I have a question about file deletion on Windows/Linux/Mac/iOS, specifically regarding HDD/SSDs and USB drives. When I delete files (like documents or .exe files) and then empty the Recycle Bin, are those files permanently deleted, or is there a chance they can still be recovered?
if yes, do I need to follow a weekly routine and use, for example, Eraser (the program) to delete all unused space (by using drive erasure method Pseudorandom data)? Should I also use it on every USB drive that I have, especially those that don’t have encryption and a password (If a person use them to share content from encrypted devices)? Or it’s just 'if the government (my threat) enter in your smartphone you’re already screwed so using Eraser or not I would change much? (that comment wouldnt count for the usb drives though) any insights or experiences would be greatly appreciated
No , those file are not be permanently deleted. Usually on deleting files your system just forgets path to that stored data. So told like testdisk can find and recover this data, unless such space hasn’t been overwritten by other data.
So if you feel you don’t want people to be able to recover your data, you should use Disk encryption on your OS as mentioned on PG recommendation page Recommended Encryption Software: VeraCrypt, Cryptomator, PicoCrypt, and OpenPGP - Privacy Guides.
Also keep a good user password to access your machine. If you have a good password
i don’t think you need to delete things on drive everytime. unless its a public computer. Then i would suggest not store any sensitive data on it at all, Or just create a separate user profile and encrypt home directory if on linux
I am not sure about the USB drive part. You can use a veracrypt container to store sensitive files on it.
Also in case of a threat from state actor secure data erase may not be sufficient to prevent advanced recovery tools in recovering your data, still disk encryption should help a lot.
Also in case of a threat from state actor secure data erase may not be sufficient to prevent advanced recovery tools in recovering your data, still disk encryption should help a lot.
Using pseudorandom data as a drive erasure method is not enough for three-letter agencies or local authorities? Do I need to do 3 passes, 7 passes, or 35 passes? I need to know if local authorities can recover information from a 1-pass overwrite, because I doubt that three-letter agencies would be interested in me.
That really depends who your authorities give the drives to and how much time and money they are willing to spend.
If you think that you are that important that money is not an issue there’s only one way to be 100% sure and that is physical destruction of the drives, e.g. by shredding them into small particles.