Small Study Finds Computer Repair Shops Accessed Personal Data - And Sometimes Even Copied It

Ars Technica reports on what happened when researchers at the University of Guelph in Ontario, Canada, left laptops overnight at 12 computer repair shops — and then recovered logs after receiving their repairs: The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device....

The amount of snooping may actually have been higher than recorded in the study, which was conducted from October to December 2021. In all, the researchers took the laptops to 16 shops in the greater Ontario region. Logs on devices from two of those visits weren't recoverable. Two of the repairs were performed on the spot and in the customer's presence, so the technician had no opportunity to surreptitiously view personal data. In three cases, Windows Quick Access or Recently Accessed Files had been deleted in what the researchers suspect was an attempt by the snooping technician to cover their tracks....

The vast majority of repair shops provide no privacy policy and those that do have no means of enforcing them. Even worse, repair technicians required a customer to surrender their login password even when it wasn't necessary for the repair needed. These findings came from a separate part of the study, in which the researchers brought an Asus UX330U laptop into 11 shops for a battery replacement. This repair doesn't require a technician to log in to the machine, since the removal of the back of the device and access to the device BIOS (for checking battery health) is all that's needed. Despite this, all but one of the repair service providers asked for the credentials to the device OS anyway.

When the customer asked if they could get the repair without providing the password, three refused to take the device without it, four agreed to take it but warned they wouldn't be able to verify their work or be responsible for it, one asked the customer to remove the password, and one said they would reset the device if it was required.

some places may do viruses / malware scans as part

[Joe_Dragon]

some places may do viruses / malware scans as part of any repair and that can make files be listed as accessed.
Now some stuff like ccleaner does clear / flag to be cleaned some history like Recently Accessed by default.

Re:some places may do viruses / malware scans as p

[quantaman]

some places may do viruses / malware scans as part of any repair and that can make files be listed as accessed.
Now some stuff like ccleaner does clear / flag to be cleaned some history like Recently Accessed by default.

Table 1 in the paper is a lot more compelling than the evidence listed in the summary.

Basically, they looked at three levels of service providers National, Regional, and Local. The National providers are a good comparison group since you'd expect them to have the strongest privacy policies since a store with a particularly bad repair crew can make the news and cause major brand damage.

Basically as you go from National to Regional to Local technicians start looking at more and more things like personal info, pictures, as well as deleting logs. As well women got snooped on more than men.

There's also not much reason for the technician to go poking around the user's photos, particularly revealing photos.

I think my one complaint is that N is pretty small to draw any statistical conclusions, though it's certainly cause to investigate more.

Re:some places may do viruses / malware scans as p

[Joce640k]

There's also not much reason for the technician to go poking around the user's photos, particularly revealing photos.

You send in a laptop belonging to "hotgrrrl69" and expect the average repair tech to not have a little peek at the files?

You have a lot to learn about the human race.

Re:

[freeze128]

PC repair techs always have the best collection of MP3s. Want to know why?

Re:

[WaffleMonster]

You have a lot to learn about the human race.

You have a lot to learn about professionalism.

Re:

[arglebargle_xiv]

This whole thing seems a little bit suspect though, I know techs who work for various companies and their prime goal is to get the thing up and running again as quickly as possible and with as little effort as possible, log a completed job, and get it out of the way. The last thing they're going to want to do is start poking around in someone's SSSBBBBBW porn archive.

Re:

[ewibble]

Maybe they do backups as well so the files could be copied legitimately.

Re:

[The-Ixian]

It's been many years since I did computer repair, but I was the one who implemented the policies and practices at the little repair shop that I worked for.

I used FOG to create an image of the computer before I did anything else.

I would then wipe the computer, re-install the OS and then copy the files back into place.

That was the standard operating procedure. I would sometimes see file names, but I would never open any of the files.

I would then give the customer optical media (or, if they paid for it, an ext

Re: some places may do viruses / malware scans as

[mike42hunt]

Try doing a DISM repair from a live disc

Re:

[sizzlinkitty]

How does your bootable environment handle diagnosing OS issues with secure boot, encrypted drives, etc? I've seen hardware appear to be bad in Windows after bad updates, but work fine outside of windows.

Re:some places may do viruses / malware scans as p

[Revek]

You can start there and for that matter look at any files you want while you do it but in order to finish the job you will need to boot the machine on its installed OS. No way around that.

Re:

[F.Ultra]

Regardless of how you access the file the Accessed timestamp in the file changes

Re:

[Calinous]

Actually, if you mount the file system (device) as read-only, the "Accessed" time does not change.
You could easily do this in Linux, I'm not sure about how to do this in Windows though.

Re:

[F.Ultra]

Of course, I was just reacting to OP who claimed that they booted into the host OS.

Re:

[LostMyBeaver]

I would be up front with the user.

When changing a battery, I would want to charge, drain, then charge the laptop again.

If I'm offering a warranty on the service for a battery, before replacing the battery, I'd want to test its health and identify applications/browser extensions/malware draining the battery.

