How to mitigate any privacy-related risks associated with taking your laptop for repair? [duplicate]

security laptop-repair encryption privacy-protection disk-encryption

Either my fan or my battery on my refurbished laptop is malfunctioning and it frequently overheats and shuts itself down. I wasn't able to determine the culprit and thought it best to show my laptop to an expert.

I also have an active warranty that lets me replace any malfunctional parts for free, so that's another reason for not buying my own hardware and trying-and-erring my way through. However, I'm somewhat paranoid about the fact that I have all sorts of sensitive information lying about on my laptop.

Even if I could clear the cookies/passwords for my browser, some sensitive information (credit card details, a host of passwords, and whatnot) that I foolishly left off on some notes, will probably remain. What is more, clearing the said cookies is a troublesome process that I'd rather avoid, if I possibly can.

The guy who runs the local repair shop tends to ask for an admin password, which I'm loathe to give, but have to relent nonetheless. Presuming that I will take my laptop to the repair shop, what is the best possible way to protect all the sensitive information under such circumstances?


Physical access to a system is the trump card of security.

Passwords can be bypassed, locks broken, data copied, software installed...the list of threats is impressively long. But you may have no choice but to find a way to minimize your risk if you need your system serviced. Here are some options:

1. Request a remote troubleshooting session.

While this won't allow the repair shop to troubleshoot all possible computer problems, an experienced technician can discover a lot about a system's health without physical access to the PC. In a remote session it's normal that the customer participate and watch the tech's every move. Most remote access programs are explicit about files being transferred to/from the system, granting you further oversight. If at any point you don't feel comfortable with what you see you can kill the network connection, ending the session.

2. Remove the hard disk.

Since the problem you're experiencing may be strictly hardware related, you could take the machine in without its hard disk. (If you're not comfortable doing this yourself, have the technician do it while you watch when you drop the PC off.) Explain to the tech that you have confidential data and that if he needs a running OS you'll gladly pay for the extra time it will take to install a temporary drive and an OS on it. A good repair shop will have access to a spare hard disk and installation media for all major operating systems, making this a reasonable request.

Be prepared for the possibility your problem is caused by something unique to your installation of Windows. In this case, proper diagnosis will require your instance of Windows to be present for troubleshooting, reducing the suitability of this strategy.

3. Encrypt the sensitive data on the machine.

There are a number of good tools available for encrypting files, folders, or entire volumes. If you know specifically what data needs protection, this is a good option.

If you go the route of encrypting select files or folders, it's critical that you scrub the free space on your disk after encrypting the data. In most cases when a file is encrypted, a new, encrypted file is written to disk, then the unencrypted file is deleted. This leaves the original file vulnerable to data undelete utilities. A tool like Sysinternals' SDelete can be used to prevent such recovery programs from finding any unencrypted data.

This option is best if you know the location of all data that needs protection. As stated in the OP, and as is generally true for many systems, it can be hard to secure everything. Full volume encryption is perfect for in this case, but if the repair shop needs access to your specific instance of Windows to properly troubleshoot the problem, you'll end up needing to grant the technician access to the unlocked disk volume, defeating the encryption altogether.

4. Take the machine to someone you trust.

Given the drawbacks to some of the above options, this may be a necessary strategy. The very fact you need outside help to maintain your system suggests you will eventually end up with a problem that requires your service technician to come in contact with your sensitive information. Should that day come, it would be handy to have someone you know that has a professional work ethic and can be trusted with other people's personal details--trusted to access the least data required to perform the repair, glance past personal information, forget quickly, and get the job done. It can be done. I do it every day.

Ask around. Technicians with a reputation of trust receive personal recommendations from people with their own secrets that must be kept. Many people in positions with access to sensitive information have to rely on someone else to service their computers, especially at home. You may know such people.


Unless your hard drive is encrypted linux tools can be use to blank any local windows password.

Put a second hard drive in, removing the first and don't put anything sensitive on it in the first place. Leave the password blank or password, and bring it in for repair.

If your data is that sensitive surely it is worth the cost of a second hard drive.

Another option, place all your sensitive data in an encrypted volume and don't save the password or hand it out. However, changing the location of files per program to the encrypted volume would take more effort that the other options. Also you can clone the original hdd to a new hard drive and wipe and reload the original one. If you want to keep the original hard drive in the machine.


The easiest way is to remove the hard drive before taking it in for repair. Presumably the technician can use a USB disk to diagnose the problems.

Alternatively - and not ideally - watch over the techs shoulder as he does the repair.


You can use tools like Acronis True Image to create a complete backup of your HDD. The backup should be placed for example on the another HDD. Then, you can reset your laptop to the initial state or reinstall OS. Also, you can use some tools to completely delete any information from your HDD (because if the file was just simply deleted, it can be recovered). When you get your laptop back, you just restore the previous state of your HDD from backup

And keep in mind that anybody else who can access to your HDD can do that cloning too. And if you do not see any signs that your data was hacked (for example, wiped password) - that does not mean that your data was not cloned and then hacked


The best way to be truly safe is to maintain control of your laptop and not give it to any third party. That's difficult to do in a generic repair scenario but in your specific case, you have several options. You said that either your battery or your fan is causing problems. Focus on those components and you have several useful alternatives to handing your laptop over to a stranger.

On most laptops, batteries are easily removable by the end-user. A technician should be able to test your battery without even having the laptop at all. If the battery tests bad (not uncommon based on my experience with refurbs), you can replace it and the laptop never has to leave your possession.

One easy test you can do on your own is to remove the battery and run the laptop for a while using only the AC adapter. If the laptop still overheats and shuts off, then the battery isn't the problem.

If you have any skills with computer hardware and basic hand tools, I recommend taking the back cover off the laptop and visually inspect the fans and heatsinks. I've seen more than a few refurb units that looked like they were previously operated in a sandstorm; dust/dirt contamination blocks airflow and clogs fans, which leads to overheating. Returning them to normal working condition can be as simple as blowing the dust out of the system with canned air or a hairdryer that has a "cool" setting.

If you have no choice but to take the entire thing to a technician, the best thing you can do is to find a way to reproduce the problem that doesn't involve any of the software on the laptop. Will it overheat if you press F8 or delete during boot and let it sit at one of the BIOS menus for a while? Can you boot off of a live CD or USB drive and do something that will trigger the problem? If you have a reproduction case like this, then there's no need for the technician to access your hard drive at all. You can encrypt the entire thing, or (even better) remove the hard drive before taking it in. Many laptop models are designed with quick-access panels for getting to certain commonly-upgraded components (RAM, hard drives, CD-ROM, etc). Check the documentation for your particular model for details. On the last several laptop models I've owned, even a non-technical user could remove the hard drive with nothing more than a small screwdriver.

Related

How to auto resize panes in tmux?
Clarification for ffmpeg input option with image files as input
How to keep windows split after detaching/reattaching GNU screen
No plank configuration file
How to unlink language and regional settings [duplicate]
Belgian formats when choosing US language - regional & language settings issue
Bluetooth service failed to set mode
Why Download rate from nas is (almost) half in Ubuntu than Windows
Realtek RTL8811CU Wifi Dongle
Firefox occasionally not rendering its own window when opened
Downgrading/Partitioning Ubuntu
Broken MySQL Installation, Cant Install or Uninstall