topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday December 15, 2024, 12:42 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Western Digital playing kinda loose with your privacy  (Read 8217 times)

tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Western Digital playing kinda loose with your privacy
« on: September 23, 2012, 08:14 PM »
Been away for quite some time, my excuse is that I have meanwhile multiplied, which always puts a damp on your facultative activities, so don't repeat my mistake! There are times though I just can't stay away from my favorite pastime, i.e. grumbling about software and hardware makers alike. When they give me anguish. Which is often.

Today, Western Digital. My favorite hard drive maker has just about made my mortal enemies list, if only I could find the 5 1/4 floppy I saved the list on!

I've recently replaced my old D-Link NAS drive with a new My Book Live Duo 6 TB model from WD. Very nice hardware overall, with a good set of features, including the ability to access your drive contents from the Internet just about anywhere. Watch out for the brittle included software though - the SmartWare setup wizard would quit on me every time, giving only an error code that's nowhere to be found on the net, and WD support doesn't appear to be forthcoming with an answer. Interestingly, when I downloaded the same installer directly from WD website, it worked, so go figure. But that's not what this post is about.

This post is about what happens when you intend to submit a support request (like I did when the software wouldn't install). As part of the process, the drive generates a log file with all sorts of narcissistic insights into itself.  When you do that, you may notice that generating this log file takes a suspiciously long time, so much so you think it's hung. Well, it isn't. It is busy creating an SQLite database that contains all the filenames on your drive and then gets zipped up into the log file. Then you can send your support ticket along with the log.

Let me repeat that: the log contains a complete list of all the names of all the files on your drive. How's that for a privacy poison candy? Nowhere in the process are you told this is going to happen - perhaps they inform you in the EULA, I couldn't be bothered to check.

I got suspicious when I saw how huge the log file was - and it was huge, because in my case the database is 166 megabytes in size (uncompressed) and contains records for over 370 thousand files on my drive, each with a full path, filename, modified date and size. The database table even contains a column named "is_deleted", and when you run a SELECT on that, you will see that the table also contains records for files that you had put on the disk and then deleted. Way to go, WD!

Inside the zip file, the database is stored in a folder called ".mediacrawler" (yep, with a leading dot - maybe on a Linux system I wouldn't even see it was there :-) so I thought maybe the db only contained the multimedia files. But no - it actually holds all the files, and they all go to WD, because apparently the filenames will help them resolve a problem you have with the drive not working correctly.

This is where I should say I will never buy a WD drive again and I recommend that you don't either. Well, no such luck, because WD is the only HDD maker that I trust to make reasonably reliable and reasonably fast HDDs. I had a Seagate once, that thing ran hot like a furnace and loud like one too! Then it died a screeching death. In all fairness, a WD Velociraptor drive once died on me too after 3 years of workig almost 24/7, but at 10,000 rpm its short lifespan was to be expected, and SMART alerted me early enough to make a full backup. Other than that, I've never had a WD drive that failed or gave any kind of trouble at all. So, in my experience, WD makes solid drives and I will continue buying them, albeit with a small inward sigh when I do.

I just won't be sending any support requests to WD, that's for sure.

tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Re: Western Digital playing kinda loose with your privacy
« Reply #1 on: September 23, 2012, 08:21 PM »
Just to add one thing: with the list of filenames, they don't only know what music I listen to and what movies I watch. They also know who I have ever worked for, what projects I did for my clients, or when and to whom I sent my invoices. They know what software I use and have installed. They know my games. They know the names of some of my friends. And since I registered the drive, they also know my name, email and location. Oh, and the log report also contains a complete traceroute from my system to some WD server somewhere, so they have more than enough to identify me. And an unscrupulous person would know more than enough to steal my identity, without ever seeing the contents of all those files.

I really think it's a bad thing. Doubly bad for no obvious warning to the user that this is going to happen.

Sigh!


superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Western Digital playing kinda loose with your privacy
« Reply #2 on: September 23, 2012, 09:07 PM »
I also prefer WD drives, black caviar.  good to see you back, and sorry to hear of this nuisance, but it's more of the usual.
I'm very quickly moving away from buying any convenient packages by any big, impersonal companies now.  No more NAS, no external drives, none.  I buy bare drives and stick them in enclosures by reliable companies like granite digital or dat optic.  that's it.  and I recommend (with hesitation) to most of my friends and family the same thing.  The only thing I hesitate for is because non computer people will initially feel uncomfortable about sticking a scary looking hard drive inside a box with screws or a tray.  But once I spend an hour explaining it, it's usually ok.

I stopped using kaspersky for this reason.  Back in the day, i needed help with a conflicting program.  So i used their support.  well, first, they send me a "tool" just like the WD one you describe, and it creates a database of everything on my computer.  I'm supposed to send this in BEFORE they even read my support request.  Sorry, bye.  I actually did that one time...and I spent two days with them hassling me about every little program on my computer, and is this a crack is this warez, etc.  i had to justify weird little custom type stuff (like DC coding snacks) because it looked fishy to them.  Then they actually did find a cracked thing (I think it was an aim chat tool) and they told me they couldn't help me because my system was compromised and they wouldn't be able to tell if it was kaspersky causing the trouble or all my infected warez apps.  So now I'm done with kaspersky, they can kiss my ass.  I think they believe themselves to be the internet warez police, whether you use kaspersky or not.

