For the next year or so, we don't plan to be sailing quite so far from home as we have been. This means we can offload a ton or so of provisions, spare parts, extra anchors and tools. The list of now non-essential gear includes a couple of older laptops we kept around in case we had major problems with our newer ones. The older laptops still have value to someone, and we thought we'd either sell them or donate them to some worthwhile charity. It isn't wise to divest of a computer without first sanitizing the hard drive, however. It contains all sorts of personal and security information like bank account numbers, credit card info, Social Security numbers and passwords. Any savvy 12-year-old can find your browsing history, then use the saved information on your hard drive to sign into your bank or credit card accounts. It's literally child's play.
Likewise, all those old tax returns and bank statements are hiding on the disk. It isn't enough to delete a file - this doesn't remove it from the hard drive. Deleting a file only moves the name of the file and its link from the main directory to the Recycle Bin. Emptying the Recycle Bin doesn't delete the file either – it only removes the file name and link from the Recycle Bin directory. The actual file data remains on the hard drive until it is written over by new data. Reformatting the hard drive is better, but a reasonably good hacker can still collect a lot of information.
When I was just a pup and in the Navy, I was stationed at a facility that had large rooms full of computers, and it was my job to help diagnose and repair computer hardware problems. If a hard drive crashed and needed to be sent off site, it had to be sanitized first to make sure no classified information made it into the hands of the bad guys. Those hard drives were the size of a 55 gallon drum on steroids (and had 1/1000th the capacity of a smaller memory stick these days), and every inch of the drum had to be degaussed using a handheld electromagnet.
Sanitizing the hard drive on our old laptops isn't that difficult, but does take time. Here are a few options. Don't forget to double check that you've copied and backed up any information you might want later!
- Destroy the hard drive. If the hard drive is removed from the computer and physically destroyed (beaten into bits with a hammer, drilled through several times, melted into a gooey mess, etc.), no one will be able to recover any data from it. The computer is pretty much worthless at this point of course, unless someone wants to go to the trouble and expense of buying a new hard drive.
- Restoring the drive to factory condition. Free or inexpensive software can be downloaded that will create a bootable CD, then write the entire hard drive to ones and then to zeroes several times. The current thinking is that repeating this cycle three times is sufficient to make any pre-existing data unrecoverable. Once this process is completed, the original restore CD is used to load the operating system. Depending on the size of the hard drive, this process can take anywhere from several hours to a few days, but the end result is a usable, but sanitized computer.
- Manually clean the hard drive. It is possible to delete and overwrite all the data and remove all password and private information from the hard drive. This takes less time than restoring it to factory condition, but has a high risk of leaving something important on the hard drive.
So what did we do? We still had the original restore disk for one of the laptops, and I restored it to factory condition. The hard drive was 80 GByte, and the entire process took 18 hours. We somehow lost the restore cd for the second laptop – it's probably stowed in some safe place aboard Nine of Cups – so restoring it to factory condition was more problematic. Instead, I manually cleaned the hard drive as follows:
- Uninstall programs. I uninstalled a few dozen apps and programs that weren't necessary. I left a few programs that might be useful to a new owner like Adobe Reader and Open Office.
- Delete passwords. The computer saves website passwords and 'form content' – the information like our names, address, phone number, SSN, credit card numbers, etc. that we routinely use to fill in forms. This information makes it quick and convenient when we're ordering something online, but also makes it easy for a thief to steal our identities or access our accounts. I spent an hour or so researching the topic online and deleting all the browsing history, cookies, passwords and form content from the laptop.
- Delete data files. I deleted all data files, downloaded files, videos, pictures, .PDFs, etc. I went through every file and directory on the C drive. Then I emptied the Recycle Bin.
- Defragment the hard drive. Files are stored on a hard drive in small blocks that are linked together. For example, a 1 MByte .JPG file might consist of 1000 1KByte blocks that are all linked together. When the disk is new, the blocks making up a file are stored contiguously, but over time as files are written and deleted, the newer files become fragmented. Defragmenting a hard drive moves all blocks of all the files to one contiguous region of the hard drive. I defragmented the hard drive to overwrite any small areas of the disk and to consolidate the free space into one large block.
- Overwrite the free space. To make sure the data in all the free space was overwritten, I copied innocuous data files from an external hard drive to the computer's internal hard drive. The data I used were movies – I copied a few hundred movies from one of our external drives - enough to entirely fill the internal drive. Then I deleted the movies (from the internal drive only, of course) and emptied the Recycle Bin.
The process took about 10 hours for a 200 GByte drive. I'm feeling relatively confident that any sensitive data is either gone or more work than it is worth to recover – but then, ignorance is bliss. If there are any IT guys or benevolent hackers out there who have any suggestions, I'd appreciate any input, before the $27.97 in our checking account gets raided.