For the purpose of phone recycling it's probably time to find a USB bootable image for phones that can wipe their storage to avoid even more data leakage. The USB would probably have to power the device too assuming bad batteries.
I have a lot of phones sitting around. I don’t recycle them because there’s usually no benefit to me and there’s a risk that someone would mine my data still on the device.
They don’t start so there’s no way to boot and wipe. And they are hard to disassemble and remove the storage.
So I do the calculation of getting like $2 off a new phone or the extremely low, but non-zero, probability of all my photos ending up somewhere not cool.
To help with this, right to repair also makes things more recyclable.
Most carriers should be able to put together an independently audited process to ensure your old data cannot be mined. Locked boxes, chain of custody, secure transfer, cameras and two people in the room... until the phone is physically destored.
Though it would be nice if they had a get the old data off that dead phone and return to you process. (Which reminds me, I need to setup backups on my latest phone
There are various document destroying firms with shredder-on-a-truck that probably already offer that service, for businesses. Not economical for a single device though.
Hard to see how it's very economical even for many devices, given you have to take each one far enough apart to remove the battery or else throwing it in the shredder sets your truck on fire.
A better play might be to liaise with phone repair shops both carrier-owned and independent, since they already do this as a matter of course, and it's quicker if you don't care what damage you do in the process. Lot of cats to herd, though, that would be.
> given the meagre training most carriers' employees at physical stores seem to have
Training is one thing, but the primary issue is wages and career prospects. Nobody working in a customer-facing role at a mobile carrier is paid enough to give a shit to do proper data protection - in fact they might be paid more by a malicious actor (bribery) to intentionally compromise data protection, just like it happens with fraudulent SIM swaps.
>Easier: a device that shreds the phone onsite, in front of the customer.
Given that most phone these days have non-removable batteries, can one really shred them safely? And wouldn't it make it harder to recycle if you can't isolate the various components?
It's not too difficult to destructively open phones to remove the battery and destroy the motherboard, but that requires some tools and know-how.
> Easier: a device that shreds the phone onsite, in front of the customer.
My local PC repair shop has a hard-disk destroyer that you can use to destruct your own drives. It's basically a lever-operated vice-crusher with a four-foot lever that you use to close the jaws. As soon as I discovered it I was able to destroy the hard drives that I'd been keeping in a bucket in my garage. The shop keeps the bits and manages the e-waste disposal. Bonus: it gives you an upper-body work-out
How about a portable shredder right in the store, with a nice big glass window on it? Bring your phones in and let your kid drop them in the shredder and watch the snap-crackle-pop, and get paid a nominal amount for each one!
Serious question, but how do they intentionally recycle phones/batteries/ ewaste? My first guess would that everything goes through a shredder. Precious metals and plastics are then separated because any kind of disassembly at scale would be infeasible.
Medium value stuff is shredded into a big pile and then they leach the gold off it with cyanide. It has a much higher concentration of gold then raw gold ore.
Low value stuff is shipped to poor countries where the copper is extracted by burning and picking through the ash. Very toxic process.
My mother died this year and one thing I have kept is her phone to remember her: a little time capsule of her last messages, her photos, etc. I keep it near the charger and keep the charge from dropping too low.
I've thought about how long I intend to do this, or, even if I let the battery stay disconnected, how long I will keep the phone. I suspect I'll keep the phone until I die myself but wonder if it would end up being some odd sort of family heirloom/relic 100 years from now.
(FWIW, I have captured to other devices her photos and such so that I am not reliant on the physical device for these memories.)
I am guessing I am telling you the obvious when I tell you to backup all meaningful pictures and videos into whatever your long-term storage solution is (aka SSD or Cloud) before the phone inevitably dies and becomes inaccessible, especially if the phone memory is encrypted with some weird proprietary algo where you will never get the data off of it even if you know the password.
I found some old computers a while back, from the early 2000s. None of them booted. I couldn't get anything off even after pulling the HDs and connecting to them directly - everything was corrupted despite sitting in a fairly dry, clean, climate-controlled space.
My dad still has a 2001 era Inspiron that he keeps because of Microsoft Works. I am shocked that it still boots! Won’t connect to the internet for some reason, but it did connect to the LAN and WS_FTP helped me move old files to my laptop.
Likely: time/date, and you will need to compile modern ssl and gnu tls. I've found that even if I'm doing a pure http request (no https), I can't fetch anything without a modern ssl/tls library. At least that's how it was on an old kindle
Just in case you haven't thought of it--at least as far as photos/videos there are easy/straightforward generic options for copying them off without having to look.
You can install something like Dropbox or Nextcloud and set them up to sync the entire photo album. Just checking the rough counts on either end should get you a decent indicator that you've got everything. (It's possible something gets missed but, trying to not let the perfect be the enemy of the good, it would certainly be a much safer position over where you are today.)
