• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Making use of warranty vs. privacy

H

Helicobacter

Member
When SSD/HDD failures occur, aren't people afraid of making use of their warranty when their personal and financial information could be stored on the NAND-chips/sectors and still retrieved form the manufacturer (or enterprise server SSD's with confidential information)?
 
All depends on your level of paranoia. However, take this into consideration. All those stories you hear about personal information being stolen... how many of those are from RMA-ing a drive to a manufacturer?
 
Don't put any personal financial info on your computer in the first place and you won't have anything to worry about.
 
bryanW1995 said:
Don't put any personal financial info on your computer in the first place and you won't have anything to worry about.
Click to expand...

Indeed, you should do your taxes completely by hand... in stone and chisel.

lol, not putting any personal financial info on a computer is not really a good option. Even if you have someone else do your taxes, your personal financial information ends up on THEIR computer.

Your only option for not having any financial information on a computer is to have your company mail you your check, then go to a check cashing place and put it all under your mattress, and pay all your bills in cash. That's not very practical. Especially since many employers require direct deposit nowadays.

You may be able to reasonably keep it off of your computer, but if you use a bank or credit card, your financial information is on someone's hard drive somewhere.
 
Helicobacter said:
When SSD/HDD failures occur, aren't people afraid of making use of their warranty when their personal and financial information could be stored on the NAND-chips/sectors and still retrieved form the manufacturer (or enterprise server SSD's with confidential information)?
Click to expand...

Only economical solution would be to keep data on flash drive and forget warranty.
 
Helicobacter said:
When SSD/HDD failures occur, aren't people afraid of making use of their warranty when their personal and financial information could be stored on the NAND-chips/sectors and still retrieved form the manufacturer (or enterprise server SSD's with confidential information)?
Click to expand...
Yes
If their data is considered too sensitive to be stolen, they destroy the drive rather than bother with any warranty service.
If they value their data they would already have a good backup plan in place.
 
Sensitive data can be encrypted. And, a system with OS and programs on a SSD can be linked to a separate data drive or RAID array. Data exposure is something that can be managed. As Blain says, if it is really big time sensitive, then a failed drive would be destroyed and the failed drive simply expensed.
 
For businesses, if they worry about sensitive data on their drives, they usually have a contract with the OEM that allows them to keep failed drives (and still get the replacement) rather than send them back for RMA. Even so, the major OEMs and drive manufacturers aren't going to do anything with your drive besides fix it, thoroughly wipe it, and send it out to someone as a refurb. Small-time shops that deal with maybe a couple hundred drives a year might have time to investigate drives and look for goodies, but the big companies deal with tens or hundreds of thousands of failed drives over a year. The time it would take to recover data from a failed drive, without knowing if there is even anything sensitive on it, much less where on the drive it would be, is pretty much going to make it pointless to bother. Single drives from Joe Schmo consumer aren't a worthwhile target. Big Wall Street firm with a dozen failed drives? Hell yes, that's worth it--but they would already have a contract in place that allowed them to destroy the drive.

Sure, it's possible that an RMA'd drive will have sensitive data stolen from it. But in terms of that actually happening, you have better odds of winning the lottery.
 
There is a very very simple solution.
Encryption

Also, when you RMA a defective drive you are getting a different working drive. The defective drive is defective, they cannot read it without repairing it first.
Who is going to repair a drive (an expensive process) only to steal your user data? nobody thats who.
Anyone who has such equipment is getting much more money getting paid to restore people's data for them.
 
mcturkey said:
For businesses, if they worry about sensitive data on their drives, they usually have a contract with the OEM that allows them to keep failed drives (and still get the replacement) rather than send them back for RMA.
Click to expand...

I bought a Latitude D610 back in the day and "Keep your hard drive" was like a $5 option. Thats cheaper than what it would cost to ship the drive to them anyway.
 
The solution is simple. Something like TrueCrypt (free!) FDE. It encrypts all the sectors on the drive, so that nothing is written to the drive unencrypted. So should the drive fail, your data is safe.

IMHO, EVERYONE should be doing this. It's simple, and effective. (At least, so the docs say. I have no idea if the NSA has rainbow tables for 128-bit AES yet. They probably do.)
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top