Oi! Get yer hands off my stuff!
The Register reports on a study from University of Guelph researchers Jason Ceci, Jonah Stegman, and Hassan Khan on the privacy policies and practices of electronics repair shops. They sent a laptop to 18 repair sites, asking them to replace the battery.
The three were checking on the kind of privacy customers could expect, given that a typical laptop contains personal information like letters, Web site histories, photographs, and passwords. Some findings of the firms, which the trio did not name:
- 17 out of 18 firms asked for login credentials
- 0 firms posted a privacy policy online
- 6 asked customers to sign a Terms & Conditions document that disclaimed liability for data loss
The study also ran an online survey that found that a third of broken devices are not repaired due to the owners' privacy concern.
Surveillance software told the three that "Six of sixteen technicians snooped on customers' data, and in two of 16 tests copied customer data to external devices. Among these six snoopers, one technician did so in a way to avoid generating evidence, while three others took steps to conceal their activities – the device logs show offending technicians attempted to hide their tracks by deleting items in the Quick Access or Recently Accessed Files on Microsoft Windows."
- - -
I have a different take:
To test that the replaced battery is working correctly, the repairman would need to start up the computer and then see the battery status reported by Windows. So, the login info is needed.
There is no legal requirement for a repair shop to post a privacy policy online, and so it is not done.
Data loss is possible when repairing computers (they are, after all, complex machines) and so the repair shop disavows responsibility; don't want to risk data loss? Don't bring it here!
Online surveys are notorious for self-selection; those who are have been affected are more likely to speak up. From my experience, people don't get non-working computers repaired, because they don't know where to bring it or they worry about the cost. In some cases, it's even an excuse for acquiring a newer model.
Copying data to external devices could be an initial safety precaution the repairman takes against accidental data loss.
Deleting items in the recently-accessed file list is a courtesy to the customer.
- -
The one time I sent in a computer for repair under warranty, HP told me to make a back up of the hard drive, as they warned they could not guarantee the data would be safe on the drive.
Here's the link to the story at The Register: https://www.theregister.com/2022/11/15/repair_technicians_data/
Comments