If the customer did not want this, I would charge extra to compensate for the risk, record the entire job as being done.. Including filming the new battery being removed from a sealed package and I would

Obviously

[TwistedGreen]

Yep, when you bring your computer in, all your data is at the mercy of the technician. Even if you don't give your password. 99.9% of the time it's of no interest whatsoever. If you have something to hide, well, you should encrypt it or learn to repair it yourself. Not sure why this is a surprise...

Re:

[jmccue]

For some reason, I thought this snooping was/is also encouraged by law enforcement.

Re:

[haruchai]

You have reason
https://www.networkworld.com/a... [networkworld.com]

Re: Obviously

[godrik]

I would expect them not to access it. Because it seems like a breach of privacy and ethics. Now obviously, i would not rely on these shops without additional protections. But your average consumer might.

Re:

[lowvisioncomputing]

Seriously?

1. How many people have a recent backup so that if it's necessary to re-install software/the OS they can recover?
2. Given that restore points were turned off by default in Win10, how many people even have a restore point?
3. How many of them even have/can find their legit install media?
4. How are you supposed to verify it works without running it?

If it wasn't a laptop, you could just remove the hard drive before bringing it in, along with your install media. And many laptops that appear at first glance

Re:

[HiThere]

Umn...if you give them the password, does "full disk encryption" help? If it does, it doesn't work the way I thought it did, but then I've never used it. (I tend to back things up to an external USB disk, and reformat the system disk. And use a Linux system (Debian).

Actually, one reason I *don't* use Red Hat is the encryption. When I wanted to access a partition from a different boot system I couldn't do it, so I reformatted, and installed a different system. But that was over a decade ago.

Re:

[DamnOregonian]

Why would you give them the password?
They do not need your password to do hardware repairs on your device. No machine I have ever sent in for work to manufacturers has ever had its password asked for.

Without encryption, they don't need your password to snoop.
If your repair shop asks for a password, find a new repair shop, because that's Red Flag #1 indicating that they're incompetent.

Re: Linux encryption (LUKS)- that is a problem on BitLocker and Mac encryption too.
In order to move an encrypted parti

Re:

[HiThere]

I didn't want to move it to a different computer. I wanted to access the same /home directory from multiple different system partitions. (Say from a Debian, an Ubuntu, and a Fedora one.)

Re:

[DamnOregonian]

Ya, that's odd. I've done that, and it worked.

Re:

[HiThere]

Well, this was over a decade ago. Perhaps they've fixed the problem.

Re: Obviously

[lowvisioncomputing]

Every fucking OS installed on laptops supports full-disk encryption. It's enabled by default in Windows and on Macs.

Absolutely false. [microsoft.com]

Is it available on my device? BitLocker encryption is available on supported devices running Windows 10 or 11 Pro, Enterprise, or Education.

And the next section from Microsoft is also false

On supported devices running Windows 10 or newer BitLocker will automatically be turned on the first time you sign into a personal Microsoft account (such as @outlook.com or @hotmail.com) or your work or school account.

Running Windows 10 pro, and Bitlocker never "automatically turned itself on" when I signed into my @outlook account. That sort of behavior would have pissed me off big time. It depends on the system policies the admin sets (and since I'm also the owner of the admin account and have set the policies *I* want, it damn well better do what I want).

If you're not running pro or better, your support for other forms of disk encryption varies as per the following:

To see if you can use Windows device encryption

In the search box on the taskbar, type System Information, right-click System Information in the list of results, then select Run as administrator. Or you can select the Start button, and then under Windows Administrative Tools, select System Information.

At the bottom of the System Information window, find Device Encryption Support. If the value says Meets prerequisites, then device encryption is available on your device.

So much for "it's enabled by default ..."

And of course, how many people are going to know how to back up their recovery key?

I'd put that in the same small percentage who know how to turn on system restore points (off by default in W10 and up).

Easier to just back up, wipe and re-install, then copy stuff from your backup. Except, of course, most people also don't back up their crap.

Re:

[DamnOregonian]

Yup, you're right. Home edition doesn't come with it.
It's been so long since I bought a laptop that didn't come with Pro, I had never run into the scenario.

Running Windows 10 pro, and Bitlocker never "automatically turned itself on" when I signed into my @outlook account.

They mean if you use a Live account for your system login.
You may not do this, but most people do. It's required for biometric unlock capabilities.
In the current setup process, avoiding a Microsoft account login requires jumping through hoops.

And of course, how many people are going to know how to back up their recovery key?

Not particularly a problem on Windows. When you add your Microsoft Account, which turns on bitlocker, the reco

Re:

[lowvisioncomputing]

I didn't have to jump through any hoops to avoid logging with a microsoft account. I created on just for the hell of it, but I don't use it to log in. The machine works just fine when it's not connected to the internet; I suspect it's the home edition that actually requires you to jump through hoops to avoid logging in with a microsoft account.

Then again, the way they keep changing things, what's true yesterday may be totally wrong tomorrow. Like the "painless upgrade to Windows 11, that can be reversed w

Re:

[DamnOregonian]

I didn't have to jump through any hoops to avoid logging with a microsoft account.

For Windows 10, you do not have to. It's a simple button you can press off to the lower left during the part where they try to get you to create or log in with a Microsoft account.
In Windows 11, you can get to it, but only by executing a precise set of steps that will allow you to fall into a bucket that lets you do it.
We are talking about initial setups, here.

