Memories of a Media Card

twistedmoney99 writes "Anyone who has upgraded their digital camera probably has a few older, incompatible media cards lying around — so why not post them on Ebay? Well, if you do, be sure to properly wipe them because the digital voyeurs are watching. Seth Fogie at InformIT.com purchased a bunch of used cards from Ebay and found recoverable data on most of them. Using the freely available PhotoRec application, he was able to extract pictures, movies, and more from apparently formatted cards. The picture is clear — wipe anything that can store digital data before getting rid of it."

I don't even bother to erase mine.

[Anonymous Coward]

It adds to the value on auction sites. A lot of people are willing to pay a fortune to see images of my dick.

Re:I don't even bother to erase mine.

[DaveM753]

You should try using a zoom lens.

(Just kidding!)

Re:I don't even bother to erase mine.

[MS-06FZ]

You should try using a zoom lens.
 
(Just kidding!)

<sigh>
He'd need a zoom lens if he were very tall - or if otherwise his dick or parts of it were very distant from the camera.

If it were small, he'd want a macro lens.

Re:I don't even bother to erase mine.

[baldass_newbie]

If it were small, he'd want a macro lens.

You seem to speak from experience...

Re:

[The_Rook]

You should try using a zoom lens.

or a magnifying glass.

Re:

[User 956]

A lot of people are willing to pay a fortune to see images of my dick.

Do they fight over the microscope as well, or is it usually pretty orderly?

Re:

[MobileTatsu-NJG]

"A lot of people are willing to pay a fortune to see images of my dick."

The joke's on them. AC's camera was only 2 megapixels!

Re:

[Amazing Quantum Man]

This is digital pix, not microfilm.

Re:

[Stephen Tennant]

Even better is, tucked in with dull vacation and random photos, a blurry close up of your balls, which invariably requires closer scrutiny, a "What's that?" from the viewer, and, finally - Huzzah! - rapid recoil and disgust!

Re:

[RESPAWN]

The sad part is that I remember some friends in college doing this to our RA's camera when we found it left on the stairwell. She was so happy when she knocked on our door to see if anybody had found her camera! I wasn't there when she looked at the pictures, but I can't imagine she was happy for very long. :)

same old story

[born4fun]

Hm, haven't we had this story already with hard disks, some time ago?

Re:

[garcia]

While I don't remember the one about HDDs, I do remember the one about mobile phones [slashdot.org] (there may be more but this is the first one I found).

Re:

[blantonl]

Ahh.. Hard disks - With all the above posts, I thought you said hard dicks for a second there.

Re:

[ruiner13]

No, this one is a copy someone left on a flash card sold on ebay.

Re:

[Fred_A]

Hm, haven't we had this story already with hard disks, some time ago?

But we haven't had it with tapes, flopticals or CDRW yet. I'm waiting till we can collect the whole set.

speaking of wiping data

[the-amazing-blob]

What are the best methods for removing almost any record of data? Recently moving to ubuntu, I've found shred is rather exciting, but I still use many windows-only things. What would work best there?

Re:

[Anonymous Coward]

dd from /dev/urandom onto the media multiple times ( in excess of 20 times if you are paranoid )

Re:speaking of wiping data

[croddy]

Better (and more convenient) than dd'ing from /dev/urandom is wipe(1). It will, at your option, overwrite the disk using 34 different byte patterns, 8 of which are random.

Its man page is also the only one I know of that uses the phrases "rising totalitarianism", "Department of Homeland Security", and "THIS IS AN EXTREMELY DANGEROUS THING TO DO".

Where have I seen those before?

[Anonymous Coward]

> Its man page is also the only one I know of that uses the phrases "rising totalitarianism", "Department of Homeland Security", and "THIS IS AN EXTREMELY DANGEROUS THING TO DO".

Doesn't "man woman" also use those phrases? And for good reason, too...

unnecessary

[oohshiny]

Something like "wipe" is needed for rotational magnetic media. For flash, a simple cat /dev/zero > /dev/sd... is sufficient.