As much as anything, I'm just trying to give you a nudge. I can only imagine how much it would compound the heartbreak to lose all of that.
I know what you mean, but it is only a small part of my mementos from her life. I also have photo albums from her (actual, physical photos) that are treasures to me and represent the majority of her life. But I can't deny the last decade or so of her life that was online. The phone became her camera, her letters....
Just before he passed away, my grandfather spoke with everyone he loved (and who couldn’t be there during his very final moments) from his hospital bed using a Nokia 2600 phone. A few years ago, I realised my mother kept the phone and refused to sell it as it had become the final memory of her father. Inanimate things can often serve as portals into a time that our loved ones were still with us, when we were young or just generally, some fond memory that we can never really live again and yet are loathe to part with.
This is an important point about encryption that a lot of people miss: it's not forever. All encryption is broken eventually.
The purpose of encryption is not to keep secrets eternally. The purpose of it is to keep secrets long enough that by the time they're revealed, they aren't worth anything.
Wait, what encryption would iOS have used 15 years ago that's now unsafe?
AFAIK Android has always used dm-crypt (should be familiar to any Linux user) with AES, which I'm pretty sure is still safe.
Back then I think maybe it used CBC mode, whereas now it defaults to XTR, but again AFAIK, CBC is still safe, it's just that XTR performs better for block devices or something.
I think that’s what concerns people. And makes random phones of interest to bored people. A decent percent of phones probably have nudes. And I think that data stays sensitive.
Same concern, at least with older phones. I think any newer phones (last 5 years or so) are encrypted by default. Anyone with real expertise in this, please chime in.
Updte: hmm. Not full disk encryption. Does this mean that its up to the app to encrypt?
I've got a couple old Androids (MotoX and something else ~2015ish) that won't boot due to dead batteries. There's an endless loop of:
- Charge to ~.25%
- Phone automatically powers on
- The boot process takes more power than the charger can provide, so it drains the battery
- Automatically powers off because battery is back to 0%
I've had them on the charger for a few hours and watched this process repeat over and over. Short of disassembling and swapping the batteries I've tried everything I can think of to get them to power up
- booting into recovery -- find out which key combo might trigger that at power-on
- booting into an OEM download mode -- "" - probably a cable insert + key combo
- triggering the Qualcomm download mode -- ""
That would load a different boot setup (maybe kernel, or just ramdisk, and whatever tools they added on top from that particular OEM), and that may allow you to charge. That can work sometimes.
Yeah, those fall in the "I've tried everything I can think of" category. They don't help, the devices die too quickly to make it into any alternate boot modes.
I may be overly optimistic, but who are you expecting to dig your dead phone out of the garbage, take the flash storage out and read it for your personal photos? If the phone belonged to the president or something that's a potential threat, but for a random individual's data?
The bigger threat, imo, is a device that is still authenticated or trusted by some service I've forgotten about. A bank, email provider, Apple, etc. Yes, it's "easy" to fix any single one of these but hard to remember them all.
If the alternatives are store forever, throw in the trash, or give to a carrier...
Nobody is getting the data off at my house. I assume nobody will go through the dump looking for old phones, but someone did go through the dump and found the ET cartridges, so there's prescedent. Also, I feel a little bad about putting phones directly in the dump.
If it goes to a carrier program, there's a good chance it goes into a repair process where the battery is replaced and maybe it works again. If it works again, I expect it to get the least intensive wipe required so that the user can get into the home screen, and then sold. That might mean the new user can get access to my data.
Story time: my spouse had an Amazon Fire phone for quite some time; when she was done with it, my dad needed a phone, but FireOS was a really poor choice, so I flashed it with a 3rd party Android build. Several years later, he ran it all the way out of battery, and when he got it charged up, somehow it booted up into FireOS instead and had my spouse's accounts and what not. Whoops. No big deal, we got him a new phone and got the Fire Phone back (and I tried to wipe it again, but better) and now it lives in a drawer and won't power on.
Story time: I was a contractor a few decades ago and I got a “new pc.” Theoretically it was imaged with a developer setup. Reality is the local user accounts were removed and a new account created for me.
The previous user was an HR analyst who kept all their data in c:\employee_salary and didn’t get wiped. So it had layoff analysis of every employee, their salary, their layoff priority. Comically, sadly, the HR analyst was layed off despite being listed as high priority.
I tried reporting the data and my contractor manager squashed it for fear that I would be rolled off the project.
My lesson is that unless I destroy the data, assume others will see it.
It’s a very low probability. I expect it to never happen, but it’s non-zero and easily mitigate-able for free by leaving it in a drawer.
