How to mitigate any privacy-related risks associated with taking your laptop for repair?
Solution 1
Physical access to a system is the trump card of security.
Passwords can be bypassed, locks broken, data copied, software installed...the list of threats is impressively long. But you may have no choice but to find a way to minimize your risk if you need your system serviced. Here are some options:
1. Request a remote troubleshooting session.
While this won't allow the repair shop to troubleshoot all possible computer problems, an experienced technician can discover a lot about a system's health without physical access to the PC. In a remote session it's normal that the customer participate and watch the tech's every move. Most remote access programs are explicit about files being transferred to/from the system, granting you further oversight. If at any point you don't feel comfortable with what you see you can kill the network connection, ending the session.
2. Remove the hard disk.
Since the problem you're experiencing may be strictly hardware related, you could take the machine in without its hard disk. (If you're not comfortable doing this yourself, have the technician do it while you watch when you drop the PC off.) Explain to the tech that you have confidential data and that if he needs a running OS you'll gladly pay for the extra time it will take to install a temporary drive and an OS on it. A good repair shop will have access to a spare hard disk and installation media for all major operating systems, making this a reasonable request.
Be prepared for the possibility your problem is caused by something unique to your installation of Windows. In this case, proper diagnosis will require your instance of Windows to be present for troubleshooting, reducing the suitability of this strategy.
3. Encrypt the sensitive data on the machine.
There are a number of good tools available for encrypting files, folders, or entire volumes. If you know specifically what data needs protection, this is a good option.
If you go the route of encrypting select files or folders, it's critical that you scrub the free space on your disk after encrypting the data. In most cases when a file is encrypted, a new, encrypted file is written to disk, then the unencrypted file is deleted. This leaves the original file vulnerable to data undelete utilities. A tool like Sysinternals' SDelete can be used to prevent such recovery programs from finding any unencrypted data.
This option is best if you know the location of all data that needs protection. As stated in the OP, and as is generally true for many systems, it can be hard to secure everything. Full volume encryption is perfect for in this case, but if the repair shop needs access to your specific instance of Windows to properly troubleshoot the problem, you'll end up needing to grant the technician access to the unlocked disk volume, defeating the encryption altogether.
4. Take the machine to someone you trust.
Given the drawbacks to some of the above options, this may be a necessary strategy. The very fact you need outside help to maintain your system suggests you will eventually end up with a problem that requires your service technician to come in contact with your sensitive information. Should that day come, it would be handy to have someone you know that has a professional work ethic and can be trusted with other people's personal details--trusted to access the least data required to perform the repair, glance past personal information, forget quickly, and get the job done. It can be done. I do it every day.
Ask around. Technicians with a reputation of trust receive personal recommendations from people with their own secrets that must be kept. Many people in positions with access to sensitive information have to rely on someone else to service their computers, especially at home. You may know such people.
Solution 2
Unless your hard drive is encrypted linux tools can be use to blank any local windows password.
Put a second hard drive in, removing the first and don't put anything sensitive on it in the first place. Leave the password blank or password, and bring it in for repair.
If your data is that sensitive surely it is worth the cost of a second hard drive.
Another option, place all your sensitive data in an encrypted volume and don't save the password or hand it out. However, changing the location of files per program to the encrypted volume would take more effort that the other options. Also you can clone the original hdd to a new hard drive and wipe and reload the original one. If you want to keep the original hard drive in the machine.
Solution 3
The easiest way is to remove the hard drive before taking it in for repair. Presumably the technician can use a USB disk to diagnose the problems.
Alternatively - and not ideally - watch over the techs shoulder as he does the repair.
Solution 4
You can use tools like Acronis True Image to create a complete backup of your HDD. The backup should be placed for example on the another HDD. Then, you can reset your laptop to the initial state or reinstall OS. Also, you can use some tools to completely delete any information from your HDD (because if the file was just simply deleted, it can be recovered). When you get your laptop back, you just restore the previous state of your HDD from backup
And keep in mind that anybody else who can access to your HDD can do that cloning too. And if you do not see any signs that your data was hacked (for example, wiped password) - that does not mean that your data was not cloned and then hacked
Solution 5
The best way to be truly safe is to maintain control of your laptop and not give it to any third party. That's difficult to do in a generic repair scenario but in your specific case, you have several options. You said that either your battery or your fan is causing problems. Focus on those components and you have several useful alternatives to handing your laptop over to a stranger.
