I never planned on anyone but me looking at my files
December 1, 2009 10:42 AM   Subscribe

My computer requires professional attention, but there's stuff I'd rather keep private sitting on my hard drive right now. How concerned should I be about what a technician might see/go looking for while working on my machine?

So, for awhile now, my computer has had some manner of undiagnosed hardware trouble that led to frequent freeze-ups. A couple weeks ago, whatever was failing has finally failed and now when I flip the switch on my power source, the lights on the case come on for a split second before going dark, the fans spin for about as long before stopping and the power button on front does absolutely nothing. This is beyond my power to diagnose, let alone fix, so I need to take this machine into the shop and let a professional do it properly. I'm due for a graphics card upgrade at this point any way, so I'm not too fussed about paying a technician to make this thing work right again.

The trouble is that there's a few things on my hard drive that I would prefer not to explain to a stranger. Much of my music collection is on there, for instance, much of it (ahem) "borrowed" from sources I'd rather not name. My browser history has not been cleared and I might even have an embarrassing website or two bookmarked. A Word file I was using as a personal journal is on there as well, and maybe a few other things I can't remember for sure. I'm pretty confident I don't actually have any porno saved on there right now, though, so that's a plus, at least.

I'm not taking it to Best Buy, as I've read much of Geek Squad's reputation for trawling customers' hard drives, but a locally owned shop instead. I'm a bit prone to paranoia, and I'm aware that my perceptions of risk here might be a bit skewed, so I'd really like to hear from folks who have intimate knowledge of the computer repair business on this topic. None of my computer's issues are software related (I've reinstalled windows too many times without solving the freeze-up problem for that to be the case) so I know that anyone working on my machine wouldn't really have much of a reason to spend too much time looking around my drive, but that doesn't account for the voyeuristic impulse. Also, there's a chance that new hardware might be installed, which would call for the installation of new drivers.

Have you worked in a computer repair shop? Was poking around in a customer's files commonplace or verboten? Would someone working on my power source, motherboard or graphics card have a reason to open up my web browser? One counter-measure I've considered is to simply buy a blank hard drive and slap that in there, and say that I noticed this problem after installing the new one. However, I'd rather avoid this expense as I still don't know how drastic my repair costs are gonna be. Also, I don't know if a machine with a blank, unformatted drive is gonna be tougher to diagnose and repair.

So, what do you think, AskMe? Is this a legitimate concern or am I making a lot out of nothing? (it wouldn't be the first time) How much risk is the average customer's privacy at in the average computer repair shop? How would you proceed?
posted by EatTheWeak to Computers & Internet (22 answers total)
Judging only from what I read in the news ("he should have removed .... before taking the machine to the shop") it's very likely. If you pay a local person to do a house-call and you sit with them while they work though, you'd surely be OK.

You probably need a new power supply. Four screws and a few plugs. They fail that way all the time.
posted by fritley at 10:48 AM on December 1, 2009 [1 favorite]

There's no way of knowing for sure, and it depends on the person who is doing the work. Assume the worst, delete all of your browsing history, move any sensitive files onto an external drive, and double check for stray files that you would otherwise rather not have looked at. Otherwise, you just might get snooped on.

Now, the flip side is that people who have been doing IT for any length of time have probably seen much worse than what you have, and are probably pressed for time anyway so don't want to bother with poking around in your personal data.
posted by Burhanistan at 10:48 AM on December 1, 2009

Just take out the hard disk and take the rest of the machine to the repair shop. Explain that your hard disk contains sensitive material and can't leave the office (or some such made-up excuse). The repair shop will almost certainly have a hard disk that they can use to get your system up and running if they think they need one.

From the sound of it, the problem is of a kind that can be repaired without a hard disk even being present. If they can get your computer running up to the point where it asks you for a boot disk, you should be able to just plug the disk back in.
posted by le morte de bea arthur at 10:50 AM on December 1, 2009 [3 favorites]

I have been a computer tech at a local shop. I'll tell you right now, if you aren't snooping for porn, you aren't doing it right.
posted by WinnipegDragon at 10:56 AM on December 1, 2009 [1 favorite]

Assume the worst, delete all of your browsing history, move any sensitive files onto an external drive, and double check for stray files that you would otherwise rather not have looked at.

