is to physically destroy it completely.
I recommend thermite.
(Score: 5, Interesting) by ledow on Tuesday April 17 2018, @09:25PM (3 children)
There is no such thing as magnetic history on a hard drive.
Zero it, and you're done.
It won't capture things like reallocated sectors, but then neither would a 26-pass random wipe either.
Nobody has ever demonstrated being able to tell what was on a hard drive before being zeroed.
There was a data recovery firm that for 20 years had a $1m prize to anyone who could demonstrate such things. They withdrew it in the end because that was a lot of capital to tie up, and nobody even entered, let alone succeeded.
The standards were written for "just in case", but nobody has ever been able to do it. Why would you? How could you tell when a magnetic pole USED to be in a different place on a hard drive platter? With any degree of certainty whatsoever? It's a nonsense and people really need to stop perpetuating it.
Plus, because of problems like SSDs and sector-reallocation, the ONLY POSSIBLE WAY to securely delete the data is to physically destroy the device. Everything else is just messing about. Incineration tends to result in a pile of ash and nothing recognisable in the way of physical objects, let alone the data that might have been on them.
Honestly, stop wasting your time, zero the disks (or one random write if you're paranoid), and then fling it in a fire. If YOU are the person controlling the fire and you can transport the drives safely to that location, you don't even need to bother with the zeroing.
The beauty - this technique also works for floppy disk, ZIP disk, tapes, optical media, etc. etc. etc. from which it might, technically, possibly, conceivably be possible to recover data in some other fashion. Incinerate everything and the problem disappears.
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @07:22AM (1 child)
Not true.
Had you said "in the last 25 years", I wouldn't object, but "ever" includes a time when a hard drive was the size of a washing machine and held a single megabyte of data.
Back then, actuators would slowly get out of alignment, so tracks would over time move sideways. With the distance between tracks being so large, this wasn't a problem, but it made it possible to read old data between the tracks.
(Score: 2) by ledow on Wednesday April 18 2018, @08:13AM
"demonstrated being able to tell what was on a hard drive"
I stand by my words. As ever, people posit theoretical attacks, but nobody has ever recovered - with any certainty - data out of the junk. Because you have no way to tell whether that was fresh data, overwritten data, or random magnetic fluctuations from corruption or the disk's initial manufacture.
All you get is a pile of bits, and making any sense of it would be harder than just breaking into the machine that actually holds the data and just taking it from there.
(Score: 2) by Dr Spin on Wednesday April 18 2018, @07:43AM
How can you tell? well the reality is that the head will not be exactly aligned on each pass over the track. When designing the servo system, you have got there when it aligns well enough to work reliably for the use case of reading and writing the users's data. If the head was a bit too far in when it wrote, and a bit too far out when it reads, then it will still work. However, if it is a bit too far in when it over-writes, and then, on a later pass, a bit too far out, it might be able to read some of the data.
This is extremely unlikely to be enough to recover the data, but it might be enough to demonstrate that there was a copy of that data on that disk.
This was a distinct possibility in the days of MFM recording, but I doubt it could be made to work with RLL and GCR, where N bits are encoded as N+1, or N+M, with multiple possible encodings. Also, I would point out that forward error correction is NEEDED in order to read modern disks. If there are more than a few bits in error, then the correction has equal probability of correcting or further messing up. Even if you were looking for one particular word, and knew which sector to look for it, this is NOT going to work on today's hard disks. (I cant speak for SSD's). Remember that, the erased data was probably not written on virgin disk anyway, so some of what you read outside the official track (maybe one or two bits, maybe whole sectors) might be from one, two or even a hundred writes earlier. On a Unix disk, in-place rewrites are not common, so some files (like those in /etc) constantly move about, over writing other deleted files. Others, like the cat video you never even got round to watching, stay where you put them for the life of the disk. I have no idea what happens with Windows - and no wish to know.
I spent a lot of years designing data separators which would out perform Seagate's, IBM's and Western Digital's (in the days of ST506/MFM) and no, you won't never get data back if over-written on anything ATA or later. With GCR and later, I expect that, with an entire team of the people who use electron microscopes to read ancient Sumerian cuneiform tablets, you could possibly prove there was data there before it was over written, but, no, not prove what the data was.
However, unless you fully understand the low level file system assembler code, you cannot be sure that "overwritten" means what it says on the tin. And the TLA's and data recovery firms of this world probably don't want you to know that.
Warning: Opening your mouth may invalidate your brain!
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @12:44AM (1 child)
I got some shit I really need deleted!
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @05:04AM
Trying to cover kiddy porn with kitty porn?
(Score: 2) by Subsentient on Wednesday April 18 2018, @01:57AM
Durrrr, duhhhh, eeeuurrreeeeuuuuggghhhh.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 2) by Runaway1956 on Wednesday April 18 2018, @01:58AM (4 children)
It doesn't much matter what data you are using to fill a hard drive. Cat videos, porn, random numbers - data is data.
But, it isn't just the data, either. You've got to get the boot sector and the file tables. Everything that logs what the data was has got to go. I'm partial to *nix's dd command. It's great. Fill the drive with random numbers, from beginning to end. Then fill the drive with zero's. Fill it again with one's. One more pass with random numbers. There might be SOMETHING left, but it's useless.
Okay, you've basically got an "empty" disk. Format it, preferably with a different file system than you erased. NOW fill it up with whatever data you have chosen to fill it with. Cat videos are alright, no one cares. Fill it full. When the copy utility complains that it has run out of room in which to write files, you've probably got it full.
