Digital images and security

One common policy with people with digital cameras in nudist venues is to require them to delete all the images on the memory card (physically confiscating the equipment begs for lawsuits). The error is the assumption that once the images are deleted, they are gone.

That perv that was caught shooting pics in a nudist venue smiles to himself as he is required to do a mass-delete before being booted out the door. He goes home, fires up the puter, and in a couple of minutes has every one of those images to do with as he sees fit. Security and privacy? They're bad jokes.

This is what nudists need to know about digital images.

==================================================

Digital photography has brought about the proverbial "sea change" in imaging. Nudists have adopted it enthusiastically, if for no other reason than that the days of taking that revealing roll of film to the local processor for developing, with the associated risk of prudists involving law enforcement, are now history.

And of course it's much easier to get rid of images that might push the envelope. Just go through the "Delete" sequence and they are gone forever from the hard drive, USB flash drive or camera memory card.

Izzatso? Digital Security 101 is in session.

Here's the cold, hard truth about deleting digital files that maybe one in a thousand users knows: no standard deletion routine removes them from the drive or card. The operation just deletes the file table reference to them and opens their locations on the drive to reuse. The actual file data remains untouched. Unless the system overwrites the data with new information, it can be recovered.

On my machine are two very effective file recovery programs. I bought them when a virus on a relative's machine forced him to use the system recovery function to get it running again. Because it restores the machine to its as-shipped condition, it started with a fresh desktop — minus a folder that had several hundred irreplaceable photos of his kids.

After everything else failed, I bought the programs as a last-ditch effort. By slaving his hard drive on my machine and using one of the programs, I recovered all but four of the photos intact. Two of the others were partially corrupted, but cropping made them usable. The scan also found a number of interesting Web images that he thought he had deleted months earlier.

The same software also found images on my camera's memory card from a shoot of weeks ago, after I ran the camera's file delete routine.

The point: just because the images don't show up by the standard methods does not mean that they are gone.

USB flash drives are especially nasty in terms of keeping data that one might not want preserved.

In research that has important findings for banks, businesses and security buffs everywhere, scientists have found that computer files stored on solid state drives are sometimes impossible to delete using traditional disk-erasure techniques.

Even when the next-generation storage devices show that files have been deleted, as much as 75 percent of the data contained in them may still reside on the flash-based drives, according to the research, which is being presented this week at the Usenix FAST 11 conference in California. In some cases, the SSDs, or sold-state drives, incorrectly indicate the files have been "securely erased" even though duplicate files remain in secondary locations.

The difficulty of reliably wiping SSDs stems from their radically different internal design. Traditional ATA and SCSI hard drives employ magnetizing materials to write contents to a physical location that's known as the LBA, or logical block address. SSDs, by contrast, use computer chips to store data digitally and employ an FTL, or flash translation layer, to manage the contents. When data is modified, the FTL frequently writes new files to a different location and updates its map to reflect the change.

In the process left-over data from the old file, which the authors refer to as digital remnants, remain.

<a href="http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/" target="_blank">Flash drives dangerously hard to purge of sensitive data</a>

==================================================

This is good information to know if one has decided to donate an older machine to an organization or charity. Even if the drive has been high-level reformatted, those files are still there. The recovery programs are available to the public, and there are geeks everywhere.

With hard drives, there are "shredder" programs that allow deletion of files or folders that includes total destruction of the file data by overwriting it. If one is paranoid, some of them can delete the data to Dept. of Defense standards.

As well, sensitive data should be encrypted using one of the readily available encryption programs. The saved data requires a passcode to access it. If the code is lost, the data is gone, period. Use a long enough passcode that it can't be guessed or brute-forced. Commit it to memory if possible, and in any case NEVER save it to the machine where it is used.

As for memory cards and flash drives, the safest approach when they are no longer needed is to destroy them physically. Given the low prices for new ones, donating them is meaningless, and it can be compromising.

Summary: digital imaging has made photography far simpler, but it can come back to bite the unwary folks in their arses. Know the security issues and deal with them.

24 thoughts on “Digital images and security”

  1. Encryption is the safest and most effective way to avoid the unlikely but possible adverse consequences. I have gigabytes of encrypted files on this box, and the passcode is in my head only. There is no written or digital record of it. Of course, if the Nosy Parkers hire telepathic Zeta Reticulan greys, that's a whole 'nother problem. 😉

    Rule number 1 in encryption: NEVER encrypt files and then save the plain-text passcode somewhere on the same machine. Having it on the premises in written form is almost as self-defeating. Memorized passcodes are assuredly the best approach, but written codes embedded in apparently irrelevant text or data files is a pretty good alternative.