No new laptops are being made that ship with Windows 10. The future is, sadly, a Microsoft Account-only future.
This won't affect 99% of all peop

Re:

[DamnOregonian]

Or just not connect it to the internet when prompted.

That only works in Windows 10.

Can't have an install fail because there's no/flaky internet.

You can in Windows 11.

Also handy for system builders who want to have fully tested, set up computers, all the drivers and requested software available locally on disk or usb, and just let the user create their account when they take the machine and connect.

In Windows 11, this is handled with the "OOBE" just like it is in Windows 10. You can setup the base install without internet access, but you cannot use it until you complete the OOBE that completes the initial setup. Windows will boot directly into this process until it is completed, and it requires internet*, whereas Windows 10 will let you complete the OOBE without internet.

*When you're in the OOBE, you can enter a hotkey combination to get a terminal

Re:

[DamnOregonian]

Actually, You may be entirely incorrect. [microsoft.com]

It appears the BDE is enabled on any machine supporting Modern Standby Since Windows 8.1

Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. With Windows 11 and Windows 10, Microsoft offers BitLocker Device Encryption support on a much broader range of devices, including those devices that are Modern Standby, and devices that run Home edition of Windows 10 or Windows 11.

Re:

[lowvisioncomputing]

Microsoft is wrong. This is a this-year new build, killer machine. Win10Pro, and disk encryption is totally optional.

No yellow icon on the boot drives (there are two, each with a Win10Pro install).

When a clean installation of Windows 11 or Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key that is the equivalent of standard BitLocker suspended state. In this state, the drive is shown with a warning icon in Windows Explorer. The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up, as explained in the following bullet points.

Nope, just checked, no yellow icon on either the C: or D: bootable drives. Or on the E,F,G,H,I, or J drives. (wouldn't expect them on A and B - they're bluray burners). Guess cancelling "create Microsoft Account to Log In" worked :-) Ran it for 3 months before first connecting it to the internet. And I doubt that when I throw 5 more drives in it next year that I'll suddenly get a yellow icon.

There is NO way that I would have my computer be dependent upon an internet connection just to log in no matter what. And there are plenty of organizations with sensitive stuff that simply won't put up with it because they need everything airgapped, etc.

Re:

[DamnOregonian]

Microsoft is wrong. This is a this-year new build, killer machine. Win10Pro, and disk encryption is totally optional.

They're not.
You just used a loophole to the default installation- you elected to not use a Microsoft account, which regardless of your feelings about it, the default option.

Re:

[lowvisioncomputing]

No - there was no loophole. If your computer isn't connected to the internet, it proceeds without needing a Microsoft account. How do you think I was able to build / test / add hardware to it for three months with no prompting for an account?

Anyone can do it by just not being connected to the internet when they're installing. It will prompt you to connect to the internet, but just dismiss the prompt. It's that way by design. Just not advertised because otherwise everyone would do it.

Re:

[DamnOregonian]

If your computer isn't connected to the internet, it proceeds without needing a Microsoft account.

Ah- that is correct for Windows 10.
Windows 11 cannot be installed without being connected to the internet however (without opening up the command terminal and entering some override commands)

Attempting to do so will land you at a screen you cannot progress from until you fix it (A rather annoying screen when you simply have no network hardware, because in that case, "Retry" is simply grayed out- there's precisely zero elements on the screen you can interact with)

Re:

[DamnOregonian]

I felt this was the appropriate place to put this.

I have confirmed that in both Windows 10 Home, and Windows 11 Home, internet-less install (by saying "I Don't Have Internet" on Win10 OOBE, and issuing terminal override in Win11 OOBE) encryption is enabled out-of-the-box.
This was verified by booting into a Linux installation and examining the partition after each install. Both Win10 and Win11 setup "Bitlocker" GPT partitions.
For shits and giggles, I attempted to mount them as NTFS- as expected, that fai

Re:

[DamnOregonian]

Supplemental playing around, I have confirmed that even if you keep your local account, you can "finish" BitLocker Device Encryption protection (get rid of the clear key, and put in TPM [or setup password/pin/several other options]) in Win11 Home, so you can fully enable encryption even without ever using a MS account- but you'll have to do it via cli (manage-bde.exe).
I didn't test doing this in Win10, since there's really no reason to think it behaves different in this instance if enabled-by-default is al

Re:

[lowvisioncomputing]

There is no encryption on my drives. I can pull them, swap them, throw in new unformatted drives and use them immediately after formatting, read them on other computers, duplicate them in a duplicator that doesn't run Windows, etc. They are simply not encrypted.

The TPM is fully enabled. One of the first things I checked in the BIOS. Brand new motherboard from earlier this year, supports the latest i9-13900, I can pull drives, swap drives, everything, no disk encryption.

What you have "read" you misinter

Re:

[DamnOregonian]

There is no encryption on my drives. I can pull them, swap them, throw in new unformatted drives and use them immediately after formatting, read them on other computers, duplicate them in a duplicator that doesn't run Windows, etc. They are simply not encrypted.

