For ID scans, Discord says that documents “are deleted quickly.”
Just a few months ago they had a data leak which proved that they were indeed /not/ deleting documents and ID’s like they had been claiming.
Granted in that case it was mostly countries that force keeping that data but, I’m sick of companies lying and saying “lol yea we defo delete the data after”
More like they become reusable. A lot of places that refurbish donated computers for people who need them are perpetually short on drives since so much of the hardware they get have the drives pulled.
Yeah lmao. Wipe one drive at a time with a USB connector. No thanks. I don’t have bulk drive operation equipment and then it ties up a computer doing the work.
saw a setup like that at work, until it was determined to be a fire hazard. which it was.
had to short the start pins of the MoBa with a paperclip to start the damn thing.
we called it “the scorpion”, cause it would shock you if you touched it wrong, and it kinda looked like a scorpion with the cables hanging out all over the floor…
This is not truly foolproof. Data can still be recovered from the spinning metal platter since it can theoretically be removed and put into a recovery device, even in a broken state.
Im addition to that, hard drives/ssd’s sometimes have small flash memory chips, from which data can sometimes be recovered.
If you want it to actually be unrecoverable then you have to actually ensure all parts thay store data are truly deleted/wiped, which is more than just the core platter. Or just use encryption and throw away the key, since all data going through the tiny OS on these devices will be encrypted. Or just store them forever in a vault.
It’s not that hard though. There are companies that offer data recovery as a service. If the value of the data on those drives exceeds the cost of those services then it becomes worth it to fish one of the drives out of the dumpster and take it there.
This is a very specialized job, your avg joe is not going to do it. Also, in the many years I’ve been in IT, I’ve never even seen a video of a platter reconstructed and get data off it.
My friend is an exec there. After reading this thread bugged him to buy my software that would protect this vulnerability. They confirmed data/file never leaves the user’s device. Sounds pretty safe.
You do know that it’s bullshit? Unless they’re incredibly incompetent they’re lying to you. If the data never leaves the client then all the checks are client-side, which means it’s relatively easy (compared to a server side check) to bypass those checks.
For a while (maybe even still, I haven’t kept up with it) you could unlock paid features with a modded client, so they absolutely have a history of using client-side verification.
Afaik the files exfiltrated were photos that the on device detection could not identify and were uploaded to verify server side. That would mean not all pictures are sent to the backend, and that corroborates why “only” 70k photos were stolen when discord has millions of users verified.
Of course you have to put your trust in a closed source system so best not to upload, but if true it’s still a far cry from openly lying about it. It’s probably explicitly stated in their ToS that they may upload the file if the verification fails client side.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.
Rules
1. Submissions have to be related to games
Video games, tabletop, or otherwise. Posts not related to games will be deleted.
This community is focused on games, of all kinds. Any news item or discussion should be related to gaming in some way.
2. No bigotry or harassment, be civil
No bigotry, hardline stance. Try not to get too heated when entering into a discussion or debate.
We are here to talk and discuss about one of our passions, not fight or be exposed to hate. Posts or responses that are hateful will be deleted to keep the atmosphere good. If repeatedly violated, not only will the comment be deleted but a ban will be handed out as well. We judge each case individually.
3. No excessive self-promotion
Try to keep it to 10% self-promotion / 90% other stuff in your post history.
This is to prevent people from posting for the sole purpose of promoting their own website or social media account.
4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
This community is mostly for discussion and news. Remember to search for the thing you’re submitting before posting to see if it’s already been posted.
We want to keep the quality of posts high. Therefore, memes, funny videos, low-effort posts and reposts are not allowed. We prohibit giveaways because we cannot be sure that the person holding the giveaway will actually do what they promise.
5. Mark Spoilers and NSFW
Make sure to mark your stuff or it may be removed.
No one wants to be spoiled. Therefore, always mark spoilers. Similarly mark NSFW, in case anyone is browsing in a public space or at work.
6. No linking to piracy
Don’t share it here, there are other places to find it. Discussion of piracy is fine.
We don’t want us moderators or the admins of lemmy.world to get in trouble for linking to piracy. Therefore, any link to piracy will be removed. Discussion of it is of course allowed.
Just a few months ago they had a data leak which proved that they were indeed /not/ deleting documents and ID’s like they had been claiming.
