Avast Buys 20 Used Phones, Recovers 40,000 Deleted Photos

← Back to Stories (view on slashdot.org)

Avast Buys 20 Used Phones, Recovers 40,000 Deleted Photos

Posted by Soulskill on Tuesday July 8, 2014 @04:20PM from the delete-then-rewrite-then-smash-into-bits dept.

An anonymous reader writes: The used smartphone market is thriving, with many people selling their old devices on eBay or craigslist when it's time to upgrade. Unfortunately, it seems most people are really bad at wiping their phone of personal data before passing it on to a stranger. Antivirus company Avast bought 20 used Android phones off eBay, and used some basic data recovery software to reconstruct deleted files. From just those 20 phones, they pulled over 40,000 photographs, including 1,500 family pictures of children and over a thousand more.. personal pictures. They also recovered hundreds of emails and text messages, over a thousand Google searches, a completed loan application, and identity information for four of the previous owners. Only one of the phones had security software installed on it, but that phone turned out to provide the most information of all: "Hackers at Avast were able to identify the previous owner, access his Facebook page, plot his previous whereabouts through GPS coordinates, and find the names and numbers of more than a dozen of his closest contacts. What's more, the company discovered a lot about this guy's penchant for kink and a completed copy of a Sexual Harassment course — hopefully a preventative measure."

231 comments

child porn by Anonymous Coward · 2014-07-08 16:21 · Score: 1

How much of it was child porn?
1. Re:child porn by Anonymous Coward · 2014-07-08 18:25 · Score: 0
  
  Why do you ask?
2. Re:child porn by BasilBrush · 2014-07-09 01:13 · Score: 1
  
  I would hope the probability of randomly selecting a pedophile is less than 1 in 20. Still 1000 adult nudie pictures from 20 random phones is more than I'd have guessed.
3. Re:child porn by Kazoo+the+Clown · 2014-07-09 01:56 · Score: 1
  
  I suspect they have a lot of old Android phones that they'd like to monetize on eBay...
4. Re: child porn by Anonymous Coward · 2014-07-09 02:57 · Score: 0
  
  child porn = "14 year old's racy photos of herself"
  I think you vastly underestimate the number of underage teens who take and share these photos.
5. Re:child porn by Anonymous Coward · 2014-07-09 03:10 · Score: 0
  
  As someone in the mobile telecommunications industry, 1000 adult pics from 20 phones is far less than I would have guessed. Its amazing what where and when people take pictures of when you put a small handy camera in their pocket 24/7.
6. Re:child porn by Anonymous Coward · 2014-07-09 13:40 · Score: 0
  
  How many of the photos where just from the browser cache though?
7. Re:child porn by doccus · 2014-07-10 05:15 · Score: 1
  
  Well I don't know aboit kiddie pxxn, but there was "a thousand more...personal photos"
Where the fault lies? by PC_THE_GREAT · 2014-07-08 16:31 · Score: 3, Insightful

When someone says reset phone and reset data, the OS should ensure a clean wipe not a soft wipe. Should atleast fill it with 0s. And people should try to keep most of their data on sd cards and move those alongs when they get new phones.

What kind of people sell sd cards along with phone. I thought everyone are misers.

Am tempted to know what kind of nudie pics where available :p.
1. Re:Where the fault lies? by master5o1 · 2014-07-08 16:35 · Score: 1
  
  But how many people actually reset phone and reset data? I'd imagine a lot of people simply manually delete their photos and unhook their Internet accounts from the phone. Hardly a wipe.
  
  --
  signature is pants
2. Re:Where the fault lies? by tlhIngan · 2014-07-08 17:22 · Score: 4, Insightful
  
  But how many people actually reset phone and reset data? I'd imagine a lot of people simply manually delete their photos and unhook their Internet accounts from the phone. Hardly a wipe.
  But it's so easy to do on iOS. You can do it on the phone - Settings->General->Reset
  And it wipes the phone - the flash storage is encrypted. Resetting it wipes the key and generates a new one. It then reboots and reformats the user storage using the new key and mounts it. The old data is irrecoverable because the key is lost, and the new data is written using a new key.
  Even prior to encrypted storage, iOS3 created the option to do it where it erases and wipes the storage - anything 3GS and newer wipes keys (so wiping takes a couple of minutes), older ones took a couple of hours.
  No reason Android can't do the same - either by sending TRIM commands to the entire user storage area and then forcing a write-all-with-zeroes to be doubly sure.
3. Re:Where the fault lies? by MyFirstNameIsPaul · 2014-07-08 18:30 · Score: 4, Insightful
  
  I would not trust an encryption method as a replacement for permanent data destruction, but I may be more paranoid than most.
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
4. Re:Where the fault lies? by gnasher719 · 2014-07-08 19:16 · Score: 3, Funny
  
  When someone says reset phone and reset data, the OS should ensure a clean wipe not a soft wipe. Should atleast fill it with 0s. And people should try to keep most of their data on sd cards and move those alongs when they get new phones.
  
  There's one phone that just throws away the encryption keys, which are never stored anywhere than on two locations on the hard drive (in encrypted form), so only these two locations need to be wiped. That phone also has the ability to access a small amount of flash memory directly without the firmware interfering, to make sure that no invisible copies of those keys are created. Well, it's not Android...
5. Re:Where the fault lies? by Anonymous Coward · 2014-07-08 21:51 · Score: 0
  
  Even the custom Android "recovery" systems only perform a quick format and call that "wipe data partition". It's no wonder people's data is recoverable: There simply is no way to remove it!
6. Re:Where the fault lies? by itsme1234 · 2014-07-08 22:52 · Score: 1
  
  Well how are you using the phone otherwise? Do you keep it locked in some booby-trapped safe? Otherwise you can still lose it and it'll be in a much worse shape than it is when you sell it with keys wiped and storage formatted (even if technically not fully wiped even if still encrypted). It might be unlock-able, it might have some SD-card you regularly keep in it (but you wouldn't leave there if you sell the phone). etc.
7. Re:Where the fault lies? by Anonymous Coward · 2014-07-08 23:20 · Score: 0
  
  You realize how long this takes? You think anyone is going to wait until it would complete?
8. Re:Where the fault lies? by Anonymous Coward · 2014-07-08 23:51 · Score: 0
  
  You probably are a bit too paranoid. As long as the encryption method is not one of those crazy ones that used to come on older flash drives before they got debunked (where it as an xor and a 9's complement) - as long as it is something like AES 256 - encryption as a data disposal method is a pretty good way to go. It prevents you from having to drill holes in the drive (or other destruction) and allows you to re-use the drive. Do you just bash your phones with a hammer when done with them? Perhaps run them through a BlendTec blender?
9. Re:Where the fault lies? by Razed+By+TV · 2014-07-09 00:06 · Score: 4, Insightful
  
  I think you're looking at it from the wrong angle. For general purpose phone use, encryption is reasonable. But for the purposes of permanent deletion, why rely on encryption when you could just shred the data and be done with it once and for all?
10. Re:Where the fault lies? by Anonymous Coward · 2014-07-09 00:55 · Score: 0
  
  And people should try to keep most of their data on sd cards and move those alongs when they get new phones.
  My Moto G disagrees with this assessment.
11. Re:Where the fault lies? by Lumpy · 2014-07-09 01:11 · Score: 1
  
  It does if you enable security and turn on locking. Betting all those phones never had a lock pin so the data was held in flash without any encryption.
  
  --
  Do not look at laser with remaining good eye.
12. Re:Where the fault lies? by Lumpy · 2014-07-09 01:13 · Score: 2
  
  He has a special edition otterbox case that is filled with C4 explosives. if the phone gets more than 6 feet from him it detonates. sadly he goes through about 40 phones a year.
  
  --
  Do not look at laser with remaining good eye.
13. Re:Where the fault lies? by Pax681 · 2014-07-09 01:16 · Score: 1
  
  But how many people actually reset phone and reset data? I'd imagine a lot of people simply manually delete their photos and unhook their Internet accounts from the phone. Hardly a wipe.
  But it's so easy to do on iOS. You can do it on the phone - Settings->General->Reset
  And it wipes the phone - the flash storage is encrypted. Resetting it wipes the key and generates a new one. It then reboots and reformats the user storage using the new key and mounts it. The old data is irrecoverable because the key is lost, and the new data is written using a new key.
  Even prior to encrypted storage, iOS3 created the option to do it where it erases and wipes the storage - anything 3GS and newer wipes keys (so wiping takes a couple of minutes), older ones took a couple of hours.
  No reason Android can't do the same - either by sending TRIM commands to the entire user storage area and then forcing a write-all-with-zeroes to be doubly sure.
  Android CAN do the same by simply performing a factory reset.. apple hardly had a fucking monopoly on factory reset functions in phones.
  it's just that most normal users haven't a fucking clue and thus don't reset their phones to factory state and that's where the problem lies.
14. Re:Where the fault lies? by BasilBrush · 2014-07-09 01:21 · Score: 0
  
  When someone says reset phone and reset data, the OS should ensure a clean wipe not a soft wipe.
  iOS does. The data is stored in encrypted form. A wipe throws the encryption key away, thus in an instant, the whole drive is unreadable.
15. Re:Where the fault lies? by BasilBrush · 2014-07-09 01:23 · Score: 1
  
  I would not trust an encryption method as a replacement for permanent data destruction, but I may be more paranoid than most.
  More paranoid than computer scientists, for sure.
16. Re: Where the fault lies? by Anonymous Coward · 2014-07-09 01:23 · Score: 0
  
  Ha, that's a laugh. I wiped my iPhone, full reset, plugged it in to my computer and lo and behold there were all my photos. Not much of a wipe.
17. Re:Where the fault lies? by BasilBrush · 2014-07-09 01:24 · Score: 4, Interesting
  
  Because throwing the keys away on an encrypted drive is more secure than overwriting an unencrypted drive with zeros, as the data recovery experts will be glad to tell you.
18. Re:Where the fault lies? by nabsltd · 2014-07-09 01:25 · Score: 1
  
  You realize how long this takes? You think anyone is going to wait until it would complete?
  Writing zeros to every byte of a 32GB flash drive takes less than an hour, even with very slow flash (10 MB/sec write speed).
19. Re:Where the fault lies? by BasilBrush · 2014-07-09 01:30 · Score: 1
  
  With iOS, it's a simple option to securely delete everything. And it takes no time.
  With Android it's not a one step operation and it's full of ifs and buts. And it will take some time. See for example:
  http://lifehacker.com/5808280/...
20. Re:Where the fault lies? by BasilBrush · 2014-07-09 01:40 · Score: 0
  
  But that's a terrible approach to wiping a flash drive.
21. Re: Where the fault lies? by jd2112 · 2014-07-09 01:44 · Score: 1
  
  Too bad most phones no longer have micro-SD slots.
  