Re:

[fireman sam]

Here is a tried and trusted method:
http://en.wikipedia.org/wiki/Gutmann_method [wikipedia.org]

Re:

[morgan_greywolf]

As root:

dd bs=1024 if=/dev/random of=/dev/sda1

Do that a 3 or 4 times, and anything on sda1 (or whatever other block device) will be completely unrecoverable.

Re:

[whoever57]

dd bs=1024 if=/dev/random of=/dev/sda1

That's going to take a very long time. In most circumstances, it is probably acceptable to use /dev/urandom instead.

Re:speaking of wiping data

[timeOday]

dd bs=1024 if=/dev/random of=/dev/sda1

That was my system boot partition, you insensitive clod!

As for erasing solid state media, I'd feel perfectly safe simply overwriting it with zeroes, one time over.

I realize years ago magnetic media were written sparsely (inefficiently) with sloppy positioning mechanisms, but those days are long gone. I'd be really impressed to see somebody recover overwritten data on a hard drive instead of just talking about it.

As for flash memory, I'll believe it when I see it.

As for leaking information through discarded camera memory cards in the first, place, it's about the 1000th thing down my list of privacy concerns, way down below "binoculars." If you want to see pictures of random people's snapshots of each other, they're all over the web. How many of us really use our digicams to capture super-secret info? I just can't bring myself to care when I know databases of thousands of credit card numbers and SSNs are being bought and sold on the black market.

Re:

[Qzukk]

As for flash memory, I'll believe it when I see it.

I don't think any magic whizbang stuff is needed, the vast majority of these devices are FAT filesystems where undelete.exe can recover deleted files. Or they do "fast formats" which just write out a new file allocation table without actually erasing any of the data (Not sure if the "full format" actually writes over data either, Microsoft's KB says the difference is that the full format scans for bad sectors).

Re:

[timeOday]

I don't think any magic whizbang stuff is needed, the vast majority of these devices are FAT filesystems where undelete.exe can recover deleted files.

I'm claiming it's safe to overwrite once over with non-random information, not to simply unlink the information.

Re:speaking of wiping data

[Nazlfrag]

Secure Deletion of Data from Magnetic and Solid-State Memory [auckland.ac.nz] is a good insight into magnetic memory issues, and his followup paper [cypherpunks.to] covers solid state devices. It's by Peter Gutmann, Department of Computer Science, University of Auckland. His homepage [auckland.ac.nz] has more good info.

In a nutshell, for hard drives, "If commercially-available SPM's are considered too expensive, it is possible to build a reasonably capable SPM for about US$1400, using a PC as a controller". So it is in the reach of the hobbyist to recover up to around the last 20 items recorded on any magnetic media (easier for floppies, harder as drives become denser). On solid state memory, I believe an electron microscope is needed for analysis. Still, data that has been in one location in RAM for more than five minutes is in theory recoverable.

Re:

[timeOday]

So where does he actually do an experiment and prove he can recover a significant amount of overwritten information?

Re:

[jetmarc]

> As for erasing solid state media, I'd feel perfectly safe
> simply overwriting it with zeroes, one time over.

For most purposes, this might be perfectly enough.

Certainly an "all-zero" overwrite is far better than a "all-one" overwrite (flash erase operation). But then again it also depends on the controller, because what ends up in the floating gates is what really counts.

See link (below) for some techniques to recover erased or overwritten flash memory. The basic idea is to measure the trapped charg

Re:

[afidel]

Nope, not completely unrecoverable, just difficult. Using an SEM anything written to a modern (mid 90's or later) HDD can be recovered even after many passes with "secure" delete patterns. Peter Gutmann wrote [sourceforge.net] about the problem years ago. Although he doesn't specifically mention flash ram I would imagine the problems facing DRAM and SRAM would be even more prevalent with flash due to wear leveling and other protection techniques meant to keep data safe on the flash device. When the data really needs to be se

Re:

[networkBoy]

In the case of flash a simple overwrite pattern of 0000 followed by an erase back to FFFF is sufficent to ensure complete erasure.
Should the memory not have single bit writability, then an erase to FFFF followed by a write to 0000 and an erase back to FFFF is sufficent. This is because the data is not stored in magnetic domains, so simply ensuring all cells are written makes the charges on the cells fairly equal, the following erase operation and post erase repair that happens will obfscuate any remaining

Re:

[Dielectric]

The NSA still does a secure erasure / destruction process on flash-based drives. A clever person with an SEM can read a few layers deep on a flash cell, sorta similar to magnetic media. DRAM and SRAM don't really have any kind of long-term storage capability, so it's a non-issue there. Of course, physical destruction is always good, which is why some of the highest security solid-state disks include a mechanism for this.

