Some people have access to corporate cast-offs, so there are some people sat on massive supplies of used gear.. It all disappears somewhere eventually 🤭

[–] skankhunt42@lemmy.ca 4 points 20 hours ago (1 children)

Ah, good point. I had a few 1u servers from work but never got many disks. They always had to be destroyed with an actual certificate of destruction... Everything else was taken to recycling in my personal vehicle.

[–] greyscale@lemmy.grey.ooo 9 points 19 hours ago (1 children)

I can tell you right now that not everything that goes to recycler and gets a cert even gets wiped.

Someone, somewhere said it was, therefore, the box is ticked.

And this will remain so until there isn't an economic imperative.

[–] ToxicWaste@lemmy.cafe 10 points 19 hours ago (1 children)

i used to work for a company with sensitive data. disks that did get a certificate, where wiped by our guys first. then a truck from the recycling/destruction company would arrive and disks get shredded 1 at a time. the whole setup was in a way, that you could observe the disks being torn into pieces, somewhat bigger than sawdust.

two of our IT guys, two of the guys doing the destroying and some C-Suit would have to sign for every disk they observed being torn to pieces. if you do want to make sure your data is gone, there are ways to do it. admittedly, this way is a bit of a stunt. but it was fun being paid for observing bits of metal being reduced to pieces.

[–] greyscale@lemmy.grey.ooo 7 points 18 hours ago (1 children)

So, I present my paradox: If the data was sensitive, it wouldn't be disposed of properly. If the data is irrelevant or encrypted at rest, the disks are disposed of unneccisarilly.

I bet what you were handling wasn't -that- comparatively sensitive, so its a whole bunch of human effort and material being pulverised for no reason.

Because I can ensure you that the people who should -always- be that thorough are not. Especially right now. There's all sorts of drives that shouldn't be out in the wild, out in the wild.

I'm a little surprised there isn't buyers for liberated disks (and their data) from ASEAN datacenters.

Additionally, if an attacker wanted to steal your business data, they'd be your contracted, approved disposal partner already.

[–] ToxicWaste@lemmy.cafe 1 points 17 hours ago (1 children)

what would be your way of disposing that sensitive data?

not arguing that there are disks beind disposed inproperly.

[–] greyscale@lemmy.grey.ooo 4 points 17 hours ago (2 children)

if its encrypted at rest, it doesn't need it.

[–] W98BSoD@lemmy.dbzer0.com 1 points 45 minutes ago

Until that encryption is broken. Maybe not today, or tomorrow, or next week, or next month.

But if the business is paying the money to have the disks shredded, then there’s probably a good reason to do so. I wouldn’t want to find out that my bank sold their old (server) drives to the public.

[–] ToxicWaste@lemmy.cafe 2 points 16 hours ago

for me and you, that is probably enough.

but you always need to know who or what is a potential threat to you. in the end it is just about making it enough of a pain for whoever might be interested in your data, so it is not worthwhile to them. having to break out forensic tools - just to get encrypted data, is probably painful enough for most. make them play puzzles with metal and glass shards will for sure open some wounds to pour salt on.

cremating disks is a thing for hacker collectives. termite is an extremely interesting thing to observe. but i am pretty sure there are more practical reasons, why people do that.

[–] frongt@lemmy.zip 8 points 1 day ago

Tape, probably.