How to mitigate any privacy-related risks associated with taking your laptop for repair?

Either my fan or my battery on my refurbished laptop is malfunctioning and it frequently overheats and shuts itself down. I wasn't able to determine the culprit and thought it best to show my laptop to an expert.

I also have an active warranty that lets me replace any malfunctional parts for free, so that's another reason for not buying my own hardware and trying-and-erring my way through. However, I'm somewhat paranoid about the fact that I have all sorts of sensitive information lying about on my laptop.

Even if I could clear the cookies/passwords for my browser, some sensitive information (credit card details, a host of passwords, and whatnot) that I foolishly left off on some notes, will probably remain. What is more, clearing the said cookies is a troublesome process that I'd rather avoid, if I possibly can.

The guy who runs the local repair shop tends to ask for an admin password, which I'm loathe to give, but have to relent nonetheless. Presuming that I will take my laptop to the repair shop, what is the best possible way to protect all the sensitive information under such circumstances?

user51309

Posted 2017-11-19T22:49:28.397

Reputation: 583

34The only sure way is to remove the hard drive. For the symptoms you describe, it is probably not necessary to provide the hard drive along with the repair. But, being I used to own and operate a repair shop, it would be frustrating for me. I understand some people may not be trustworthy, but I always treated my customer’s data with respect and made sure my employees did too. Without the hard drive you are limiting a technician’s ability to fully diagnose your computer for troubles you may not even know about - which is what my shop always did. If you don’t trust them, go elsewhere. – Appleoddity – 2017-11-19T23:53:35.600

4An alternative would be to take your computer somewhere where you can wait and watch the repair. Some big box stores will do that. But, that is only because those places charge you 3x the cost, have little to no experience technicians working for them, and will do only a fraction of the work the real computer shop will do. Any good diagnosis and repair takes time. – Appleoddity – 2017-11-19T23:56:40.430

1@phyrfox This applies to the USA, I assume. – Angew is no longer proud of SO – 2017-11-20T08:51:56.130

– Mawg says reinstate Monica – 2017-11-20T13:01:29.597

1Also, FWIW, I'd back up important data if you haven't already. – Wayne Werner – 2017-11-20T17:34:20.557

Take out the hard drive its usually user accessible unless you have a thin laptop.Then you should be safe from spying and they can use a Linux USB to test it. – Suici Doga – 2017-11-22T10:13:56.767

@Appleoddity Any decent technician should have some spare drives of any type they can use to boot the system if they need to. Not 100%, but it lets you test the hardware as OP describes, also with less variables to control like however the user's OS is configured. – Pysis – 2017-11-22T19:42:19.287

You could create a temporary admin level account and get tech to use that – user619818 – 2017-11-23T10:06:29.367

What if the sensitive data is the cause of the problem? :) – Solomon Ucko – 2018-12-23T04:49:08.810

Answers

Physical access to a system is the trump card of security.

Passwords can be bypassed, locks broken, data copied, software installed...the list of threats is impressively long. But you may have no choice but to find a way to minimize your risk if you need your system serviced. Here are some options:

1. Request a remote troubleshooting session.

While this won't allow the repair shop to troubleshoot all possible computer problems, an experienced technician can discover a lot about a system's health without physical access to the PC. In a remote session it's normal that the customer participate and watch the tech's every move. Most remote access programs are explicit about files being transferred to/from the system, granting you further oversight. If at any point you don't feel comfortable with what you see you can kill the network connection, ending the session.

2. Remove the hard disk.

Since the problem you're experiencing may be strictly hardware related, you could take the machine in without its hard disk. (If you're not comfortable doing this yourself, have the technician do it while you watch when you drop the PC off.) Explain to the tech that you have confidential data and that if he needs a running OS you'll gladly pay for the extra time it will take to install a temporary drive and an OS on it. A good repair shop will have access to a spare hard disk and installation media for all major operating systems, making this a reasonable request.

Be prepared for the possibility your problem is caused by something unique to your installation of Windows. In this case, proper diagnosis will require your instance of Windows to be present for troubleshooting, reducing the suitability of this strategy.

3. Encrypt the sensitive data on the machine.

There are a number of good tools available for encrypting files, folders, or entire volumes. If you know specifically what data needs protection, this is a good option.

If you go the route of encrypting select files or folders, it's critical that you scrub the free space on your disk after encrypting the data. In most cases when a file is encrypted, a new, encrypted file is written to disk, then the unencrypted file is deleted. This leaves the original file vulnerable to data undelete utilities. A tool like Sysinternals' SDelete can be used to prevent such recovery programs from finding any unencrypted data.

