
Destroyer.io - markmassie
http://destroyer.io/
======
yellowapple
> Does it comply with HIPPA?

If they can't be arsed to spell-check "HIPAA", I'm not entirely convinced that
I should be trusting them to maintain HIPAA compliance if I decide to send
them drives that potentially contain patient data.

That is, unless they're instead shouting about complying with sand crabs,
though I'm still concerned in either case.

> The easiest way to destroy your hard drive.

You mean other than nuking it with DBAN or shred and then taking a hammer to
it and/or burning it in a fire?

> Same methods, machines and processes used by banks and recommended by the
> NSA

Yeah, because banks and the NSA are _obviously_ bastions of trustworthiness.
</sarcasm>

> Place the sealed box in any UPS dropbox or schedule a free pick-up.

This seems to be a rather significant point of potential failure. While I
certainly like UPS better than the USPS (or - God forbid - FedEx), I'm not
inclined to go with this approach rather than take drives to a local data
destruction facility and/or destroy them myself.

If you're going to send me a box, it had damn well better be one with a good
locking mechanism and some measure of tamper resistance and/or evidence. Even
that's not surefire, but it's sure as hell better than "here's a cardboard
box; trust us, it's secure enough".

The idea's cute and creative, but when it comes to things like EHRs and such
that require _absolute_ confidentiality and security to a degree that would
make top-notch military agencies and veteran cryptonerds blush, neither "cute"
nor "creative" are good selling points.

~~~
alexnucci
Hi, I'm Alex Nucci, founder of Destroyer.io. Sorry for the late response, I
was just tipped about this HN thread. I had posted one, and had been answering
questions, here -
[https://news.ycombinator.com/item?id=8074934](https://news.ycombinator.com/item?id=8074934)

HIPPA typo:

Thanks for pointing out the typo, it has been fixed. We just opened up the
site today, I expect to find a few extra mistakes and bugs that we'll have to
fix.

\---

"Easiest way to destroy a drive":

DBAN is not physical destruction, which is what we do. We do it this way
because it's the only way to guarantee that your data will disappear, forever.

Taking a hammer to the drive, disassembling it and burning it might do the
trick. We're not here to serve hardcore DIYers, we're here to serve people
that need a guaranteed, quick and inexpensive service that does it for them.

Like any other service business, there's a group of potential customers that
will want to wash their own car, cook their own meal, paint their own nails,
clean their own house, cut their own hair, etc. We believe that we're offering
great value for the service being provided, at just $19 (and $10 for extra
drives).

We also believe that paying $19, checking out in under 60 seconds, getting a
box delivered to you, dropping the drive inside the box and then just dropping
off the package at a drop box (or scheduling a pick up) is the easiest way to
go about this.

\---

NSA wording:

When we say we use the same methods recommended by the NSA, we're trying to
say that we use the same methods that the government uses to destroy their
drives.

Having said that, I'm by now certain that the NSA wording will be changed.
Just seeing those words makes people uncomfortable, and after a lot of
feedback it seems that it's doing our company a disservice.

\---

Drop box:

This option is not for everyone, and we realize that. You can also schedule a
free pickup or drop it off yourself at any of their facilities.

\---

Locking mechanism, etc.:

These are upgrades that we've though about. Some seem more possible than
others, but we can definitely improve on the choices being offered (currently
just one). Improvements across the board will be implemented as we grow and
get more feedback, that's for sure.

\--

In conclusion, thanks for taking the time to detail your pain points. We
shouldn't be leaving so many unanswered questions, our messaging should be
clearer and leave nothing to doubt. I'll take all of your feedback, along with
the rest that I've gotten today, and improve our message and service.

Let me know if there's anything else that I can answer for you. Cheers!

~~~
yellowapple
Thanks for the prompt response.

> DBAN is not physical destruction, which is what we do. We do it this way
> because it's the only way to guarantee that your data will disappear,
> forever.

Hence the second part of that comment. I mentioned DBAN (or any means of
overwriting with randomness and/or zeroes) because it clears the data and
further minimizes opportunities for recovery should a shard (or whole drive)
escape before being destroyed. It's just like why your company degausses
first; it's an extra level of protection and assurance that the data is gone
forever.

> Taking a hammer to the drive, disassembling it and burning it might do the
> trick. We're not here to serve hardcore DIYers, we're here to serve people
> that need a guaranteed, quick and inexpensive service that does it for them.

Throwing drive platters in a fireplace sounds pretty guaranteed, quick, and
inexpensive to me. Just costs firewood and a willingness to see pretty colors
in your living room :)

> Having said that, I'm by now certain that the NSA wording will be changed.
> Just seeing those words makes people uncomfortable, and after a lot of
> feedback it seems that it's doing our company a disservice.

That's certainly a good idea.

If you want to reference a government agency that _isn 't_ notorious for doing
whatever it can to circumvent data destruction as part of the reason it
exists, might I recommend NIST, whose guidelines are the ones that the
Department of Defense, HIPAA, etc. use for data retention/destruction
requirements? While I'm not necessarily trusting of any government agency on a
personal level, there are plenty of hospitals and other medical facilities
that follow HIPAA, HITECH, etc. to the letter and will feel better that you're
actually paying attention to the requirements HIPAA bases its own from.

> You can also schedule a free pickup or drop it off yourself at any of their
> facilities.

That solves the problem of the drop box, yes, but that wasn't what I was
talking about. As much as I like UPS, it's not impossible for them to misplace
a package during transit, for example, nor is it for a rogue UPS guy to snatch
the hard drives during transit and sell them to identity thieves / business
competitors / the NSA / etc. That's a huge problem when a drive contains ePHI
or trade secrets or something else requiring absolute confidentiality.