Although I suspect someone will think it a fun project to sift through old storage devices found in the dump to automatically scan for photos of interest. Given the high interest in pornography, I expect the motivation of “found nudes” will lead to some discoveries no one ever thought possible.
A tip for you and anyone else doing this: do yourself a favor and get a heat gun or other tools required to at remove and recycle the battery, before your house burns down.
I've had various old phones, laptops speakers etc. that became bloated in storage because an internal lithium ion cell was halfway ruptured.
And once you do that it's usually trivial to pop out and destroy the motherboard or storage device, especially as you don't care about doing so destructively. Then you can recycle the rest.
I'd be interested to find out how many of these bloated batteries still have any charge. Internal discharge feels like a pretty nice accidental safety feature, albeit at the price of also killing a lot of old devices.
But yeah, preemptively removing batteries for safety is a good move.
It's less dangerous, but some of the flammability is inherent in the chemicals withing the battery, and how they'll react to oxygen or water.
Let's say that you were able to magically disassemble a cellphone battery into its constituent elements and compounds, made rods out of each, and then sealed each rod in a zip-lock bag in a vacuum chamber.
The resulting collection of zip-lock bags is still something you wouldn't want to keep on a shelf somewhere, e.g. https://youtu.be/Vxqe_ZOwsHs shows how elemental lithium reacts.
Most of my old phones still boot but have cracked screen & either are unreadable and/or more frequently non-working touchscreens.
Thankfully with Android I can just plug in a mouse! On my Samsung phones I can plug in a full display + mouse. It's a bit of a risk leaving thr gate open like this, but occasionally I've also setup dying phones to auto switch to ADB, so when they do go, I can still access them.
The main barrier I have is that some phones have bad usb micro ports. With that, I'm hosed. Thankfully haven't seen a single usb-c device with a bad port; loving it.
Ideally we should be able to trust on-disk encryption on our phones. Alas with pin codes, there's not enough entropy to do a for real job of encrypting, but it'll ward off casual snooping. I'm honestly not sure when the changeover was where users ought to be able to expect this fundamental builtin protection.
Of course it's a bit more involved for a device that wasn't intended to have a user-replaceable battery, but it's almost always possible.
Alternatively, even with a dead battery, you can probably plug it into the wall to boot it up and wipe all your data, and then sell it for maybe $30 to $40 on eBay. There's lots of folks out there who will buy phones cheap and either refurbish them themselves, or else just use them tethered for software development, IoT projects, etc.
What a shame that there's no standardized battery format (similar to AA, AAA etc..., but thin like for in phones) so that at least the batteries of those unused phones could be re-used elsewhere or replaced if the battery is EOL. But this would also be useful just to allow removing them to prevent the fire risk of old phones.
Same would actually be useful with the screens, just have a few standardized physical rectangular screen sizes and make them swappable between phones so if one breaks you can re-use the one from your previous phone... (supporting different resolutions should be trivial for the OS)
Not by that much, look at a phone battery soldered to a phone PCB today, it'll fit in most form factors. If there are a couple of different standardized sizes, it could fit anything, and also allow combinations of multiple.
Look at PC monitors: you can attach all kinds of monitors with different resolutions to PC's, and there exist some pretty exotic ones with eye trackers etc... too, and of course also various VR headsets can be connected too.
Absolutley true. However, the form factors really haven't changed that much in the last decade; at some point, it makes sense to standardize, even at the cost of further innovation.
I am absolutely grateful that my plumbing and electrical fittings are standardized. I'm grateful that most (old-school) electrical devices use the same four kinds of batteries, and get really frustrated at the coin-batteries that come in 20 something different sizes, because I almost never have the right size around. And I'm grateful that we charge almost all of our devices by a small number of USB connectors. Because standardization is also a boon to innovation, or rather, a lack of standardization can get in the way of innovating, especially at the level of interoperating services and hardware.
I dunno; if phones were more like PCs, you could have a screen on the front that was a fixed physical total size and connected via standard connectors and still have a lot of room for variations, up to and including changing the number of pixels in that fixed size. That would still fall down when faced with ex. in-screen fingerprint readers or maybe punch-hole cameras (and variations thereof) but the majority of phones don't have those so you'd still win overall.
The battery is normally the first part to go, so a battery replacement is the best way of making a 5 year old iPhone feel like a new iPhone. And really battery replacements is a bit too tricky with most phones, but I don't think standardization is the answer. Rather some acceptable treshold for repairability would be good. E.g. that you can buy replacement batteries for N years, that the phone accepts third party batteries, and that a pro or half-skilled person can replace the battery with some tools in 30 minutes without voiding the warranty even for a new phone. If those conditions apply then I'd much rather have that than a battery hatch or a standardized battery.