On most laptops, batteries are easily removable by the end-user. A technician should be able to test your battery without even having the laptop at all. If the battery tests bad (not uncommon based on my experience with refurbs), you can replace it and the laptop never has to leave your possession.
One easy test you can do on your own is to remove the battery and run the laptop for a while using only the AC adapter. If the laptop still overheats and shuts off, then the battery isn't the problem.
If you have any skills with computer hardware and basic hand tools, I recommend taking the back cover off the laptop and visually inspect the fans and heatsinks. I've seen more than a few refurb units that looked like they were previously operated in a sandstorm; dust/dirt contamination blocks airflow and clogs fans, which leads to overheating. Returning them to normal working condition can be as simple as blowing the dust out of the system with canned air or a hairdryer that has a "cool" setting.
If you have no choice but to take the entire thing to a technician, the best thing you can do is to find a way to reproduce the problem that doesn't involve any of the software on the laptop. Will it overheat if you press F8 or delete during boot and let it sit at one of the BIOS menus for a while? Can you boot off of a live CD or USB drive and do something that will trigger the problem? If you have a reproduction case like this, then there's no need for the technician to access your hard drive at all. You can encrypt the entire thing, or (even better) remove the hard drive before taking it in. Many laptop models are designed with quick-access panels for getting to certain commonly-upgraded components (RAM, hard drives, CD-ROM, etc). Check the documentation for your particular model for details. On the last several laptop models I've owned, even a non-technical user could remove the hard drive with nothing more than a small screwdriver.
user51309
Updated on September 18, 2022Comments
-
user51309 almost 2 years
Either my fan or my battery on my refurbished laptop is malfunctioning and it frequently overheats and shuts itself down. I wasn't able to determine the culprit and thought it best to show my laptop to an expert.
I also have an active warranty that lets me replace any malfunctional parts for free, so that's another reason for not buying my own hardware and trying-and-erring my way through. However, I'm somewhat paranoid about the fact that I have all sorts of sensitive information lying about on my laptop.
Even if I could clear the cookies/passwords for my browser, some sensitive information (credit card details, a host of passwords, and whatnot) that I foolishly left off on some notes, will probably remain. What is more, clearing the said cookies is a troublesome process that I'd rather avoid, if I possibly can.
The guy who runs the local repair shop tends to ask for an admin password, which I'm loathe to give, but have to relent nonetheless. Presuming that I will take my laptop to the repair shop, what is the best possible way to protect all the sensitive information under such circumstances?
-
DrMoishe Pippik over 6 yearsWhen I first purchase a PC I make a disk image before installing or removing any application or data. If the PC is to be sold repaired, that can be restored, and then replaced with a current image, later. For seriously critical data, though, it might be wise to zero the disk before restoring the old image. -
Xen2050 over 6 yearsIf you want the hard drive included in any repair attempts (software fixes/tweaks), then encrypting just your private data is the only answer, +1. Needs a little extra info though, you do want to save the password so you can access your data later, just don't give that access to anyone else. And moving data into encryption will probably leave behind the original unencrypted data, wiping the data files before deletion, or wiping all free space would be necessary to really hide it... though with an SSD/flash device wiping all space may be impossible. -
Sir Adelaide over 6 yearsRemoving a laptop hard disk wouldn't be a solution that I call 'easiest'. For many people it is not even possible with their skill set. -
davidgo over 6 yearsI really want to downvote this post (but won't, because I posted). Trusting a piece of legislation instead of taking security measures is - to be polite - "not a best practice". There are lots of ways for data to be pilfered without leaving traces - especially with unattended physical access to machines. There is every reason to believe that some (not all) technicians will rifle through data and take what is interesting - its common place.
-
davidgo over 6 yearsFBI actually pays computer companies to do this - and the government even pays some to do so - techdirt.com/articles/20170106/10163236419/…! A quick Google search lists huge numbers of techs being caught with the ways they handle customer data.
-
davidgo over 6 yearsAnd, if you want to prove me wrong, how about you confirm when you are going away, your address and that you hide your key on your property when you go (its OK, you don't need to tell anyone where you actually hide it). I'm sure you will be content that the very strong laws against breaking and entering will keep you quite safe.