The hospital I happen to work for right now (and whose data destruction policy
I've had a hand in influencing by recommending our recent policy of wiping
_and_ destroying drives that may contain ePHI) handles the physical
destruction through a local company which gives us a bunch of locked dropboxes
(for hard drives _and_ paper documents, both of which frequently contain PHI)
and picks them up routinely and frequently, transporting everything
themselves. While _that_ degree of service might be out of your current
capacity (I haven't the slightest idea what your expansion potential and/or
willingness to buy some vans are), I _do_ recommend allowing local businesses
to drop off media at your facility directly (or otherwise providing a drop-off
location that _you_ control yourself) in order to avoid the potential hassles
of damage control that would arise should their hard-drive-in-a-box disappear
or be tampered with somewhere between their companies/homes and your own.

> In conclusion, thanks for taking the time to detail your pain points. We
> shouldn't be leaving so many unanswered questions, our messaging should be
> clearer and leave nothing to doubt. I'll take all of your feedback, along
> with the rest that I've gotten today, and improve our message and service.

Good to hear. I really do like the idea; it just needs these seemingly-little-
snags (among others that other folks commented on) worked out, since such
snags - no matter how seemingly minor - are often the difference between
proper security and potential data leaks. Nice to know you're taking it all to
heart and at least interested in making your service as rock-solid as it can
possibly be.

~~~
alexnucci
Thanks again for taking the time to go line by line.

> Already removed the NSA wording. It's amazing how many people it spooked.

> It's safe to say we're going to stay away from referencing other government
> agencies.

> I answered this in your other comment, on the other thread, but we're only
> using USPS.

> Offering some sort of en-route layer to our product seems likely. There will
> always be a weakest link when it comes to data security (proving your social
> for some, your data being stored in the cloud for others, etc.) and the fact
> that you're shipping the drive to us is ours. We'll work on making this as
> much as a non-issue as the business model allows.

> The service that your hospital has is exactly what big corporations can
> afford. We're filling a gap for companies that are not there yet.

Shoot me an email at alex@destroyer.io with your address and I'll send a
Destroyer.io sticker your way (if you trust me with your address :). The
feedback here has been great, and the goal is to offer a service that makes
everyone feel safe, this thread definitely pushes us in that direction.

~~~
yellowapple
> Already removed the NSA wording. It's amazing how many people it spooked.

Much obliged.

> Offering some sort of en-route layer to our product seems likely. There will
> always be a weakest link when it comes to data security (proving your social
> for some, your data being stored in the cloud for others, etc.) and the fact
> that you're shipping the drive to us is ours. We'll work on making this as
> much as a non-issue as the business model allows.

Fair enough. Being aware of the potential security hazards involved is a vital
first step for security assessment in any scenario, so it's good that you're
open to that criticism and willing to investigate ways to alleviate it.

> The service that your hospital has is exactly what big corporations can
> afford. We're filling a gap for companies that are not there yet.

We're not really a big corporation, though. We're a little hospital in a
mountain town with maybe 5,000 people in it, tops. We still shell out the big
bucks for data security because we're well aware that it's cheap compared to a
HIPAA breach.

> Shoot me an email at alex@destroyer.io with your address and I'll send a
> Destroyer.io sticker your way (if you trust me with your address :). The
> feedback here has been great, and the goal is to offer a service that makes
> everyone feel safe, this thread definitely pushes us in that direction.

Done. :)

------
pjlegato
Cool idea, but how do we know that destroyer.io itself is not an elaborate
phishing front?

~~~
JakDrako
Yup, you could add "0\. Make drive image for NSA" without altering the rest of
the process. If you need that amount of security, you should probably destroy
your own drives.

~~~
alexnucci
Hi, I'm Alex Nucci, founder of Destroyer.io. Sorry for the late response, I
was just tipped about this HN thread. I had posted one, and had been answering
questions, here -
[https://news.ycombinator.com/item?id=8074934](https://news.ycombinator.com/item?id=8074934)

You can check out my answer to pjlegato's question above. I'm guessing it'll
answer some of the questions you might have as well.

I can tell from this thread that we have to exude more trust. We know we're
not for every customer, but we do want to make sure that the ones that are a
right fit (small businesses and end consumers) feel comfortable with us.

If there's anything specific in our messaging or process that you'd like for
us to point out or improve, let me know.

Thanks again, cheers!

------
cordite
The chat with us thing covers my entire phone's screen, I saw pictures of hard
drives before that activated.

~~~
alexnucci
Hi, hope you're doing well!

What phone are you using? There might be a bug, and I'd like to fix it.

Here's a screenshot of what it looks like on my iPhone 5:
[http://destroyer.io/chat-screenshot.png](http://destroyer.io/chat-
screenshot.png)

The chat box should be at the bottom right hand side of the screen.

Let me know and I'll get on it. Thanks!

PS: Just noticed there's another HN thread on Destroyer.io, I had posted one,
and had been answering questions, here -
[https://news.ycombinator.com/item?id=8074934](https://news.ycombinator.com/item?id=8074934)

~~~
cordite
Windows phone 8 in horizontal mode. It is so zoomed in that only 5-8 words fit
across the view port

~~~
alexnucci
Thanks for the feedback, we'll look into this.

I may be asking for too much, but if you can email me a screenshot to
alex@destroyer.io, I'd appreciate it. If you want, send your address too and
I'll mail you a Destroyer.io sticker.

Thanks again and sorry about the bug. Cheers.

~~~
cordite
I have sent you an email, noting "Cordite from HN" or something of the like in
the subject.

~~~
alexnucci
Got it! Thank you so much for the feedback. Already replied.

Cheers!