Re:

[afidel]

Since the NSA has a patent [purdue.edu] on a technique I think it's a little more than theory =)

Re:

[plover]

Since the NSA has a patent [purdue.edu] on a technique I think it's a little more than theory

Unfortunately, the Patent Office is not exactly the gateway of quality you seem to think it is. Here's a link to Patents for Unworkable Devices [lhup.edu], featuring a dozen perpetual motion machines that have slipped through the Patent Office's "no perpetual motion machines" rule. Lest you think this is ancient stuff, one of the most recent patents was granted in 2002.

Just because the NSA has patented a recovery devic

Re:

[Metasquares]

There's an opensource app called "wipe" that I just used to wipe my drive before sending it in for repair. It's in portage if you're using Gentoo.

It's slow, but probably not much slower than using dd manually.

Re:speaking of wiping data

[Sylver Dragon]

If it's data you care about someone else getting a hold of, I would recommend using Thermite [wikipedia.org]. It's a wonderful, all purpose, cleanser of just about everything.

Re:speaking of wiping data

[phalse phace]

"What are the best methods for removing almost any record of data?"

Have Chuck Norris give it a roundhouse kick.

Strong encryption with a 1-time key

[winkydink]

Who cares what's on there? If you used a strong, 1-time key, you're done.

Re:

[Blkdeath]

At my last job, we used "Darik's Boot and Nuke", available at dban.sourceforge.net. You boot off the floppy, type "dod" and it wiped the drive according to Dept of Defense standards. It worked great (I hope)!

{sigh} This has been discussed before. The DoD's standards for highly classified computers amounts to a very large hole-punch and an incinerator. The "standards" you refer to amount to the wiping they do on receptionist and non-classified computers.

Re:

[DaveM753]

Maybe that's why they laid me off two weeks ago. :-(

Re:

[udderly]

I've been using Eraser for years. What more could you want? DOD & better wipe capability, secure move, right click context menu, erasing report and all for the low, low price of FREE!

Time to use Eraser!

[PurifyYourMind]

I'm not entirely certain it'd work on memory cards, but it works great on hard drives. You can overwrite clustertips, free space, etc. with many passes of psuedo-random data. I think the new version is commercial, so here's a link to an older version: http://www.tolvanen.com/eraser/ [tolvanen.com]

Re:

[rbanzai]

Eraser can (and will) destroy your install even if you do everything properly. Please check their support forum before using this software, it is hideously buggy and destructive.

Memory effect

[Anonymous Coward]

Memory cards do not have nearly as strong of a memory effect as hard drives. With a hard drive you can write and rewrite multiple times and still have data recovered by someone willing to spend the time, effort, and money. But memory cards are much harder. You could be relatively sure of safety if you just:

1. Delete everything on the card.
2. Fill the card with something not private (maybe a text file that just repeats the same character).
3. Delete everything on the card.
4. If you're paranoid do 2 and 3 again.

If you don't have a computer handy, you can accomplish step 2 by taking photos of a blank sheet of paper or a lenscap or something of that sort.

Re:

[izomiac]

Or, if you're lazy...

1. Delete everything on the card.
2. Fill the card with images from certain sites every slashdotter knows about.

I highly doubt anyone will have the desire to recover anything after that.

shred for Linux users

[massysett]

Shouldn't shred [die.net] used on the device (/dev/sdc or whatever) work fine for Linux users?

Re:

[Blkdeath]

With a hard drive you can write and rewrite multiple times and still have data recovered by someone willing to spend the time, effort, and money.

BULLSHIT! If you write all zeros, then ones, and back to zeros again accross the entire drive (technically a mid-level format, a true low-level erases the servo tracks and renders the drive useless), you can NEVER, NEVER, EVER recover the data.

Please, stop spreading this myth. It's BS!

