this post was submitted on 27 Apr 2024
112 points (96.7% liked)
Asklemmy
43895 readers
932 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
For all average user requirements that just involve backups, PII docs, your sex vids, etc (e.g. not someone who could be persecuted, prosecuted, or murdered for their data) your best bet (other than physical destruction) is to encrypt every usable bit in the drive.
$-963,;@82??/@;!3?$.&$-,fysnvefeianbsTak62064$@/lsjgegelwidvwggagabanskhbwugVg
, copy it, and close/delete without saving.Even if veracrypt hits a free space error at the end of the task, the job is done. Maybe not 100%, but 99.99+% of space on the SSD is overwritten with indecipherable gibberish. Maybe advanced forensics could recover some bits, but a) why the fuck would they go to that effort for a filthy commoner like yourself, and b) what are the chances that 0.01% of recoverable data contains anything useful!?! You don't really need to bother destroying the header encryption key (as apple and android products do when you wipe a device) as you don't know the password and there isn't a chance in hell you or anyone else is gonna guess, nor brute force, it.
If you want to keep/sell the drive...
Is that the best strategy? Or is anything outside of 2 and 3 redundant?
You canβt fill the drive. The drive decides when to use its buffered free storage blocks. Itβs at the hardware level and only the Secure Erase command will clear it.
Right, I read some more of the comments and realized that's what some of the "unreported space" is used for. Makes sense, thanks!
You fill up the usable space. Or the visible space. No one will disamble the device and read from the raw storage.
Then why do that when you can do a secure erase in seconds?
That makes sense. Thank you!
Nobody is gonna bother doing advanced forensics on 2nd hand storage, digging into megabytes of reallocated sectors on the off chance they to find something financially exploitable. That's a level of paranoia no data supports.
My example applies to storage devices which don't default to encryption (most non-OS external storage). It's analogous to changing your existing encrypted disks password to a random-ass unrecoverable throwaway.