For ID scans, Discord says that documents “are deleted quickly.”
Just a few months ago they had a data leak which proved that they were indeed /not/ deleting documents and ID’s like they had been claiming.
Granted in that case it was mostly countries that force keeping that data but, I’m sick of companies lying and saying “lol yea we defo delete the data after”
More like they become reusable. A lot of places that refurbish donated computers for people who need them are perpetually short on drives since so much of the hardware they get have the drives pulled.
Yeah lmao. Wipe one drive at a time with a USB connector. No thanks. I don’t have bulk drive operation equipment and then it ties up a computer doing the work.
saw a setup like that at work, until it was determined to be a fire hazard. which it was.
had to short the start pins of the MoBa with a paperclip to start the damn thing.
we called it “the scorpion”, cause it would shock you if you touched it wrong, and it kinda looked like a scorpion with the cables hanging out all over the floor…
This is not truly foolproof. Data can still be recovered from the spinning metal platter since it can theoretically be removed and put into a recovery device, even in a broken state.
Im addition to that, hard drives/ssd’s sometimes have small flash memory chips, from which data can sometimes be recovered.
If you want it to actually be unrecoverable then you have to actually ensure all parts thay store data are truly deleted/wiped, which is more than just the core platter. Or just use encryption and throw away the key, since all data going through the tiny OS on these devices will be encrypted. Or just store them forever in a vault.
It’s not that hard though. There are companies that offer data recovery as a service. If the value of the data on those drives exceeds the cost of those services then it becomes worth it to fish one of the drives out of the dumpster and take it there.
This is a very specialized job, your avg joe is not going to do it. Also, in the many years I’ve been in IT, I’ve never even seen a video of a platter reconstructed and get data off it.
My friend is an exec there. After reading this thread bugged him to buy my software that would protect this vulnerability. They confirmed data/file never leaves the user’s device. Sounds pretty safe.
You do know that it’s bullshit? Unless they’re incredibly incompetent they’re lying to you. If the data never leaves the client then all the checks are client-side, which means it’s relatively easy (compared to a server side check) to bypass those checks.
For a while (maybe even still, I haven’t kept up with it) you could unlock paid features with a modded client, so they absolutely have a history of using client-side verification.
Afaik the files exfiltrated were photos that the on device detection could not identify and were uploaded to verify server side. That would mean not all pictures are sent to the backend, and that corroborates why “only” 70k photos were stolen when discord has millions of users verified.
Of course you have to put your trust in a closed source system so best not to upload, but if true it’s still a far cry from openly lying about it. It’s probably explicitly stated in their ToS that they may upload the file if the verification fails client side.
Just a few months ago they had a data leak which proved that they were indeed /not/ deleting documents and ID’s like they had been claiming.
Granted in that case it was mostly countries that force keeping that data but, I’m sick of companies lying and saying “lol yea we defo delete the data after”
I won’t even give hard drives when recycling a computer, I pull and smash myself. Last set of old drives I cut in half with bolt cutters.
That’s overkill, a couple of passes with dd and it’s irrecoverable.
A couple of passed with dd takes way longer than bolt cutters and it’s much less satisfying
I think they meant you could wipe with dd and then they are
recyclablereusable.EDIT: s/recycleable/reusable
They’re recyclable snipped.
More like they become reusable. A lot of places that refurbish donated computers for people who need them are perpetually short on drives since so much of the hardware they get have the drives pulled.
SSDs are cheap enough, no sense in using a 10 year old mechanical drive to save $30.
SSDs are not cheap anymore, mate. “AI” made sure of that.
Yeah lmao. Wipe one drive at a time with a USB connector. No thanks. I don’t have bulk drive operation equipment and then it ties up a computer doing the work.
Wait, you don’t just hang like 6 of them out of your desktop by their cables and wipe them while you sleep?
Mine, sure. I replaced 15 desktops that day, no fucking way.
Snip
saw a setup like that at work, until it was determined to be a fire hazard. which it was.
had to short the start pins of the MoBa with a paperclip to start the damn thing.
we called it “the scorpion”, cause it would shock you if you touched it wrong, and it kinda looked like a scorpion with the cables hanging out all over the floor…
#tales-from-IT
I think bolt cutters are faster though
And significantly more power efficient
But more wasteful
They’re 500gb mechanical hard drives with financial data on them. Snip and done. No time wasted, not reusing them.
What’s dd?
A tool, primarily within Linux, that can overwrite disks. I’ve never seen it recommended for data deletion, but I guess it makes sense.
It stands for “disk to disk” and is usually used for things like writing ISOs.
However,
shredis the usual approach.I thought it stood for DiskDump
A wise coworker of mine once told me that, when it comes to what Unix commands stand for, you kind of make it up as you go.
In this case, though, looks like we were both wrong.
Darn
This is not truly foolproof. Data can still be recovered from the spinning metal platter since it can theoretically be removed and put into a recovery device, even in a broken state.
Im addition to that, hard drives/ssd’s sometimes have small flash memory chips, from which data can sometimes be recovered.
If you want it to actually be unrecoverable then you have to actually ensure all parts thay store data are truly deleted/wiped, which is more than just the core platter. Or just use encryption and throw away the key, since all data going through the tiny OS on these devices will be encrypted. Or just store them forever in a vault.
Bud, if you put that platter back together after I snipped it, you deserve every bit of data you get off it, 1000%
It’s not that hard though. There are companies that offer data recovery as a service. If the value of the data on those drives exceeds the cost of those services then it becomes worth it to fish one of the drives out of the dumpster and take it there.
This is a very specialized job, your avg joe is not going to do it. Also, in the many years I’ve been in IT, I’ve never even seen a video of a platter reconstructed and get data off it.
Microwave it idk
I think I’ve never disposed of one for this reason haha
We delete your data after we hand it off to our partners. Who definitely do not delete it.
My friend is an exec there. After reading this thread bugged him to buy my software that would protect this vulnerability. They confirmed data/file never leaves the user’s device. Sounds pretty safe.
You do know that it’s bullshit? Unless they’re incredibly incompetent they’re lying to you. If the data never leaves the client then all the checks are client-side, which means it’s relatively easy (compared to a server side check) to bypass those checks.
For a while (maybe even still, I haven’t kept up with it) you could unlock paid features with a modded client, so they absolutely have a history of using client-side verification.
Afaik the files exfiltrated were photos that the on device detection could not identify and were uploaded to verify server side. That would mean not all pictures are sent to the backend, and that corroborates why “only” 70k photos were stolen when discord has millions of users verified.
Of course you have to put your trust in a closed source system so best not to upload, but if true it’s still a far cry from openly lying about it. It’s probably explicitly stated in their ToS that they may upload the file if the verification fails client side.
Source: Trust me bro.