I have no problem believing that. I've listed several reasons that can happen.

The TPM is fully enabled. One of the first things I checked in the BIOS. Brand new motherboard from earlier this year, supports the latest i9-13900, I can pull drives, swap drives, everything, no disk encryption.

This is very simple.
There are a few possibilities, period.
1) you're lying.
2) you hit some other as-yet-unquantified-by-us exception.
3) encrypted-but-not-protected drives are still portable (as Windows knows where to pull the in-the-clear key)
There aren't more logical possibilities.

I'm willing not to assume 1).
2) seems the most likely.
3) also seems moderately possible- you can verify by going into your control panel, searc

Re:

[lowvisioncomputing]

Well, well, well - the ignorant fool who "gets his information from reading the innertubes" outs himself by resorting to accusations of lying.

First, you have a shitty laptop with a pre-installed OS, so your experience doesn't apply to people who build their own from scratch. How could it? You didn't install it. You got whatever defaults came with it.

Second, my website documents everything - not stock photos of hardware, but the actual hardware. It's probably better than anything you'll ever own - and I

Re:

[DamnOregonian]

Well, well, well - the ignorant fool who "gets his information from reading the innertubes" outs himself by resorting to accusations of lying.

No, the person who did the testing and read the documentation, and experimentally verified that fact fit the documentation.

You have no resorted to personal attacks, when all I did was list basic logic requirements.
This makes me think you lying (or just having a senior moment, and forgetting that you turned it off) is the most likely root cause.

First, you have a shitty laptop with a pre-installed OS, so your experience doesn't apply to people who build their own from scratch. How could it? You didn't install it. You got whatever defaults came with it.

What are you talking about?
My laptop was completely wiped between all tests.
Did you hit the sauce a little early, this morning?

Second, my website documents everything - not stock photos of hardware, but the actual hardware. It's probably better than anything you'll ever own - and I'm not finished. So the proof is in the pics - it's not some pre-built piece of shit like what you base your experience on. And it's certainly not something without a TPM. Bitlocker says I can encrypt any time I want. I just don't see the need right now. And I don't want the performance penalty and the lack of convenience of being able to move drives around. Also, why would I let Microsoft store any security key? Even I'm not that stupid. When I was debating encrypting the drives, I was going to keep the key on multiple flash drives stored with people I trust, in another jurisdiction. Good luck getting the key off them if you don't even know who they are, and the flash drive is manually handed over, not mailed.

lolwut?
ok, now I'm certain you're

Re:

[lowvisioncomputing]

We have not been having a good-faith discussion - you eliminated that possibility when you accused me of lying.

Gaslighting - it's this year's word, and I won't let you.

You bought a pre-built laptop with a pre-installed OS, and claim that somehow makes your experience definitive of everyone, including those who have been building our own computers since the days of DOS, and our own installs.

You claimed my hardware probably lacks TPM support. I proved otherwise, that it's this year's latest and greatest,

Re:

[DamnOregonian]

There's no coming back from your last post, my dude. Sorry.

You're full of shit, period.

Re:

[lowvisioncomputing]

Of course there's no going back.

1. You accused me of lying, I proved I wasn't.
2. You accused me of having an obsolete machine. Mine is WAY better than your piece of shit.
3. You claimed I must be wrong because "It doesn't work that way" - even though you are using a laptop with a pre-installed OS image, not a custom built machine with a new install.
4. You claim that your way is the most secure way, but a $5 wrench will get your pass keys, and just stealing your laptop deprives you of data, whereas I've invested in

Re:

[DamnOregonian]

You accused me of lying, I proved I wasn't.

You did no such thing.

You accused me of having an obsolete machine. Mine is WAY better than your piece of shit.

You do have an obsolete machine.

You claimed I must be wrong because "It doesn't work that way" - even though you are using a laptop with a pre-installed OS image, not a custom built machine with a new install.

That's because it doesn't work that way. I have repeatedly said I was not using a laptop with a pre-installed OS image.

You claim that your way is the most secure way, but a $5 wrench will get your pass keys, and just stealing your laptop deprives you of data, whereas I've invested in decent security, and it's going to be hard to walk off unnoticed with a box that weights more than 50 lbs. And if you lose your microsoft account, too bad, so sad, sux more than ever 2 B U. I don't need mine.

There is no your way, or my way. We were discussing the technical attributes of an operating system.

What you are doing is lying in order to make a point to justify some kind of deliberation process that happened in your head some time ago.
It's pathetic.

You seem to be obsessed with trying to measure dicks with me. It's weird.
Who I a

Re:

[lowvisioncomputing]

What a fucking liar. You only fessed up to having a pre-built laptop after I called you out for bullshitting that your experience is the only one possible unless my machine is either obsolete (no tpm), or I did the install wrong (my way works for what I want - and it is the ONLY way if the machine is not connected to the internet during installation.

As you said, there is no "your way or my way" - this is how the system installs when it is not connected to the Internet during installation and doesn't use

Re:

[DamnOregonian]

What a fucking liar. You only fessed up to having a pre-built laptop after I called you out for bullshitting that your experience is the only one possible unless my machine is either obsolete (no tpm), or I did the install wrong (my way works for what I want - and it is the ONLY way if the machine is not connected to the internet during installation.