    Re physical destruction of the memory media, hard drives can be effectively wiped. However, as noted earlier, flash memory is by nature untrustworthy and definitely should be reduced to powder.

    We're on the same page, brother.

  2. Sorry Bob. I went off at a tangent there.

    In terms of data security there's really only two golden rules that apply.

    Either don't store stuff in the first place, or encrypt it.
    If you're donating stuff, physically destroy any storage that has content you don't want to fall into others hands.

    Read a defence force Internet Security Manual. That will give you an excellent insight into data storage and management.

  3. "If you truly believe there is nothing untoward about nakedness, why be all cagey about the photos?"

    The issue of the blog, nudist brother, is not the innocence of digital photos, nor the willingness of naturists to be seen au naturel, but rather the fallibility of the methods use to store and delete them on one's own computers and digital imaging devices.

    Note that the warning issued was in reference to the unawareness of technologically average naturists, whose understanding of the nature of digital files and the difficulty of purging them might very well lead to compromising situations. Whether the files in question are nude photos or private emails or bank log-in names and psasswords is irrelevant. The possibility that someone might have unapproved access to them is the prime consideration. The chief hazard is presented by innocently, altruistically donating hardware to other people or to organizations without making certain that every trace of potentially harmful files has been scrubbed.

    ==================================================

    Even when there is no gifting of hardware, there are very dangerous things that can happen. As long as the topic is computer security…

    Ever hear of a RAT (Remote Administration Tool or Remote Access Trojan)? Bearing names like Back Orifice or Sub Seven, these are examples of malware that is usually installed by users incautiously opening email attachments, visiting infected sites, downloading pirated software, etcetera. What can they do? A typical one allows the remote "administrator" to do from afar anything that the user can do locally, at the level allowed by the user's permissions. In the case of users with administrator privileges, they provide the ability to do such things as these:

    • Block the mouse and keyboard
    • Change the desktop wallpaper
    • Alter your web browser's homepage
    • Hide desktop icons, taskbar and files
    • Send messageboxes
    • Play sounds
    • Show fake errors
    • Open CD-ROM tray
    • Shutdown, restart, log-off, shut down monitor

    • Overload the RAM/ROM drive
    • Download, upload, delete, and rename files
    • Destroy hardware by overclocking
    • Drop viruses and worms
    • Edit the Registry
    • Use the victim's Internet connection to perform denial of service attacks (DoS)
    • Use the connection to launch spam emails
    • Use the connection to engage in criminal acts such as trafficking in child pornography
    • Format drives
    • Steal passwords, credit card numbers
    • Silently install applications
    • Log keystrokes using keystroke capture software
    • Control mouse or keyboard
    • Record sound with a connected microphone
    • Record video with a connected webcam
    • Record and control your screen remotely
    • View, kill, and start tasks in task manager

    The first nine are largely mischievous, but the rest are dangerous if not destructive. In the case of "Record video with a connected webcam", which is done without the owner being aware of it, it's his privacy that is compromised. There are some cases of images and video clips being captured and used for vile purposes online.

    There are fairly simple ways to minimize malware infection, but the simplest is to avoid opening unexpected email attachments and instructing other users to do likewise. Perhaps in another blog, the ABCs of computer security and safety will be outlined in more detail. For now, the watchword is, "Be careful! Computers don't do what you want them to do, but only what you tell them to do."

    Peace and blessings! Stay naked.

  4. Here are my thoughts:
    If you truly believe there is nothing untoward about nakedness, why be all cagey about the photos?
    People already have their suspicions that nude resorts are really secret sex societies. The level of secrecy they enforce does nothing to dispel that idea. If people did see images from within the walls, maybe they'd change their ideas. If there were no walls at all, better still.

    The clothing optional venue I visit occasionally, has no cell coverage at all. That in and of itself encourages people to unplug from technology and reconnect with the environment. As it is so remote and there's not much else to do other than walk and swim, it lends itself to healing the technologically wounded.

    There aren't any rules about cameras and I doubt there needs to be. I absolutely wouldn't take photos of others purely on the principle of respect, let alone post them anywhere.

    At the end of the day, if one of the fundamental issues you have in your society is a lack of regard for others, you've got way bigger problems than laws against nudity and the need for nude resorts.