Sure. Write something incriminating to a hard drive, perform your procedure of choice then hand the drive off to your local neighborhood police data recovery lab. If you're in the neighborhood, hand one off to your local federal branch of investigators and have them give it a whirl.

Make sure your first phone call has access to a computer so they can let us know how it went.

Re:Memory effect

[Blkdeath]

I'm sorry, but I don't have any way of publicly contesting this argument and still seem credible. And no offence, but even if I put forth the effort to satisfy your curiosity and yours alone (IE, can it be recovered, or is the data gone)...I feel my time would have been wasted. I'm sure if the tables were turned, you feel the same way.

The fact that I know people who work in criminal forensics labs and recover data for a living aside, you're obviously set in your opinion. I know however that they can recover data from drives that are more seriously mangled than a simple three pass overwrite. If you want to bet your money or your freedom on your opinion that's one thing, but is it too much to ask that you stop posing yourself as some kind of expert on the subject until you become further educated on the subject?

An aside, BTW; I'm tired of reading of the so-called "DoD specifications" for wiping a hard drive. Yes, they exist in the form of software tools etc. but they're for NON CLASSIFIED DATA ONLY. For top-level classification their specification to ensure data destruction remains to this day in the belly of an incinerator. If you don't want a casual user to recover your data with freely available tools and a few hours of spare time the utilities and methods posed will work just fine. If, however, you don't want your {insert law-voilating material here} to be found by actual law enforcement agents, you'd be best served to turn your hard drive and all memory devices into a molten pile of materials and let them have at it.

Re:

[Hawke666]

For top-level classification their specification to ensure data destruction remains to this day in the belly of an incinerator.

Wow, even the specification is so secret that it was destroyed immediately? That's f'n hardcore!
One question, though: how do they know how to destroy data properly, if the specification's been destroyed?

Re:

[grahamsz]

Do you have a source for this?

Why do so many industry professionals seem to suggest you need 7 passes?

Utlimately the hard drive is an analog device. When you write to it, you change the magnetic charge on small areas of the platter. I find it hard to believe that there wouldn't been some residual charge left from the previous data.

Recoving it wouldn't be easy, but i would think you could turn of error correction and repeatedly read the area looking for any statistical anomoly. The other obvious solution wou

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Memory effect

[ivan_13013]

Whoa there. It is NOT bullshit. In fact it is COMPLETELY POSSIBLE to recover overwritten data from a hard drive, even if it was written over several times with random or nonrandom data. Remember that magnetic media cannot really store 1 and 0. It can only store a magnetic flux using ANALOG electronic components!

The NSA today (and other people) can use Magentic Force Microscopy to extract enough detail to reconstruct what used to be on the drive. With only one or two overwrites, a sensitive oscilloscope could suffice.

Here's one paper from ten years ago that talks more about the recovery technique.
http://www.usenix.org/publications/library/proceed ings/sec96/full_papers/gutmann/ [usenix.org]

From the paper:

"In conventional terms, when a one is written to disk the media records a one, and when a zero is written the media records a zero. However the actual effect is closer to obtaining a 0.95 when a zero is overwritten with a one, and a 1.05 when a one is overwritten with a one. Normal disk circuitry is set up so that both these values are read as ones, but using specialised circuitry it is possible to work out what previous "layers" contained. The recovery of at least one or two layers of overwritten data isn't too hard to perform by reading the signal from the analog head electronics with a high-quality digital sampling oscilloscope, downloading the sampled waveform to a PC, and analysing it in software to recover the previously recorded signal. What the software does is generate an "ideal" read signal and subtract it from what was actually read, leaving as the difference the remnant of the previous signal."

THANK YOU. (Yelling deliberate, mods +1 parent)

[BigBlockMopar]

From the paper: (blah blah blah)

I don't normally waste bandwidth or other resources commenting this way ("Me too! Me too!"), but I have to tell you that was the most kick-ass summary and explanation of the problem. Thank you for knowing an intelligent and concise technical reason for seemingly (and massively) redundant re-writing, thank you for having it handy, thank you for citing the most useful passage, and thank you for posting.