Nokia had a decent set of 'standard' batteries. Major makers wouldn't use them, because they had their own range, but minor makers would often just use a nokia battery shape (sometimes with branded batteries, sometimes with existing knock-offs, sometimes with actual Nokia batteries).
Of course, now that nobody wants to make a reasonable phone with a removable back, it's not that helpful. One hopes the EU regulations push us back on course.
You have the same kind of problem with electrified lawn/power tools. Can’t use your Dewalt battery on your Makita whatever or whatever electric chainsaw.
I wish these batteries could just slide in and out of an electric car so you’re not having batteries sit around doing nothing.
I'm in the same boat. Although I'm not that worried about what's on the phones being sensitive. I have a good sense for what's there, since I'm diligent about dumping the contents of my old phone onto my NAS when I get a new one.
For consumers to turn in their old mobile devices, a successful effort will need:
- A clear benefit from turning the device in (money, phone will be used to build electric cars).
- A clear instructions on how to do a factory reset on all devices to promote data privacy
- A consistent, well advertised, clearly marked place to turn devices in
- confidence that turning in the device will lead to the outcomes advertised. If you advertise money, and consumers end up getting a rebate form for a check that never come in the mail, or if they see a news report that their phones were thrown in the garbage and not actually recycled, no one will turn in their phone again.
It would be nice if recyclers assumed some liability for data loss (encouraging them to destroy sensitive information on recycled electronics). I’m not sure if that’s currently a thing, but it seems reasonable to protect the customer’s information on the phone. There also needs to be some legal express lane for consumers to collect on that to ensure the stick is sufficiently motivating.
> - A clear instructions on how to do a factory reset on all devices to promote data privacy
This should be unnecessary and is likely a large part of why people don't. There are loads of reasons it is not possible to wipe a device. I have one which reboots before any point it will accept input.
I've rarely (... never?) retired a phone that was still usable enough to wipe it. Most could be repaired to a usable state, but at like 50% the cost of a new phone, so I just get a new one instead (since by then there are usually a bunch of other parts just waiting to go bad). Definitely not gonna spend that money so I can wipe them in order to recycle them.
For (a) a mandatory deposit which you pay when purchasing the device, and get back when recycling it could work. It works pretty well for plastic bottles at least.
That feels like pushing the costs onto the customer without actually solving the problems that impede it. Now you've just made it cost money to care about the privacy problems.
Good news, on iOS and macOS there’s a “Reset all content and settings” button that does everything needed. And if you go through the trade in flow from Apple they walk you through it.
An 18650 will be some variant of a lithium ion battery while phone batteries are lithium polymer. The chemistry might be similar but they aren't the same type of battery.
Back in the Marines once per fiscal year the admin people would give us sledgehammers and a truckbed full of computers, printers, and Blackberries they were retiring. That was usually the best day of the year. We had to make sure to really pound the hell out of the keyboards so that dumpster diving spies couldn't use wear patterns to guess character frequency in passwords (this apparently did happen at one point).
Are you really typing your password more often than anything else on your keyboard? Except if your password contains very unusual character I think it would very difficult to extract that info from normal wear. If your password contains an e or an a good luck to guess that from the wear.
Many organizations go with B already. Usually with some arbitrary password update period, with more sensitive information requiring shorter periods.
The user response is to choose a new password that is similar to the previous password to avoid loosing access due to forgetting. This means that an attackers best way to find the users current password, is to know their old password. NIST has recognized this, and advises against these policies: “Reset—Required only if the password is compromised or forgotten.” [1].
Best mitigation I see for systems that exclusively take password input is to use a user pin plus a PKI card or RSA key.
Changing passwords as a cracking mitigation is "bad medicine", always has been, and is now acknowledged as such.
Mathematically, imagine it is raining (stochastically speaking, evenly distributed on the interval, with replacement). Are you more or less likely to get hit by a rain drop if you dance around or stand still? Nope, odds are the same. (Although technically by moving around a lot you are sweeping space and thereby increasing the surface area for rain to impact + amount of rain, so actually you are increasing the odds.)
Ok, try this instead. Flip a coin and guess whether it's heads or tails. Does it matter whether I guess heads every time, alternate heads/tails, or flip another coin? No, it does not.
Now in the case of people who re-use passwords... in the longer term we'll find out whether the propensity to be one or the other produces an evolutionary signal or whether people are impossibly bad at "random" in any case.
Finally, imagine someone cracking passwords: this is your adversary, and there is only one. Are they going to start with the hardest, most difficult to compute / type / memorize / come up with in the first place passwords? Let's encourage them to do that, and start with passwords which you'd never be able to enumerate starting from null before the heat death of the universe. Ok, so maybe that won't work, they're going to start with the easy ones first. So in this case, the optimal strategy would be to pick a really difficult password, and then at some point in time switch to one of the easy ones since it's already been checked.
