Concerned but Ineffective: User Perceptions, Methods, and Challenges when Sanitizing Old Devices for Disposal

Authors: 

Jason Ceci and Hassan Khan, University of Guelph; Urs Hengartner and Daniel Vogel, University of Waterloo

Abstract: 

Consumers are upgrading their devices more often due to continuous advances in hardware. Old devices need to be sanitized (i.e., personal data removed with low recovery probability) before selling, donating, throwing away, or recycling the device ("disposal"), but previous works have shown that users frequently fail to do that. We aim to understand the sources of misconceptions that result in risks to personal data. Through a survey (n=131), we measure where the old devices end up and how they are sanitized. Our survey shows that while most users dispose of their devices, a large proportion of participants (73%) kept at least one old device, often due to data leakage concerns. Among disposed-of devices, 25% of participants reported using methods to erase their data that are insecure. To further explore the processes that were undertaken to sanitize devices and sources of misconception, we invite a subset of respondents (n=35) for interviews. Our interviews uncover the reasons for poor device sanitizing practices—misleading data deletion interfaces and prompts, lack of knowledge, and complex and slow disk wiping procedures. We provide suggestions for device manufacturers and retailers on how to improve privacy, trust, and convenience when sanitizing old devices.

SOUPS 2021 Open Access Videos Sponsored by
Ethyca

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {274459,
author = {Jason Ceci and Hassan Khan and Urs Hengartner and Daniel Vogel},
title = {Concerned but Ineffective: User Perceptions, Methods, and Challenges when Sanitizing Old Devices for Disposal},
booktitle = {Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)},
year = {2021},
isbn = {978-1-939133-25-0},
pages = {455--474},
url = {https://www.usenix.org/conference/soups2021/presentation/ceci},
publisher = {USENIX Association},
month = aug
}

Presentation Video