This option is best if you know the location of all data that needs protection. As stated in the OP, and as is generally true for many systems, it can be hard to secure everything. Full volume encryption is perfect for in this case, but if the repair shop needs access to your specific instance of Windows to properly troubleshoot the problem, you'll end up needing to grant the technician access to the unlocked disk volume, defeating the encryption altogether.

4. Take the machine to someone you trust.

Given the drawbacks to some of the above options, this may be a necessary strategy. The very fact you need outside help to maintain your system suggests you will eventually end up with a problem that requires your service technician to come in contact with your sensitive information. Should that day come, it would be handy to have someone you know that has a professional work ethic and can be trusted with other people's personal details--trusted to access the least data required to perform the repair, glance past personal information, forget quickly, and get the job done. It can be done. I do it every day.

Ask around. Technicians with a reputation of trust receive personal recommendations from people with their own secrets that must be kept. Many people in positions with access to sensitive information have to rely on someone else to service their computers, especially at home. You may know such people.

I say Reinstate Monica

Posted 2017-11-19T22:49:28.397

Reputation: 21 477

How did you determine that the laptop is running Windows? I didn't see that in the question. – Toby Speight – 2017-11-22T13:52:30.303

3I didn't, I just guessed. But the point of my post doesn't change if you insert your favorite OS instead of the examples I used. – I say Reinstate Monica – 2017-11-22T15:09:08.690

Unless your hard drive is encrypted linux tools can be use to blank any local windows password.

Put a second hard drive in, removing the first and don't put anything sensitive on it in the first place. Leave the password blank or password, and bring it in for repair.

If your data is that sensitive surely it is worth the cost of a second hard drive.

Another option, place all your sensitive data in an encrypted volume and don't save the password or hand it out. However, changing the location of files per program to the encrypted volume would take more effort that the other options. Also you can clone the original hdd to a new hard drive and wipe and reload the original one. If you want to keep the original hard drive in the machine.

cybernard

Posted 2017-11-19T22:49:28.397

Reputation: 11 200

8When I first purchase a PC I make a disk image before installing or removing any application or data. If the PC is to be sold repaired, that can be restored, and then replaced with a current image, later. For seriously critical data, though, it might be wise to zero the disk before restoring the old image. – DrMoishe Pippik – 2017-11-19T23:31:23.887

1If you want the hard drive included in any repair attempts (software fixes/tweaks), then encrypting just your private data is the only answer, +1. Needs a little extra info though, you do want to save the password so you can access your data later, just don't give that access to anyone else. And moving data into encryption will probably leave behind the original unencrypted data, wiping the data files before deletion, or wiping all free space would be necessary to really hide it... though with an SSD/flash device wiping all space may be impossible. – Xen2050 – 2017-11-20T01:08:46.483

12+1 Even the Windows setup disk can be used to reset the Windows password in under 2 minutes. – John – 2017-11-20T04:49:48.650

1And divine your password using diceware, specific for this password. – corsiKa – 2017-11-20T16:40:44.430

The easiest way is to remove the hard drive before taking it in for repair. Presumably the technician can use a USB disk to diagnose the problems.

Alternatively - and not ideally - watch over the techs shoulder as he does the repair.

davidgo

Posted 2017-11-19T22:49:28.397

Reputation: 49 152

6Removing a laptop hard disk wouldn't be a solution that I call 'easiest'. For many people it is not even possible with their skill set. – Sir Adelaide – 2017-11-20T02:53:54.570

12@SirAdelaide What skill set? You remove a couple screws and pull the thing. – jpmc26 – 2017-11-20T05:51:43.153

14@jpmc26 in fairness, a lot of Ultrabook type PC's don't have screws and/or require popping off some easily damaged plastic hinges. – davidgo – 2017-11-20T05:57:27.727

9@SirAdelaide: True, and also, some super-small, budget laptops (like the one I used to have) don't even have any way to remove the HDD, unless you rip it apart! – ClobberXD – 2017-11-20T05:57:57.957

@jpmc26: You posted the same comment as mine, just seconds before me!!! : D – ClobberXD – 2017-11-20T05:59:18.097

5@SirAdelaide If you are that clumsy you could ask technician to remove the disk in front of you and place it in no-static bag. Drive will be reinstalled (also in front of you) when your laptop is ready. – Alessandro Carini – 2017-11-20T12:46:56.590