-
Sir Adelaide over 6 yearsif the government does it, it must be ok... right?
-
davidgo over 6 yearsYou miss my point. Government is not doing it - they are paying people - often who are paid near minimum wage - who work for tech stores - to do it. At minimum these people have an incentive to look where they shouldn't as a result, and could even turn around and say "but I was doing it because the FBI asked"...
-
Sir Adelaide over 6 years:) I'm at work 9-5 every day, you are welcome to come past my house. It's easy to break in (as are most houses), if you have skills in that area. You can't stop someone robbing you, if they want to. But increased threat of getting caught (such as the repair guy's name is known to you, or you have security cameras on your house) is usually enough deterrence unless you are protecting millions of dollars.
-
DiplomacyNotWar over 6 years+1 Even the Windows setup disk can be used to reset the Windows password in under 2 minutes. -
I say Reinstate Monica over 6 yearsAccess to a temporary admin account is no less dangerous than access to its permanent counterpart. There's nothing that the temp account can't do, including putting a back door on the system to enable ongoing access. -
jpmc26 over 6 years@SirAdelaide What skill set? You remove a couple screws and pull the thing. -
davidgo over 6 years@jpmc26 in fairness, a lot of Ultrabook type PC's don't have screws and/or require popping off some easily damaged plastic hinges.
-
ClobberXD over 6 years@SirAdelaide: True, and also, some super-small, budget laptops (like the one I used to have) don't even have any way to remove the HDD, unless you rip it apart! -
ClobberXD over 6 years@jpmc26: You posted the same comment as mine, just seconds before me!!! : D
-
Schullz over 6 yearsSomeone who repair the laptop can just make a clone of HDD - and do what he or she wants and the owner wouldn't notice it. So, if your password was not wiped - it does not mean that your password is not wiped on the copy of your HDD
-
Alessandro Carini over 6 years@SirAdelaide If you are that clumsy you could ask technician to remove the disk in front of you and place it in no-static bag. Drive will be reinstalled (also in front of you) when your laptop is ready.
-
corsiKa over 6 yearsAnd divine your password using diceware, specific for this password. -
Damon over 6 yearsRemoving the hard disk is not only a solution, it is the only solution. It's not as dramatic as it sounds, either. Anyone capable of holding a screwdriver can do it. In my sad experience, computer technicians are utterly stupid idiots (no offense intended towards technicians on this forum). In the best case they will just snoop through your private data and return the computer after replacing a random part (not necessarily the correct one), in the average case they will re-image the disk, causing you to lose everything. In the worst case... well, let's not think of the worst case.
-
Deliss over 6 yearsNot all laptops have removeable SSDs, such as some 2016 MacBook Pros. -
Mohammad Ali over 6 years@smci yes but those also do not have removable batteries which makes it likely that the op's machine isnt a macbook as he implies that the battery is removable and i have never personally heard of a computer with a replaceable battery that didnt have a removable hard drive. on a side note macbooks(OSX) by default uses filevault full disk encryption. -
Deliss over 6 years@MohammadAli: as often on SO, we have a question where the title is more general than the OP's specifics... it's probably best to answer the more general version. Or else edit the title if it severely mismatches the details.
-
Deliss over 6 yearsThis isn't an answer to the question as stated. The Computer Fraud and Abuse Act is only a US thing, and even at that it's widely flouted in the US.
-
Darren H over 6 years"watch over the techs shoulder as he does the repair" is a great way to get charged double -
davidgo over 6 years@DarrenH Depending on the tech, it could save you from getting double charged - of-course, privacy does come at a cost. (A good tech should not mind being watched)
-
Peter Cordes over 6 yearsSome Linux bootable CD / live-USB setups includecpuburn(i.e.burnP6orburnMMXexecutables). Or download Prime95 and put it on a Linux USB stick. But keep in mind that fan speed / cooling policy is partly under software control, and the Windows install won't behave the same as a Linux live-USB. So this isn't a guaranteed way to repro overheating problems. -
Toby Speight over 6 yearsHow did you determine that the laptop is running Windows? I didn't see that in the question. -
I say Reinstate Monica over 6 yearsI didn't, I just guessed. But the point of my post doesn't change if you insert your favorite OS instead of the examples I used.
