Selling a computer...how to clean ALL personal info?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Selling a computer...how to clean ALL personal info?
I'm looking at selling a laptop with ubuntu installed on it. Very little actual files are on the SSD...I keep everything on flashdrives. But still, there is the matter of bookmarks, autocomplete, browsing history, stored passwords, etc.
Could somebody please tell me what all I should do to make sure all my personal info is off the computer, before I just hand it to someone else? How can I avoid missing some obscure stored information that could give the computer's new owner access to my information?
I cannot wipe the drives. If I could, I would just use shred, since I have an ext2 filesystem. I advertised the computer with heavily tweaked (for eeePC) ubuntu already installed.
I thought about removing /home/chaz (my home folder) and then making a random /tmp file and dd'ing it full of zeros till the drive was full.
But then I'm not sure how I or my customer can log back in then. If I just remove the home directory when the computer restarts it will recreate it. That means my user, chaz, and my password must be stored elsewhere other than /home. How can I remove the user, and then create a new user?
Most of your personal information will be in your home folder. So if you delete your home folder's contents, stuff like bookmarks, cookies, documents is gone. You could then set up a new account for the new owner (and transfer sudo privileges to him). Then you could boot a live CD/USB, copy the disk's contents to some other box via SSH, zero the drive's partitions (including swap, if any), and format and copy the contents back. There might be locations outside your home folder which you'll want to clean up, such as Squid caches, etc. Make sure you do all your cleanups before you zero.
If you need to keep the data on there, you'll have to manually remove all identifying data (your user account, home dir, passwords, and anything which may have got anywhere else), and then backup the DATA (not the filesystem) with tar (not dd) to somewhere else. This will only copy the *file* data (contents, filenames, directory structure), but not the remnants of deleted files, journal etc. which is what you need to remove.
Then properly shred/DBAN the drive and restore the backup onto the clean drive.
Obviously, it's a good idea to have a backup of the original drive too (probably as a DD image) so that you can restore the compuer to the original state if you mess up and miss something.
"How can I avoid missing some obscure stored information that could give the computer's new owner access to my information?"
If you're giving them a computer which you have to manually clean but leave the filesystem intact, then you can't. Programs can end up storing data just about anywhere - core dumps, swap space, log files... you can easily miss one of those places. That's why companies don't try to "sanitise" a working machine, they just securely wipe and then rebuild from scratch.
Are you sure using DBAN or shred on an SSD is a good idea?
I would think that on an SSD the most sane approach would be to just zero once.
@AuroraCA: What kinda tweaks does this install have? How hard is it for you to zero the drive and perform a fresh install for the new owner? This would probably be your safest bet, as you wouldn't have doubts in the back of your mind after turning the computer over to him.
Have you tried re-installing Windows XP and reformatting the drive and not trying everything in Linux?
If you are selling your PC, it would be better selling it as a running Windows machine instead...
sudo find / -uid NNN -type f | less
sudo find / -uid NNN -type f | while read filename ;do shred "$filename" ;done
(replace NNN with the uid of your user.)
Change the passwords on any OTHER computer, if it has the same passwords.
Last edited by win32sux; 10-08-2008 at 05:32 PM.
Reason: Removed spammed link.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.