  --
  Any insufficiently advanced magic is indistinguishable from technology.
22. Re:Where the fault lies? by Anonymous Coward · 2014-07-09 01:49 · Score: 0
  
  Are you sure the key is WIPED and not deleted? All would be for not if the key survives the deletion process.
  With a 4 digit code that most people use, it can be recovered extremely quick.
23. Re: Where the fault lies? by Anonymous Coward · 2014-07-09 02:06 · Score: 0
  
  Please cut out your Apple marketing. I mean really. This isn't the paid-for apple.slashdot.org domain.
24. Re:Where the fault lies? by Pax681 · 2014-07-09 02:49 · Score: 1
  
  sorry but bugger apple, bugger their walled garden and the boat they came in on.
  i am very happy with my S5 thanks, and was happy with my S3,S2 and my htc desire before that.
25. Re:Where the fault lies? by BasilBrush · 2014-07-09 03:02 · Score: 1
  
  Your personal phone preferences are irrelevant. This is a discussion of a specific feature of iOS and a weakness of Android.
26. Re:Where the fault lies? by jandrese · 2014-07-09 03:03 · Score: 2
  
  Uh, the factory reset doesn't wipe the storage on the phone. These phones that were bought off of eBay were probably factory wiped (people aren't quite as dumb as advertised), but the issue is that Factory Wipe doesn't do what people think it does.
  
  --
  
  I read the internet for the articles.
27. Re:Where the fault lies? by Anonymous Coward · 2014-07-09 03:05 · Score: 0
  
  But of course it isn't. Encryption that works now can be broken a year from now but overwriting the complete drive with zeroes will shred most of it's data (some data may be left in remapped sectors, but except for maliciously tempered with disks that will never be a lot). All the stories about reading the previous states of a disk bit with an efm ar just that: stories.
  Best would be to have your disk encrypted *and* overwrfite it with zeroes. That way you're reasonably well protected against mailicious drives and data recorvery after the fact.
  If you're really paranoid you overwrite with random data instead of zeroes.
28. Re:Where the fault lies? by Pax681 · 2014-07-09 03:11 · Score: 1
  
  Your personal phone preferences are irrelevant. This is a discussion of a specific feature of iOS and a weakness of Android.
  it must've really made you weed when the saviour.. the lord jobs kacked it eh? i bet you wept onto your wee i-devices.... shame that's not covered under waranty eh? LOL.
  however it's hilariously funnyh that MY preference and experience with android devices somehow negates what i say but your blatant fucking fanboism driven bollocks is fine?
  now THAT is fucking funny :)
29. Re:Where the fault lies? by BasilBrush · 2014-07-09 03:17 · Score: 1
  
  You're a great advert for the IQ level of Android users.
30. Re:Where the fault lies? by Pax681 · 2014-07-09 03:27 · Score: 1
  
  and you sir and a typically arrogant apple fanbois :)
  good day sir.. i am off to do some work :)
31. Re:Where the fault lies? by Anonymous Coward · 2014-07-09 03:31 · Score: 0
  
  "Work" calling people faggot on COD chat.
32. Re:Where the fault lies? by Snorbert+Xangox · 2014-07-09 04:13 · Score: 1
  
  There are self-encrypting tape drives and hard disks that satisfy FIPS 140-2: adequate for "sensitive but unclassified data".
  If you have very high value data and are facing an APT style of adversary, your concerns would be valid. For "buy random hard disk and harvest blackmail and ID theft fodder", standard compliant crypto will be quite sufficient to make the attacker move on to easier pickings.
  
  --
  -Snorbert, somewhere in the antipodes
33. Re: Where the fault lies? by Anonymous Coward · 2014-07-09 04:18 · Score: 0
  
  Properly encrypted data is indistinguishable from randomness without the correct encryption key. And since it's indistinguishable from randomness, the only way to find the correct encryption key is to try every possible key and see which of them appear to make valid data from it. (More than one key may seem to fit...)
34. Re: Where the fault lies? by Anonymous Coward · 2014-07-09 04:20 · Score: 0
  
  You're funny. You do realise that your iTunes restored all of the pictures when you plugged it in?
35. Re:Where the fault lies? by SecurityGuy · 2014-07-09 04:21 · Score: 2
  
  Encryption that works now can be broken a year from now
  Not remotely. If you find 256 bit AES broken in a year, let us know.
36. Re:Where the fault lies? by SecurityGuy · 2014-07-09 04:26 · Score: 1
  
  True, it doesn't, but it does delete the key which is used to encrypt everything. With no key, it's gibberish, indistinguishable from random data. Or so claims Apple, anyway. If you have better data, I'd be most interested to see it (and freely admit it's possible ANY vendor is lying about their security precautions).
  Personally, I find it quite possible that Joe RandomUser would "delete" pictures, etc, and not know how to do a proper wipe. Heck, I had to look it up, but it took knowing that in general "delete" means "remove the pointer to". Casual users mostly don't know that.
37. Re:Where the fault lies? by Anonymous Coward · 2014-07-09 04:31 · Score: 0
  
  If the key is generated based on a hash of the 4-digit passcode, doesn't seem too tough to break that.
  Even if the user opt'd for a the stronger password vs. simple passcode, I'll bet that it still wouldn't be very tough to BF.
38. Re:Where the fault lies? by vux984 · 2014-07-09 05:22 · Score: 2
  
  Because throwing the keys away on an encrypted drive is more secure than overwriting an unencrypted drive with zeros, as the data recovery experts will be glad to tell you.
  But that's a false choice. There is a 3rd option... do both.
  Take your most private information, encrypt it, and put it on a flash drive.
  Then go and sell or give that flash drive away to someone else.
  Are you really going to say... well they don't have the keys, so we're good. Here you go. And hand them all your data intact (but encrypted).
  Or would you maybe just maybe think, yeah its encyrpted... but why tempt fate? Maybe I'll erase it first.
  I mean is there any good reason NOT to erase it first?
39. Re:Where the fault lies? by hacker · 2014-07-09 05:59 · Score: 1
  
  There's one phone that just throws away the encryption keys, which are never stored anywhere than on two locations on the hard drive (in encrypted form), so
  only these two locations need to be wiped.
  Yay for BlackBerry!
40. Re:Where the fault lies? by Anonymous Coward · 2014-07-09 06:23 · Score: 0
  
  and you sir and a typically arrogant apple fanbois :) good day sir.. i am off to do some work :)
  Yeah, those burgers aren't going to make themselves, right?
41. Re:Where the fault lies? by MyFirstNameIsPaul · 2014-07-09 06:23 · Score: 1
  
  To my knowledge, Apple has not published the code they use in the encryption process for which keys are being deleted or the code which deletes the keys. Although I'm not aware this code at least been reviewed by trusted professionals (it may have). It seems like too many people say "256-bit AES" as if it's a conversation stopper, but there is always more to be concerned about. For example, the theory of public key encryption is sound, yet OpenSSL had a security hole the size of a galactic core which gave access to the memory of a web server. Apple software != 256-bit AES.
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
42. Re:Where the fault lies? by MyFirstNameIsPaul · 2014-07-09 06:27 · Score: 1
  
  Yes, much more so than the ones at OpenSSL (IIRC, the Heartbleed bug was reportedly caused by not checking code originally submitted by an intern).
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
43. Re:Where the fault lies? by MyFirstNameIsPaul · 2014-07-09 06:45 · Score: 1
  
  FFS, it's on a time delay, not GPS (that can be spoofed).
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
44. Re:Where the fault lies? by neonKow · 2014-07-09 08:34 · Score: 1
  
  What the hell is wrong with you?! No one is telling you to buy anything, but saying that one phone encrypts data and another phone doesn't is a perfectly valid point. Stop your ridiculous religious war and realize that there are things my old brick phone could do that my smartphone can't as well.
45. Re: Where the fault lies? by Anonymous Coward · 2014-07-09 09:53 · Score: 0
  
  Both OS'S can encrypt........ :)
46. Re:Where the fault lies? by Mike+Buddha · 2014-07-09 12:19 · Score: 1
  
  IOS full device encryption is only activated when a passcode is added to the device. Android's works the exact same way. If you don't have a passcode on your iPhone, your device is NOT encrypted, and resetting your device will have the exact same vulnerability to these kinds of data restoration tools.
  http://support.apple.com/kb/ht...
  
