![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
A group dummied up two simple computer breaks that would not require snooping into a laptop's contents and took it in for repairs after setting up hidden key and mouse loggers to see what the techs did, i.e. were they trustworthy custodians of your data. Half of the 'secret shoppers' were men, half women.
The results weren't terribly encouraging. Granted, the number of shops tested was a very small number.
https://arstechnica.com/information-technology/2022/11/half-of-computer-repairs-result-in-snooping-of-sensitive-data-study-finds/
The upshot is that if you must take your computer in for repairs, your best way to defend your data would be to encrypt your user data or documents directory. Many of these shops "required" or tried to brow beat you into giving them your account credentials - even on a battery replacement, which does not require log-on access to the computer!
If you're not comfortable with encryption, and I can't blame you, it's not risk-free, copy all your data to an external hard drive or two (or a cloud account), delete it, empty the recycle bin or trash can or equivalent, then run a disk compression or empty space wiper to make sure they can't get in and try to recover any photos from your system.
Of course, if your computer is completely borked and will not boot reliably enough for you to boot it to encrypt it or clean it, you're screwed and at the mercy of the shop.
Social media programs are tricky. Lots of people have their browsers remember their logins, so just logging out of the account and closing the browser isn't enough. You can export your bookmarks easily to an external device or even email them to yourself, I'm not sure if you can export remembered passwords and then purge them and later re-import them.
Me, I exclusively use web mail like Gmail or Outlook. Those are easy to sign out from, but you then need to delete cookies and have the browser delete the cookies, and that's mildly tricky for the uninitiated. If you're using an actual email client program, then you need to either encrypt your mail bag and close the program so that a password is required, or remove the data and program entirely.
There's two other ways to go. Create a dummy account with no data in it that has no admin capability. That doesn't do you any good if they need to do a malware cleanup or install system-level software for you - then they need an admin account. If you have to give them an admin-level password, then all your data is compromised regardless. You can simply say "I want to stand here and watch you work, I will enter the password as needed." Or you can say, "Screw you, I'm taking my business elsewhere" and leave.
Requiring a password to change a battery is massively beyond ridiculous.
The results weren't terribly encouraging. Granted, the number of shops tested was a very small number.
https://arstechnica.com/information-technology/2022/11/half-of-computer-repairs-result-in-snooping-of-sensitive-data-study-finds/
The upshot is that if you must take your computer in for repairs, your best way to defend your data would be to encrypt your user data or documents directory. Many of these shops "required" or tried to brow beat you into giving them your account credentials - even on a battery replacement, which does not require log-on access to the computer!
If you're not comfortable with encryption, and I can't blame you, it's not risk-free, copy all your data to an external hard drive or two (or a cloud account), delete it, empty the recycle bin or trash can or equivalent, then run a disk compression or empty space wiper to make sure they can't get in and try to recover any photos from your system.
Of course, if your computer is completely borked and will not boot reliably enough for you to boot it to encrypt it or clean it, you're screwed and at the mercy of the shop.
Social media programs are tricky. Lots of people have their browsers remember their logins, so just logging out of the account and closing the browser isn't enough. You can export your bookmarks easily to an external device or even email them to yourself, I'm not sure if you can export remembered passwords and then purge them and later re-import them.
Me, I exclusively use web mail like Gmail or Outlook. Those are easy to sign out from, but you then need to delete cookies and have the browser delete the cookies, and that's mildly tricky for the uninitiated. If you're using an actual email client program, then you need to either encrypt your mail bag and close the program so that a password is required, or remove the data and program entirely.
There's two other ways to go. Create a dummy account with no data in it that has no admin capability. That doesn't do you any good if they need to do a malware cleanup or install system-level software for you - then they need an admin account. If you have to give them an admin-level password, then all your data is compromised regardless. You can simply say "I want to stand here and watch you work, I will enter the password as needed." Or you can say, "Screw you, I'm taking my business elsewhere" and leave.
Requiring a password to change a battery is massively beyond ridiculous.