What are you talking about? Fessed up?
I literally posted what I used as a test machine before you even replied.
Anyone can read that.

Look, I'm sorry you're too fucking stupid, or in denial, to understand why your system doesn't fit the requirements.

You have no clue of who I am, and it's pretty damn obvious to anyone who knows me.

Of course I don't. But you've made it pretty obvious what your character is. You're the kind of sad little fuck who will lie to get themselves out of being wrong.

Again, full of shit. This might be the criteria for a blank Win10 machine connected to the Internet during installation. but it's not for a blank machine that is not connected to the internet during installation. And you obviously didn't do the test, since you only have a pre-installed OS image on a laptop.

Negative. All tests were conducted with machines not connected to the internet.

And if you can afford anything you want, go buy yourself a clue. There are plenty of valid reasons NOT to enable bitlocker. My machine has RAID as an option - so do most decent motherboards. And you'll notice that there is zero information available about the cpu overhead of bitlocker under various workloads. Some people say it's negligible, others ... not so much. Guess it depends on the use case.

And this is the cru

Re:

[lowvisioncomputing]

I disabled your shitty "modern standby mode." When I put my computer to sleep, I don't want it waking up to do shit on the internet. That would just piss me off. It updates when I say. Same as administrators using Win Enterprise. If it's good enough for them, why wouldn't it be good enough for the rest of us? Especially since some buggy updates need subsequent updates to roll them back.

And there are Alder Lake CPUs that don't have efficiency cores. I'm using a 12xxx right now with no e cores. If Intel even

Re:

[DamnOregonian]

I disabled your shitty "modern standby mode."

There you go.
That's why your machine wasn't encrypted.
I'd say, "wow, we could have avoided all this if you had just mentioned that earlier,"
But let's be realistic- you're probably still lying.

And there are Alder Lake CPUs that don't have efficiency cores. I'm using a 12xxx right now with no e cores. If Intel eventually comes out with an i9-13xxx with 10 power cores and no e cores, I'll jump on it. That's why I'm thinking of holding off and just doing the video card upgrades in the meantime. I like deterministic hardware.

Wait- you're using a shitty low end i5, and you're talking all that mad shit about how you've got the hottest shit since Satan's last taco bell BM?

Dude, you are a fucking joke. Get the fuck out of here.

Re:

[lowvisioncomputing]

Wow, your stupidity just accumulates and accumulates, doesn't it?

This particular CPU - which was only released earlier this year, and of which I was one of the early adopters - gets great reviews among gamers. So, even though I didn't intend to create a gaming machine, it works great as one. Doesn't hurt that my mobo is also the latest, and will take an i9-13900 without needing a bios upgrade. So much for your claim that I must be running obsolete hardware.

Though it appears you're the one running obso

Re:

[DamnOregonian]

This particular CPU - which was only released earlier this year, and of which I was one of the early adopters - gets great reviews among gamers. So, even though I didn't intend to create a gaming machine, it works great as one. Doesn't hurt that my mobo is also the latest, and will take an i9-13900 without needing a bios upgrade. So much for your claim that I must be running obsolete hardware.

lol.
You have a budget CPU.
I think that's great- don't get me wrong.
But I've never purchased a budget CPU in my fucking life, and if I had, I sure as fuck wouldn't have bragged about it being beyond the ability of others to purchase.

Though it appears you're the one running obsolete hardware - since you won't say what it is.

I'm not sure how you can come to that conclusion, lol.
I have a variety of different machines.
I'm typing this to you right now on an M1 Max (MaxBookPro).
Prior to that, I was using an M1 (MacBook Air). Prior to that, I was using an ASUS ZenBook Pro Duo (i9-10980HK)
Prior to t

Re:

[lowvisioncomputing]

So you admit your laptop is an old piece of shit. The tip-off is you only have 1 m.2 slot. Aw, gee whiz.

And you are STILL using a computer with a pre-installed OS image, so no control over how it's set up. You really are one dumb fuck.

Unlike you, I had a very productive day yesterday. At the end of my last day on the job, I helped a co-worker do their resume on "the beast." Proved that 4 screens, 2 keyboards, and 2 mice can be used in a cooperative manner on one workstation to greatly increase producti

Re:

[DamnOregonian]

So you admit your laptop is an old piece of shit. The tip-off is you only have 1 m.2 slot. Aw, gee whiz.

Look at you. So fucking pathetic and insecure.

And you are STILL using a computer with a pre-installed OS image, so no control over how it's set up. You really are one dumb fuck.

That's not relevant to this discussion.
I use a Mac.

Unlike you, I had a very productive day yesterday. At the end of my last day on the job, I helped a co-worker do their resume on "the beast." Proved that 4 screens, 2 keyboards, and 2 mice can be used in a cooperative manner on one workstation to greatly increase productivity. And it was FUN. Probably the first time in history anyone could say that creating a resume was an enjoyable experience.

Good for you. Unlike you, I was paid almost $800 for my labor yesterday. The same as every day.
I'm always productive. That's why I'm well paid.