  --
  by Mike Buddha -- Someday the mountain might get him, but the law never will.
47. Re:Where the fault lies? by BasilBrush · 2014-07-09 20:03 · Score: 1
  
  Who told you that the coders who wrote OpenSSL were computer scientists?
  I'm not talking about coding. It's hardware encryption. Once the key has been overwritten with another key, nothing is going to unencrypt that data. Nothing.
48. Re:Where the fault lies? by BasilBrush · 2014-07-09 20:05 · Score: 1
  
  But that's a false choice. There is a 3rd option... do both.
  There's a fourth option: do both of those, then get a witch-doctor to shake some chicken bones at it.
  Going through pointless rituals, just in case, and because it won't do any harm, is religion, not computer science.
49. Re: Where the fault lies? by Anonymous Coward · 2014-07-09 20:47 · Score: 0
  
  I do not like your repeated use of the word "fuck" but you are right.
  Many people do not reset their device before giving it away, they do not know about this option and they do not care. They think deleting their photos and emails is the only necessary thing to do.
  Companies can offer all kinds of security features but nobody can make people use them if they don't care.
50. Re:Where the fault lies? by vux984 · 2014-07-09 21:16 · Score: 1
  
  Going through pointless rituals, just in case, and because it won't do any harm, is religion, not computer science.
  Gotcha. Security shouldn't be layered or redundant. As long you've got one method that should be secure your good right.
  I ran servers that were vulnerable to heartbleed. However, damage was effectively mitigated because although they were on the public facing internet, connections were logged through a gateway, and firewalls strictly limited the ip addresses that could make connections at all.
  Wasn't all that witch doctor chicken bones? If OpenSSL had been without flaws, those extra layers wouldn't have mattered.
  Are you really willing to put all your trust in truecrypt or whatever you like to use, in a situation you don't have to? If its encrypted and there are no backdoors or weaknesses in the implementation then encrypted SHOULD be good enough... but that's a big IF. Why take the chance if you don't have to?
  That's not religion. That's common sense.
51. Re:Where the fault lies? by BasilBrush · 2014-07-10 00:30 · Score: 1
  
  Gotcha. Security shouldn't be layered or redundant. As long you've got one method that should be secure your good right.
  There's a difference between relying on code and relying on hardware encryption.
  
  Are you really willing to put all your trust in truecrypt
  Good lord no. That's code.
  
  That's not religion. That's common sense.
  Science often proves common sense wrong.
52. Re:Where the fault lies? by Razed+By+TV · 2014-07-10 08:42 · Score: 1
  
  A data recovery expert would be eager to tell you that a proper data shred is not done with zeroes alone...
53. Re:Where the fault lies? by uninformedLuddite · 2014-07-10 16:19 · Score: 1
  
  Total physical destruction. It's the only way.
  
  --
  The new right fascists are bilingual. They speak English and Bullshit.
54. Re:Where the fault lies? by Mondor · 2014-07-11 01:26 · Score: 1
  
  Some modern smartphones do not have external SD cards, only internal storage. Which can be accessed just like an SD card, excerpt that it can't be removed and disposed.
55. Re:Where the fault lies? by marauder-2c · 2014-07-11 02:11 · Score: 1
  
  nope. you would need a VERY old hard drive (it will work on floppies, ZIP or LS120), written to EXACTLY ONCE before overwriting with zeros. this can be recovered with AFM/MFM, with a 56% chance to get one bit correct. you do the math about the probability of reading one byte correctly. anything newer is too dense and, using PRML methods, they don't even write real 1s anymore, 0.8's are close enough. that rumor has been around for years, but its still not true.
  but hey, I happen to have a still sealed 40GB drive in my desk, i can put some text on that, zero it once and you let great deeds follow your great words and recover that data. how about some real "less talk, more experimental proof" here?
56. Re:Where the fault lies? by BasilBrush · 2014-07-11 07:40 · Score: 1
  
  "less talk, more experimental proof"
  Where's yours?
57. Re:Where the fault lies? by Anonymous Coward · 2014-07-11 12:35 · Score: 0
  
  Most SD cards don't support TRIM commands
58. Re:Where the fault lies? by nabsltd · 2014-07-13 02:31 · Score: 1
  
  But that's a terrible approach to wiping a flash drive.
  No approach is terrible compared to the consequences of leaking the types of data mentioned in TFA.
59. Re:Where the fault lies? by MyFirstNameIsPaul · 2014-07-13 07:33 · Score: 1
  
  Are you supporting the claim that hardware manufacturers do everything to spec? That the hardware doesn't have to interface with software?
  I find it rather concerning that so many people place so much faith in so many strangers that they would forgo a 60-second attendant procedure that would nearly totally ensure against data leakage.
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
60. Re:Where the fault lies? by BasilBrush · 2014-07-14 01:35 · Score: 1
  
  To spec? You're suggesting that they accidentally included multiple registers for the private key, and don't reuse the same one?
  Interface with software? No. The encryption is fully in hardware. No software can touch the private key, by design.
  I'm afraid you're at conspiracy theory levels of paranoia. Or simply are worried about that scary thing that you don't understand.
61. Re:Where the fault lies? by BasilBrush · 2014-07-14 01:55 · Score: 1
  
  There's two gaps in that logic. It suggests that all approaches are good, which they obviously aren't. And it assumes that the one already discussed, of deleting the key of an encrypted drive isn't completely sufficient, which is is. AES 256 is unbreakable within the projected lifespan of the universe.
But no spell checker by Anonymous Coward · 2014-07-08 16:31 · Score: 0

"preventive".
1. Re:But no spell checker by Anonymous Coward · 2014-07-08 17:57 · Score: 0
  
  http://www.merriam-webster.com...
2. Re: But no spell checker by Anonymous Coward · 2014-07-08 18:27 · Score: 0
  
  what is wrong with you?
Who's at fault for this? by SeaFox · 2014-07-08 16:32 · Score: 3, Insightful

Unfortunately, it seems most people are really bad at wiping their phone of personal data before passing it on to a stranger.
How many people actually have the ability to securely wipe data on their phone to start with, without rooting it? For lots of folks, the "factory reset" option is the only thing they can do on their own, and that likely only deletes prefs and network settings and erases file system directory info. It does not overwrite the bits in the phone's storage to make them unrecoverable.
1. Re: Who's at fault for this? by Anonymous Coward · 2014-07-08 16:36 · Score: 0
  
  Don't need to. Just reset to factory, then copy music to fill the phone then reset then repeat 3-4 times and you should be covered.
2. Re:Who's at fault for this? by Mr0bvious · 2014-07-08 16:41 · Score: 5, Insightful
  
  As stated above this really should be an inbuilt OS feature - "Reset for resale"
  It shouldn't take an understanding or knowledge of the intricacies of how the device works or how to properly erase data. It should be automatically done by the OS since most phone users do not know how to do it properly.
  
  --
  Never happened. True story.
3. Re:Who's at fault for this? by baenpb · 2014-07-08 17:26 · Score: 1, Insightful
  
  Agreed, but the money's not there. This promotes resale, which takes away from apple's.....i mean...the phone manufacturer's....bottom line.
4. Re:Who's at fault for this? by Mr0bvious · 2014-07-08 17:40 · Score: 1
  
  Yes true, there is that disincentive there.
  
  --
  Never happened. True story.
5. Re:Who's at fault for this? by Anonymous Coward · 2014-07-08 18:02 · Score: 0
  
  which takes away from apple's.....i mean...the phone manufacturer's....bottom line.
  Uh, these were *Android* devices. Last time I checked, Apple didn't sell Android devices...
6. Re:Who's at fault for this? by viperidaenz · 2014-07-08 18:46 · Score: 2
  
  I can go in to the settings menu and select encrypt device.
  Not sure if that's new for Android 4.4 or if it came earlier.
7. Re: Who's at fault for this? by viperidaenz · 2014-07-08 18:46 · Score: 5, Funny
  
  Copy goatse, not music.
  Give them a surprise if they try and snoop your old data.
8. Re:Who's at fault for this? by rioki · 2014-07-08 20:10 · Score: 2
  
  I would wager that the real impact is the opposite. It is like used games, on the surface it looks like a "lost sale" but in reality it provides liquidity. The used phone market then fuels the new pone market, since those that sell the phone do not have / don't want to spend the money on their yearly upgrade cycle. On the other hand those that buy the used phones don't have the money to spend on a new phone. Even though they may have spent the money on a lower end device, it is not a lost sale, since as mentioned before they supported the sale of a high end device, which again has a higher profit margin.
  But if MBAs would also get that, that would be great.
9. Re:Who's at fault for this? by BasilBrush · 2014-07-09 01:42 · Score: 0
  
  Agreed, but the money's not there. This promotes resale, which takes away from apple's.....i mean...the phone manufacturer's....bottom line.
  The problem with your blind hatred is that Apple's phones DO have this option. An instant one stop secure delete. It's Android that is sadly lacking.
10. Re:Who's at fault for this? by m.alessandrini · 2014-07-09 03:01 · Score: 1
  
  Is it even possible to physically overwrite sectors in a flash memory embedded on the device board? Is a software enough, or are there hardware drivers sitting between you and the physical sectors? For example, SD cards perform automatic remapping of sectors to not write too often on the same ones. Raw flashes should be more direct, but I'm not sure of the whole hardware chain in a system-on-chip.
11. Re:Who's at fault for this? by houghi · 2014-07-09 06:30 · Score: 1
  
  My parents gave me an old PC they found because they knew 'I liked computers and stuff'. The machine was utter rubbish, but out of curiosity I mounted the 10MB HD to my system and looked around. A LOT of bank accounts and other details, including passwords were there within 2 minutes.
  That right there is the reason I never resell my hardware, but rather destroy it and trow it away.
  I read here plenty of posts on how to handle it, but most pass on the REAL issue. Security (even from PC hardware) is NOT a technical problem. It is a social one. As long as technical people treat it as a technical problem, it wil,l not be solved.
  I would go even further and say that security is a mindset, not even a problem. People will think from their own point of view and think that if they would not do something, nobody would.
  That is why still most hacking needs social engineering. (These geeks should use it to get women.)
  Just try and see how many people will give up their password if some manager from IT calls them and asks for it. I have been asked and told then to shove it (in other words) and I am aware that I am an exception.
  So as long as people do not truly understand the impact they could cause, they will not do anything. They will bnot delete anything, leave the keys in their unlocked car and leave their beer unattanded when they go for a leak.
  