Removing the hard disk is not only a solution, it is the only solution. It's not as dramatic as it sounds, either. Anyone capable of holding a screwdriver can do it. In my sad experience, computer technicians are utterly stupid idiots (no offense intended towards technicians on this forum). In the best case they will just snoop through your private data and return the computer after replacing a random part (not necessarily the correct one), in the average case they will re-image the disk, causing you to lose everything. In the worst case... well, let's not think of the worst case. – Damon – 2017-11-20T22:35:10.287

2Not all laptops have removeable SSDs, such as some 2016 MacBook Pros. – smci – 2017-11-20T23:02:24.647

1@smci yes but those also do not have removable batteries which makes it likely that the op's machine isnt a macbook as he implies that the battery is removable and i have never personally heard of a computer with a replaceable battery that didnt have a removable hard drive. on a side note macbooks(OSX) by default uses filevault full disk encryption. – Mohammad Ali – 2017-11-20T23:09:31.717

@MohammadAli: as often on SO, we have a question where the title is more general than the OP's specifics... it's probably best to answer the more general version. Or else edit the title if it severely mismatches the details. – smci – 2017-11-20T23:11:29.830

"watch over the techs shoulder as he does the repair" is a great way to get charged double – Darren H – 2017-11-21T08:00:59.683

1@DarrenH Depending on the tech, it could save you from getting double charged - of-course, privacy does come at a cost. (A good tech should not mind being watched) – davidgo – 2017-11-21T08:23:19.713

You can use tools like Acronis True Image to create a complete backup of your HDD. The backup should be placed for example on the another HDD. Then, you can reset your laptop to the initial state or reinstall OS. Also, you can use some tools to completely delete any information from your HDD (because if the file was just simply deleted, it can be recovered). When you get your laptop back, you just restore the previous state of your HDD from backup

And keep in mind that anybody else who can access to your HDD can do that cloning too. And if you do not see any signs that your data was hacked (for example, wiped password) - that does not mean that your data was not cloned and then hacked

Schullz

Posted 2017-11-19T22:49:28.397

Reputation: 169

The best way to be truly safe is to maintain control of your laptop and not give it to any third party. That's difficult to do in a generic repair scenario but in your specific case, you have several options. You said that either your battery or your fan is causing problems. Focus on those components and you have several useful alternatives to handing your laptop over to a stranger.

On most laptops, batteries are easily removable by the end-user. A technician should be able to test your battery without even having the laptop at all. If the battery tests bad (not uncommon based on my experience with refurbs), you can replace it and the laptop never has to leave your possession.

One easy test you can do on your own is to remove the battery and run the laptop for a while using only the AC adapter. If the laptop still overheats and shuts off, then the battery isn't the problem.

If you have any skills with computer hardware and basic hand tools, I recommend taking the back cover off the laptop and visually inspect the fans and heatsinks. I've seen more than a few refurb units that looked like they were previously operated in a sandstorm; dust/dirt contamination blocks airflow and clogs fans, which leads to overheating. Returning them to normal working condition can be as simple as blowing the dust out of the system with canned air or a hairdryer that has a "cool" setting.

If you have no choice but to take the entire thing to a technician, the best thing you can do is to find a way to reproduce the problem that doesn't involve any of the software on the laptop. Will it overheat if you press F8 or delete during boot and let it sit at one of the BIOS menus for a while? Can you boot off of a live CD or USB drive and do something that will trigger the problem? If you have a reproduction case like this, then there's no need for the technician to access your hard drive at all. You can encrypt the entire thing, or (even better) remove the hard drive before taking it in. Many laptop models are designed with quick-access panels for getting to certain commonly-upgraded components (RAM, hard drives, CD-ROM, etc). Check the documentation for your particular model for details. On the last several laptop models I've owned, even a non-technical user could remove the hard drive with nothing more than a small screwdriver.

bta

Posted 2017-11-19T22:49:28.397

Reputation: 376

Some Linux bootable CD / live-USB setups include cpuburn (i.e. burnP6 or burnMMX executables). Or download Prime95 and put it on a Linux USB stick. But keep in mind that fan speed / cooling policy is partly under software control, and the Windows install won't behave the same as a Linux live-USB. So this isn't a guaranteed way to repro overheating problems. – Peter Cordes – 2017-11-21T10:25:58.657

All the other answers are only concerned with the privacy of the preexisting data on the computer, which may or may not be enough for you.

If you are afraid of some changes done to the computer's hardware (like installing a hardware keylogger) that would compromise your privacy in the future, then the only solution is to never ever give the computer to anyone.

If it's broken then get a brand new machine, migrate the data, wipe the disk and sell the old one.

Depends on your risk model whether you need to go down this way.

vektor

Posted 2017-11-19T22:49:28.397

Reputation: 111

Don't give her/him your hard drive.

