Eraser history is a privacy leak.

Overwriter

Active Member
Eraser keeping a history in the schedule is quite a privacy leak. Anyone who wants to go snooping would look in the Eraser history to find names of erased files !

Admittedly they would only retrieve the file names such as “My secret document.doc” but that is evidence / proof that the user had that file and they have taken steps to erase it !

I think the history should at least be deleted when the computer is shut down or on a timed schedule.

Further, I believe the history should not simply be deleted but overwritten.

The only way around this that I can think of at the moment if you want to maintain such a detailed list is to encrypt the schedule reports. This way without the password someone inspecting the computer and looking at the reports wouldn’t gain any useful information without the password. Although in some countries this right to privacy and withholding of private passwords is illegal (as in the UK for example).

What do you think Joel ?
 

Joel

Active Member
The database used to store the task list is the Registry. You can't erase registry subkey keys as far as I know. Granted the users can look for the registry keys, but remember that Eraser uses the asynchronous model and while we could clear completed tasks at shutdown, preventing the task list from going back to the registry, we'd lose logs which may be important to users (what if the file erase failed with errors? or warning messages?).

Keeping the history there is not exactly a leak. v5 kept on demand tasks and scheduled tasks in a file. Just because everything goes to Eraser's main task list doesn't make it any less (for that matter, any more) secure than v5. I'll add a setting to get Eraser to clear completed tasks before shutdown, but the moment a task is created and Eraser exits, we won't be able to remove the task data any more since it will be gone to the disk.

The registry is meant for data storage and I believe that is a good place to store data. It's in essence a database (the whole HKEY_X is one file on disk) and should store our data efficiently. It's not that great an advantage to use the registry over files, but it's just my preference.

Joel
 

Overwriter

Active Member
I'll add a setting to get Eraser to clear completed tasks before shutdown
Thank you :) , will it clear them or overwrite them ?

It’s just that I found it funny that when a user erases a file in the hope that all traces of it are removed from the drive in question and Eraser makes an effort to clear a file name from the MFT that Eraser then writes the file name in its own log !!

I understand it is user error to name a file so descriptively that it compromises their security but I personally believe Eraser should do its best to remove file names at the time of erasure and certainly not to make a copy of what has been deleted for an attacker to browse through at a later date.

Thanks again Joel. :wink:
 

steveg

New Member
Overwriter said:
Eraser keeping a history in the schedule is quite a privacy leak. Anyone who wants to go snooping would look in the Eraser history to find names of erased files !
Where is this history kept? I couldn't find it.

I have logging disabled in preferences. Does this alleviate this issue?

Thanks
Steve
 

Joel

Active Member
We're talking about two different versions here - v5 uses logging to a file, v6 stores scheduled tasks in the Registry.

Joel
 
Top