 So, here's a fun fact. When you delete something on a computer, it is in no sense actually deleted. Doesn't matter if you're on Linux or Mac or Windows, doesn't matter. If you delete a file on your computer, it still very much is there. And it can be recovered, okay? That can be a good thing. It can also be a bad thing, right? If you've ever seen like, let's say one of those crime shows, like real life crime shows, a lot of boomers who don't know how to use technology, if they commit a crime, and they'll just delete some incriminating file off their computer, they will be very surprised when they realize that that can be easily recovered. So, I want to talk in this video, because I've been doing some videos, I made a video on encrypted Arch and Artics installation and encrypting USB drives. So, I want to talk about this, because I think this is important to understand how file systems and storage generally works. A lot of you guys might already know about this, but if you're new, you might not. Okay, so here, I want you to think about this. Suppose you are designing an operating system, okay? And so, you know that any hard drive, this is a USB drive right here in case you can't see it, but whenever you write something to this disk, it takes a little bit of time, right? Let's say you're writing a massive file that's 20 gigabytes, that's going to take a little bit of time, okay? It took a lot more time when we were using spinning disks, and with SSDs and flash drives and stuff, it's a little faster. So, that said, when you delete something, so that's writing to this, therefore, when you delete something on a hard drive, you don't want it to take a lot of time, you want it to happen instantly. So, what happens in all operating systems, all major operating systems, again, Linux, Mac OS, Windows, I assume, Temple OS, I don't know, when you delete something, it doesn't actually go through that data and override it. It actually just keeps all the data on the drive. It's just no longer accessible from your operating system, right? So, instead, it keeps all of the data still on the drive, and that data only gets deleted, truly deleted, truly overwritten, when you need to create some other, when you need that data for something else, right? You move some other massive file or write some other massive file to your drive, okay? So, what does that mean? It means two things. So, there's the good thing and the bad thing. So, the good thing is, if you accidentally delete a file on your computer, there are ways to recover that. In fact, it's actually pretty easy. If you just deleted it, there's a lot of hope, even if it's a big file. Of course, it gets more questionable if it's a bigger and bigger file. But you can go look up on the ArchWiki. You can look up File Recovery, and they actually go through... I actually hate it now that they have indexes on the side in Wikis now, but anyway, so, you can look at, for example, EXT4 Magic, which for a Linux file system, an EXT4 file system, is a tool for retrieving data that's been quote-unquote deleted from drives, because it's still actually there. It's just not manifest in your file structure. The data is still very much there. In fact, you can look further on. You can even do things like, let's see, I think they even mentioned like, oh, you can grep your entire partition just for arbitrary data, just if you're looking for that, okay? So, as if it's a giant text file, you know? So, this is the good side of it. The bad side is for security. So, if you have sensitive data, you know, I mentioned people who commit crimes will often have incriminating stuff on their computer that can be easily recovered, but at the same time, even stuff that everyone, like, you know, if I put, let's say, a password in a text file, or let's say I'm bug-testing something on my command line and I need to write my password on the command line, well, that's going to be saved to my ZSHRC, or not my RC, but my history file, or my bash history file, and even if I delete that, it's still going to be on my laptop. It's still going to be on my computer on that hard drive that someone could use, you know, EXT, I don't have any EXT4 file system, but there are other tools for other kind of file systems, but someone could use that to recover my password and use it to log into something, okay? This is also why you tell people, never let a Bitcoin seed phrase touch a computer that's visible once it's generated, write that down and then lock it away or memorize it or something like that because normies are going to always do it in stupid ways that's going to leave some kind of footprint, and then years later, someone is going to look at their hard drive and be able to recover it. So I want to talk about ways of mitigating, I mean, for your own safety, how you can basically fix this problem if you want for security's sake. Now, I'm not going to talk about file recovery. If you have that emergency happen to you, if you accidentally delete something, I will just tell you the generalities. The first thing you should do just for safety, yeah, so you want to back up your drive that you want to recover, okay? Especially if it's a big file, you want to plug in some external drive and then back up all the hard drive that you want to look at because as soon, I mean, immediately once you delete that file, you're processing other stuff, you're going to be loading other stuff that might replace that in the empty space on your hard