[999900000999]

Seems like a horrible invasion of privacy for very little benefit.

The logs are stored on an SSD , which is literally the only part you need to replace when donating or reselling a PC. Any enterprise company should have a policy ensuring SSD destruction.

Most laptops will last a long time assuming they aren't abused. I guess the SSD wears out, but that's a 50$ part.

[GuinansEyebrows]

> Any enterprise company should have a policy ensuring SSD destruction.

Counterpoint: enterprises shouldn't be incentivized to produce physical waste containing toxic components that are virtually only available from supply chains that abuse human rights and cause mass ecological devastation.

this idea that we should just shred perfectly working components because an asshole in a suit doesn't understand FDE (or just... wiping the drive) is bad for everybody in the log run.

[999900000999]

Ok.

The alternative is corporations just trash the entire laptop. With the rise of soldered ssds( Apple for one) this is possible.

Maybe argue for better recycling ?

It only takes one half awake IT guy to forget to wipe a few drives to spook companies.

In my world if MegaCorp offloads used laptops to a non profit, and the non profit just has to throw in a cheap SSD, that's a win.

[GuinansEyebrows]

that's one alternative. another is: the corporation is regulated against unnecessary waste, and they do their due diligence to ensure the drive is wiped before resale/donation.

trade secrets must take a backseat to human rights and toxic pollution from mines.

[999900000999]

>trade secrets must take a backseat to human rights and toxic pollution from mines.

Or personal medical information, which in some cases( STI status, etc) can ruin thousands of lives if leaked.

The solution is recycling the destroyed drives, not banning secure data destruction.

[mrheosuper]

or make sure even if the data is leaked, it's useless.

There is reason we don't store raw plain password in database, even if we know data in database should not be leaked.

[yjftsjthsd-h]

> Any enterprise company should have a policy ensuring SSD destruction.

Why? Drives should already be encrypted, at which point you just lose the key and it's unrecoverable.

[kube-system]

They should, but then it only takes one misconfigured, or misbehaving machine to cause a data breach that, depending on the industry, could be a big headache and cost. At scale, with many employees, the chances of this happening approach 1.

Physical destruction is cheap and effective insurance against this.

[SoftTalker]

Yeah my employer policy is no hard drives are ever left in retired equipment. They get pulled and crushed.

[999900000999]

It's just easier.

You don't have to worry about IT forgetting to wipe a drive or something.

You have a policy that says we take the SSD out before sending it to the reseller/donating.

A used SSD is a bad idea anyway, everything else on a laptop can more or less work indefinitely

[rwyinuse]

From reliability perspective an used SSD is not a bad idea. Average SSD that has seen typical business / home use will become obsolete long before it reaches its TBW rating, and many drives last way beyond that. Keyboard, screen or even the motherboard are more likely to give up before the SSD.

[999900000999]

At least in my experience SSDs are literally the only part that tends to fail.

Using a used SSD( Refurbished assuming direct from manufacturer might be ok) feels like digging though someone else's stuff.

Maybe they cleaned it, maybe they left business docs or other sensitive data. The risk to reward is too great.

[sokoloff]

Having IT roll up into me, I've seen way, way more batteries fail than SSDs. Screen failure [and hinge failure] is far more common than SSDs failing. Keyboard/touchpads fail more often. Charging bricks/cables also fail somewhat more than SSDs. Beyond that, in the low end of the laptop re-use market, "just blindly always buy and install a new SSD" breaks the economics pretty badly.

Look at the SMART stats, format the drive, and install your OS. For people shopping laptops under $250, that seems like a better path than a new SSD.

[positr0n]

What's the risk to you the user if it wasn't properly cleaned? Plug it in and format as the first thing you do if it worries you.

[mystified5016]

Why take the risk? If you remove the drive when decommissioning a machine you now have 100% certainty that there is no possible data leak and it costs nothing but two minutes of labor.

If you care at all about data leaks, there's literally no reason to not destroy decomissioned frives and a lot of very real potential risks in not destroying it.

It may be "nicer" to a hypothetical second user, but you don't care about them and new drives are dirt cheap anyway.

[jeroenhd]

I wouldn't: https://www.bitdefender.com/en-us/blog/hotforsecurity/resear...

I don't trust HP firmware to wake the laptop from sleep in one attempt, let alone trust them to securely store their telemetry (that they won't let me see directly).

[yjftsjthsd-h]

The problem was that

> BitLocker essentially trusts self-encrypted drives to do their job, and defaults to the drive”s hardware encryption.

But that was 2018; the result was that in 2019 https://support.microsoft.com/en-us/topic/september-24-2019-... happened:

> Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change.

And in any event, I would tend to argue that the matter of reselling is secondary: The problem is that the affected disks are effectively unencrypted, and that's a problem regardless. If your disks are properly encrypted, then reselling them should be safe.

[jansper39]

This is incorrect and not how Bitlocker operates at all. Bitlocker doesn't operate with self encrypted drives, instead the encryption happens on the OS level.

[yjftsjthsd-h]

What's incorrect? The part of the official MS announcement that it's done in software now, or that it used to trust drive-level hardware encryption (as shown in the above vulnerability)?

[fortran77]

There's a possibility that unencrypted data could be in a sector marked "bad" (if plaintext data was present before encryption was turned on). It's just not worth it. I always take my drives out and put a few holes on them on the drill press before disposing/donating computers.