  --
  Don't fight for your country, if your country does not fight for you.
12. Re:Who's at fault for this? by Mr0bvious · 2014-07-09 13:02 · Score: 1
  
  As an Android user (and I dislike Apple for various reasons that have been covered to death here) I must give Apple credit here - they do seem to have done it correctly from the start.
  It does seem Android included encryption in 2.3.4 but I was unaware of this: http://www.howtogeek.com/14195...
  It seems android does have full device encryption (not enabled by default). It also has an option 'Clear storage' which "Clears credential storage of all contents resets its password"
  I'm glad that Android is no longer lacking here.
  
  --
  Never happened. True story.
click bait by Anonymous Coward · 2014-07-08 16:32 · Score: 1

good job guys, now many more people will download and install your app. way to go!
Only Android? by exomondo · 2014-07-08 16:34 · Score: 3, Interesting

Does the same thing occur with iPhones or Windows Phones or Blackberrys?
1. Re:Only Android? by Anonymous Coward · 2014-07-08 16:48 · Score: 0
  
  I believe iOS "Erase all Content and Settings" makes everything go away in a non-recoverable kind of way.
2. Re:Only Android? by friedmud · 2014-07-08 16:52 · Score: 1
  
  If you don't wipe your phone this can happen with anything (including an iPhone)...
  However, if you reset an iPhone there is NO way to recover anything. Everything written on an iPhone is encrypted... when you reset an iPhone it securely wipes the key and then nothing is retrievable.
3. Re:Only Android? by exomondo · 2014-07-08 16:58 · Score: 3, Insightful
  
  They don't mention if any of the devices were using Android's full device encryption either or which of the devices they recovered deleted data from rather than just receiving a phone where the user had forgotten to delete their data. Seems less like a study and more like a sales pitch.
4. Re:Only Android? by Lumpy · 2014-07-09 01:20 · Score: 1
  
  Except for all of the copies in the iCloud.
  
  --
  Do not look at laser with remaining good eye.
5. Re:Only Android? by BasilBrush · 2014-07-09 01:53 · Score: 1
  
  Reading between the lines, the data was recovered with recovery tools, because standard delete on a flash drive just marks a block as reusable, it doesn't actually overwrite the data.
6. Re:Only Android? by BasilBrush · 2014-07-09 01:54 · Score: 1
  
  Indeed, you do have all the data on iCloud still safe. It's not on the phone though, and neither is any username or password, so it's irrelevant to selling the phone.
Obvious! by Anonymous Coward · 2014-07-08 16:35 · Score: 1, Informative

I bought 40~ used iphones off ebay and at least 12 of them were still logged into social media accounts (facebook, twitter, instagram, snapchat) and had thousands of photos and videos. i did not see any nudes but i did have fun with some of their profiles.
1. Re:Obvious! by gnasher719 · 2014-07-08 19:20 · Score: 1
  
  I bought 40~ used iphones off ebay and at least 12 of them were still logged into social media accounts (facebook, twitter, instagram, snapchat) and had thousands of photos and videos. i did not see any nudes but i did have fun with some of their profiles.
  If you have burglars who are caught by logging into facebook at a victim's home computer and not logging out before they are leaving, what can you expect?
2. Re:Obvious! by SternisheFan · 2014-07-08 23:59 · Score: 0
  
  So you screwed around with peoples accounts, huh? Aren't you proud of yourself.
  Where is your goddamn morality? Just because you "can" do something does not give you the "right" to do it.
  Ah, I might as well be replying to a wall. People like you just won'tever get why you shouldn't do some things.
3. Re:Obvious! by Binestar · 2014-07-09 01:20 · Score: 1
  
  s/used/stolen/
  Good for you for kicking those users while they were down.
  
  --
  Do you Gentoo!?
4. Re:Obvious! by hacker · 2014-07-09 06:01 · Score: 1
  
  So you screwed around with peoples accounts, huh? Aren't you proud of yourself.
  
  ...not to mention, doing so is a Felony. No wonder they posted as AC.
5. Re: Obvious! by Anonymous Coward · 2014-07-09 07:34 · Score: 0
  
  So, probably need to buy more than 40. Good to know, thanks.
BiFlex Edge by Anonymous Coward · 2014-07-08 16:36 · Score: 0

Is anyone else getting a nearly full-screen video ad for "BiFlex Edge" thingies? It can not be dismissed, and keeps me from reading the story.
I'm on a 13.3" 1280x800 screen, which is zoomed way in (ctrl + in FireFox) so I can read it despite being visually impaired.
full screen biflex ads on /. by Anonymous Coward · 2014-07-08 16:41 · Score: 0

Am I the only person getting huge video ads for some BiFlex thing? I have to zoom my 13.3in 1280x800 screen in with (ctrl +) in FireFox to read because of my bad eyes. The videos pop up, and can not be removed or even moved. The play and play and play with no end. I don't have enough screen left to even see the %$#^ing article.
1. Re:full screen biflex ads on /. by Anonymous Coward · 2014-07-08 16:58 · Score: 1
  
  Install the Adblock Plus add-on into Firefox. Blocks many of the advertisements.
  
  .
2. Re:full screen biflex ads on /. by drew_92123 · 2014-07-08 17:06 · Score: 1
  
  Agreed, I use the adblock plus addon with 3 subscriptions and almost never see any ads anywhere. It's fucking great! :-)
3. Re:full screen biflex ads on /. by viperidaenz · 2014-07-08 18:49 · Score: 1
  
  Uninstall flash.
Factory reset. by bejiitas_wrath · 2014-07-08 16:52 · Score: 4, Interesting

So taking out the SD card and a factory reset is not enough anymore? But how do you run DOD quality data wiping software on a phones built-in memory anyway? Most people hock phones and they are re-sold with phone numbers still on them. That should not happen. Let alone personal photos.

--
liberare massarum ex ignorantia, clausa descendit molestie.
1. Re:Factory reset. by glitch! · 2014-07-08 17:06 · Score: 1
  
  Five to ten seconds in a microwave oven should do the trick. A good physical smashing is probably effective. Or just bury the damn thing. But don't sell it and have any expectation of privacy.
  
  --
  A dingo ate my sig...
2. Re:Factory reset. by BasilBrush · 2014-07-09 01:58 · Score: 0
  
  With iOS, you can set it up so it can do remote secure wipe. So even if it's stolen, or you only remember you didn't wipe the data after you sold it, you can still be sure it's wiped the next time it connects to the network.
3. Re:Factory reset. by antdude · 2014-07-09 08:08 · Score: 1
  
  Or do all of those. Burying without destroying it? LOL.
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Garbage In by mfh · 2014-07-08 16:52 · Score: 1, Insightful

Mobile industry is afoul with moral hazard. They simply don't care about their clients because they only want to get paid once and then milk the clients for information.
Google's Android phones flat out REFUSE to uninstall Facebook, for example.
Users do not have control because we're experiencing what Oligarchy feels like.
Some of us remember what it was once like when you wanted to buy something and they would kiss your ass and make you at home while you were shopping. If you had any problems they would bend over backwards to serve you. That mentality is dead in the goods & service industry.
We are approaching the dusk of the psychopathic corporation era. Nothing after that folks. Thanks for playing.

--
The dangers of knowledge trigger emotional distress in human beings.
1. Re:Garbage In by djdanlib · 2014-07-08 17:00 · Score: 4, Informative
  
  > Google's Android phones flat out REFUSE to uninstall Facebook, for example.
  It uninstalls just fine, thank you very much.
  Or are you referring specifically to Nexus devices?
2. Re:Garbage In by GigaplexNZ · 2014-07-08 17:03 · Score: 1
  
  It depends. Some carriers are known to bundle software like Facebook, and if it's on the system partition it's not easily removable.
3. Re:Garbage In by advocate_one · 2014-07-08 17:04 · Score: 2
  
  correct, if it's part of the manufacturer's feature set, then it's not possible to remove it, BUT, you can disable it after having removed all updates to it. Had to do that with my Sony Xperia... came with facebook and other social media rubbish... Some could be deleted, but the rest had to be disabled from starting up but still take up space.
  
  --
  Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
4. Re:Garbage In by Anonymous Coward · 2014-07-08 17:06 · Score: 3, Insightful
  
  That's the carrier's doing
5. Re:Garbage In by djdanlib · 2014-07-08 17:13 · Score: 1
  
  I wonder which direction the money flows in cases like this. Does Facebook pay the carrier, or does the carrier pay Facebook? Seems to me that both parties are equally at fault here. Some suits probably had a meeting about increasing shareholder value and leveraging popular apps and shook hands, then told the dev team to make it happen. Not that I'm thrilled with bundled software being possible on Android... I wish it wasn't... but it's not Android's fault that someone got greedy.
6. Re:Garbage In by gl4ss · 2014-07-08 18:44 · Score: 2
  
  fb pays the carrier or does some favors.
  look into "facebook zero", they do direct collaboration with the operators to enable zero fee(to user) facebook access..
  