Damn, I never have mod points when I need them. I'd have dumped all of

Re:

[Citizen of Earth]

However the actual effect is closer to obtaining a 0.95 when a zero is overwritten with a one, and a 1.05 when a one is overwritten with a one.

Would an eraser work better if it read the original contents and then adjusted what it wrote to leave misleading levels of magnetism behind?

Re:

[forkazoo]

Would an eraser work better if it read the original contents and then adjusted what it wrote to leave misleading levels of magnetism behind?

No, the best bet is multiple passes of random data for several reasons. One is that a really sensitive check of the drive can actually potentially tell what all of the last several states were for each block. 1,0,0,1 will leave a slightly different field strength at a bit from 0,1,0,1 for example, so it's hard to mislead these techniques. Another is that if a certain

Re:Memory effect

[plover]

The only issue I have with Peter's paper (and it's a good one, I read it several years ago) is that it's examining hard drives that are now over ten years old. The "residue" he found of previous passes of data was due in large part to sloppy manufacturing processes, machine tolerances, and out-of-spec electronics.

Modern drives now have data densities two orders of magnitude higher than those on which he did his research. Many of those stray effects have been largely eliminated by higher precision electronics.

Picture in your mind how a hard drive works: the head swings left-and-right, and feedback from a servo track tells the arm when it's centered over the desired data track. In the old days, that arm just had to be close enough. Reading overwritten data worked by checking the area around a bit to see if there was evidence of other bits written when the arm was in a different position. This shows up as higher or lower signal strength.

All that slop was robbing the drive of potential places to store data. By making the mechanics more precise, manufacturers are able to squeeze more cylinders onto a platter, and bits on a track. The slop Peter was able to discover has been largely eliminated.

Re:

[forkazoo]

BULLSHIT! If you write all zeros, then ones, and back to zeros again accross the entire drive (technically a mid-level format, a true low-level erases the servo tracks and renders the drive useless), you can NEVER, NEVER, EVER recover the data.

Please, stop spreading this myth. It's BS!

Ummm... You've never bothered to look up the rules for a DoD wipe, nor the reasons for those rules have you? The executive summary is >5 passes of random data for anything particularly sensitive, because your plan doesn't

dd /dev/random

[ettlz]

I've recovered photos by hand for family members who've accidentally nuked their memory cards (did it the hard way with a hex editor, dd and cut). So wouldn't dd if=/dev/random of=/dev/ memory-card bs=1K count= card-size-in-kib suffice?

Re:dd /dev/random

[ewhac]

I wouldn't use /dev/random; it depletes the entropy pool far too quickly. Use /dev/zero instead:

dd if=/dev/zero of=/dev/mem_card_node bs=256k

If you want to be extra-friendly to the card's buyer, write a new partition table to the card after wiping it and format it for FAT32.

Schwab

Re:dd /dev/random

[Anonymous Coward]

Bols, I don't get it: are you actually saying there's NOT ENOUGH randomness out there?

Here, have some of mine: ldjaofp9 bpm ]ak e]-07

Re:

[gardyloo]

Bols, I don't get it: are you actually saying there's NOT ENOUGH randomness out there?

Here, have some of mine: ldjaofp9 bpm ]ak e]-07

    Huh. Somehow I *knew* you'd write that.

Re:

[drinkypoo]

If you want to be extra-friendly to the card's buyer, write a new partition table to the card after wiping it and format it for FAT32.

Only cards over 2GB should be formatted FAT32. FAT16 supports partitions up to 2048MB and most devices will not read a FAT32 filesystem - typically, though, anything that supports devices larger than 2GB can and does use FAT32.

Re:

[opk]

/dev/zero would be just as good. Trouble with doing that is that you then need to reformat the memory card. For some reason, I find reformatting memory sticks/cards tends to result in very slightly lower capacity than they started with.

RE: you then need to reformat the memory card

[tylernt]

Nah, just delete your files and then write one big file that fills the existing filesystem:

dd if=/dev/zero of=/mnt/sdcard/bigfile bs=1M; rm /mnt/sdcard/bigfile

I do this all the time when I want to save an image of a partition using Ghost in sector-copy mode. I have an equivalent utility I wrote in Batch for Windows. All those zeroes compress quite well. ;)

Anyway, analysis of the remaining FAT may reveal some of your old filenames, but not the data in them.