Final step? Install an OS onto the hard drive. You really want to change the file system being used again, to be sure that your boot sector and file tables are positively over written. It helps, at this point, if you partition the drive into several partitions. When the OS finishes installing, you can then fill each and every partition with meaningless data.
Ain't no one recovering from all of that.
OR - you can use any of the professional quality disk wiping programs.
The biggest mistake made by the uninitiated, is believing that a delete is really a delete. Or, that a format actually removes everything. None of the common tools on a Windows OS actually removes any data. Moving something to trash erases absolutely nothing - it only changes some flags in the file table. Emptying the trash bin still erases nothing - again the flags have been changed to allow over writing of those sectors. If, and when, those sectors on disk are written to, THEN the data disappears, IF there aren't backups or caches of the data.
And, Windows records all kinds of crap, making logs endlessly, backups, cached copies, etc ad nauseum.
Thank God for Unix-like operating system. Usually, when you delete something on a Unix-like, you won't see that data again.
Abortion is the number one killed of children in the United States.
(Score: 2) by HiThere on Wednesday April 18 2018, @03:52AM (2 children)
It does matter. Cat videos are less suspicious.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @05:06AM (1 child)
Because everyone and their dog have terabytes of cat videos on their disks and nothing else.
(Score: 2) by Dr Spin on Wednesday April 18 2018, @07:45AM
You have been watching Youtube, haven't you?
Warning: Opening your mouth may invalidate your brain!
(Score: 2, Funny) by anubi on Wednesday April 18 2018, @05:18AM
It can take a long time to do it magnetically. If I had a stack of these, I would be tempted to open 'em all up, remove the disks, hand the drives to some high school kid who likes to play with magnets, take the disks to the sidewalk and scuff away as I do a little dance on them. Or hire some teenager to do it while I watched - as most teens can outdance me by an order of magnitude.
But the last part is mostly for theatrics. It gives the ones who wanted me to do this the evidence I did what they told me to do when I bring them back a box of disks mechanically eroded beyond recognition. Sometimes, one may need this if only for a good night's sleep knowing its done. Peace-of-mind thing. Just like I am not happy seeing a rattle snake crawling back under the barn when I know I must have dealt it a fatal blow... I want to see dead snake, preferably decapitated.
Below offtopic, but I get a chuckle every time I think of it.
( Brings back to memory a little morning episode at Chevron's Pascagoula Oil Refinery... about 40 years ago. Coming to work one morning, we discover this big rattlesnake coiled up on the handrail into our engineering building. We raise a ruckus, and an electrician passes by with his conduit bending hickey... he swings it at the snake, severing its head from the rest of it as neatly as you would wish. Once the hubbub died down, we picked what was left of the snake and put him in the trash.
Over the course of the day, we forgot about the snake. We continued to fill the trash cans as usual, with all sorts of office rubbish, like wads of paper and coffee cups...
Come about 6:30 and the night cleaning crew, mostly ladies, swarmed the buildings.
And there was this terrible scream, as the snake was re-discovered, as what was at the bottom of the trash can was now on top of their trash gondola. It took several weeks before the ladies wanted to have anything to do with the trash cans.. ).
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Interesting) by jmorris on Wednesday April 18 2018, @02:57AM
Yes you could recover data in the before times. Tracks were wide, the world was young, etc. But today on a modern drive reading the data normally is right on the edge of impossible, they are already so unreliable they expect errors and depend on first layer of the error correction stack to make it "error free." The tracks are rammed right up on each other and on shingled drives they are overwriting most of the track. Sectors and tracks that get mapped out are the only source of danger and you need specialized software running inside the drive which only the vendor could create since modern drives also use signed firmware.
So here is the practical version for the real world.
1. You are a normie and your porn is all legal. You have personal info on the drive you would prefer not get out but don't fear going to prison if it did. Keep running Windows like a normie. NEVER, EVER let Geek Squad touch your system with the drive your data is stored on connected. OS on an SSD, everything else on a different drive you can yank for service. Encrypt or not, your choice whether to pay the performance penalty. If the cops bust in they will have a warrant and thus be able to order you to unlock the drive so you only stop burglars with encryption. Probably DO encrypt your backup copy. When done with the drive use DBAN on it and sell or repurpose it.
2. You have porn, some of it might be borderline. Or you might be engaged in slightly not legal activity. Otherwise similar to above but encrypt your drive and take some basic precautions to prevent it being seized in a readable state. If you are thinking ahead buy a drive that encrypts internally, then encrypt atop that with something RELIABLE (stability and cryptographically) like Linux. When it is time to retire a drive write garbage to the part of the drive where LUKS stores the key material then send the command to dump the internal key. Write zeros to the first megabyte drive and it is ready to repurpose. Only a nation-state actor is possibly getting anything from the drive at this point and they would never admit they could in a minor criminal case even if they could.
3. Organized crime or Corporate stuff. (Not really much difference these days...) For laptops that cross borders and can get stolen / lost basically do #2 above plus worry a lot about access control on the backups, etc. If you in this situation and getting advice on security from a web forum, kill yourself.
4. You must defend your data from a nation-state actor. You will lose unless you are yourself a major corporation or a nation-state actor, with a staff, secure access facilities with 24/7 loyal, heavily armed security forces, etc. Encrypt if it makes you feel better but they will get the data. They will do all that spooky crap like listen to you type the passphrase with a hidden microphone, use your cellphone as a bug, etc. and figure out the keystrokes. They will watch you type it with a camera in the light bulb above you. If nothing else they will use rubber hose cryptography. What is YOUR pain threshold? Or somebody will leak. Encryption wouldn't have stopped Snowden for example, he had root access already.
(Score: 2) by Fnord666 on Wednesday April 18 2018, @03:56AM