Excellent advice, to be sure - I just want to be clear, however, that I can't even turn my computer on right now - it's that broken. So whatever's on there is on there until whatever else is busted gets fixed.
posted by EatTheWeak at 10:57 AM on December 1, 2009

Just take out the hard disk and take the rest of the machine to the repair shop. Explain that your hard disk contains sensitive material and can't leave the office (or some such made-up excuse).

This is correct.
posted by WinnipegDragon at 10:58 AM on December 1, 2009 [2 favorites]

Having worked in repair roles at multiple shops, I'd say don't worry too much. No one cares where you got your music from, although they may make copies for their own personal use. No one cares about your diary. No one cares about what you have bookmarked. The one thing techs will definitely look for is porn, and especially home made porn.
posted by Oktober at 11:01 AM on December 1, 2009

I think WinnipegDragonM's experience is probably generalizable. The percentage of people who get busted for stuff on their hard drives because of snoopy IT techs is not insignificant. They probably don't care much about music--they're just gonna gank it from you anyways--but you should count on anything "really" and obviously illegal being discovered.

I wouldn't worry about the journal too much though. The techs aren't snooping because they're part of the upright citizens' brigade, but because snooping is fun. Reading some random stranger's personal journal sounds significantly less fun than finding said random stranger's porn stash.
posted by valkyryn at 11:08 AM on December 1, 2009

You should be very concerned, as others have said, and if you send a computer into a repair shop you should always assume someone has just copied every file you have. Whether a given tech copies a given file on a given day doesn't matter: it's the only logical position you can take.

Based on the title of this post, can I suggest you use this as a wake-up call about your own data practices? Remove the hard disk, yes, but in future divide your boot disk from your data, perhaps by keeping an external drive. And even if you think it will never leave your house, encrypt that drive, because one day, sooner or later, it could be stolen.

When that happens, you want it to not matter at all, since the drive is backed up (so you have it elsewhere) and encrypted (so the new owner can't even read it.)

Then you'll sleep well.
posted by rokusan at 11:09 AM on December 1, 2009

le morte de bea arthur has it right. Pull the drive and bring them the box.

New power supply is the most likely candidate, but I've also seen the power button fail (the actual mechanical switch) enough times to warn you to have them check it before you agree to a new motherboard.

Was poking around in a customer's files commonplace or verboten?

The owner of the first shop I worked at had a policy that any porn should be downloaded for him (ugh). This would be pre-internet, back with PCanywhere and a parallel cable. The only other retail shop I worked at, the guys would look for personal pics (especially of young women), or pull up weird/fetish stuff for laughs in the back - like horse porn or something.

If you know what you're doing and have the proper tools, it's easy to find "stuff", even if it's deleted. It will happen.

But I'll second october and others. No one would care what's on the disk, as long as you weren't looking at something that requires mandatory notification of law enforcement.
posted by anti social order at 11:36 AM on December 1, 2009

From what I've seen doing tech support, it's not uncommon for techs to see what you have, but not actually delve into it. The worst I've seen is someone will collect mp3s or porn for their own personal use. For the most part, nothing on your disk will be any more incriminating than what the tech has already seen.
posted by valadil at 11:37 AM on December 1, 2009

Pulling the drive is certainly secure, but depending on what you mean by "can't turn the computer on", pulling the drive may mean they can't fix the problem.

And yes, what they've said above is all true. Techs don't really care about your personal journal (though that's not to say they won't take it for future entertainment if it appears enticing), and while what you've listed ("borrowed music") may be illegal the chances are the techs won't KNOW it's not legitimately ripped from your own CDs.

That said, if you're glossing over the point and have anything REALLY illegal on there, well there is a law that computer techs who realize there are certain crimes (kiddie porn) being committed must notify the authorities. So if it's worse than you're saying and they see it then you'll be in real trouble. Of course, if it's kiddie porn you deserve it.

But over all the best thing to do if you're worried is find a tech that will come to your home and, yes, watch over their shoulder as they work. Depending how savvy you are you may or may not be able to catch EVERY snooping action but your presence alone will prevent most activities.
posted by arniec at 11:55 AM on December 1, 2009

I spent years on a help desk and removing malware from PC's (which often comes from sketchy sources).

