Your Data Trail


I am regularly astounded by folks who seem to think that they do not leave a data trail or that there is some protection in ignorance. I’ve seen this happen in very innocent activities like donating computers or mobile phones to charity.

I know what your bank code is

For many year I volunteered my time to a charitable effort which held a monster yard sale once per year. I was routinely buttonholed into getting the truckloads of donated computer equipment in running order. We generally would not have to do much to the equipment as we just usually booted the machines from a CD version of Linux and sold it as is. On some occasions we would have to actually do some Sherlocking on the machine’s data to get the machines to operate.

In these circumstance I was regularly astounded to learn that these machines contained some of the following;

  1. Quickbooks files with no passord protection,
  2. Bank access from Quickbooks,
  3. Credit card records including PDF versions of credit applications,
  4. Word documents of passwords usually called “password.doc”,
  5. Personal information which could be used for social engineering, and
  6. Personal photographs which probably should not have seen the light of day.

And this is only the short list. We generally reformatted hard drives and installed Linux on machines such as these. Though I am not sure why anyone would not spend some effort (or pay someone to do it for them) in getting the individual computers clean prior to giving it away.

I know who you talk to

The same holds true for mobile phones. On Friday, last week, I received a call on my mobile and pulled off to a vacant parking lot by the side of the road, since I knew the call was going to be long. During the call I noticed that there was a mobile phone on the pavement. After the call ended I picked it up and took it home thinking that I could get it to it’s rightful owner.

The battery was dead but improvising a makeshift power source by hooking two AA batteries in serial with some alligator clips to the battery terminal, on the phone, allowed the phone to be turned on.

No password protection was required, though I am not sure its available on this phone (I am not that familiar with the LG brand). The owner’s phone number was evident, but upon calling it, found it had been disconnected. There were numerous incoming and outgoing calls registered in memory and a list of phone numbers in the address book. One listing for a bank was obviously a transit, an account number and a PIN. Do people never learn?

LG call home

I returned the phone to the local store of the carrier (in this case Bell) who promised me they would get it to the rightful owner.

Cleaning your data trail

Lesson to learn: If you plan to give away (or throw away) equipment or are prone to lose small objects you ought to;

  1. Make sure that you’ve done all you can to protect your personal information,
  2. Learn how to set up device passwords, and
  3. Learn how to clean an old device of data before you dispose of it.
Send this article to:
  • Digg
  • del.icio.us
  • Facebook
  • Tumblr
  • Google
  • StumbleUpon
  • Technorati
  • E-mail this story to a friend!
  • Print this article!

Leave a comment