“An elephant never forgets,” or so they say. The same is true for your computer. In fact, when it comes to protecting your privacy and preventing identity theft, your computer just might be your worst enemy. That’s because virtually every piece of information that has ever passed through your machine is locked somewhere within, regardless of whether you deleted it or if it was a “temporary” file. This is a problem even for SSD devices – they purge deleted files themselves, but file names, which may contain some sensitive information, may remain for a long time. This isn’t some evil conspiracy hatched by Microsoft (Macs and Linux computers do it too). It’s just the way computers work.
In order to perform system functions, launch programs, edit files and visit websites, your computer is constantly logging your activity, creating temporary copies of documents and saving cached versions of webpages on your hard drive. All these residual files are like confidential internal memos at a corporation – they are never meant to see the light of day outside the office walls, but in order for the different departments to work together, sensitive information has to be printed off, copied and circulated. When the memos have served their purpose, they must be shredded off. But the problem is that no one ever bothers to do so.
The same is true for your computer. There are literally years worth of information still lingering throughout your system, including login information, passwords, photos, web browsing history – you name it. For conventional hard drives, when you “delete” this data, it never really gets deleted. For one, there could be dozens of previous versions of it still floating around in caches and temporary folders. But more importantly, the information still physically exists on your hard drive right where it was before. The only difference is that your system has marked it as “free” space, meaning other programs are free to overwrite that sector if they need the disk space. In order to restore that document, all one would have to do is ignore that label stating that it’s “free” space. It’s a bit like when a building inspector condemns a building or rezones a property. Someone else is free to tear down the structure and build on that land – but until they do, the old building will still stand.
Moreover, although modern SSD devices erase the content of deleted files themselves, some information about them may still remain in the device file system, and that information may well be quite sensitive.
On your computer, accessing “deleted” data can easily be done with one of many file undelete and data recovery programs widely available on the Internet. These programs are touted as conveniences, which in some cases, they are. More than a few of us have mistakenly deleted something that was actually important – term papers, presentations, honeymoon photos. But when it comes to security, the way your computer deletes (or doesn’t delete) your data is a liability. Someone accessing your computer remotely (i.e. a hacker) could very easily “recover” your deleted data. The same goes for someone who buys your used computer on eBay or digs your discarded, failed hard drive out of the dumpster.
This has been an issue for decades. Yet still, there are no built-in system operations designed for securely deleting your data. On the contrary, Windows tends to do everything it can to keep all historical data, in case you want to perform a system restore or recover a lost file. And with hard drives getting larger and larger every day, the chances that a “deleted” file could go untouched indefinitely are vastly increasing.