It's an exposure mitigation rather than a cracking mitigation, isn't it? The idea is that if it got badly stored somewhere it's only dangerous for 30 days or whatever.
Yes, I suppose it is an exposure mitigation as well. Although if someone is having users change passwords every 30 days (or 30 seconds? whatever) due to exposure I have a lot of WTF questions. If passwords suffer from that much unavoidable exposure I'd be expecting automated systems (hello HOTP / TOTP) and OOB authenticators which are resistant or agnostic to that exposure.
(ssa.gov generates printable one-time pads if you're masochistic enough to request one.)
As is so often the case, the perversity of the real world can be much larger than you expect. The average keyboard will simply reflect the wear pattern of English frequency... but there are keyboards in the world sitting on systems whose sole purpose in life is to accept password inputs, possibly from just one person, for a system that otherwise does everything via mouse. Could be merely hundreds of these in the world, but if one happens to be a very sensitive system, well, it isn't long before you end up with a policy to just smash everything to bits. Most hard drive sectors that get shredded have nothing of use on them either, but it's just not worth it to sit there and classify them rather than just toss them in to the shredder.
I use my old 7 years old iPhone as a pet cam. Set it to auto answer after 3 seconds, and put it somewhere where you can see your pets. Call it over Facetime whenever you want to check them out.
iPhones are very long lasting devices, pretty useful even after many years but would have been even better if Apple let you unlock these things. Facetime can autoanswer only on the selfie camera and I would prefer a solution which would do this on the main camera but unfortunately that's not possible under current access level to the device.
It can be more useful to re-purpose those device instead of mining them for metals?
The OS/software side is messiest side for me. Obviously running an old Android that's connected to the internet is potentially a bad idea, but the install of open source backfill replacements isn't great either. I've bricked phones in the past following (fairly complex) instructions carefully, and the need to trust 3rd party binary builds and/or tools isn't fantastic. If Right To Repair can mandate that phones be open enough to easily replace the firmware (sufficiently easy so that, say, your Mom could do it) then maybe reuse of phones becomes a more viable proposition.
I've found the best way to recycle iPhones is to find a family/friend who has an older phone than me, and gift it to them as a new phone!
Sometimes this triggers a chain reaction where the person I gifted the phone ends up gifting the phone they're replacing to someone else (usually someone switching from Android, or someone with an even older iPhone).
Technically each pass down of the used phone is causing another phone to come out of service (and/or gifted again), but from an environmental standpoint this helps reduce demand for new phones since the people who received the gifted phones probably won't buy a new one for at least a couple additional years.
$1 of gold per phone would mean there's $5 billion interested in getting the gold back out, and if it's easier to get it out of the phones than out of the ground, it seems like a no-brainer.
Kind of interesting to think about, it's impossible to net $5b from this endeavour as you have to imagine it will cost between 1c and 99c in manpower/electricity/expenses per phone to do the extracting.
Extracting the gold is only one part, you also need to collect the phones, ship them to the plant where the gold is extracted, probably purify it or something like this, and then ship it back out to sell it.
There is literally no way that it is worth it at $1 of gold per phone. Not even close.
Don't forget wattage requirements. Compute per watt is by far the most important factor. I would be curious if resoldering many phone CPU chips to make some sort of computer is power competitive with relatively modern cPUs.
We are talking about reusing for old phones here- does it really need to be power competitive? When we talk about compute per watt we are really talking about cost. What is the cost of something modern and power competitive compared to reusing a phone that was already purchased, in a setup that mostly idles?
Please don't recycle your phones. Don't deny future archeologists this gold mine (pun intended) of cultural data. Nudes and all - this stuff will be of immense value at some future time ;)
I don't see why this is hard. Upon manufacture, paint the chips that hold use data red. If you want to get fancy, put them in a thin socket. You might be able to make it thin and cheap if it's one-use-only.
125 comments
[ 3.3 ms ] story [ 192 ms ] threadThey don’t start so there’s no way to boot and wipe. And they are hard to disassemble and remove the storage.
So I do the calculation of getting like $2 off a new phone or the extremely low, but non-zero, probability of all my photos ending up somewhere not cool.
To help with this, right to repair also makes things more recyclable.
Storage encryption, which most modern phones should utilize, also helps.
Though it would be nice if they had a get the old data off that dead phone and return to you process. (Which reminds me, I need to setup backups on my latest phone
It's difficult to see this being profitable. Or even possible, given the meagre training most carriers' employees at physical stores seem to have.
Easier: a device that shreds the phone onsite, in front of the customer.