Do something useful for society for a change, mkay?

My work is cited in multiple CVEs, and even an article here on slashdot.
I've given back to society.

But none of this is relevant.
You're trying to throw chaff because you're so thoroughly lost this argument.
The argument was that it's enabled by default on any modern

Re:

[lowvisioncomputing]

So, you use a mac as your daily driver (which I rejected because it didn't allow for sufficient expansion and customization) and you're going to tell ME how it's done on Win10? Look, I use an iphone, but that doesn't mean I've drunk the koolaid.

I'm at the beginning of the process of disrupting one industry, and I have two more in my sights that are way overdue for disruption next year, because they are obsolete and don't meet people's needs. They need to either die or change.

And the funny thing? Almost

Re:

[DamnOregonian]

So, you use a mac as your daily driver (which I rejected because it didn't allow for sufficient expansion and customization) and you're going to tell ME how it's done on Win10? Look, I use an iphone, but that doesn't mean I've drunk the koolaid.

lol. Here you go again.
What I use is irrelevant to the facts of the case. That is fallacious reasoning.

I'm at the beginning of the process of disrupting one industry, and I have two more in my sights that are way overdue for disruption next year, because they are obsolete and don't meet people's needs. They need to either die or change.

The only thing you're disrupting is your ability to distinguish facts from your opinions.

Your argument was that bitlocker was enabled on any modern machine by default, which is not true. Any modern machine that is using a normal (as opposed to pre-build image) install and is not connected to the internet does not have bitlocker enabled, period.

Whis is true.
You are wrong..
I have since tested on a fucking VM with a vTPM and ACPI S0ix enabled (Tiano Core is amazing).
Further, you demonstrated that you fucking disabled required functionality for it, making the rest of your argument completely fucking irrelevant.

What you have done, is argued about whether

Re:

[lowvisioncomputing]

Running Windows 10 pro, and Bitlocker never "automatically turned itself on" when I signed into my @outlook account.

You missed the "on supported devices" part. Windows 10 pro absolutely does turn on bitlocker by default... if you had secure boot enabled and TPM 2.0. Bitlocker without TPM works in a sort of a fallback mode and in *that* scenario it doesn't enable by default.

On first login it'll tell you to backup your bitlocker key.

No it definitely doesn't. Bitlocker reports that there are zero out of 8 drives encrypted. This is a higher-end machine (the motherboard supports the i9-13900 out of the box, so I'm throwing one in next year). TPM is enabled in the BIOS - something that I made sure of before doing the original install earlier this year. Bitlocker is fully supported, just not enabled. I was going to enable it at some point, but I want to be able to swap drives to/from other machines and OSes. So no disk encryption. Sometimes

Re:

[thegarbz]

No it definitely doesn't. Bitlocker reports that there are zero out of 8 drives encrypted.

And yet on first install of Windows 10 on my machine it definitely did, so maybe you have some other reason why it failed.

Re:

[lowvisioncomputing]

Maybe because you let it connect to the internet during the install? I didn't so I didn't get that stupid behavior.

Security means different things in different contexts. In my case, it's the ability to read data on other computers, and other OSes, without hassles, and without having to trust Microsoft to "keep my secure key safe."

What happens if they decide to cancel your account for whatever reason? What if someone steals your account and nukes it? What if there's a bug in the encryption process that

Re:

[dogsbreath]

Nice sentiment but naive.

Re:

[gweihir]

Passwords do not protect against anybody with hardware access. Disk encryption does. Of course, if the disk encryption is tied to the password you should not give that either. Oh, and do a complete shutdown, not some "suspend"-nonsense.

Re:

[Chelloveck]

Many, probably most, repairs need access to the hard drive to replace drivers, clear malware, etc. There's literally no way to repair it without disk access because the problem isn't hardware but something in the file system. This tip is only helpful if you keep all your data on a volume separate from the boot volume. (Which is a great idea, but try explaining it to the typical clientele of a computer repair shop.)

Re:

[drinkypoo]

On Windows or Linux, you can have encrypted files which are decrypted with your password, so if you don't give them the password to your personal account then your personal data is encrypted.

I wouldn't know about OSX, I would tend to imagine they have something similar but they aren't relevant enough for me to take the time to find out.

Re:

[gweihir]

Good point. EncFS says it also works on Mac. No idea how difficult it is to set it up there and I use LUKS on linux (separate user/data partition) so I have not experience with EncFS there either.

Re:

[Chelloveck]

Which is functionally identical to "keep your stuff on a separate volume", but even harder to explain to non-techies. I mean, no one with the tech savvy to set up transparently encrypted files is going to bother taking their machine to the Geek Squad.

Re:

[gweihir]

Sure. The key problem in computer security is the user at this time and it will remain so for a long time. If you need help with what is on the storage, you have to provide storage access, obviously. You could get a tech in and look over their shoulder while they work, but that is expensive and time-consuming. May still be worth it, but people are cheap and not very smart, so...

Re:

[dogsbreath]

Yeah, my reaction was "Well, duh"

If people have the opportunity to snoop, they will snoop. Maybe not everybody but I would have no expectation of privacy when sending a machine in for repair.