  --
  world was created 5 seconds before this post as it is.
7. Re:Garbage In by viperidaenz · 2014-07-08 18:44 · Score: 2
  
  My phone didn't even have the Facebook app installed when I bought it.
  It still doesn't.
8. Re:Garbage In by Actually,+I+do+RTFA · 2014-07-08 19:05 · Score: 0, Flamebait
  
  but it's not Android's fault that someone got greedy.
  Yes, it is.
  Or rather, it's Google's fault because it let them.
  Look, if this was an unforeseen action by a third-party, I would agree with you. But it was obvious that this was going to happen if Google enabled bundling software. They did, so they are just as much at fault as the assholes who do it.
  In fact, Google intentionally enabled bundling as a service to those assholes, to encourage them to get Android phones out there.
  
  --
  Your ad here. Ask me how!
9. Re:Garbage In by Anonymous Coward · 2014-07-08 21:41 · Score: 0
  
  Some of the newer Android phones on Sprint allow you to turn off or uninstall Facebook, Google Drive and other such bundled apps. Hopefully this means they're becoming responsive to user demands to reduce the bundled bloatware bs.
10. Re:Garbage In by Neil+Boekend · 2014-07-08 22:11 · Score: 1
  
  If it was installed before you got it you can usually only force it to stop, uninstall updates and turn it off. That is as close as you can get to uninstalling any apps that came with your phone.
  Unless you install a different ROM. Then it's unlikely to be included.
  
  --
  Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
11. Re:Garbage In by Anonymous Coward · 2014-07-09 00:01 · Score: 0
  
  Indeed, but if I have to 'break' my phone, software wise, to remove said app, thats quite the system we've been supporting isn't it!
12. Re:Garbage In by Lumpy · 2014-07-09 01:15 · Score: 1
  
  "Users do not have control because we're experiencing what Oligarchy feels like."
  no Users do not have control because they refuse to learn. Cyanogenmod is your path to bliss and control for Android. If you "cant be bothered" with learning how to install it, then privacy and control are really not that important to you.
  
  --
  Do not look at laser with remaining good eye.
13. Re:Garbage In by Lumpy · 2014-07-09 01:15 · Score: 1
  
  Not if you buy a phone from AT&T or Verizon. They pile so much crap into the locked storage it's not funny.
  
  --
  Do not look at laser with remaining good eye.
14. Re:Garbage In by Lumpy · 2014-07-09 01:18 · Score: 1
  
  Google allows it, which is wrong. Google can easily say, "if you do not provide a clean pure android on your phone you can NOT call it android in any way and you can not even say that it is "compatible" Also it's not just AT&T. HTC bakes in all kinds of complete crap that ruins the phone.
  That would stop it instantly.
  
  --
  Do not look at laser with remaining good eye.
15. Re:Garbage In by Pax681 · 2014-07-09 01:21 · Score: 1
  
  i have had a fair few android phones in my time and i have never ,ever had any problems uninstalling face-ache from it
16. Re:Garbage In by ganjadude · 2014-07-09 01:51 · Score: 1
  
  so, you have choices, if 1 android phone has software bundled that you dont like, buy a nexus,no bundled software! cant do that with other smart phones out there
  
  --
  have you seen my sig? there are many others like it but none that are the same
17. Re:Garbage In by Anonymous Coward · 2014-07-09 01:55 · Score: 0
  
  Then you go into the APP INFORMATION settings and disable the app. It no longer shows up anywhere except the buried app information settings page.
  Compare with i devices that have Weather by Yahoo! that you can't remove.
18. Re: Garbage In by Anonymous Coward · 2014-07-09 02:16 · Score: 0
  
  In my experience there is always an option to disable the third party bundled apps, after uninstalling any updates that have been applied. This even includes Google apps like Gmail and G+. Try uninstalling or disabling Game Center or Safari on iOS.
19. Re:Garbage In by Anonymous Coward · 2014-07-09 03:13 · Score: 0
  
  What carrier bundles Facebook? Other than on the old "Facebook Phone" models, of which there were about 2.
20. Re:Garbage In by tompaulco · 2014-07-09 04:19 · Score: 1
  
  Out of the 2 Android phones that I have had, zero of them came with Facebook preinstalled. I blame the mobile phone provider.
  
  --
  If you are not allowed to question your government then the government has answered your question.
21. Re:Garbage In by Actually,+I+do+RTFA · 2014-07-09 04:47 · Score: 1
  
  That seems like a non-sequitur. The GGP was saying it's not Android's fault that bundling was abused - I was saying that it was because it was the predictable way, in fact the only predictable way, it would be used. The feature was added to be abused.
  That's not saying Android is never to be used, or that there are not better and worse implementations. But it is calling them out that this one feature has no redeeming (to the customer) use.
  
  --
  Your ad here. Ask me how!
22. Re:Garbage In by hacker · 2014-07-09 05:56 · Score: 1
  
  You may have uninstalled the app, but did you also freeze the in-ROM Facebook SNS service? Not likely, and it will bridge (eg: phone home) to other apps that integrate with and talk to Facebook.
  Get Titanium Backup and freeze SNS, or use Root App Delete (for rooted Android phones) and get rid of that bugger. It eats data, leaks your location every 60s, and does all sorts of things you don't need or want it doing.
23. Re:Garbage In by hacker · 2014-07-09 05:58 · Score: 1
  
  Unfortunately, not supported by AT&T, Verizon or T-Mobile here in the US.
  
  Sorry, 0.facebook.com is only supported by select mobile carriers and is not available from your mobile carrier.
  If you are contacting your mobile carrier, mention that your IP address 99.16.210.3 is not supported.
  Go to m.facebook.com (Standard data charges may apply) Report a Problem.
24. Re:Garbage In by Anonymous Coward · 2014-07-09 06:20 · Score: 0
  
  That is what happens with something that people will buy every time a new model comes out. We don't need to be "ass kissed" to get us to buy it. How a coproation works depends on what people respond to. Just take a look at yourself, how often do you upgrade your phone? If your like the rest of my family, about once a year. If you don't like how a corporation works, don't buy their product. If a corporation don't chance, then the people approve of how they do things. They should not change simply because a small group hates how they do things.
25. Re: Garbage In by Anonymous Coward · 2014-07-09 07:14 · Score: 0
  
  Game Center and Safari aren't third-party apps.
26. Re:Garbage In by strikethree · 2014-07-09 10:17 · Score: 1
  
  Google's Android phones flat out REFUSE to uninstall Facebook, for example.
  Pardon? I do not think that I have heard you correctly. I have owned almost every single model of phone branded by Google and none of them came with Facebook installed. Facebook was installed on one of them and uninstalled just fine.
  Perhaps you purchased your Google phone through a carrier? American carriers are NOTORIOUS for preinstalling crapware and trying to make it non-removable. Pay for your phone outright and do not buy it through a carrier and you will not have those problems.
  (BTW, the battery life on all of the Nexus phones until the 4 were just reasonable. With the Nexus 4, the battery life was outstanding. With Nexus 5, the battery life is Oh My Fucking God, is this an old Nokia nothing but number buttons phone? Seriously, 24 hours and 87% battery still left. Not stock Android).
  
  --
  "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
27. Re:Garbage In by monzie · 2014-07-09 13:16 · Score: 1
  
  And Samsung. All Samsung unlocked phones that I've purchased here in India ( AFAIK there is no carrier locking in India, because there is no contract system. You buy your handset and then you take it to a carrier who gives you a SIM, no commitments ) . Coming back to my point, it's Samsung's doing. Facebook, Flipboard and even Google Chrome come in the factory image and cannot be deleted. I've tried various options and the only one seems to be moving to CyanogenMod.
28. Re:Garbage In by arth1 · 2014-07-13 03:57 · Score: 1
  
  Out of the 2 Android phones that I have had, zero of them came with Facebook preinstalled. I blame the mobile phone provider.
  Your blame is at least partially misplaced. Manufacturers also bundle software, regardless of the carrier. The last two Android phones I had were bought directly from the manufacturer as never-locked phones (not to be confused with unlocked, which means the carrier lock has been removed). Yet there still was plenty of bundled and uninstallable software, including Facebook, Twitter, Google+, Drive, Hangout and Picasa apps and integration for pretty much everything. I have disabled more than 20 bundled apps.
  The manufacturer assumes that everyone uses the big social media sites and want to tell their friends (and their friends) about everything they do, including what music (or audio books) they play, what pictures they take, and where they currently are.
  It's good that social exhibitionism became acceptable (thanks to Jennifer Ringley more than anyone), but that it became the norm to the point that it's bundled is something I strongly object to. It's like buying a toilet and finding out that it (unadvertised) comes with wan connected crotch cams that can't be removed, just temporarily disabled.
... and the water is wet by itsme1234 · 2014-07-08 17:00 · Score: 3, Interesting

Yes, most devices we use don't actually wipe the data when you "reset to factory settings". Even desktop OSes don't do it (either by default, either at all, need special tools, etc). I bet this feature is really low on the "to do" list for most manufacturers of not only phones but also wifi routers, TVs, wireless cameras, you name it. We didn't (or maybe barely) manage to educate them not to put trivial backdoors, secure wipe is a long way out.
1. Re:... and the water is wet by AmiMoJo · 2014-07-09 00:03 · Score: 1
  
  Samsung market their secure wipe software as a feature, so apparently there is market demand for it.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
2. Re:... and the water is wet by itsme1234 · 2014-07-09 02:04 · Score: 1
  
  Funny thing is that they messed up the command(s) to the flash memory and created a super-brick bug that would terminate your phone if the great "wipe" feature was used (for reference google MMC_CAP_ERASE).
3. Re:... and the water is wet by jojoba_oil · 2014-07-09 02:17 · Score: 1
  
  Be careful not to confuse marketing with demand.
Can't we just say people took naked pics? by Vellmont · 2014-07-08 17:12 · Score: 4, Insightful

Why do we still talk like we're in middle school? Why the code talking? "personal pictures", "manhood"? Can't we just say they found pictures of guys penises, and nude to semi-nude women?
People take nude photos of themselves, don't realize it's still on the phone, and sell the thing. The fault lies with the cell phone makers who aren't actually doing real deletes of pictures. That's just dumb. Back when storage medium was on a hard drive, and computers do a LOT of IO, deleting the reference to the file made sense to improve performance. But all phones use flash as storage, and there's simply not a lot of IO that's going on in your typical phone usage. The OS should be wiping the file, or at the very least remove the reference, and wipe the file at a later (but soon) time after (like perhaps while the user is typing something and is otherwise idle).
The reality is phones get stolen, and the data is far less secure than on a PC. The OS needs to keep up with that. Deleting data for good should mean actually deleting the data. The shortcuts that've been done in the past should be a thing of the past.