A better play might be to liaise with phone repair shops both carrier-owned and independent, since they already do this as a matter of course, and it's quicker if you don't care what damage you do in the process. Lot of cats to herd, though, that would be.
Lithium-ion batteries can be safely shredded. You need to ensure they're discharged and/or shredded in an inert atmosphere [1].
[1] https://www.recovery-worldwide.com/en/artikel/efficient-and-...
Training is one thing, but the primary issue is wages and career prospects. Nobody working in a customer-facing role at a mobile carrier is paid enough to give a shit to do proper data protection - in fact they might be paid more by a malicious actor (bribery) to intentionally compromise data protection, just like it happens with fraudulent SIM swaps.
Given that most phone these days have non-removable batteries, can one really shred them safely? And wouldn't it make it harder to recycle if you can't isolate the various components?
It's not too difficult to destructively open phones to remove the battery and destroy the motherboard, but that requires some tools and know-how.
My local PC repair shop has a hard-disk destroyer that you can use to destruct your own drives. It's basically a lever-operated vice-crusher with a four-foot lever that you use to close the jaws. As soon as I discovered it I was able to destroy the hard drives that I'd been keeping in a bucket in my garage. The shop keeps the bits and manages the e-waste disposal. Bonus: it gives you an upper-body work-out
Medium value stuff is shredded into a big pile and then they leach the gold off it with cyanide. It has a much higher concentration of gold then raw gold ore.
Low value stuff is shipped to poor countries where the copper is extracted by burning and picking through the ash. Very toxic process.
Don’t hand in your phone when there is any chance that data can be recovered.
If your phone can boot, wipe it.
If your phone cannot boot, remove the battery and then smash everything else into tiny little pieces with a hammer.
Open phone, snap off the pink, recycle the rest.
I don’t trust any carrier to do this honestly or competently. And I don’t have the time to audit their process.
I also don’t care enough to do a secure wipe but would gladly take out the storage card and destroy it. That way I’m certain.
It’s not that it’s not possible. It’s that I don’t think it’s worth the work for a negligible benefit.
I've thought about how long I intend to do this, or, even if I let the battery stay disconnected, how long I will keep the phone. I suspect I'll keep the phone until I die myself but wonder if it would end up being some odd sort of family heirloom/relic 100 years from now.
(FWIW, I have captured to other devices her photos and such so that I am not reliant on the physical device for these memories.)
I found some old computers a while back, from the early 2000s. None of them booted. I couldn't get anything off even after pulling the HDs and connecting to them directly - everything was corrupted despite sitting in a fairly dry, clean, climate-controlled space.
Likely: time/date, and you will need to compile modern ssl and gnu tls. I've found that even if I'm doing a pure http request (no https), I can't fetch anything without a modern ssl/tls library. At least that's how it was on an old kindle
My Dad died in 2021 and like the OP above I have his phone still connected to power and photos videos, calls etc. on it.
What you say is correct but I haven't the courage to look at the photos yet. Videos will be especially hard much more real than a picture.
But yes I have to act.
You can install something like Dropbox or Nextcloud and set them up to sync the entire photo album. Just checking the rough counts on either end should get you a decent indicator that you've got everything. (It's possible something gets missed but, trying to not let the perfect be the enemy of the good, it would certainly be a much safer position over where you are today.)
As much as anything, I'm just trying to give you a nudge. I can only imagine how much it would compound the heartbreak to lose all of that.
My sympathies for your loss.
(I actually mean that, but I'm also attempting to be sorta funny)
I have an original iPhone in my drawer. It was decent 15 years ago, but not safe now.
The purpose of encryption is not to keep secrets eternally. The purpose of it is to keep secrets long enough that by the time they're revealed, they aren't worth anything.
AFAIK Android has always used dm-crypt (should be familiar to any Linux user) with AES, which I'm pretty sure is still safe.
Back then I think maybe it used CBC mode, whereas now it defaults to XTR, but again AFAIK, CBC is still safe, it's just that XTR performs better for block devices or something.
Someone please correct me if I'm wrong.
I can maybe see someone repairing phones to boot them and grab unencrypted data. But no one is holding on to them for 20 years to decrypt them.
I think that’s what concerns people. And makes random phones of interest to bored people. A decent percent of phones probably have nudes. And I think that data stays sensitive.
Apart from slowing down ever so slightly the oncoming scarcity of resources.
Updte: hmm. Not full disk encryption. Does this mean that its up to the app to encrypt?
https://source.android.com/docs/security/features/encryption
- Charge to ~.25%
- Phone automatically powers on
- The boot process takes more power than the charger can provide, so it drains the battery
- Automatically powers off because battery is back to 0%
I've had them on the charger for a few hours and watched this process repeat over and over. Short of disassembling and swapping the batteries I've tried everything I can think of to get them to power up
- booting into recovery -- find out which key combo might trigger that at power-on
- booting into an OEM download mode -- "" - probably a cable insert + key combo
- triggering the Qualcomm download mode -- ""
That would load a different boot setup (maybe kernel, or just ramdisk, and whatever tools they added on top from that particular OEM), and that may allow you to charge. That can work sometimes.
