Without sufficient technical information on how the computer works and without root access, we can't be certain a "wipe" will actually wipe everything.
For malware that could be inserted in a targeted manner, even with desktop computers we don't have access the every firmware of every part.
When we're talking about mobile "phones", we usually have an interface that tells us "sure, it's wiped", but is it? Without full root to every part of it, can you be certain that it is? When you press "wipe" on an iPhone or a closed Android flagship (or whatever the UI is), what happens exactly on the filesystem that you can't even access fully?
Telling people to hand over their devices willy-nilly is far from "good". We shouldn't settle for this. The hardware companies can ship us the tools to replace the battery ourselves. Maybe not "ourselves" - my aunt can ask me to do it for her if she can't do it on her own. But she trusts me more than she does people she's never seen ever. If the tools are expensive, we can ship them back. There are many options so we should discuss them.
Fair points. I've never owned anything but (rooted) Androids, or (now) GrapheneOS. I don't know if that makes me more paranoid than you are or not; I am, however, much less afraid of a wipe that's not a wipe!
Not everyone has someone with technical skills in their family, so making policy that fits only that minority doesn't make sense to me. The majority will, as you say, "hand over their devices willy-nilly".
I'd rather pursue this as a two-part problem: get the best accommodation we can for hardware, and also impose (very, very) strict data-privacy rules. Trying to do too much at once risks accomplishing too little.
> I am, however, much less afraid of a wipe that's not a wipe!
I don't remember, but there was a story about deleted photos on iPhones resurfacing by mistake. Or deleting a file on Windows or Linux most likely removes the entry for that file, not the contents of the file itself. Or the "quick" format or whatever it was called in Linux. Or not being able to delete everything from an SSD because it moves things around and deallocates some regions. But even if a wipe is a wipe, a random employee is more likely to insert a hardware or firmware malware targeted to someone than the company is likely to insert just malware to every computer sold. Using "paranoid" in this case implies that there aren't many people with actual secrets to keep who could be targeted.
> Not everyone has someone with technical skills in their family, so making policy that fits only that minority doesn't make sense to me. The majority will, as you say, "hand over their devices willy-nilly".
Sure, offer both options then. Also, notwithstanding the fact that
I agree with offering both options, not having technical skills should be frowned upon. Everything is computers. Not knowing (someone who knows) how to use a screwdriver or a heat gun is inexcusable.
> I'd rather pursue this as a two-part problem: get the best accommodation we can for hardware, and also impose (very, very) strict data-privacy rules.
Data privacy rules don't accomplish much when the adversary doesn't care about rules. Reminds me of the "We don't have any criminals in Sweden because it's a crime to break the law" meme.
> Trying to do too much at once risks accomplishing too little.
For malware that could be inserted in a targeted manner, even with desktop computers we don't have access the every firmware of every part.
When we're talking about mobile "phones", we usually have an interface that tells us "sure, it's wiped", but is it? Without full root to every part of it, can you be certain that it is? When you press "wipe" on an iPhone or a closed Android flagship (or whatever the UI is), what happens exactly on the filesystem that you can't even access fully?
Telling people to hand over their devices willy-nilly is far from "good". We shouldn't settle for this. The hardware companies can ship us the tools to replace the battery ourselves. Maybe not "ourselves" - my aunt can ask me to do it for her if she can't do it on her own. But she trusts me more than she does people she's never seen ever. If the tools are expensive, we can ship them back. There are many options so we should discuss them.