Hacker News new | ask | show | jobs
by sj4nz 4350 days ago
Except for SSD's, perhaps its just easier to use something like http://www.dban.org/ and DIY. If you're a little paranoid, it isn't hard to imagine the USPS waylaying mail hard drives en-route to Destroyer.io for forensic imaging before it reaches its final resting place.
1 comments
alexnucci 4350 days ago
I understand your concerns, but this particular scenario seems a little far fetched.

USPS would have to have a very strong interest in your hard drive. Know when you ship it. Intersect the package. Repackage it up exactly as it was. And finally, deliver it. This is extremely complicated, and they would be breaking an immense amount of laws. If they had such a strong interest in getting a hold of your drive, they'd be far better off stealing it from your home (or hacking into it).

I do understand that there are some other cases that won't be as extreme (how do we guarantee that we do in fact destroy it upon arrival?). Some level of trust, as with any service that you give you social security info, personal information or even Dropbox has to exist. Our aim is to answer any question that might happen in a realistic and likely scenario, and make sure that our messaging is on point.

Also, as I mentioned above, we're in the process of getting our NAID AAA, eStewards, R2 and ISO 14001 certifications.

Hope this answers your question, let me know if it makes sense (or shoot another question my way). Cheers!

link
sj4nz 4350 days ago
The USPS already has the infrastructure to do it and its over a century old. I'm not even questioning your service, I just know that you have no control in the USPS segment of the package's chain-of-custody.

http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mai...

link
alexnucci 4350 days ago
Thanks for the article, and I understand your concern.

Adding FedEx as an upgrade option is something that is in the plans. Since we're just launching, we started out with USPS because it's the most cost effective and convenient (daily mailbox pickup and you can even schedule one free).

Having an alternative shipping method should help.

link
sj4nz 4349 days ago
You could very well charge a large, hefty premium to have a private courier service pick up drives to be destroyed. I'm sure that there would be a small, select client base that would pay for it. Or, subsidize part of the cost for this premium service from users of the lower-end services.
link
alexnucci 4349 days ago
You are right, that's an option that would serve some of our customers.

We'll definitely expand in our service and shipping options as we grow.

Thanks a lot for taking the time to give us some feedback. Cheers!

link
sj4nz 4349 days ago
You're welcome!
link
toomuchtodo 4349 days ago
You should be able to bring UPS and Fedex online quickly using Easypost:

https://www.easypost.com/

link
alexnucci 4349 days ago
The problem isn't in connecting our site to an extra shipping carrier, it's in getting the required volume for our rates and service to be excellent. Also about receiving three different batch deliveries daily.

So, once volume picks up, we'll offer FedEx or UPS along with our standard USPS service.

Thanks for the feedback and recommendation. Cheers!

link
yellowapple 4349 days ago
Wait, the site already says you're using UPS for this. Is that a typo (like the HIPAA one I pointed out earlier)?

If it's a typo, then I guess there's another stumbling block until you do eventually offer UPS...

link
pjlegato 4349 days ago
This scenario is not far-fetched at all; the Snowden documents indicate that the NSA is already doing exactly this:

- http://www.engadget.com/2014/05/16/nsa-bugged-cisco-routers/ - http://www.theguardian.com/books/2014/may/12/glenn-greenwald... - http://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-lapto... - etc.

At the very least, shipments should be made in a strongly tamper-evident container.

link