Nobody is getting the data off at my house. I assume nobody will go through the dump looking for old phones, but someone did go through the dump and found the ET cartridges, so there's prescedent. Also, I feel a little bad about putting phones directly in the dump.
If it goes to a carrier program, there's a good chance it goes into a repair process where the battery is replaced and maybe it works again. If it works again, I expect it to get the least intensive wipe required so that the user can get into the home screen, and then sold. That might mean the new user can get access to my data.
Story time: my spouse had an Amazon Fire phone for quite some time; when she was done with it, my dad needed a phone, but FireOS was a really poor choice, so I flashed it with a 3rd party Android build. Several years later, he ran it all the way out of battery, and when he got it charged up, somehow it booted up into FireOS instead and had my spouse's accounts and what not. Whoops. No big deal, we got him a new phone and got the Fire Phone back (and I tried to wipe it again, but better) and now it lives in a drawer and won't power on.
Story time: I was a contractor a few decades ago and I got a “new pc.” Theoretically it was imaged with a developer setup. Reality is the local user accounts were removed and a new account created for me.
The previous user was an HR analyst who kept all their data in c:\employee_salary and didn’t get wiped. So it had layoff analysis of every employee, their salary, their layoff priority. Comically, sadly, the HR analyst was layed off despite being listed as high priority.
I tried reporting the data and my contractor manager squashed it for fear that I would be rolled off the project.
My lesson is that unless I destroy the data, assume others will see it.
Although I suspect someone will think it a fun project to sift through old storage devices found in the dump to automatically scan for photos of interest. Given the high interest in pornography, I expect the motivation of “found nudes” will lead to some discoveries no one ever thought possible.
I've had various old phones, laptops speakers etc. that became bloated in storage because an internal lithium ion cell was halfway ruptured.
And once you do that it's usually trivial to pop out and destroy the motherboard or storage device, especially as you don't care about doing so destructively. Then you can recycle the rest.
But yeah, preemptively removing batteries for safety is a good move.
Let's say that you were able to magically disassemble a cellphone battery into its constituent elements and compounds, made rods out of each, and then sealed each rod in a zip-lock bag in a vacuum chamber.
The resulting collection of zip-lock bags is still something you wouldn't want to keep on a shelf somewhere, e.g. https://youtu.be/Vxqe_ZOwsHs shows how elemental lithium reacts.
Thankfully with Android I can just plug in a mouse! On my Samsung phones I can plug in a full display + mouse. It's a bit of a risk leaving thr gate open like this, but occasionally I've also setup dying phones to auto switch to ADB, so when they do go, I can still access them.
The main barrier I have is that some phones have bad usb micro ports. With that, I'm hosed. Thankfully haven't seen a single usb-c device with a bad port; loving it.
Ideally we should be able to trust on-disk encryption on our phones. Alas with pin codes, there's not enough entropy to do a for real job of encrypting, but it'll ward off casual snooping. I'm honestly not sure when the changeover was where users ought to be able to expect this fundamental builtin protection.
By the time I replace my backup phone with my new old phone the battery is long gone and I'd get nothing if I sell it.
So yes, phones continue to accumulate in my drawer.
Of course it's a bit more involved for a device that wasn't intended to have a user-replaceable battery, but it's almost always possible.
Alternatively, even with a dead battery, you can probably plug it into the wall to boot it up and wipe all your data, and then sell it for maybe $30 to $40 on eBay. There's lots of folks out there who will buy phones cheap and either refurbish them themselves, or else just use them tethered for software development, IoT projects, etc.
I don't think there was much left of the original by then...
Same would actually be useful with the screens, just have a few standardized physical rectangular screen sizes and make them swappable between phones so if one breaks you can re-use the one from your previous phone... (supporting different resolutions should be trivial for the OS)
Eg higher resolution screens that are being experimented on for VR but need a market to support.
A standard sized battery would also affect on the screen sizes to choose from for designers.
Look at PC monitors: you can attach all kinds of monitors with different resolutions to PC's, and there exist some pretty exotic ones with eye trackers etc... too, and of course also various VR headsets can be connected too.
I am absolutely grateful that my plumbing and electrical fittings are standardized. I'm grateful that most (old-school) electrical devices use the same four kinds of batteries, and get really frustrated at the coin-batteries that come in 20 something different sizes, because I almost never have the right size around. And I'm grateful that we charge almost all of our devices by a small number of USB connectors. Because standardization is also a boon to innovation, or rather, a lack of standardization can get in the way of innovating, especially at the level of interoperating services and hardware.