Granted in that case it was mostly countries that force keeping that data but, I’m sick of companies lying and saying “lol yea we defo delete the data after”
We delete your data after we hand it off to our partners. Who definitely do not delete it.
I won’t even give hard drives when recycling a computer, I pull and smash myself. Last set of old drives I cut in half with bolt cutters.
That’s overkill, a couple of passes with dd and it’s irrecoverable.
A couple of passed with dd takes way longer than bolt cutters and it’s much less satisfying
I think they meant you could wipe with dd and then they are
recyclablereusable.EDIT: s/recycleable/reusable
They’re recyclable snipped.
More like they become reusable. A lot of places that refurbish donated computers for people who need them are perpetually short on drives since so much of the hardware they get have the drives pulled.
SSDs are cheap enough, no sense in using a 10 year old mechanical drive to save $30.
SSDs are not cheap anymore, mate. “AI” made sure of that.
Yeah lmao. Wipe one drive at a time with a USB connector. No thanks. I don’t have bulk drive operation equipment and then it ties up a computer doing the work.
Wait, you don’t just hang like 6 of them out of your desktop by their cables and wipe them while you sleep?
Mine, sure. I replaced 15 desktops that day, no fucking way.
Snip
saw a setup like that at work, until it was determined to be a fire hazard. which it was.
had to short the start pins of the MoBa with a paperclip to start the damn thing.
we called it “the scorpion”, cause it would shock you if you touched it wrong, and it kinda looked like a scorpion with the cables hanging out all over the floor…
#tales-from-IT
I think bolt cutters are faster though
But more wasteful
And significantly more power efficient
What’s dd?
A tool, primarily within Linux, that can overwrite disks. I’ve never seen it recommended for data deletion, but I guess it makes sense.
It stands for “disk to disk” and is usually used for things like writing ISOs.
However,
shredis the usual approach.I thought it stood for DiskDump
A wise coworker of mine once told me that, when it comes to what Unix commands stand for, you kind of make it up as you go.
In this case, though, looks like we were both wrong.
Darn
They’re 500gb mechanical hard drives with financial data on them. Snip and done. No time wasted, not reusing them.
I think I’ve never disposed of one for this reason haha
This is not truly foolproof. Data can still be recovered from the spinning metal platter since it can theoretically be removed and put into a recovery device, even in a broken state.
Im addition to that, hard drives/ssd’s sometimes have small flash memory chips, from which data can sometimes be recovered.
If you want it to actually be unrecoverable then you have to actually ensure all parts thay store data are truly deleted/wiped, which is more than just the core platter. Or just use encryption and throw away the key, since all data going through the tiny OS on these devices will be encrypted. Or just store them forever in a vault.
Bud, if you put that platter back together after I snipped it, you deserve every bit of data you get off it, 1000%
It’s not that hard though. There are companies that offer data recovery as a service. If the value of the data on those drives exceeds the cost of those services then it becomes worth it to fish one of the drives out of the dumpster and take it there.
This is a very specialized job, your avg joe is not going to do it. Also, in the many years I’ve been in IT, I’ve never even seen a video of a platter reconstructed and get data off it.
Microwave it idk
My friend is an exec there. After reading this thread bugged him to buy my software that would protect this vulnerability. They confirmed data/file never leaves the user’s device. Sounds pretty safe.
You do know that it’s bullshit? Unless they’re incredibly incompetent they’re lying to you. If the data never leaves the client then all the checks are client-side, which means it’s relatively easy (compared to a server side check) to bypass those checks.
For a while (maybe even still, I haven’t kept up with it) you could unlock paid features with a modded client, so they absolutely have a history of using client-side verification.
Afaik the files exfiltrated were photos that the on device detection could not identify and were uploaded to verify server side. That would mean not all pictures are sent to the backend, and that corroborates why “only” 70k photos were stolen when discord has millions of users verified.
Of course you have to put your trust in a closed source system so best not to upload, but if true it’s still a far cry from openly lying about it. It’s probably explicitly stated in their ToS that they may upload the file if the verification fails client side.
Source: Trust me bro.
Yeah, I’ve known him and worked with him over 10 years and he knows I’m a user. I trust him. You don’t need to trust me.