[NotYourLawyer]

> The irony is that shredding devices is relatively risky today. The latest drives have 500,000 tracks of data per square inch. A sophisticated data recovery person could take a piece as small as 3mm and read the data off it, Mr Hands says.

I call bullshit on this, unless you can show me a single example of this ever happening anywhere.

[kryogen1c]

Don't forget that sensitive data is encrypted. The only thing harder than breaking bitlocker on a hard drive is breaking bitlocker on a random 0.5% chunk of hard drive unaligned with the r/w tracks.

Bullshit is too weak a word.

[404mm]

Encrypted and stripped/sharded in most cases.

My employer just shredded somewhat new-ish enterprise grade SSD worth a few $M. It hurt to watch :(

[Damogran6]

Overheard: "Does our Degausser work on SSDs?"

[more_corn]

Degaussers don’t work period. I’ve heard the theory that The hard drive case functions as a faraday cage. Whatever the cause the evednce backed method is best. Grab a random selection of drives out of your degausser output tray. You’ll be able to get data off of all of them. Some may even boot. (The above led to our company buying a bunch of crushers)

[netsharc]

Don't HDD's come with encryption per default nowadays? I.e. the 1's and 0's on the platter go through a layer of decryption that happens on the logic board of disk, before it travels through the SATA cable. And vice-versa when writing.

There's an ATA command to protect the encryption key with a password (and you'll be asked on boot for the password), but if the password isn't set, there's still an encryption key. Just make that irretrievable and the information is theoretically irretrievable.

But yeah, funny how superstitions still control the world and people still say "The HDD needs to be shredded so we're absolutely sure!"

[b112]

Do you audit all the hard drives, to make sure that:

* someone didn't prep and use the drives before using OS level encryption

* someone didn't ignore swap space, eg config mistake

* some process was supposed to set up / a person set up, but didn't

Are you going to audit all those drives? It's literally cheaper to just destroy them, far far cheaper.

[doublerabbit]

> Bullshit is too weak a word.

Try the English slang word for bullshit, bollocks.

Or that if we wish to keep it PG: deceptive nonsense.

[anotherhue]

https://www.etymonline.com/word/bollocks

[fomine3]

It's fortunate if every sensitive data are encrypted

[tyingq]

Not in normal circumstances, but maybe in high profile ones. I imagine they would have tried to do something if they found, for example, hard drive fragments that Snowden possessed. If not for real purposes, perhaps to demonstrate they tried everything.

[jl6]

Plus, wouldn’t you expect paranoid orgs to overwrite with zeros/random or crypto-shred the data before physically shredding the device?

It does seem far fetched that someone would go to the trouble of putting a 3mm chunk of platter on a testbed only to most likely recover something that may as well be random noise.

[hospitalJail]

>I call bullshit on this, unless you can show me a single example of this ever happening anywhere.

Real world and lab conditions are different.

Given how high stakes somethings can be, nothing would surprise me.

[NotYourLawyer]

I can imagine lots of plausible/implausible things. If they’re not practically possible, I’m not gonna worry about them.

[hospitalJail]

Oh for sure, you aren't a high value target.

Its why people don't worry about Apple and Privacy/Security. They arent the best in the business, but unless you are a VIP, no one is going to waste the latest 0click pegasus exploit on you.

[NotYourLawyer]

Developing a 0 click exploit is a lot easier than recovering useful data from a small, physically damaged chip of a hard drive platter.

[harvey9]

You would need a lab in the real world to do this recovery, if it is possible.

[EMCymatics]

Tip of the bullshit pile