Here’s a fun thing I like to do: buy an old hard drive on eBay, then run recovery software on it. It’s a little data treasure hunt, and you’ll be amazed at what you can find. Even more amazing though are people who don’t even bother to delete data first; they just sell the phone or throw away the machine as is. You might as well put family photos, bank documents and your passport in a box, then leave it outside your house with a giant “steal me” sign on it.
If you don’t want to be one of those thousands of people who fall prey to privacy invasions and identify theft every day, then read on. Here are 3 essential steps to take before getting rid of a device.
Even if you think you’ve copied everything you need, there’s probably something you’ve forgotten – your bookmarks, or application settings, for instance.
For iOS devices, the computer you’re synced to would have automatically made backups. When you buy a new phone, you can simply restore your applications and purchases. To check if you’ve been backed up, connect the device to iTunes and open it up from the sidebar (you don’t even need it connected if you’re on the same network and latest versions); the Summary tab includes a Backup section as well as the last backup taken.
Android devices vary greatly, but Ice Cream Sandwich version 4 and up automatically back up purchases and settings to your Google Play account. Check if this is working from the Android Devices section of your Google Dashboard. For older devices and the more intrepid hacker types, Titanium Backup (rooted only) is apparently the prefered method.
A lot of people know as much as delete their data first, but many don’t realise that deleted data can still be accessed using recovery software. That’s right, all I need to do is plug your drive into my computer, and click Go: the software will extract everything it can find, combining little bits into images files, documents, and music. You can buy this software for less than $100.
This method of extracting data – even when it’s supposedly been deleted – works because “deleting” data doesn’t actually remove it from the drive – merely, it marks that area of the drive as available for use, and deletes the index of the file. The data itself – the 0s and 1s that make up that file, are still there.
This is where secure deletion comes in, in various levels of complexity. The basic principle is the same though: you need to write over the area of the disk where the file was stored. The most basic method is called “single pass” because it passes over the data and once and writes 0s all over it.
For most situations, a single pass is sufficient, but deeper recovery scans can still identify this data. For very sensitive data, multiple passes are required that not only zero out the data but also write random data over it a number of times. The US Department of Defence standard for securely erasing data specifies a whopping 7 passes; that is well and truly unrecoverable.
So, do you need elaborate and complicated systems to do this kind of secure formatting? Nope.
In OS X, head over to the Disk Utility and select the drive -> Erase tab -> Security Options.
In Windows, you can use the command line DISKPART utility to “clean” a drive, securely formatting it.
Note that in both cases, you cannot securely erase the system drive, because that would be erasing itself; in this case, use a boot disk designed specifically to perform secure erases such as DBAN on PCs, or insert your OS X install CD and boot as if you were going to install a new system – Disk Utility is available from the Tools menu.
For Android devices, securely delete the SD card if you have one using the Windows method described above. Although there is a factory reset method built into Android OS, it is apparently not secure. For devices with a system partition, I suggest first enabling encryption from Settings -> Security -> Encrypt; then doing a factory reset. This is only available on Ice Cream Sandwich and above though, so you’ll need to search for a specific method if you’re running older versions of Android.
For an iOS device, data is automatically encrypted so recovery is incredibly difficult; go to Settings -> General -> Reset -> Erase all content and settings to effectively nuke everything before you sell it.
Re-install an OS
Depending on who the computer is intended for, reinstalling the OS is basic courtesy. Most brand name PCs and laptops come with restore CDs which will put your PC back to the way it was when you purchased it; use the license key that’s indicated on a sticker on the machine when prompted.
If you don’t have or can’t find these restore CDs, Linux is probably your best option; Ubuntu has a wealth of information out there – including a few of our own guides, which a really nice person would download for the future owners and place on the desktop (hint, hint). You could of course just specify “no operating system supplied”, but some users will have no idea what this means and it may come back to bite you in the form of bad eBay ratings or unwanted phonecalls.
Whatever you do, don’t install something that you don’t have a license for. It could land you both in serious trouble when they take it for repair or phone up Microsoft to get support.
De-authorise DRM purchase
A lot of media comes with DRM nowadays; like iTunes. iTunes allows your own purchases to be downloaded to up to 5 of your devices; these can quickly add up though if you have a Mac, an iPad, iPhone and are regularly upgrading them.
Luckily, there’s a quick an easy way to deauthorize all your currently regisered devices at once – however, you can only do this once per year. To do this from iTunes, click on the iTunes Store from the left hand sidebar; then sign in to your account and view your account details. From there, you can select Manage Devices.
(Oddly, I have 6 devices authroized right now; Apple maintains the maximum is 5, but perhaps this only applies to computers and not mobile devices)
You can also authorize and deauthorize a single machine from the iTunes Store menu on that machine. The iTunes account can only be changed once every 90 days though.
Obviously, iTunes isn’t the only DRMed service out there, so check up on your own services to see if you need to deauthorize anything.
Do you have a checklist of things to do when selling or giving away a device? Let us know in the comments, and we shall be eternally grateful!
Image credit: ShutterStock: Computer Hacker