I was really way too busy to care what was on the computers, and I rarely even attempted to look at this stuff .

But providing the machine without the hard drive (physical security) is the best thing to do here... nobody should bat an eye if you mention sensitive data. If the shop doesn't like that explanation you should probably take your work elsewhere, it would be a really small hassle to anyone who knows what they are doing.
posted by Deep Dish at 12:00 PM on December 1, 2009

Thanks for all the great responses so far. Let me just quickly clarify that there is definitely not any kiddie porn on the drive.
posted by EatTheWeak at 12:03 PM on December 1, 2009

Thirding having a tech come to your house, if for some reason you can't remove the hard drive yourself. There are plenty of out of work IT people that would take a simple job like this. Poke around on Craigslist. I've seen flyers for this kind of service at my local supermarket.
posted by desjardins at 12:10 PM on December 1, 2009

Buy external hard drive. Move everything private to it. Copy everything else to it (for backup while it's in the shop.) Clear your browser caches and temp folders, and your document history if your files have names that should remain private.

Note that these techs WILL look for strange/interesting stuff, but they only have a limited amount of time to spend looking, so you don't need to worry about them using undelete utilities or anything like that -- unless you're talking about files that are sensitive, like government or corporate secrets-type stuff, and the place you take it knows that's what you work with.
posted by davejay at 12:52 PM on December 1, 2009

If you have access to another PC, you could get a SATA USB docking station (assuming your hard drive is SATA), pull the drive from your PC, copy off what you need onto another USB portable drive (which are INCREDIBLY handy), then wipe the SATA drive, and put it back in the PC.

Obviously that means you'll need to reinstall an Operating System when the box is repaired.

Just another option.
posted by Diag at 1:03 PM on December 1, 2009 [1 favorite]

Nthing that you are right to be cautious. However unless it is pictures of you specifically, I wouldn't be too worried. Any tech that comes across the pics is probably just going to add them to their own collection and silently thank you.
posted by Silvertree at 1:18 PM on December 1, 2009

Pull the drive. Does the computer boot now? (you should see a boot device failed message). No? Then it's not the drive. Leave it out, take it to the shop. If they claim they can't diagnose without your drive, leave. When it's fixed, come back with your drive. Have them install the drive in front of you and boot the computer. Note.. with a motherboard change (if that's the problem) windows may not boot. You will probably have to do a repair install (don't lose any of your programs / configurations, you will have to re-download all the windows updates).
posted by defcom1 at 4:29 PM on December 1, 2009

Try Truecrypt. Easy to use, totally unbreakable encryption at the folder level and maybe at the file level. You can even make the resulting file invisible so that no one know it exists. It even has a system of "plausible deniability" to cover situations in which you are forced to reveal the password.
posted by feelinggood at 5:52 PM on December 1, 2009

There is no code of conduct computer techs must adhere to when handling our data, but on the other hand computer repair shops, web developers, programmers, etc. would all be out of work if businesses and individuals could not trust them thus. Having been a computer repair tech myself I can tell you that your data WILL be scrutinized, laughed at in the shop, copied, etc. However, simply inform your repair shop that your data is personal and proprietary, and that request will be respected. Security is a big part of the computer industry, after all. The only times as a tech I ever confronted clients about actually discovering their data content was when I found porn on a family computer shared by younger users. Under those circumstances I would tell the client that "unsavory content" was discovered on their computer...and leave it at that without disclosing what it was. I felt it was my duty to at least suggest that youngsters should be protected from this content. You really needn't worry about it...unless you really do have something to worry about. In the future save all your sensitive data to external drives exclusively.
posted by Oireachtac at 11:43 AM on December 4, 2009

If it's illegal (child porn, state secrets) you could be in trouble. Anything else they won't care about. If a shop was regularly turning in customers who pulled down torrents of Batman, they wouldn't be in business long.

Also: there's no way for them to know if you own that music on your computer. It's legal to back up your CDs to your own computer.
posted by chairface at 4:49 PM on December 4, 2009

« Older Help me dress myself for work.   |   The most "bang" for my photography buck. Newer »
This thread is closed to new comments.