--
AccountKiller
1. Re:Can't we just say people took naked pics? by worf_mo · 2014-07-08 23:16 · Score: 1
  
  I thought there was a certain discrepancy between their middle school talk about manhood and their using the Goatse guy symbol in the green infochart (bottom right, above the "male nude selfies")...
2. Re:Can't we just say people took naked pics? by AmiMoJo · 2014-07-08 23:41 · Score: 1
  
  All those erase cycles would wear out the flash memory much faster. Flash can generally only erase blocks, so to remove part of a block the entire thing has to be read, erased and re-written.
  The simple solution is just to enable encryption. Android has supported it for years. Then a wipe destroys the key, and all the data is gone.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
3. Re:Can't we just say people took naked pics? by Anonymous Coward · 2014-07-08 23:44 · Score: 1
  
  Huh? That's clearly the Aperture Science logo.
4. Re:Can't we just say people took naked pics? by GrumpySteen · 2014-07-09 00:30 · Score: 2
  
  Avast is a corporation. Corporations tend to be conservative in their use of language (outside of the porn industry, at least). Using the term "penis" in a press release isn't going to happen.
5. Re:Can't we just say people took naked pics? by Vellmont · 2014-07-09 05:13 · Score: 1
  
  All those erase cycles would wear out the flash memory much faster.
  
  The wear limits, and wear leveling on flash memory are such that even with heavy usage you'd still outlive the lifetime of the phone by an order of magnitude at least. (on the order of 1,000,000 erases). A phone is never even going to approach heavy usage. So I reject the idea that we can't erase because it'll wear out the flash memory prematurely.
  
  --
  AccountKiller
6. Re:Can't we just say people took naked pics? by Anonymous Coward · 2014-07-09 05:26 · Score: 0
  
  Whooooooooooosh!
7. Re:Can't we just say people took naked pics? by Anonymous Coward · 2014-07-09 05:26 · Score: 0
  
  Avast is a corporation. Corporations tend to be conservative in their use of language (outside of the porn industry, at least). Using the term "penis" in a press release isn't going to happen.
  Riiiight.
8. Re:Can't we just say people took naked pics? by Anonymous Coward · 2014-07-09 19:20 · Score: 0
  
  People take nude photos of themselves, don't realize it's still on the phone, and sell the thing. The fault lies with the cell phone makers who aren't actually doing real deletes of pictures. That's just dumb.
  No. The fault lies with people taking nude photos on their phones to begin with. That's just dumb. There have been far too many examples of people having their phones hacked or having private details leaked from their phones to the Internet. People should be aware by now that phones are not secure and should be treated as such. Taking nude photos of yourself might be amusing (and juvenile) but it's just an enormous danger and potential for blackmail. People need to be responsible for their actions.
9. Re:Can't we just say people took naked pics? by Anonymous Coward · 2014-07-09 21:33 · Score: 0
  
  OMFG that's hilarious. Hadn't noticed that.
10. Re:Can't we just say people took naked pics? by Anonymous Coward · 2014-07-11 12:45 · Score: 0
  
  Go to android's tracker and request for a "destroy" option, in addition to delete.
  Should be like a flash-aware version of shred.
This post is an advert by mendax · 2014-07-08 17:21 · Score: 2, Insightful

This article is good reading in itself but it wound up being an advert for the poster's product. I wonder how much Dice got paid to post this "story"? Is it any wonder I spend more time over at soylentnews.org, the name of which I was going to bury in a link but couldn't because the link gets replaced with "slashdot.org"?

--
It's really quite a simple choice: Life, Death, or Los Angeles.
1. Re:This post is an advert by Anonymous Coward · 2014-07-08 17:43 · Score: 1, Interesting
  
  This is a test.
  http://soylentnews.org/
  http://soylentnews.org
  test
  http://soylentnews.org
  Test.
2. Re:This post is an advert by Anonymous Coward · 2014-07-08 17:49 · Score: 1
  
  Test successful. For your benefit, here is what was tested: This is a test. http://soylentnews.org <a href="http://soylentnews.org">http://soylentnews.org</a> <a href="http://soylentnews.org">test</a> <a href="http://example.com">http://soylentnews.org</a> Test.
3. Re:This post is an advert by Anonymous Coward · 2014-07-08 19:00 · Score: 0
  
  mod parent up
4. Re:This post is an advert by mendax · 2014-07-08 19:35 · Score: 3, Informative
  
  I don't know what you're doing. I tried several times without success. soylentnews.com was always replaced with slashdot.org.
  D'oh! I'm an idiot. It helps if the href contains an "http://" as part of the URL. Ok. No more conspiracy theories now, at least not on this issue.
  
  --
  It's really quite a simple choice: Life, Death, or Los Angeles.
5. Re:This post is an advert by KingOfBLASH · 2014-07-08 19:59 · Score: 1
  
  Never explain by malice that which can be explained by stupidity.
6. Re:This post is an advert by Anonymous Coward · 2014-07-09 02:07 · Score: 0
  
  Never explain by malice that which can be explained by stupidity.
  Unless it can be explained by malicious stupidity.
"Hackers at Avast" by Anonymous Coward · 2014-07-08 17:28 · Score: 1

Really?! Hackers?
1. Re:"Hackers at Avast" by Anonymous Coward · 2014-07-08 20:20 · Score: 0
  
  Do you even know what a "hacker" is?
  ProTip(tm): It doesn't mean what you think it means.
  https://en.wikipedia.org/wiki/Hacker_(term)
  http://www.catb.org/jargon/html/H/hacker.html
Really? by freeze128 · 2014-07-08 17:32 · Score: 1

Who fills out a loan application on a phone? That has got to be the most painful web experience ever!
1. Re:Really? by David+Jao · 2014-07-08 20:07 · Score: 5, Informative
  
  They could have filled out the loan application somewhere else and uploaded it to a service like Dropbox. Viewing it later on the phone would leave a cached copy on the phone.
That doesn't work by dutchwhizzman · 2014-07-08 17:32 · Score: 1

"resetting" your phone to manufacturer settings doesn't wipe any data. Even manually "deleting" it and then "resetting" the phone doesn't do that. It merely marks the flash memory in the phone to be "reusable".
The only way to make sure the data is gone is to fill the phone up with garbage data after you've done a factory reset so there is something else written to the flash memory. After you've filled it up to the last bit, do another factory reset and you will be as close as you can get without destroying the physical device to wiping your data properly.

--
I was promised a flying car. Where is my flying car?
1. Re:That doesn't work by dbraden · 2014-07-08 18:03 · Score: 1
  
  But you wouldn't need to re-write all of the flash memory if it is encrypted and the key is properly wiped. Without the key it might as well be random data. The trick would be to make sure that the original key isn't still lurking on one of the chips, but I'd like to think that people far smarter than me worked that part out.
2. Re:That doesn't work by BasilBrush · 2014-07-09 01:33 · Score: 0, Offtopic
  
  "resetting" your ANDROID phone to manufacturer settings doesn't wipe any data. Even manually "deleting" it and then "resetting" the phone doesn't do that. It merely marks the flash memory in the phone to be "reusable".
  Fixed that for you. Let's not attribute Android weaknesses to phones that don't suffer them, such as the iPhone.
3. Re: That doesn't work by Anonymous Coward · 2014-07-09 02:10 · Score: 0
  
  Indeed. There are seperate but equal weaknesses in our jim crow world of mobile devices.
This article just motivated me to... by Anonymous Coward · 2014-07-08 17:32 · Score: 1

This article motivated me to take a picture of my manhood, just in case i decide to sell my phone some day.
1. Re:This article just motivated me to... by Plumpaquatsch · 2014-07-08 21:57 · Score: 1
  
  This article motivated me to take a picture of my manhood, just in case i decide to sell my phone some day.
  What makes you think anybody would be interested in either?
  
