Say you have an old computer that you wish to get rid of: give away, donate to charity, let a friend enjoy it for a few more months before it dies, maybe even sell it. Whatever you decide, you might be faced with a big question. What kind of steps do you need to take to make sure that your data is not going to be used by the new owners? This article will teach you about different methods designed to ensure your private data will not fall into wrong hands when you dispose of the hardware that previously stored it.
There are several scenarios that you need to take into account. These will determine what kind of action is required of you when giving away old computers.
- Computer without a hard disk
- Computer with a blank/empty hard disk
- Computer with a hard disk and a freshly installed operating system
- Computer with a hard disk and an existing operating system
Computer without a hard disk
This is the simplest scenario. You're giving away a heap of functional metal and plastic. The hard disk remains in your possession, which means no personally identifiable data remains in that box, save maybe food leftovers and skin flakes. You have nothing to worry about.
Computer with a blank/empty hard disk
The big question is - is this a new hard disk or not? If this is a new hard disk never used before, then same rules apply as the case above. However, if you are reusing a hard disk, some caution is necessary. The fact your disk may have been formatted to appear new and clean does not mean the underlying data is not accessible.
Disk data deletion is a tricky process. Actual data, sequences of zeros and ones are rarely completely erased, because this is a slow and costly operation. It is much simpler to let the operating system know that certain blocks of data are no longer in use and can be written over. For all practical purposes, the data remains there, only it is invisible by the filesystem. A skilled user could easily access that data, potentially exposing private information that you thought safe or meant to keep safe.
You might even assume that formatting the disk would make the data inaccessible. Or you may even opt for deleting data partitions. In both cases, the deletion is a quick, almost symbolic operation, with pointers to logical structures defining the data storage being removed, without actually touching the data.
The only way you can really make sure your old data is never accessible again is by performing a low-level format, which is a slow scrubbing process of each and every byte of data on your disk and that can take several hours to complete.
Computer with a freshly installed operating system
If you give away a computer with a new system installed, there's a decent chance that you have formatted the disk beforehand. This means that old data may have been overwritten, at least parts of it. However, if your previous setup revolved around a single large partition with lots of free disk space and a high degree of fragmentation, it's possible most of your data remains untouched by the new installation. Once again, you face the same challenges as with an old but empty disk. Low-level formatting is required to ensure the data is forever lost before performing a new system installation.
Computer with a previous operating system
This is the trickiest scenario of all. You intend to give away your computer as is. However, you want to make sure your personal data is erased. So you delete your documents and your browser profile. But what about your software licenses, application settings, caches, temporary files, etc?
Let me begin by saying that you should never do this. However, if you decide to disregard my advice, then here's a handful of tips that might help you hide away some of your previous data, with no guarantee of absolute success.
On Windows, you will have to work hard to remove all and any trace of your existing programs. The main reason for this is the registry, a binary database-like hive of information that Windows relies upon to operate normally. The registry contains all sorts of key-value pairs of data, including possibly private information, software activation serials, user identification and other details. It is virtually impossible to make sure all these keys are removed when uninstalling software. Even if you attempt a manual cleaning process, you may miss some of the registry keys.
In general, your identity-purging process should be as follows:
Delete all personal data in user folders, like My Documents, My Music, etc.
Uninstall all software you do not wish to give away to the future owner.
Launch a system cleanup tool like CCleaner and scrub away as much as possible.
Open your user folder, e.g. C:\Users\Dedoimedo and carefully go through every single sub-folder, deleting files, settings, profiles, etc. This way, you will most likely eliminate an embarrassing situation where your favorites or download history are carried over into the uncertain future.
Reboot your system.
Repeat the procedure once more, making sure you missed nothing.
However, I repeat this is not an ideal way of making sure your data remains private. I must highlight the previous point of data deletion, which is merely a removal of pointers to data structures on the disk, making existing bytes readable to a determined and skilled user.
The combination of a very tricky layout of data kept in multiple locations, incomplete registry cleaning and partial software removals, and insecure data deletion all make it virtually impossible to guarantee complete disposal of personal data on a giveaway machine.
Cleaning personal data on Linux is much simpler. All of your user settings are stored in your home directory, e.g. /home/dedoimedo. Therefore, in order to create a fresh new environment for the future user, you merely need to create a new user and then delete the existing one.
If you wish to give them your existing user, you will have to delete your personal configurations from the home directory. These settings are kept in hidden directories and files prefixed with a dot (.), hence if you delete all dot entries, you should be fine. However, you might break some things, including your ability to continue working in your existing session, so you might want to do this from a live CD.
Additionally, you will need delete your actual data. If you are interested in secure deletion, Linux comes with a handful of useful utilities, like shred. Alternatively, you can simply fill your disk with zeros using dd once the deletion is complete.
Lastly, if you are running a Debian and/or Ubuntu-based distribution, you might be interested in Remastersys, a tool designed to create bootable images of your installed system with or without personal data included, and then use that as the basis for the subsequent giveaway, without having to go through a long and tedious process of reinstalling everything from scratch. I also have a tutorial on the topic, if you're interested.
A good deed can also be a safe deed. When you plan on giving away an old computer, basically it comes down to your hard disk. Do you plan on giving it away or no? If you do, things start to get a little more complicated, but there are several degrees of complexity before you.
A smart combination of low-lever formatting and a fresh installation is probably the best option. Giving away an existing operating system comes with a handful of risks that cannot be easily mitigated, so you should treat this as the least preferable choice. However, you can still reduce the risks by a careful deletion of data, user preferences and application profiles. In this regard, Linux has the upper hand, due to a simpler structure, lack of registry and several built-in tools that make data deletion safer. Well, that would be all. Now, it's up to you to be the good Samaritan.
About the author:
Igor Ljubuncic aka Dedoimedo is the guy behind dedoimedo.com. He makes a living out of his very hobby - Linux, and holds a bunch of certifications that make a nice pile in the bottom drawer.