drive, which isn't actually empty. So you want to back that up and then you use a tool and they mentioned some of them that you can go look at disks. So that's for file recovery. I'm not going to talk so much about that. But what I do want to talk about is what if you have a drive and you want to, I don't know, securely delete files and stuff like that. So first we'll talk about this. Let's talk about the basic case. I have a terminal up here for a reason. So suppose I have a secret file. Okay. So in my secret file, so this is my secret file. And so let's say here's my Bitcoin seed fray, or private key, private key. Okay. And it looks something like this. Okay. And then here's my secret password for something else. And it's a secret password. Okay. So suppose we have this file on our computer and we want to delete it. Now if I were to just delete it in the normal way, remove secret file, again that would be easily accessible to anyone who takes your hard drive and wants to steal your data. Okay. But Linux thankfully has this very nice command called shred. So if you run shred on a file, let's actually see what happens. So I've run shred on secret file here and if we open up the secret file, you'll actually see it's now gobbledygook. Now what Linux does here is that I think it talks about this on the ArchWiki actually because I think I had pulled it up from this. Yeah. So what shred actually does is it takes just random data and overwrites your file. Okay. So all that file and metadata, it's been just totally obliterated. So we have no idea. If you want to truly securely delete a file, you can run shred. And you can check out shred's manual as well for other things you can do with it. But just to be clear, so let me open up secret file. Notice of course, it didn't actually delete the file on the file system. It just kind of replaced the data. If you want to actually delete the file as well, you just do shred you, I think. I'm pretty sure. Yeah. So that's totally deleted. So that is a secure way. If you just have one up, if you like have a password or something valuable that's in a file, just shred you it. And it will be pretty much, you don't have to worry about it. Now shred is actually going to take a good bit of time for bigger files. I'm pretty sure. Because it's taking data, what it does. So if you don't know this, maybe I should tell you. There's this thing in Linux called devurandom. Actually, I think dev random exists. Oh yeah, it does. Okay. So there's dev random. And if I just output that, that is basically just random data. I think devurandom is like pseudo random. Like there's some difference. And there used to be a big difference, but I don't think it's like that big of a deal now. But theoretically, I think just normal random is supposed to be better. But I don't think it's better by much. Okay. I forget it. I'm not like super knowledgeable about Linux cryptography here. I'm just telling you the basics. But I hate it. It messes up your terminal sometimes when you cat out all those weird characters. So either way, one thing that you can do, let's say you want to, if you want to override a file, another thing you could do, let's say we have a file, let's just create touch file. One thing that you could also do is, suppose that file is actually incredibly massive. One thing we can do is just say take dd with the input of devurandom and output it to file. And that's going to put the stuff in devurandom into this file. So let's actually see what's in here. So we open that up and oh man, it's going to be a really big file. So yeah, it was just outputting a whole bunch of data. It already is at over a million lines. So actually, let's see how big that got. So yeah, that's 300 megs there. So what you're doing here, now let me be clear about this. So on my operating system right now, on my disk drive, there's actually a reason that you might want to just use these random devurandom things to make giant files. And why is that? Well, let's say you have an unencrypted drive and you've deleted a whole bunch of stuff in the past. And as I said, that deleted stuff is never going to be overwritten until you need the space for something else. So one thing that people sometimes do is they'll do something like, well, they'll take devurandom and just put it in a giant file and they'll let that run until it gives them an error. And what it's doing is it's filling up this one file with all this random data and eventually it's going to have an error when you've filled up your entire hard drive. But what you've done at that point, now that's a useless thing, theoretically, just to fill up your hard drive with data, but what you've done is all the stuff that you've deleted in the past has now been overwritten. So if you have all these passwords and Bitcoin private keys and all this valuable stuff, if you have filled up your hard drive with junk, all that old deleted stuff, it's now been actually deleted. So I'm going to stop that. So it looks like we got two gigabytes there. Two and a half gigabytes. So if you want to securely write over all of your old data, this is one thing you can do. You can just write random data. Actually, I should say even faster is actually dev zero. So dev zero, let's look at what dev zero is. So dev zero, it's nothing, but it actually outputs to a file. So we can do something like dd input file dev zero to this output file. So if we do that, maybe I should, let's do it with progress status equals