Sometimes you need to give your computer away. Maybe it is a company owned machine and they need it back, maybe you have decided to pass it on or sell it to get a new one. Either way it is the computer you have been using for however long and it’s got all your stuff on it!
Some of that stuff is likely to be pretty sensitive.
If someone can get a hold of your photos, addresses, documents or (of course) passwords, financial data etc, they can, with reasonable ease, do a whole manner of illegal and very irritating things. They could steal your identity, or use your details to purchase things, to take out loans, to ransomware or otherwise blackmail you…
This all sounds pretty scary, but is it a real possibility? Let’s look at the reality of the situation.
What data is on your computer?
These things will have been placed there by you most likely so you will know what is there or not. If you have scanned in your passport, downloaded bank statements, taken a picture of your debit card, it is best to remember where you left them! Most of this type of stuff will be easy to find, it should be in your Home folder. It is possible, however to save files to almost anywhere on your computer, and so be aware when you are moving files around, or downloading things, to what location in your file system you are actually placing them.
Passwords and Logins.
Hopefully you are not saving your passwords to
passwords.txt on the desktop, and using a password manager. These programs are usually encrypted so you don’t need to worry as much about this. If you save to a file, then you need to worry. And read this.
If you use a email client like Thunderbird or Outlook then your emails will be stored on your computer. If you log into gmail or some other service using a browser, you do not usually keep a local copy.
What you were looking at on the internet.
Whenever you go online, your browser will make a copy of everything you look at to your local computer. It is called a cache, and it is part of how the browser works to ensure that pages load as quickly as possible. It does mean that there is a record of all your internet history saved to a hidden cache folder, easily accessible to anyone who knows where it is. And you can find that out by Googling:
Chrome cache location or
Microsoft Edge cache location etc.
How would someone get this data?
This depends on the level you have gone to get rid of the data. Firstly, if you have not removed it, it will be easy to find in the location that it is in. And don’t think if they don’t have the password to your account you are safe. You can just take the drive out, plug it into a new computer and explore the whole file system, password free! (Unless your account is encrypted of course)
How about if you go through and delete all the files, clear the caches on your browsers, remove your user account and set a new blank one up?
Thats better than nothing, but what happens when you delete a file or a user account? Well, the file is not actually deleted. All that happens is that the sector or block on the drive is allocated as empty space and can be written to if needed. The data existing in the block remains however, until it is overwritten. If you delete a file, all you are doing is telling the computer “the space used by this file is now available” and the file actually remains until you reuse that space.
There are plenty of programs that you can use to scan “empty” sectors/blocks and find out what files were/are there. These programs are not expensive, some might even be free. So it wouldn’t be difficult for someone who wants to find out what was on your computer, to find out.
How about if you erase the drive and/or reinstall Windows from scratch?
Exactly the same thing is happening. The disk is basically being labeled as “empty” and allowing the space to be reused. At best, you will hopefully corrupt some of the existing files/data by writing over those sectors with a fresh operating system, but remember, you might have a 1TB (1000GB) hard drive, mostly full, and the operating system is about 25GB - you are not going to be overwriting a lot.
What can I do to make sure my data is gone?
Remove your drives
The sure fire way to make sure that no one recovers anything, is to replace the drive before your computer moves on. Or at least, remove the drive from it before you hand the computer over.
Replacing a drive is VERY simple. First, identify the type of drive you have. Turn off your computer, open it up and see if you have a 2.5” drive (most laptops have this), 3.5” drive (ie platter style desktop hard drives), or the more modern NVMe format drive. There are other formats too, and Apple computers will often have proprietary Apple format drives, so to be sure, you should physically see what you have. Once you know what format your drive is in, buy a replacement.
Then, whilst your waiting for that replacement to arrive, make a USB installer of your operating system. This is a very simple process. If you want Windows, just download the Windows Media Creation Tool, plug in a USB stick (16GB or more) and follow the instructions.
If you want Mac OSX, it is a little more tricky but here are the instructions.
If you want Linux, you can use Rufus to make it from the ISO file of your chosen Linux Distribution.
When the replacement drive arrives, swap it with your one and then boot to the USB and reinstall your OS.
There is still a possibility of someone retrieving data from your computers RAM (which is basically a temporary storage, much more quickly accessed than your system drive, which is used to accessed data your computer currently needs to work on when you are using it. For example, if you are using an application, the file you are editing in that application will likely be placed into RAM.) but this is a lot less likely, and requires much more effort.
Zero write wiping
If you do not want to replace the drive, and you cannot remove it, then the next best thing to do is to take it out of your computer, and plug it into a different computer as a secondary drive. Then you have to format the disk properly. Properly in this sense means writing zeros over each sector to erase the data. To be 100% sure, you would do this several times (at least three).
This can be done from the command prompt like so or you can find many programs, free and paid to do the same thing.
Now the “empty” sectors containing your files have had 3 lots of zeros written over the top of them. This means that files will become heavily corrupted, even if they can be found still and restoring them becomes an incredible expensive operation, if possible at all. The only time someone would go through this amount of effort is if you are the target for someone, with some major secrets on your computer.
There are no other ways to be 100% safe. If you do not have access to another computer at all, and have no option to remove the drive, the best you could do is delete everything, reinstall the operating system several times and then erase the free space using methods similar to the above. At least then, you have hopefully over written some of the drive with your OS enough times to scramble old data, and have cleaned the remaining space as best as possible.
The best option is to remove and replace your disk if you are concerned. For £30 or so, you can have complete peace of mind and no possibility of someone pretending to be you after taking your data.