It’s been a while since I’ve posted, but something happened over the weekend that is prompting me to write a blog that I believe is worth spreading far and wide.
You see, over the weekend I found myself the unexpected caretaker of a complete stranger’s digital life.
Through a strange set of circumstances, I found myself in possession of his hard drive. His personal hard drive.
It Started So Innocently
My nephew was looking to upgrade his desktop computer, and instead of initially racing out to buy a new one it seemed like a good idea to repurpose a 3TB or 4TB drive that I had been saving as a spare (unused, of course) for one of my Synology NAS devices.
Last year I moved from 4TB drives to 10- and 14TB drives, so I thought I had some left over that might work well for him. But then I remembered that he is a gamer, and thought that one of the 500GB SSDs might be better for him to upgrade (to go with the larger drive for general game storage).
I remembered that a couple of years ago I actually won such a SSD in a raffle at the Flash Memory Summit. (I never win anything, so this was a complete and utter surprise when I won.) As it turned out, I’d not had a need for such a drive, yet, and so it sat in my “boxes o’ drives” at the bottom of my data closet. That is, it sat in its box, unmolested, until this past weekend.
As I always do, I double check the integrity of my drives (as well as ensure that they are erased – don’t want to make any mistakes) to make sure that I’m not giving him a lemon.
I popped the drive into my external USB dock, and checked it with Disk Utility. That’s when I got my first surprise.
This was supposed to be a new SSD, and it was formatted as Windows NTFS. Now, I’ve never seen a new SSD pre-formatted with NTFS. I also noted that it already had two partitions.
Now I was getting concerned. I thought this was the new drive. Had I already used it? No, I don’t have any machines that use NTFS. I looked again and saw that yes, indeed, it was the drive that I had won at the raffle.
At that point I had to find out what was going on, so I moved to the Finder and found, to my horror, that I had someone’s well-used, and completely open life popped up on my computer’s Desktop.
And when I mean I had his life, I had his life. I had:
- His name, address, and social security number.
- His tax returns
- His family photos
- Names of his children and wife, and extended family
- His religion and church
- His purchases and receipts
- His credit card information
- His important passwords (in the clear; no, I didn’t look through the files, he had a Microsoft Word document with the name, “Important Passwords”)
Now, before you ask or even wonder, no, I did not open any files. They were all clearly labeled and the folders were all marked at the top level directory.
We all know what’s in those documents, so it does not require someone to actually go inside them or open them up to know what’s there. (That’s one of the reasons why metadata is so dangerous, people!)
I immediately returned to the Disk Utility and erased the drive with multiple passes. I did not want to have that drive accessible by anyone (me or anyone else).
I couldn’t help but think, though – what if that drive had gone to someone else, someone with a more curious – or nefarious – bent? It was a raffle, after all. The chances of it falling into my hands were about 1 in 100, and who knows the probability of how it got into the raffle in the first place?
Not only that, but what if it’s not the only “new” drive that was mistakenly selected for donation?
Again, before you ask: no, I did not contact this person (and now I cannot – his information is permanently gone and all I remember from the brief experience of seeing the drive is his initials, so I can’t reach out to him at all at this point). I had no desire to make him panic that a stranger had his information, and I didn’t want to risk him not believing that I had destroyed the data. It just seemed like far more trouble than it was worth, and the best thing to do was simply “do the right thing” and be done with it.
Oh, and write a blog about it.
The Lesson to Learn
First and foremost – you never, ever know what is going to happen to your data or your drives after they leave your hands. I don’t know if he had thought he had thrown the drive away, or was part of the group that was giving away drives and accidentally picked up the wrong drive, or if it simply got lost during a disk swap in a new computer.
In any case, his drive wound up in the hands of a complete stranger thousands of miles away from the safety and sanctuary of his home. I’m pretty sure that he never, ever expected that would be an end destination of his entire digital life.
Second, label your drives if you remove them from your systems. It could be a sticky note, buy a label maker – something. Do it immediately so that you don’t forget. If the drive is blank and out of the original packaging, make a label called “blank.” If it has content that you wish to keep, label it with the content and the date. Unlabeled devices can be difficult to track. Remember, this drive was still in its original box, “new.”
Third, always check your drives before discarding. Put them into your computer and see if they can be read. Buy one of these to be sure. It’s dirt cheap and it only takes a few seconds to see if they are “clean” or not. It also ensures that the drives can be read by the system (aka, whether they are damaged). (Yes, that is an Amazon Affiliate link, btw.)
Fourth, and I don’t know how to put this otherwise – treat your digital life as seriously as you treat your physical life. All I could think about was how a Very Bad Person™ could really have screwed this guy over. We’re not just talking impersonation or identity theft, but every nightmare scenario a father, husband, and decent human being could ever imagine – and worse – was a heartbeat away.
There are ways of protecting yourself, including erasing drives, encrypting data, and the like. If I find the time (*sigh*) I’ll probably write an article or two about how to do that so that you don’t wind up like this poor guy.
Many people believe that “a crisis averted was never a crisis at all.” Those people are often caught off guard when the next one happens, because they fail to learn from mistakes the “easy” way.
Don’t be one of those people.
You have the power to be the guardian of yourself and those you love, and all it takes is one tiny mistake, one hard drive thrown away by accident, to put everything at risk.
Somewhere out there is a man who got the best Christmas present ever. His life fell into the hands of someone who’s Number 1 passion is individual privacy and liberty, someone who with a very high standard for ethical behavior and a very strong distaste for cyberthieves.
As bad as 2020 was, he’ll never know just how much worse it could have become. Merry Christmas, sir, wherever you are.