Stolen?

[monkeyboythom]

The evidence suggests that people are not aware that their privacy is at risk. In addition, the fact that some of the cards contained undeleted images is a bit disconcerting. At a bare minimum media card owners should have deleted the viewable images.

After reading the article, I wondered how many of these cards are actually stolen?

And I don't mean Pamela Anderson and Tommy Lee stolen either.

My dead hard drive...

[DaveM753]

I had a 4-month-old 250gb hard drive die of heatstroke within a fanless drive enclosure. The drive had, shall we say, material of an "educational" nature. (ahem)

Anyway, I didn't want to release said material to the general public at [insert HD manufacturer here], so I abandoned any warranty recovery and just physically destroyed the drive. So much for that $100.

Re:

[Ron Bennett]

Some HD manufacturers will honor warranty with return of only the top cover of the HD unit.

Ron

Re:

[miyako]

Many HD makers will send you a replacement drive without requiring the platters from the bad drive. Most of the time they just want the case to the hard drive.

Re:

[noidentity]

That, my friend, is why you should keep a backup of your "data"! Then if the original drive goes bad, you still have a copy of the data to destroy if neessary.

For The Pervs

[nate nice]

So, if you're a pervert who enjoys walking around in a trench coat naked underneath, is this a good way to make money and satisfy the urge and make a few bucks?

I'm wondering what a card will go for if it's advertised to *still* have pictures and data on it?

Kind of like a mystery grab bag?

Re:

[drawfour]

So, if you're a pervert who enjoys walking around in a trench coat naked underneath

You know, we're all naked beneath our clothes.

Card not wiped because people don't care

[syousef]

I'm sure a lot of people don't wipe the camera cards because they don't care if someone gets photos of their pets or disney vacation or drunken stupor. They figure most people - ie. those not interested in writing an alarmist privacy article - will simply wipe and use the card. Unless you're a celebrity, or have a stalker why would you care? You're probably photographed more by traffic cameras these days anyway.

Re:Card not wiped because people don't care

[Kelson]

There's also the possibility that they might not have a way to delete it. If, for instance, the only thing they have that reads the card is the camera itself (and they've been retrieving images via USB), and the reason they're discarding the card is that the camera itself is broken, and their new camera uses different media...

I can see the thought process going from "crap, I left some photos on there" to "eh, they're already on Flickr anyway." Unless there are photos that they haven't already downloaded, there's less motivation to track down something that will read (and erase) the card.

Exactly, I question the premise

[SuperKendall]

From the article:

In addition, the fact that some of the cards contained undeleted images is a bit disconcerting. At a bare minimum media card owners should have deleted the viewable images.

Why? Why should they have, if they don't care who saw them? As they said, the images were all of clothed people and disney world and things, worth nothing to anyone but the owner.

Privacy just for the sake of privacy seems to have taken hold of too many people, who do not stop to think - is there any point to privacy in this instance?

Obviously if people did not want images being seen they should remove them; I just object to catiioning users against leaving images with the vague fear that "someone may see thier images" when that may not matter at all.

Testing the best erase method?

[GrumpySimon]

There are ten or fifteen posts here with people suggesting that people should use dd, or wipe to write over these removable media to stop people recovering the data. Most people seem to be suggesting doing a dd from /dev/random TWENTY times.

What I would like to know is what the most effective method is. Someone should take a bunch of these cards (and harddrives etc) and do a little controlled test to see how much of a photo/file is recoverable after one round of dd, after 10 rounds of dd, etc. In short - what's the most effective (time v.s. security) method for cleaning these things?

Re:

[Kelson]

what's the most effective (time v.s. security) method for cleaning these things?

That depends on whether you want the card to be usable afterward...

Re:

[rrohbeck]

Every bit cell on a Flash or EEPROM is a capacitor. Since it doesn't have remanence in spaces that may not see a flux change and the possibility of offtrack writes like a hard drive, overwriting with random data is unnecessary - better write 0x00, then 0xff, a few times.