  --
  Of course news about a fake are Fake News.
"What to do before selling or giving away your..." by Anonymous Coward · 2014-07-08 17:43 · Score: 0

http://support.apple.com/kb/ht5661
Grinder by Anonymous Coward · 2014-07-08 17:44 · Score: 0

This is why my old phone(s) aren't sold but meet a grinder to obliterate them into pieces.
1. Re:Grinder by viperidaenz · 2014-07-08 19:00 · Score: 2
  
  So no one knows you had the Grinder app installed?
here's my deal by Osgeld · 2014-07-08 17:46 · Score: 0, Troll

since I am not a crack addict and have to buy a new phone every 14 months, and usually the phone I buy is the cheapest I can get without contract (which actually gets you some decent android's now days) by the time I am ready to get a new phone, its not worth the time to even post on ebay, toss that shit in the wood chipper (minus battery), keep in mind the last phone I tossed was a 2005 windows phone model (I have newer phones but keep them as backups)
phone junkies are almost as bad as crack addicts, who cares if their precious images of orlando ends up on 4chan, their tits will anyway
1. Re:here's my deal by SeaFox · 2014-07-08 18:17 · Score: 1
  
  ... by the time I am ready to get a new phone, its not worth the time to even post on ebay, toss that shit in the wood chipper (minus battery)...
  You could do something more worthwhile with it, too.
Problem solved. by Anonymous Coward · 2014-07-08 17:51 · Score: 0

If cellphone makers used an encryption with a new random key on a factory reset this would not be an issue. It's not something the user would even need to know, by that I mean the new key.
Resetting to factory default should trigger the following.
1. Delete current key.
2. Generate new key.
3. Encrypt with new key.
1. Re:Problem solved. by brantondaveperson · 2014-07-08 20:22 · Score: 2
  
  You mean like an iPhone? (as stated several times elsewhere on this thread).
Don't sell data carriers. Ever. by Anonymous Coward · 2014-07-08 17:55 · Score: 0

Which is exactly why you don't sell any data-carrying devices. Phones, drives, memory sticks. I save them up for a few years and then go to town on them. Those hds have shiny little discs in them that you can use as wall decoration. The screens of your mobile devices can be reused. Fun little projects. :)
Re:"What to do before selling or giving away your. by Mr0bvious · 2014-07-08 18:27 · Score: 1

That's a good start, but I doubt it over writes any data - this *seems* like a soft delete and I'd expect one could still get the original data (??)
It'd also be nice if Android had such a feature built in.

--
Never happened. True story.
Re:"What to do before selling or giving away your. by SJ · 2014-07-08 18:44 · Score: 4, Informative

Nope... Apple iPhones actually securely erases the encryption keys which renders the contents of the storage useless.
It's a big button called "Erase All Contents and Settings". It does precisely that.
And monkeys flying out of Madonna's butt? by Anonymous Coward · 2014-07-08 18:49 · Score: 0

Surely it is true, Garth.
Why not just destroy your old phone? by mtthwbrnd · 2014-07-08 19:26 · Score: 2

By the time it is old it is worthless. Just smash it up and throw it in the river.
1. Re:Why not just destroy your old phone? by Anonymous Coward · 2014-07-08 19:41 · Score: 1
  
  Yes, because there isn't enough crap floating in rivers as it is.
  Brilliant!
2. Re:Why not just destroy your old phone? by Anonymous Coward · 2014-07-08 23:27 · Score: 0
  
  phones don't float... try it
3. Re:Why not just destroy your old phone? by Anonymous Coward · 2014-07-09 01:03 · Score: 0
  
  It's great to have "Bo", my big dumb dog.
  Haven't had a phone last more than 2 years before Bo finds that I left it it laying too low, grabs it then chews it up.
  Same for land line phones, computer mice, wooden chair legs, pillows, shoes.
  Most times we don't agree on what tastes good but at least the phone security part is taken care of.
4. Re:Why not just destroy your old phone? by Anonymous Coward · 2014-07-09 01:25 · Score: 0
  
  Funny, all my "old" phones are still being sold. So it's worthless? Hmm, I could get $350 from it on ebay, but you say it's worthless.
  Hey you got any $50 bills? the toilet paper is out in this stall and I need to wipe... You should be happy to oblige as you think $350 is worthless.
  I actually think you are just some simpleton that has no clue though.....
5. Re:Why not just destroy your old phone? by painandgreed · 2014-07-09 05:11 · Score: 1
  
  By the time it is old it is worthless. Just smash it up and throw it in the river.
  Because, when I am done with it, it is essentially an wifi enabled mp3 player with browser that I can take and use in situations where I might fear getting my new phone broke, lost, or wet.
6. Re:Why not just destroy your old phone? by mtthwbrnd · 2014-07-09 11:38 · Score: 1
  
  Okay. That's a good point. I change my mind :-). The article is about people who decide to get rid of their phone altogether though. Easiest way it just smash it up and throw it in the river.
Terrorists! by marcello_dl · 2014-07-08 20:09 · Score: 2

They have circumvented a protection measure, that is wiping the phone- a faulty protection measure, but that doesn't matter, as history taught us if you find holes and publicize them, no matter the responsibility of the manufacturer, you are terrorist!
Moreover, it is clear they have an interest in selling their own protection products, and that they have given bad ideas to people who normally would have started using the second hand phone and overwriting the crap with their own crap.
So why doesn't avast end up in trouble like $RANDOM_HACKER ? Huh?

--
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
1. Re:Terrorists! by Anonymous Coward · 2014-07-08 23:07 · Score: 0
  
  So why doesn't avast end up in trouble like $RANDOM_HACKER ? Huh?
  
  They have better lawyers, duh.
Re:"What to do before selling or giving away your. by Mr0bvious · 2014-07-08 20:20 · Score: 1

Seems Apple have done it right, thanks for the heads up.
Obviously I'm rather ignorant regarding storage on iOS devices - I didn't realise that all data was encrypted by default (does that include images etc?).

--
Never happened. True story.
phones? by JWSmythe · 2014-07-08 20:22 · Score: 1

I was wondering why someone would buy 20 crappy phones from me on eBay.
Just kidding. I take all my dirty pictures with a Polaroid. :)

--
Serious? Seriousness is well above my pay grade.
Why no iPhones? by MoZ-RedShirt · 2014-07-08 20:48 · Score: 1

Why didn't they test iPhones, too? Oh right. Because they encrypt their filesys by default and if you throw away the key before selling the buyer is locked out.
But it would be interesting to know if this really works for all the installed apps as well as for the system services.

--
Microsft spel chekar vor sail, worgs grate !!!
Re:"What to do before selling or giving away your. by Anonymous Coward · 2014-07-08 21:14 · Score: 0

(does that include images etc?).
What part of "All Contents and Settings" do you not understand? Even after having it explained how it works by trashing the encryption keys, you wonder whether maybe Apple made an exception for images so they would be saved after erasing all contents? Seriously.
Perhaps you should change your name to MrOblivious.
Re:"What to do before selling or giving away your. by L4t3r4lu5 · 2014-07-08 21:52 · Score: 3, Insightful

Well no, it doesn't. You've contradicted yourself. What iOS does is delete the encryption key, as you stated, which renders the data inaccessible without recovering the key. The data is still entirely intact; Just really, really hard to recover :)

--
Finally had enough. Come see us over at https://soylentnews.org/
Re:"What to do before selling or giving away your. by Mr0bvious · 2014-07-08 21:57 · Score: 1

Seriously - you're a tosser and a coward.
But thanks for pointing out what I missed.
Tosser.

--
Never happened. True story.
Only Android? by Anonymous Coward · 2014-07-08 22:18 · Score: 0

blackberry 10 does a full format when doing a reset, it takes 30 minutes and it completely removes everything, even system apps (phone is unusable without reinstalling the system software using the pc/mac app)
Yep that's why you shouldn't buy insurance by Anonymous Coward · 2014-07-08 23:19 · Score: 0

Some companies offer you after market spill / break insurance for your phone and tablet. You should not buy it, Even if, after the breakage you're able to access the functionality needed to "wipe" the phone, the truth is that memory is solid state, and doesn't wipe unless secure delete has 1)been implemented and 2) been implemented correctly by the manufacturer, who is the only entity that CAN implement it correctly, that is, has access to the information needed to do it correctly.
All you're doing when you send your tablet or phone is is making yourself vulnerable to scraping all your most personal data off it and having that data entered into a database n keyed under your real identity.
For all anyone knows, THAT is their REAL business plan.
Isn't this illegal? by JDG1980 · 2014-07-08 23:28 · Score: 2

How is this not a violation of the Computer Fraud and Abuse Act (CFAA)? They bypassed security measures (deletion) to access someone else's personal information without authorization. Given how broadly this has been interpreted in the past (Andrew Auernheimer was prosecuted for visiting public URLs on the Internet), Avast's act clearly should be considered a violation. Or is this a case of "if a corporation does it, it is not illegal"?
1. Re:Isn't this illegal? by Kazoo+the+Clown · 2014-07-09 02:05 · Score: 2
  
  I'd say it deserves whistleblower protection. But in this country no one in power wants to hear from whistleblowers. When whistleblowing is illegal, only criminals know anything.
2. Re:Isn't this illegal? by Anonymous Coward · 2014-07-11 04:33 · Score: 0
  
  CFAA does not apply once they own the device. For example, your employer can legally access information on the device they issue you even if it is personal. If you sell a device you are also selling whatever information is on it.
Garbage In by Anonymous Coward · 2014-07-08 23:53 · Score: 0

Google's Android phones flat out REFUSE to uninstall Facebook, for example.
My Android based phone did not have Facebook on it when I got it. Perhaps that is something your carrier did, rather than Google?
And they would like to think by Marrow · 2014-07-08 23:55 · Score: 1

that you knew enough to wipe those copies of the keys yourself. I mean, EVERYONE knows that key lives in that directory right? Anyone who really CARED about the product would know enough to learn about it.
Re:"What to do before selling or giving away your. by biodata · 2014-07-08 23:58 · Score: 1

Unless you have the backdoor key

--
Korma: Good
Android already does? by emil · 2014-07-09 00:01 · Score: 2
- Settings / Security / Encrypt Phone - I've never used it, but I am assuming it encrypts everything under /data.
- I understand that a format of /data is what happens behind the factory reset option. Using GNU shred on the device file for this filesystem might prevent any recovery.
Google is playing a very dangerous game. by emil · 2014-07-09 00:06 · Score: 1

If Google is suddenly perceived as untrustworthy, there will be great market pressure for Android without Play, or any other Google products. For Google's balance sheet, I hope they have not been foolish.
1. Re: Google is playing a very dangerous game. by Anonymous Coward · 2014-07-09 03:58 · Score: 0
  
  You can disable Google Play and use the Amazon App Store if you like.
  Sucks to only have a single app market. I havent even turned on any of my iOS devices in months.
GNU shred on the device file. by emil · 2014-07-09 00:09 · Score: 1

Although the factory reset option hands the request off to the recovery partition after a reboot, so clockworkmod or the equivalent would be responsible for making this happen.
Are they posting the pictures? by Anonymous Coward · 2014-07-09 00:55 · Score: 0

The question we're all asking is where are they posting these recovered pictures?
Because, ya know, "trust but verify". How do we know they actually found what they claim they found? It just might be promotional smoke-and-mirrors. Proof, dammit! We want proof!
Re: "What to do before selling or giving away your by Mr0bvious · 2014-07-09 01:09 · Score: 1

No, I just didn't like his pompous righteous attitude and unnecessary insults.
There's more than one way to point out that someone overlooked a detail (or failed at reading comprehension) without being an arse about it.