progress so we can see how fast it goes. Dev zero should actually move a little bit faster if you just want to blink drives. Now one thing as I said in my Arch Linux installation or when I talked about like encrypting drives, it is a good idea when you are creating a new encrypted partition, think about the logic behind this. It's a good idea when you're creating a new encrypted partition to wipe the rest of the drive with just random data from random or you random. Mind you, it's not a good idea necessarily to use dev zero because what zero is doing is it's just blanking the disk. Random is it's putting random files and stuff or random data. So think about this. So this USB drive, this is actually the one I put like I created a lux partition and an encrypted partition on. But theoretically, if someone were to look at this drive, let's say I think it's four gigabytes and let's say, I put 100 megs of files and stuff on this that I want to be secured and that's all encrypted. Now, if someone obtained that now I have not wiped, I didn't wipe this drive. I didn't put a bunch of random data on it beforehand. So if someone finds this drive, what they're actually going to find is firstly, they're going to, they're going to see that, you know, that 100 megs of data that I put on this. It is totally random looking. It's encrypted. It's safe. But the rest of this drive, they can tell that it is not encrypted, which means, okay, so whoever had this USB drive, they've only saved 100 megabytes of data on it because the rest of it is unencrypted. The rest of it, it looks like however it used to when it was, you know, didn't have anything fancy on it. And also even if you blank it with dev zero, right? Think about it. It would be mostly blankness and then a small amount of encrypted stuff. So this is how someone can uncover metadata like information about how you use the drive, what might be stored on it, because they're going to know how much data you're using. Additionally, you know, let's say someone like commits a crime and leaves like a drive like this in public. Well, yeah, the data that's encrypted on it is safe. But if they haven't blanked this drive and it has like their slide shows from their college, you know, the final exam or like final presentation, well, it can still be linked to them. You know what I mean? So there's a bunch of other stuff that a drive might have, even an encrypted drive might have that hasn't been overwritten. So this is why what you really want to do is, again, you might want to blank a drive with dev zero when you're using it, but especially if you are creating an encrypted drive, you really do want to overwrite it with a bunch of random data. Now, actually, even in my case, even though I've already created this drive, what I could do, let's actually do it right now. So I could take this drive and I can encrypt or I can decrypt it. I don't think I even put any, what did I, was my password like just password for this? I forget. Was that it? Yeah, okay. So I'm going to mount it to MNT USB. So now one thing that's a good idea to do, did I put anything on this thing? Yeah, I just put like secret file. Just as a joke. So one thing we might really want to do on this drive, just so we can go back and wipe all the rest of the data, is do what I just mentioned. So take dev u random as an input and the output file, let's make that mount USB and then we'll just say junk. Okay, let's say status equals progress. So now what we're doing, we've got to be root here. So now what we're going to do is we are just all that empty space that may have had previous data on it. We are now overriding that with a bunch of junk. So now when someone, if for example, so you lose your USB drive, no one will be able to tell how much data you've recently used or what was on it previously or all that kind of stuff. So that's a point of doing this. It's taken like longer than I expected, I guess. I don't know. Let's see how big was this drive. Yeah, it's like less than four megs. So anyway, that's basically what I wanted to talk about though. So that's all the informational content. So this is something important to keep in mind though. Again, the nice side of this is when you delete something on your computer, it's in no sense deleted and you can recover it. And in most cases, that's what we want to do. We accidentally deleted a file and we really want it back. So there are lots of tools to do that. But on the other side, for security's sake, if you have passwords or anything secure on a drive, you want to be absolutely sure that you wipe the free space or you clear out the free space. Even if you're going to encrypt that drive with something else, you want to make sure that there's nothing that can be touched by anyone else. Shred is the easiest command on Linux for this. And I didn't mention it, but you can actually use Shred on partitions and stuff like that. But that's just something to keep in mind. I think they mentioned it in this... I think they mentioned it in this thing as well. Either way, they actually talk about some other things you can do. Okay, yeah, so they use Shred on a full drive here. So anyway, all that is to say, just be aware of what's going on on your computer. Just be aware of what data is unencrypted, what metadata footprint you might be leaving even if you have an encrypted drive. That's all I'm going to say. So yeah, see you guys next time. Hopefully this has been educational for some people at least.