Of course, now that nobody wants to make a reasonable phone with a removable back, it's not that helpful. One hopes the EU regulations push us back on course.
I wish these batteries could just slide in and out of an electric car so you’re not having batteries sit around doing nothing.
Maybe usb-d can solve all this!
- A clear benefit from turning the device in (money, phone will be used to build electric cars).
- A clear instructions on how to do a factory reset on all devices to promote data privacy
- A consistent, well advertised, clearly marked place to turn devices in
- confidence that turning in the device will lead to the outcomes advertised. If you advertise money, and consumers end up getting a rebate form for a check that never come in the mail, or if they see a news report that their phones were thrown in the garbage and not actually recycled, no one will turn in their phone again.
This should be unnecessary and is likely a large part of why people don't. There are loads of reasons it is not possible to wipe a device. I have one which reboots before any point it will accept input.
https://boinc.berkeley.edu/download_all.php?platform=android
(and, if I'm reading that correctly, all those disposable vapes that should not be in landfill)
(lithium battery explosions are a lot rarer than accidental cigarette/clothing/hair fires used to be)
Reduces the impact of my main phone being stolen/lost whilst on the road.
A. Make a stronger password, time to crack it increases exponentially.
B. Change password regularly, including after getting new equipment.
The user response is to choose a new password that is similar to the previous password to avoid loosing access due to forgetting. This means that an attackers best way to find the users current password, is to know their old password. NIST has recognized this, and advises against these policies: “Reset—Required only if the password is compromised or forgotten.” [1].
Best mitigation I see for systems that exclusively take password input is to use a user pin plus a PKI card or RSA key.
[1] https://www.isaca.org/resources/isaca-journal/issues/2019/vo...
Mathematically, imagine it is raining (stochastically speaking, evenly distributed on the interval, with replacement). Are you more or less likely to get hit by a rain drop if you dance around or stand still? Nope, odds are the same. (Although technically by moving around a lot you are sweeping space and thereby increasing the surface area for rain to impact + amount of rain, so actually you are increasing the odds.)
Ok, try this instead. Flip a coin and guess whether it's heads or tails. Does it matter whether I guess heads every time, alternate heads/tails, or flip another coin? No, it does not.
Now in the case of people who re-use passwords... in the longer term we'll find out whether the propensity to be one or the other produces an evolutionary signal or whether people are impossibly bad at "random" in any case.
Finally, imagine someone cracking passwords: this is your adversary, and there is only one. Are they going to start with the hardest, most difficult to compute / type / memorize / come up with in the first place passwords? Let's encourage them to do that, and start with passwords which you'd never be able to enumerate starting from null before the heat death of the universe. Ok, so maybe that won't work, they're going to start with the easy ones first. So in this case, the optimal strategy would be to pick a really difficult password, and then at some point in time switch to one of the easy ones since it's already been checked.
How's your migraine now?
(ssa.gov generates printable one-time pads if you're masochistic enough to request one.)
iPhones are very long lasting devices, pretty useful even after many years but would have been even better if Apple let you unlock these things. Facetime can autoanswer only on the selfie camera and I would prefer a solution which would do this on the main camera but unfortunately that's not possible under current access level to the device.
It can be more useful to re-purpose those device instead of mining them for metals?
This guy made a 4k projector out of one. Particularly intriguing is that he hardwired power, replacing the battery - doesn't seem _that_ hard.
https://www.youtube.com/watch?v=YfvTjQ9MCwY
The OS/software side is messiest side for me. Obviously running an old Android that's connected to the internet is potentially a bad idea, but the install of open source backfill replacements isn't great either. I've bricked phones in the past following (fairly complex) instructions carefully, and the need to trust 3rd party binary builds and/or tools isn't fantastic. If Right To Repair can mandate that phones be open enough to easily replace the firmware (sufficiently easy so that, say, your Mom could do it) then maybe reuse of phones becomes a more viable proposition.
Sometimes this triggers a chain reaction where the person I gifted the phone ends up gifting the phone they're replacing to someone else (usually someone switching from Android, or someone with an even older iPhone).
Technically each pass down of the used phone is causing another phone to come out of service (and/or gifted again), but from an environmental standpoint this helps reduce demand for new phones since the people who received the gifted phones probably won't buy a new one for at least a couple additional years.
But the question is how much.
There is literally no way that it is worth it at $1 of gold per phone. Not even close.
We are surrounded by fairly powerful general-purpose aarch64 computers that are rendered useless by draconian userspace barriers.
Pull the chips and the device is safe to recycle.