So I'm all into the DIY thing now.  I don't care if it's more expensive, or more work, or whatever.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Western Digital playing kinda loose with your privacy
« Reply #3 on: September 23, 2012, 09:57 PM »
That's pretty rough, and from a pretty wild angle. "Hard Drive makers? Since when do they play the privacy shenanigans?!" Even worse, "how much do I trust Western Digital to have good data practices?!"   I don't even KNOW how to answer that one, HD companies are so far off the radar of the usual privacy infringing suspects, I don't even know what to say.


tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Re: Western Digital playing kinda loose with your privacy
« Reply #4 on: September 23, 2012, 10:14 PM »
That's pretty rough, and from a pretty wild angle. "Hard Drive makers? Since when do they play the privacy shenanigans?!" Even worse, "how much do I trust Western Digital to have good data practices?!"   I don't even KNOW how to answer that one, HD companies are so far off the radar of the usual privacy infringing suspects, I don't even know what to say.

First, it would seem that today pretty much everyone who's selling you anything is participating in the (no-)privacy game. Second, I do not trust anyone to have good data practices unless their profit is directly and proportionately related to them taking a good care of their clients' privacy. It's my personal experience that even those who require and store your credit card data (i.e., various online stores) do not have adequate protection against theft of that data.

In this case, how much profit would WD stand to lose if someone hacked in and copied the support logs? Not much at all, I think. There would be a story on Slashdot, one in a thousand similar security breach stories, but WD is not a bank and as you rightly noticed, there is no association between a drive maker and  privacy issues, so - no biggie for them, I assume.

tranglos

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,081
    • View Profile
    • Donate to Member
Re: Western Digital playing kinda loose with your privacy
« Reply #5 on: September 23, 2012, 10:19 PM »
So I'm all into the DIY thing now.  I don't care if it's more expensive, or more work, or whatever.

I totally understand your approach, though myself, as I get older, I seem to be going in the opposite direction: no tinkering for me, just let me buy and use the packaged thing that works. (Though I still do and will continue to build my own computers from parts.)

Plus, could you DIY your way to a NAS drive? I really like/need (not sure which :-) having access to all my files from any computer at home, and my phone or laptop when I'm away, plus a media player in the room with the TV, which happens to be the room with no computer in it. I like it better than any cloud service that could replace the NAS, anyway.


superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Western Digital playing kinda loose with your privacy
« Reply #6 on: September 23, 2012, 10:36 PM »
Plus, could you DIY your way to a NAS drive?
This has actually been something I've been working on for a couple of years.  I think it's very possible, but all the methods I know of are more of a hassle than what it's worth (to most people, not me).  First, it's totally possible with standard equipment.  The main complication is getting a box that can hold an abnormal amount of hard drives, like more than 6.  And that's only if you have a large movie collection or something like that.  Otherwise 1-2TB is plenty for most people.

Now, getting the flexible connectivity you mention is a little finicky.  Most of the tools out there to help with this are of the "corporate" variety and are terribly expensive.  I had a WingFTP license donated to me, which helped me find a solution that works with a simple installer right out of the box.  It gives me access to all my files through any method: web access, ftp, sftp, ftps, android/iphone, etc.  very slick.  I wrote a review here:
http://aram.dcmember...are/wing-ftp-server/

Now, the problem with wingftp and anything like that is that you will be limited to your isp upload speed, which is usually pretty abysmal unless you have FIOS or a commercial account.  So if you need that sort of speed, you'd need a legit cloud server, but then you lose control and privacy, which is the whole point of all this.

One of the main reasons I'd want fast upload speeds is to be able to stream or copy a huge video from a remote location.  But that's not hugely important right now, although it would be awesome (and mean independence from netlfix, etc.).  I don't see this being an option for normal citizens any time soon.  So I'll give that one up.  But i can still get all my docs and everything, and not worry about the 2GB dropbox limit or something.

As for home network use, it's beautiful.  You're only limited by your wifi speed, which is (supposedly) plenty for streaming 1080p.  But I haven't tried that yet.  And there's a new Linux distro out that is specifically for setting up a very easy and powerful file server exactly for streaming media and sharing files.

So I'm in the middle of all this now.  But before I begin experimenting, i need to build this hard drive box first.  And I've been working on that for several months.  I hope to start purchasing the parts in a month or two.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,939
    • View Profile
    • Donate to Member
Re: Western Digital playing kinda loose with your privacy
« Reply #7 on: September 24, 2012, 10:20 AM »
FreeNAS would be a proper solution for either superboyac and Tranglos. There are several people here that have implemented such a server and as far as I can tell they all are (very) happy with it. It's free, based on Linux and runs nicely on practically any old PC that you have lying around.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Western Digital playing kinda loose with your privacy
« Reply #8 on: September 24, 2012, 10:21 AM »
FreeNAS would be a proper solution for either superboyac and Tranglos. There are several people here that have implemented such a server and as far as I can tell they all are (very) happy with it. It's free, based on Linux and runs nicely on practically any old PC that you have lying around.

I'm running FreeNAS now, and it's fantastic! +1 there
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Western Digital playing kinda loose with your privacy
« Reply #9 on: September 24, 2012, 10:29 AM »
FreeNAS would be a proper solution for either superboyac and Tranglos. There are several people here that have implemented such a server and as far as I can tell they all are (very) happy with it. It's free, based on Linux and runs nicely on practically any old PC that you have lying around.

I'm running FreeNAS now, and it's fantastic! +1 there
thanks guys.  I'll have to check this out over VM.  also planning on trying out centos, windows server, and this on cloudos thing i need to find.  The key for me will be drive pooling capabilities.