| Hi, I'm Alex Nucci, founder of Destroyer.io. Sorry for the late response, I was just tipped about this HN thread. I had posted one, and had been answering questions, here - https://news.ycombinator.com/item?id=8074934 HIPPA typo: Thanks for pointing out the typo, it has been fixed. We just opened up the site today, I expect to find a few extra mistakes and bugs that we'll have to fix. --- "Easiest way to destroy a drive": DBAN is not physical destruction, which is what we do. We do it this way because it's the only way to guarantee that your data will disappear, forever. Taking a hammer to the drive, disassembling it and burning it might do the trick. We're not here to serve hardcore DIYers, we're here to serve people that need a guaranteed, quick and inexpensive service that does it for them. Like any other service business, there's a group of potential customers that will want to wash their own car, cook their own meal, paint their own nails, clean their own house, cut their own hair, etc. We believe that we're offering great value for the service being provided, at just $19 (and $10 for extra drives). We also believe that paying $19, checking out in under 60 seconds, getting a box delivered to you, dropping the drive inside the box and then just dropping off the package at a drop box (or scheduling a pick up) is the easiest way to go about this. --- NSA wording: When we say we use the same methods recommended by the NSA, we're trying to say that we use the same methods that the government uses to destroy their drives. Having said that, I'm by now certain that the NSA wording will be changed. Just seeing those words makes people uncomfortable, and after a lot of feedback it seems that it's doing our company a disservice. --- Drop box: This option is not for everyone, and we realize that. You can also schedule a free pickup or drop it off yourself at any of their facilities. --- Locking mechanism, etc.: These are upgrades that we've though about. Some seem more possible than others, but we can definitely improve on the choices being offered (currently just one). Improvements across the board will be implemented as we grow and get more feedback, that's for sure. -- In conclusion, thanks for taking the time to detail your pain points. We shouldn't be leaving so many unanswered questions, our messaging should be clearer and leave nothing to doubt. I'll take all of your feedback, along with the rest that I've gotten today, and improve our message and service. Let me know if there's anything else that I can answer for you. Cheers! |
> DBAN is not physical destruction, which is what we do. We do it this way because it's the only way to guarantee that your data will disappear, forever.
Hence the second part of that comment. I mentioned DBAN (or any means of overwriting with randomness and/or zeroes) because it clears the data and further minimizes opportunities for recovery should a shard (or whole drive) escape before being destroyed. It's just like why your company degausses first; it's an extra level of protection and assurance that the data is gone forever.
> Taking a hammer to the drive, disassembling it and burning it might do the trick. We're not here to serve hardcore DIYers, we're here to serve people that need a guaranteed, quick and inexpensive service that does it for them.
Throwing drive platters in a fireplace sounds pretty guaranteed, quick, and inexpensive to me. Just costs firewood and a willingness to see pretty colors in your living room :)
> Having said that, I'm by now certain that the NSA wording will be changed. Just seeing those words makes people uncomfortable, and after a lot of feedback it seems that it's doing our company a disservice.
That's certainly a good idea.
If you want to reference a government agency that isn't notorious for doing whatever it can to circumvent data destruction as part of the reason it exists, might I recommend NIST, whose guidelines are the ones that the Department of Defense, HIPAA, etc. use for data retention/destruction requirements? While I'm not necessarily trusting of any government agency on a personal level, there are plenty of hospitals and other medical facilities that follow HIPAA, HITECH, etc. to the letter and will feel better that you're actually paying attention to the requirements HIPAA bases its own from.
> You can also schedule a free pickup or drop it off yourself at any of their facilities.
That solves the problem of the drop box, yes, but that wasn't what I was talking about. As much as I like UPS, it's not impossible for them to misplace a package during transit, for example, nor is it for a rogue UPS guy to snatch the hard drives during transit and sell them to identity thieves / business competitors / the NSA / etc. That's a huge problem when a drive contains ePHI or trade secrets or something else requiring absolute confidentiality.
The hospital I happen to work for right now (and whose data destruction policy I've had a hand in influencing by recommending our recent policy of wiping and destroying drives that may contain ePHI) handles the physical destruction through a local company which gives us a bunch of locked dropboxes (for hard drives and paper documents, both of which frequently contain PHI) and picks them up routinely and frequently, transporting everything themselves. While that degree of service might be out of your current capacity (I haven't the slightest idea what your expansion potential and/or willingness to buy some vans are), I do recommend allowing local businesses to drop off media at your facility directly (or otherwise providing a drop-off location that you control yourself) in order to avoid the potential hassles of damage control that would arise should their hard-drive-in-a-box disappear or be tampered with somewhere between their companies/homes and your own.
> In conclusion, thanks for taking the time to detail your pain points. We shouldn't be leaving so many unanswered questions, our messaging should be clearer and leave nothing to doubt. I'll take all of your feedback, along with the rest that I've gotten today, and improve our message and service.
Good to hear. I really do like the idea; it just needs these seemingly-little-snags (among others that other folks commented on) worked out, since such snags - no matter how seemingly minor - are often the difference between proper security and potential data leaks. Nice to know you're taking it all to heart and at least interested in making your service as rock-solid as it can possibly be.