Writing a word or block in one of those devices means:
- Erase the word/line/block to 0xff if necessary (i.e. if there are bits that need to be flipped to 1)
- For each bit that is to be set to 0,
-- bang on it with a pulse until it turns 0
-- b

Re:

[scdeimos]

Except for that 5% slack space behind the scenes used for wear-levelling (it's done in hardware now, no need for file systems like JFFS). I guess if someone was keen enough they could decapsulate the card and scrutinize the memory chip under an electron microscope to try to image what's been previously written in that 5% but who'd actually bother?

C'mon people, this is just an alarmist article. It's not like the military is going to put something sensitive like Launch Codes on memory cards and then sell the

NASA's methodology

[Audacious]

When I first started at NASA the methodology was to use something like Norton's Erase, put it on Government Erase (three passes of writing first all ones, then all zeros, then all ones again, then doing half tracks). When Windows 98 came along we still used Norton's Erase but it had a different algorithm which was quite good too. When Windows 2000 came along we were no longer trusted to erase everything properly and we had to send the disk drives to a centralized location where they were wiped before being sold. When Windows XP came along we were told to just take a hammer to them. This was because the government had made so many cutbacks that there wasn't any money to properly erase the disk drives.

On a side note: When I first started working at NASA we had a budget of well over a million dollars. We got rid of all of the really big mainframes, and minis, and went to micros. Our budget was reduced to somewhere around $500,000.00 a year (about a third of what we originally were given each year). What I'd like to know is - whatever happened to all of that money? We certainly never go pay raises which equaled the amount of money lost. So where did it go? The answer might be a bit more surprising than anyone really wants to know about. :-/

Re:

[TClevenger]

When Windows 2000 came along we were no longer trusted to erase everything properly and we had to send the disk drives to a centralized location where they were wiped before being sold.

Interesting. I would rather trust a utility like Darik's Boot & Nuke than trust UPS or FedEx to actually get the drive to the centralized location. If UPS or FedEx fails, somebody might end up with a drive with NOTHING erased.

Why not post them on eBay?

[frdmfghtr]

Why would I not post them on eBay, even if wiped?

Aren't there data recovery services that recover data from supposedly wiped media (hard drives, memory cards, etc.)?

Besides, how likely are you to to make back the listing fees on used media? Given how the prices are coming down, why would you buy used when you can buy new for only a little more? Brand new 1 GB CF is going for $10, why buy used?

I would be worried that I would lose money selling used memory media on eBay; it would make more sense moneywise to just smash them with a hammer; get some exercise, and anything that was on them is now unrecoverable.

Who cares?

[ErikTheRed]

I mean seriously, the discussion shouldn't be about "proper erasure techniques that 99.999% of the public couldn't understand if they tried", it should be about not being such a tight-ass cheap fuck that you have to sell your old drives (flash / hard / whatever) on E-Bay. I mean, seriously, do you need to spend that much effort to net yourself an extra $5 or $10?

I erase my old media with a sledgehammer. Try to recover that, bitch.

Re:Who cares?

[ivan_13013]

Throwing away or destroying manufactured items when they are working and reusable is irresponsible, because it does not attempt to minimize environmental impact.

Used items that are still in demand should be reused as much as possible, to reduce the demand for manufacturing these items (with all the power and waste involved in that) and the size of landfills.

Re:

[maxume]

I commit to not smashing ~1 memory card a year the second you get every(hell, some of them) Jim-Bob to stop driving his V8 100 miles to work everyday.

Re:

[pclminion]

Throwing away or destroying manufactured items when they are working and reusable is irresponsible, because it does not attempt to minimize environmental impact.

And burning who knows how much gasoline in order to physically transport an object across the country that weighs something around 2 grams is not irresponsible?

What would be responsible is giving it to an acquaintance or selling it locally on something like Craigslist. Putting it on eBay and shipping it to somebody who may be thousands of mile

Re:

[BigBlockMopar]

I mean seriously, the discussion shouldn't be about "proper erasure techniques that 99.999% of the public couldn't understand if they tried",

99.999% of the public probably can't imagine that I can still get it back after they've emptied the Recycle Bin on Windows 95-Vista.

it should be about not being such a tight-ass cheap fuck that you have to sell your old drives (flash / hard / whatever) on E-Bay. I mean, seriously, do you need to spend that much effort to net yourself an extra $5 or $10?