How much effort and expense you're willing to go to should be balanced with the trust you have in the technician(s) and the sensitivity of the information on your hard drive.

I'd recommend taking out your existing hard drive and replacing it with a cheap low capacity one that you either have lying around or can purchase for a minimal amount. Put your OS on it using the same key (if possible), as this hard drive won't be active in a computer at the same time as your original. You should be able to generate restore media from your existing hard drive. Then, put a simple password in place and keep it as free of personal info as possible.

It's about compromise, if you provide no hard drive, are you willing to wait for the technician to find a hard drive and install it and the necessary OS and software to diagnose it? Will s/he pass the cost of parts/labor to do this on to you? If you anticipate it going back again, remembering you have an extended warranty, will the technician have to do the same each time? It may be worth the up front cost to you to avoid greater costs down the line.

A. Murray

Posted 2017-11-19T22:49:28.397

Reputation: 101

-2

As phyrfox said in a comment, "the Computer Fraud and Abuse Act, as well as the Identity Theft Enforcement and Restitution Act all but guarantee that the average law-abiding citizen won't bother stealing sensitive data." Other countries also have laws that prohibit stealing bank passwords and credit card details.

So take some precautions but don't get overly anxious.

While Linux can be used to wipe Windows passwords, it is pretty obvious when you get your PC back if the password was wiped. So your repair guy won't do that.

I'd recommend you make a temporary additional admin account and give the password to that account to the repair guy. Notes saved in your documents folder or on your desktop won't be immediately visible to that account.

By not removing the hard disk (as some others here suggest), the repair guy will be able to test the hardware using real scenarios with your current software, operating system, and drivers to find the problem.

After you get the laptop back you can delete that repair admin account. Or keep it for the next time you take the laptop in for repairs.

The easiest and most effective solution to this problem is a social solution not a technical solution: Don't give your laptop to a thief. Take basic precautions not to leave passwords in plain sight, but rest in the knowledge that you can sue the guy if he drains your bank account, and you know where he lives.

Sir Adelaide

Posted 2017-11-19T22:49:28.397

Reputation: 4 758

13I really want to downvote this post (but won't, because I posted). Trusting a piece of legislation instead of taking security measures is - to be polite - "not a best practice". There are lots of ways for data to be pilfered without leaving traces - especially with unattended physical access to machines. There is every reason to believe that some (not all) technicians will rifle through data and take what is interesting - its common place. – davidgo – 2017-11-20T03:01:42.413

FBI actually pays computer companies to do this - and the government even pays some to do so - https://www.techdirt.com/articles/20170106/10163236419/fbi-is-apparently-paying-geek-squad-members-to-dig-around-computers-evidence-criminal-activity.shtml%21 A quick Google search lists huge numbers of techs being caught with the ways they handle customer data.

– davidgo – 2017-11-20T03:03:37.927

4And, if you want to prove me wrong, how about you confirm when you are going away, your address and that you hide your key on your property when you go (its OK, you don't need to tell anyone where you actually hide it). I'm sure you will be content that the very strong laws against breaking and entering will keep you quite safe. – davidgo – 2017-11-20T03:05:23.107

if the government does it, it must be ok... right? – Sir Adelaide – 2017-11-20T03:05:56.397

1You miss my point. Government is not doing it - they are paying people - often who are paid near minimum wage - who work for tech stores - to do it. At minimum these people have an incentive to look where they shouldn't as a result, and could even turn around and say "but I was doing it because the FBI asked"... – davidgo – 2017-11-20T03:08:34.487

:) I'm at work 9-5 every day, you are welcome to come past my house. It's easy to break in (as are most houses), if you have skills in that area. You can't stop someone robbing you, if they want to. But increased threat of getting caught (such as the repair guy's name is known to you, or you have security cameras on your house) is usually enough deterrence unless you are protecting millions of dollars. – Sir Adelaide – 2017-11-20T03:13:30.297

2Access to a temporary admin account is no less dangerous than access to its permanent counterpart. There's nothing that the temp account can't do, including putting a back door on the system to enable ongoing access. – I say Reinstate Monica – 2017-11-20T05:22:05.213

8Someone who repair the laptop can just make a clone of HDD - and do what he or she wants and the owner wouldn't notice it. So, if your password was not wiped - it does not mean that your password is not wiped on the copy of your HDD – Schullz – 2017-11-20T08:20:20.643

This isn't an answer to the question as stated. The Computer Fraud and Abuse Act is only a US thing, and even at that it's widely flouted in the US. – smci – 2017-11-20T23:13:11.150