Main Area and Open Discussion > Living Room
Western Digital playing kinda loose with your privacy
tranglos:
Been away for quite some time, my excuse is that I have meanwhile multiplied, which always puts a damp on your facultative activities, so don't repeat my mistake! There are times though I just can't stay away from my favorite pastime, i.e. grumbling about software and hardware makers alike. When they give me anguish. Which is often.
Today, Western Digital. My favorite hard drive maker has just about made my mortal enemies list, if only I could find the 5 1/4 floppy I saved the list on!
I've recently replaced my old D-Link NAS drive with a new My Book Live Duo 6 TB model from WD. Very nice hardware overall, with a good set of features, including the ability to access your drive contents from the Internet just about anywhere. Watch out for the brittle included software though - the SmartWare setup wizard would quit on me every time, giving only an error code that's nowhere to be found on the net, and WD support doesn't appear to be forthcoming with an answer. Interestingly, when I downloaded the same installer directly from WD website, it worked, so go figure. But that's not what this post is about.
This post is about what happens when you intend to submit a support request (like I did when the software wouldn't install). As part of the process, the drive generates a log file with all sorts of narcissistic insights into itself. When you do that, you may notice that generating this log file takes a suspiciously long time, so much so you think it's hung. Well, it isn't. It is busy creating an SQLite database that contains all the filenames on your drive and then gets zipped up into the log file. Then you can send your support ticket along with the log.
Let me repeat that: the log contains a complete list of all the names of all the files on your drive. How's that for a privacy poison candy? Nowhere in the process are you told this is going to happen - perhaps they inform you in the EULA, I couldn't be bothered to check.
I got suspicious when I saw how huge the log file was - and it was huge, because in my case the database is 166 megabytes in size (uncompressed) and contains records for over 370 thousand files on my drive, each with a full path, filename, modified date and size. The database table even contains a column named "is_deleted", and when you run a SELECT on that, you will see that the table also contains records for files that you had put on the disk and then deleted. Way to go, WD!
Inside the zip file, the database is stored in a folder called ".mediacrawler" (yep, with a leading dot - maybe on a Linux system I wouldn't even see it was there :-) so I thought maybe the db only contained the multimedia files. But no - it actually holds all the files, and they all go to WD, because apparently the filenames will help them resolve a problem you have with the drive not working correctly.
This is where I should say I will never buy a WD drive again and I recommend that you don't either. Well, no such luck, because WD is the only HDD maker that I trust to make reasonably reliable and reasonably fast HDDs. I had a Seagate once, that thing ran hot like a furnace and loud like one too! Then it died a screeching death. In all fairness, a WD Velociraptor drive once died on me too after 3 years of workig almost 24/7, but at 10,000 rpm its short lifespan was to be expected, and SMART alerted me early enough to make a full backup. Other than that, I've never had a WD drive that failed or gave any kind of trouble at all. So, in my experience, WD makes solid drives and I will continue buying them, albeit with a small inward sigh when I do.
I just won't be sending any support requests to WD, that's for sure.
tranglos:
Just to add one thing: with the list of filenames, they don't only know what music I listen to and what movies I watch. They also know who I have ever worked for, what projects I did for my clients, or when and to whom I sent my invoices. They know what software I use and have installed. They know my games. They know the names of some of my friends. And since I registered the drive, they also know my name, email and location. Oh, and the log report also contains a complete traceroute from my system to some WD server somewhere, so they have more than enough to identify me. And an unscrupulous person would know more than enough to steal my identity, without ever seeing the contents of all those files.
I really think it's a bad thing. Doubly bad for no obvious warning to the user that this is going to happen.
Sigh!
superboyac:
I also prefer WD drives, black caviar. good to see you back, and sorry to hear of this nuisance, but it's more of the usual.
I'm very quickly moving away from buying any convenient packages by any big, impersonal companies now. No more NAS, no external drives, none. I buy bare drives and stick them in enclosures by reliable companies like granite digital or dat optic. that's it. and I recommend (with hesitation) to most of my friends and family the same thing. The only thing I hesitate for is because non computer people will initially feel uncomfortable about sticking a scary looking hard drive inside a box with screws or a tray. But once I spend an hour explaining it, it's usually ok.
I stopped using kaspersky for this reason. Back in the day, i needed help with a conflicting program. So i used their support. well, first, they send me a "tool" just like the WD one you describe, and it creates a database of everything on my computer. I'm supposed to send this in BEFORE they even read my support request. Sorry, bye. I actually did that one time...and I spent two days with them hassling me about every little program on my computer, and is this a crack is this warez, etc. i had to justify weird little custom type stuff (like DC coding snacks) because it looked fishy to them. Then they actually did find a cracked thing (I think it was an aim chat tool) and they told me they couldn't help me because my system was compromised and they wouldn't be able to tell if it was kaspersky causing the trouble or all my infected warez apps. So now I'm done with kaspersky, they can kiss my ass. I think they believe themselves to be the internet warez police, whether you use kaspersky or not.
So I'm all into the DIY thing now. I don't care if it's more expensive, or more work, or whatever.
TaoPhoenix:
That's pretty rough, and from a pretty wild angle. "Hard Drive makers? Since when do they play the privacy shenanigans?!" Even worse, "how much do I trust Western Digital to have good data practices?!" I don't even KNOW how to answer that one, HD companies are so far off the radar of the usual privacy infringing suspects, I don't even know what to say.
tranglos:
That's pretty rough, and from a pretty wild angle. "Hard Drive makers? Since when do they play the privacy shenanigans?!" Even worse, "how much do I trust Western Digital to have good data practices?!" I don't even KNOW how to answer that one, HD companies are so far off the radar of the usual privacy infringing suspects, I don't even know what to say.
-TaoPhoenix (September 23, 2012, 09:57 PM)
--- End quote ---
First, it would seem that today pretty much everyone who's selling you anything is participating in the (no-)privacy game. Second, I do not trust anyone to have good data practices unless their profit is directly and proportionately related to them taking a good care of their clients' privacy. It's my personal experience that even those who require and store your credit card data (i.e., various online stores) do not have adequate protection against theft of that data.
In this case, how much profit would WD stand to lose if someone hacked in and copied the support logs? Not much at all, I think. There would be a story on Slashdot, one in a thousand similar security breach stories, but WD is not a bank and as you rightly noticed, there is no association between a drive maker and privacy issues, so - no biggie for them, I assume.
Navigation
[0] Message Index
[#] Next page
Go to full version