  5. I like the policy of the hot springs resort I was at recently, which is simply not one single electronic device in the bathing/sunning areas where nudity is allowed. Not only does it preclude the very possibility, it makes for a refreshingly more engaging environment when people don't have the option to be distracted by their phones and tablets. Back to face-to-face interaction! Wow, amazing! 🙂

  6. My major point was that if one is relying on deletion of very private files by the standard methods (e,g., emptying the Windows "recycle bin") as a sure way to prevent the files from being recovered, there is a very real risk of being bitten in the butt.

    Most naturists/nudists have little apprehension about being seen au naturel. However, the major concerns are not about Web-based images so much as the stuff on one's computer, digital camera, smart phone, etc. being restorable if the equipment is shared with others or given away to them after upgrading one's hardware.

    This is particularly important with solid-state drives such as USB flash drives and memory cards. Because of the technology, there are a limited number of erase/write cycles on any given "cell" (one bit of data). With the standard 2D MLC (Multi-Level Cell) memory, the wear-out rate is under 5000 cycles. That sounds like a huge number, but given the speed of digital operations, it would not be very long by conventional read/write methods.

    Ergo the chip controllers distribute data over the entirety of the memory using "wear leveling" (http://en.wikipedia.org/wiki/Wear_leveling) algorithms, thus minimizing how often any particular cell is accessed. The problem is that when a specific file is located elsewhere in memory during a write, the old copy of the file remains as a "remnant". With the right equipment, that data can be recovered, whether it's an "adult" image or one's bank log-in information.

    This by no means justifies paranoia, but the readers should be aware of the potential issues when dealing with digital data storage. Safety and security can never be over-emphasized.

    And BTW, it is literally impossible to prevent a Web-based image from being copied and used/abused. If an image can be seen on a monitor, it can be copied. The usual anti-copy techniques involve Javascript routines that disable right-click copy options, or use the image as the backgound for a one-pixel transparent GIF image. But a screen grab just laughs at those "Do not copy!" tactics. Keep that in mind.

    Peace and blessings!

  7. Great post Bob. Much food for thought. Thanks for your ongoing and informative topics.

    I suspect that a somewhat parallel universe exists with the wider adoption of "cloud drive" based data storage. Not being a true geek nor understanding the deeper implications of how all of this works, I am aware of the rule-of-thumb adage which goes something like "once out on the web, always on the web". The upshot of this concern and your concerns about hard drives and flash drives alike is that the more that other people stumble upon your images by either innocent or deliberate folly, the more widely it will become known that nudity falls well within the bounds of normal and healthy human behavior. Hopefully that may lead to greater social and legal tolerance for a lifestyle that we have found to be so comfortable and easy.

    Of course employing bullet proof encryption is always advised if one is really concerned about where ones images may come to linger, but I like many can not be bothered with the trouble of remembering or archiving elaborate lists of keys as you suggest Jimmy. My fear of coming to rely upon a password manager as I have already come to rely upon my smart phones contact list and autodialer is what should happen if that device dies or is otherwise corrupted. A major pain in the case of phone numbers. A major disaster in the case of loosing keys to irreplaceable photo files.

    The simple solution to all of this is to try to come to peace with the notion that a naturist has little to hide…..granted that is easier said than done for some of us who have over riding family related , career and other similar concerns to consider. However coming out of the closet totally as a naturist as I have done (and continue to do) with family friends, even business clients really does make life so much simpler. In many cases it takes the concept of trust to new levels.

    Speaking of simplicity, now where did I last leave that butt towel….or the previous one?

    -Dan

    • I can actually answer the question as to what happens when your password database goes corrupt because I had it happen once while moving my PC for a party haha. And the answer is have backups. The way that I sync my key database between the sites where I use it (at home, work, phone) creates a backup each time I added a new key, so I was able to roll back to a previous database and only had to reset 1 password.

      There is no "perfect" method for IT work. The saying is "If it isn't backed up (if it isn't saved) in 3 different places, then it isn't backed up."

  8. Solid information. I work as an IT consultant and agree with you. With the way that SSDs try to save space by not reusing blocks it makes it hard to force it to zero out the space. I used to manage the inventory at my work so I got to spend a lot of time watching DoD wipes hahaha, so many zeroes.

    As for passwords I've been trying to get my people to switch to password managers, such as LastPass or KeePass. I've been using KeePass with a cloud service to keep my key database synced. I also encourage my people to enable 2-factor authentication where ever available.

    Awesome post!

Leave a Comment

New Report

Close