I sell o

Call me a packrat.

[Perseid]

I'd just keep the damn thing. You know that as soon as you sell it you'll have a desperate need for it. That's just how the world works.

Why sell memory cards?

[owlstead]

Why would somebody want to sell memory cards on eBay anyway? The only reason I can think of is because it was an original accessoiry for a digital camera or something. But the biggest one tested was 128 MB, which sells for - uh cannot find that one. 1 GB sells for 12,50 over here (SD).

Debian Administration Page.

[Erris]

Much of the information in the article about data recovery is also covered by DebianAdministration.org [debian-adm...ration.org]. TestDisk and photorec, are afterall, free software.

Hip, hip hooray!

Re:

[Akaihiryuu]

Don't quote me on this (I haven't gotten my RAZR yet, still waiting on UPS)...but from the specs I read, the memory card on the RAZR is removable, and the site said it also came with an SD adaptor so you can put the card in anything that can read SD cards. Currently the only thing I have with an SD reader is my Wii, so I can't really test this out even after I get my phone until I get an SD reader. Might be worth a shot though.

Duh

[NineNine]

Well, duh. Smash it with a hammer and throw it in the trash. Is it really worth your time to take more time trying to wipe it, then jump through the eBay hoops to post the damn thing, have them take out their exorbitant fees, deal with shipping it, etc. for $50? Just dump it, buddy.

Re:

[emc]

Your signature vexes me:
Aych tea tea pea colon slash slash dot dot org slash
h t t p : / / dot . org /

Unless your signature is advertising some link farming site, I think you have a missing slash.

Re:

[anagama]

Realistically, when a new 1gb card is under $50 in the stores (and a quick froogle search showed some generics around $20), just how much is my 64mb Smartmedia card worth? How about my 16mb Compact Flash? The authors of the article spent about $70 on cards, and a bit more than $40 on exorbitant ebay shipping charges -- that's about $11 each. For that price, it isn't worth the effort to try selling these antiquated cards.

Partially a Question, Partially a Comment

[BigBlockMopar]

Realistically, when a new 1gb card is under $50 in the stores (and a quick froogle search showed some generics around $20), just how much is my 64mb Smartmedia card worth? How about my 16mb Compact Flash? ... For that price, it isn't worth the effort to try selling these antiquated cards.

Well, there is something else, too: what about users of devices which don't support larger cards? I don't know - I've never encountered a problem with SD (which is all I've used in portable devices - choose a platform an

Re:

[drinkypoo]

If you can't boot the phone you can't clear it. Motorola phones have two settings, a MASTER RESET and a MASTER CLEAR that collectively clear all data and settings from the phone. The memory card in the V3i is used only for ringtones, video and such - phone numbers are still stored to SIM or Phone.

Re:

[RvLeshrac]

http://www.zdelete.com/dod.htm [zdelete.com]

The DOD already answered this question.

Whenever there's any doubt, DOD standards are the way to go.

Re:

[ScrewMaster]

Modern storage systems either forget what they're supposed to remember, just when you need it the most ... or they remember it long after it is best forgotten.

Re:Been there, done that...

[tylernt]

Please Post pix. Thanks in Advance.

Yes, I'd love to see thermite destroy a hard drive.

Car Shredder

[BigBlockMopar]

Yes, I'd love to see thermite destroy a hard drive.

Bah. Overkill. There's already a great video somewhere of thermite melting through a car. Likewise, one of the best things you can do is get rid of that Honda Civic in your driveway by stuffing it full of old hard drives and taking it to a serious (no car crushers, just a shredder) scrap metal place in your town and watching it go down the throat. Anyone who wants my old credit card numbers (which, BTW, are exclusively *expired*, no live ones get to any

Why you might care.

[Erris]

I take pictures, post it on my website, post it on flickr and hardly anybody sees it. What do I care :(

People who love you will one day get it, so cheer up.

Now, the reason you might worry about data deletion and privacy may have nothing to do with you personally. The best way to judge the harm done by snooping is to think of the worst thing it can be used for against someone who's fighting for your rights. See this post [slashdot.org] for information on harm done by previous domestic spying. Automated spying of tha