Re:

[antdude]

Not everyone knows how to repair though. :(

Re:

[Inglix the Mad]

Yep, when you bring your computer in, all your data is at the mercy of the technician. Even if you don't give your password. 99.9% of the time it's of no interest whatsoever. If you have something to hide, well, you should encrypt it or learn to repair it yourself. Not sure why this is a surprise...

We accessed personal data all the time... we had a program to do it in fact: OnTrack Easy Recovery. We used the similar program to conduct a reasonably secure erase with overwrite.

Nothing nefarious, but before we did anything that could affect customer data we pulled their drive, grabbed a temp drive, and told ER to backup the data. If anything happened we had a backup to start from, if nothing happened it was just put in the secure erase bin.

I didn't want to know what people had on their computer in

This story is worthless without pictures

[greytree]

Just sayin'...

Why limit this to small repair shops only?

[Kitkoan]

It's not like these issues have been limited to just small repair shops?

https://www.businessinsider.com/apple-settled-lawsuit-womans-nudes-leaked-iphone-repair-workers-2021-6#:~:text=1%20Apple%20settled%20a%20lawsuit%20involving%20a%20woman,woman%27s%20lawyers%20had%20demanded%20%245%20million%20in%20damages.

Re:

[thegarbz]

It doesn't. The study looked at small local shops, as well as medium and large chains and identified the problem is more prevalent in small shops.

That's the difference between actual science and your whataboutism.

Re:

[HiThere]

OTOH, the sample size was really too small to draw any conclusions. It's more a warning than a scientific finding. And a suggestion for a larger study.

Re:

[thegarbz]

the sample size was really too small to draw any conclusions

Was it? Show your working. You may be right, but so far you've only shown one part of a complex statistical problem. For example I could sample a system 10000 times and get 5001 positive responses showing no statistical ability to reject a hypothesis. Or I could sample 10 and get 9 responses showing which suddenly is statistically significant.

The ability to draw conclusions is not just based on sample size, it is also based on sampling process as well as results.

You're probably right the sample size is quit

Own experience

[blackomegax]

Back when I worked for a PC repair shop (way longer than 1 or 2 statue of limitations...., p3/p4 era.), we would copy user data all the time. It was literally part of the job. You back the data up before you commit changes like viral purges or windows re-installs, then restore the data as the user had it.

Often, we'd keep copies of the porn or pirated movies the users had.

There was one guy though...had 60+ gb of loli hentai. Turned that one over to the cops, but they ended up doing nothing.

Re:Own experience

[thegarbz]

had 60+ gb of loli hentai. Turned that one over to the cops

Why? Do you feel bad for the poor abused imaginary pictures? Are you concerned someone is committing a thought crime? The only illegal activity taking place was you snooping through someone's personal data, pretty damn risky to call the cops there.

Re:

[Petersko]

Yep - there it is. "Thought crime" should be real crime.

Re:

[fafalone]

Being creeped out shouldn't result in a call to the police. You know what creeps people out? People who snoop through others' personal data without need or permission. So, pot calling the kettle black here.

Re:

[thegarbz]

That shit's just fucking creepy OK?

Someone doing something privately away from you without any direct interaction with you is creepy? CALL THE COPS! LOCK THEM UP! THEY MUST BE REMOVED FROM SOCIETY BECAUSE THE THING THEY DID IN PRIVATE I DON"T LIKE!

Is that what you're saying?

Re: Own experience

[NagrothAgain]

As disgusting as it is, it's not illegal for pedophiles to have "loli hentai" which the cops obviously knew. But you can be sure that those people's names were given to a Taskforce to be added to a watchlist.

Re:

[drinkypoo]

There was one guy though...had 60+ gb of loli hentai. Turned that one over to the cops, but they ended up doing nothing.

This never happened so much that it unhappened things that actually happened.

I own a computer repair business

[mike42hunt]

I own a small computer repair shop, baldwinbytes.com. When I back up customer's data I make it a point to tell them that I can't pick and choose what I'm grabbing I just get their user folder after making sure hidden files are shown. Then I check for any folders in the root of the c drive that looked like they were made by the customer and back them up as well. Maybe I'm in the minority but I seriously don't want to know any customers personal details as it's none of my business. Also I will only ask for the password if it's absolutely necessary which unfortunately is necessary much of the time but obviously a battery replacement wouldn't need a password. People put a lot of trust in me when I have their personal data in my possession and I don't want to lose that trust as I'm a very small business and it could harm what I'm trying to do.

Amateurs!

[Chelloveck]

Bloody amateurs. Everyone knows you remove the drive and image it before you go digging for the nudie pics. Um, I mean I'm shocked - SHOCKED! - to hear of such goings on in this establishment!

Re:

[drinkypoo]

Just boot from Linux and mount the volume ro or noatime.

Nothing To See Here Folks, Move Along

[Ichijo]

Because if this were an actual problem, the free market would solve it, right?

Re:

[Errol backfiring]

In Neo-classical fairy tale land, it would.

Backing up the drives before any work is done

[ClueHammer]

is standard operating procedure. So when the customer complains that data is missing after what ever disk scan tool ate the data, you have it.