--
Never happened. True story.
Hardware wipe strategy ... by CaptainDork · 2014-07-09 01:11 · Score: 1

Required tools:
1.) Goggles
2.) Hammer.

--
It little behooves the best of us to comment on the rest of us.
Education needed. by afterall · 2014-07-09 01:13 · Score: 1

This is an issue in general today. I get a lot of laptops given to me that people think are beyond repair (at least thats what best buy "geek" squad told them) first thing I do is pull the hard drive and check it. 98% of the time it is completely functional and has ALL of their info on it. I always wipe and begin the rebuild of the computer but this all to say people seem to be completely ignorant of the fact that the hard drive needs to be wiped. Just cause it didn't power on doesn't mean your data is lost. I also get computers and parts given to me by people i know at electronic recycling centers and the same is true. When I think of the amount of devices being recycled these days you realize there is a wealth of data just waiting to be accessed by the wrong people in these electronic recycling centers. People NEED to be educated on data storage and the need for it's destruction before getting rid of ANY device where it was used.
Simple solution by jones_supa · 2014-07-09 01:20 · Score: 1

Simple (only tens of thousands of lines code needed, hehheh). You program a Full Secure Erase feature in the phone. It wipes all personal data, resets all the settings, removes user-installed apps, deletes caches and erases the memory card. All the jazz. Filling with zeroes is used where appropriate. Then the phone is put into OOBE (out-of-box experience) mode, which means that on next startup it says "Hey, I see you are using the phone for the first time, let's set up a couple of things."
Make this a de-facto standard feature on every smartphone. You probably want to password-protect the operation so that thieves cannot exploit it so easily to "anonymize" the phone.
Then you just advocate folk about the risks and why using this "FSE" feature is important before selling your phone.
Re:"What to do before selling or giving away your. by BasilBrush · 2014-07-09 01:49 · Score: 0

Apple have issued guidance to law enforcement and security service on what they can and can't retrieve from an iPhone if given a court order. For a wiped phone it is nothing. There is no backdoor.
Re:"What to do before selling or giving away your. by ganjadude · 2014-07-09 01:54 · Score: 1

The data is still entirely intact; Just really, really hard to recover :)
unless you are the NSA that is

--
have you seen my sig? there are many others like it but none that are the same
Re:"What to do before selling or giving away your. by Anonymous Coward · 2014-07-09 02:01 · Score: 0

Prove that the encryption keys are securely erased.
Oh wait, you can't. The filesystem is locked away and the casual user will never know if it's done right.
Re: "What to do before selling or giving away your by Anonymous Coward · 2014-07-09 03:17 · Score: 0

But you didn't feel too bad about using unnecessary insults yourself. That makes you the tosser.
not a problem with my smartphone by Anonymous Coward · 2014-07-09 03:27 · Score: 0

I can do a security wipe on my Blackberry Z30 and it wipes everything making it non recoverable.
Glad I don't buy into advertising.
Re:"What to do before selling or giving away your. by Anonymous Coward · 2014-07-09 03:48 · Score: 0

Everything from Apple is an inflexible, fragile waste of money. Right now, if I want to, I can boot the arm port of Debian. Can an iPhone do that? Can you compile and run software from source? Nope.
Both by phorm · 2014-07-09 03:49 · Score: 1

How do they throw away the keys? If they're just zeroing the area with the identity/security info it might not be that much more secure.
That said, scrambling the stored keys *and* zeroing the storage space is probably the best solution.
1. Re:Both by BasilBrush · 2014-07-09 05:06 · Score: 1
  
  How do they throw away the keys? If they're just zeroing the area with the identity/security info it might not be that much more secure.
  It's hardware decryption. The key only ever exist within the SOC. Throwing away the decryption key means overwriting it with a new one. There is no possibility of recovery.
  "Zeroing the storage space" probably does not overwrite anything on flash storage. Flash is very resistant to writing anything to a block unless it has to, as there are limited numbers of writes before the the block becomes unusable. Writing random data will, but at a cost of significant time. And it's still less secure than deleting the key of an encrypted drive.
2. Re:Both by MyFirstNameIsPaul · 2014-07-09 06:58 · Score: 1
  
  It's hardware decryption. The key only ever exist within the SOC. Throwing away the decryption key means overwriting it with a new one. There is no possibility of recovery.
  If this hardware encryption/decryption is trustworthy, then what is the difference between it and TPM, which few data experts are willing to trust?
  
  "Zeroing the storage space" probably does not overwrite anything on flash storage. Flash is very resistant to writing anything to a block unless it has to, as there are limited numbers of writes before the the block becomes unusable. Writing random data will, but at a cost of significant time. And it's still less secure than deleting the key of an encrypted drive.
  I have recently been playing with hdparm and ATA secure erase and enhanced secure erase. As I understand it, issuing the command for enhanced secure erase returns the drive to a condition defined by the manufacturer of the device, presumably one which does not retain any data. Additionally, I found a blog post by Bruce Schneier discussing a report from a trusted security company which stated that traditional full disk wipe methods for HDDs are also effective on SSDs. The notable exception is that the security company did not find any delete-based wipe methods effective on SSDs (meaning, you have to wipe the whole disk to completely erase data). That last bit annoys me: everyone is so concerned with deleting data on far-away devices, yet we can't even delete specific data on local devices without wiping the entire device.
  I have not played around with wiping data from phones, so I don't know how any that applies, but I suspect the concepts are the same. Also, as far as the time component goes, it's unattended time, so little measurable cost to the user.
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
3. Re: Both by Anonymous Coward · 2014-07-09 07:24 · Score: 0
  
  The notable exception is that the security company did not find any delete-based wipe methods effective on SSDs (meaning, you have to wipe the whole disk to completely erase data). That last bit annoys me: everyone is so concerned with deleting data on far-away devices, yet we can't even delete specific data on local devices without wiping the entire device.
  That is because of wear-levelling. Each memory cell on the SSD has a finite number of writes. The drive's firmware will not let you overwrite the same memory cell repeatedly because that would wear out the drive faster. So overwriting a file has absolutely no effect, because it'll just put the memory cells back in the "free" queue and store the new contents in cells with fewer write cycles. Overwriting all of the drive's free space will ensure that every cell gets overwritten, but at a higher cost of wearing out the SSD's memory cells.
  If you're really that worried, go the encryption route and either memorise the key or put it on a cheap flash drive (or two, for redundancy). Then if you want to securely erase your encrypted container, securely erase the memory stick that contained the key and you can just delete the file since it's just random garbage without that key.
4. Re: Both by MyFirstNameIsPaul · 2014-07-09 07:42 · Score: 1
  
  This gets back to my whole point that when I am giving up control of the device, I would rather have full confidence, and what you are describing likely relies on various softwares that I cannot know if they are trustworthy.
  To fully embrace my paranoia, your rather authoritative tone makes it sound as if I should not wipe the device and instead wholly rely on an unprovable method of protection, thus making a casual reader find your method superior. I will continue to rely on both erasing keys and wiping devices as the best method to protect data on devices I am giving up control of.
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
Avast and Abaft, maties, heave! by bindlestiff · 2014-07-09 04:43 · Score: 1

I'm sure there's a Kernel of Truth in this article and if I found it I'd run it on my old Laptop Of Doom. But if Avast told me the sun was shining I'd have to take a walk to the nearest window before believing it. Seriously. This just reads like exaggerated marketing FUD for their Android app.
Is this really news? by konaya · 2014-07-09 09:36 · Score: 1

Not intended as a jibe at the contributor of this article, of course, but rather a jibe at the world at large. When camera phones became common enough to get thrown away, I remember doing the exact same thing with dumpster-dived mobile phones. (I was a teenager at the time, with a customary deficiency of both moral scruples and better things to do.) Surely, anyone who has ever salvaged or otherwise second-handed any form of storage device already knows that people are notoriously bad at wiping. Now and again this resurfaces in the public eye in the form of a news article or similar. Despite this, it continues to be a problem. Why? Why aren't people learning? Why does this news topic refuse to age?
Re: "What to do before selling or giving away your by Mr0bvious · 2014-07-09 12:51 · Score: 1

I was retaliating to his poor behaviour, probably not the best form but not quite the same as his unprovoked insults.

--
Never happened. True story.
Why bother? by cpufrier37075 · 2014-07-09 14:23 · Score: 1

Just ask to friend the former owner on Facebook. A lot easier and you'll get more data.
Why only Android? by C-Mackey · 2014-07-11 08:40 · Score: 1

Did iPhone not give up any info?