A lot of assumptions.

[GotNoRice]

The article seems to be very biased in assuming that there is malicious or otherwise unethical intent. People want their info recovered or transferred to a new computer, etc. How am I supposed to do that without searching for the data and potentially looking at it briefly in order to verify it is what I'm looking for? If you are thinking that most people keep this stuff organized, you're wrong. A chaotic mess of folders on the desktop is typical. "Copied the data onto a personal device" could be someth

Very suggestive that bad things happen

[Goatbot]

Speaking as a former it service desk grunt, and a manager; oftentimes the process requires looking at some data. I also know folks that have better personal tools than the company provides and between shades of grey stuff automagically happens.

Funny how this doesn't go into....

[Kelxin]

Bestbuy having a long standing "off the record" relationship with the FBI for doing exactly this: https://www.cpr.org/2018/03/07... [cpr.org]

Obviously, this can NEVER happen

[FeltLion]

Just ask Hunter Biden and the entirely of the left slanted media. More fake news! (Hey, someone has to mention the irony)

Too bad

[earl pottinger]

Too bad sometimes the customers forces us to see their personal stuff. One person bought in a computer that would not boot. We got it to boot and the first thing you saw on the boot screen was KIDDY PORN! The Cannon shop a block away reported a person making fake money. How? The colour copier was bought in for not working. When they took it apart they found a 'proof sheet jammed inside. Sometimes it is not the repair shop doing the wrong thing.

obviously

[argStyopa]

We trust people every day with sensitive personal information as a matter of course.

Our HR department knows our salaries and health info. Our insurance knows the smallest medical detail. Our counselors and psychologists hear all sorts of shit in our heads that should never come out. Our lawyer knows our financial and other secrets. The IRS knows our wealth. We used to trust priests with our sins.

Not all of these thousands of people are going to be worthy of that trust.

This is why it is a worthwhile eff

Re:Hunter's Biden's laptop

[EzInKy]

Just what is the obsession over Hunter's laptop? The more the extremist right wingnuts brings this up the farther they drive the majority away from the GOP and into the hands of the Dems. Focus on fiscal policy and leave everyone's personal lives out of politics and the GOP will come back into favor with the people.

Re:Hunter's Biden's laptop

[DamnOregonian]

When you've been inducted into a cult of personality, insults against the cult leader become very personal for you.

They're obsessed, because they want revenge, because they feel they were attacked when Trump's private dealings were scrutinized.
Of course the fact that they're going after someone's kid is pretty low, but this particular group of folks isn't known for taking the high road.

Re:Hunter's Biden's laptop

[sound+vision]

It's the closest thing they can find to a scandal with the boring, moderate to a fault, Joe Biden. They've got to have a scandal to point to, and it's the best they can come up with, so they've still got to run with it 4 years later.

It's amusing to see them get red in the face over it, but it actually is working. They now have the talking point that lets them draw a false equivalence between the corruption in their party, and the other one.

Focusing on fiscal policy at this point would be a net negative for them, given their track record with that.

Never forget we're in a race to the bottom, until people finally start looking up.

Re:Hunter's Biden's laptop

[ArchieBunker]

For two years all I heard from republicans was Biden inflation and Biden gas prices. Their first order of business with their slim new house majority? Investigate Hunter's laptop! You know the guy who isn't even IN the government. They won't say a peep about the Saudis giving Jared Kushner $2 billion. https://www.nbcnews.com/politi... [nbcnews.com]

Re:

[GWXerog]

While the contents of the laptop were amusing, most were upset by the response to the disclosure of it's contents. It was labeled "Russian Disinformation" without any evidence by US intelligence agencies and news organizations that broke the story had their social media accounts locked until they complied and deleted the posts linking to their articles on the subject. All of this weeks before a presidential election involving one of the candidates children. Only last week did news agencies "Confirm" that t

Re:

[DamnOregonian]

It's completely fair to argue that the pressure to not disseminate the story on Social Media was an error.

However, if you're actually interested in being fair, it's important to look at why it happened.
It's easy to allege it happened due to some kind of conspiracy to put Joe Biden in office, but the fact is- the originating NYPost article was pure yellow journalism. Its claims were misleading and unsubstantiated, and to everyone trying to evaluate it fairly- it appeared to the the actual attempt at using

Re:

[Inglix the Mad]

Just what is the obsession over Hunter's laptop? The more the extremist right wingnuts brings this up the farther they drive the majority away from the GOP and into the hands of the Dems. Focus on fiscal policy and leave everyone's personal lives out of politics and the GOP will come back into favor with the people.

NO! They need to focus 24x7 on Hunter Biden. They need to have hearing after hearing after hearing after hearing with multiple committees. Hunter should drag his fee regarding the committee subpoenas. Then drag that out in court longer before agreeing to submit them in written form. Then delaying that, blah blah blah, repeat ad nauseam while Tuck, Han, and Pirro devolve into apoplexy on live TV.

Have some fun with it, and don't stop because getting MTG and Boebert to turn it up to 11 will be G-R-E-A-T fo

Re:

[DamnOregonian]

You're right, however every laptop shipped for a while now comes with an drive that's encrypted by default.