
Show HN: Destroyer.io – The easiest way to destroy your hard drive - alexnucci
http://destroyer.io
======
sj4nz
Except for SSD's, perhaps its just easier to use something like
[http://www.dban.org/](http://www.dban.org/) and DIY. If you're a little
paranoid, it isn't hard to imagine the USPS waylaying mail hard drives en-
route to Destroyer.io for forensic imaging before it reaches its final resting
place.

~~~
alexnucci
I understand your concerns, but this particular scenario seems a little far
fetched.

USPS would have to have a very strong interest in your hard drive. Know when
you ship it. Intersect the package. Repackage it up exactly as it was. And
finally, deliver it. This is extremely complicated, and they would be breaking
an immense amount of laws. If they had such a strong interest in getting a
hold of your drive, they'd be far better off stealing it from your home (or
hacking into it).

I do understand that there are some other cases that won't be as extreme (how
do we guarantee that we do in fact destroy it upon arrival?). Some level of
trust, as with any service that you give you social security info, personal
information or even Dropbox has to exist. Our aim is to answer any question
that might happen in a realistic and likely scenario, and make sure that our
messaging is on point.

Also, as I mentioned above, we're in the process of getting our NAID AAA,
eStewards, R2 and ISO 14001 certifications.

Hope this answers your question, let me know if it makes sense (or shoot
another question my way). Cheers!

~~~
sj4nz
The USPS already has the infrastructure to do it and its over a century old.
I'm not even questioning your service, I just know that you have no control in
the USPS segment of the package's chain-of-custody.

[http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-
mai...](http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html)

~~~
alexnucci
Thanks for the article, and I understand your concern.

Adding FedEx as an upgrade option is something that is in the plans. Since
we're just launching, we started out with USPS because it's the most cost
effective and convenient (daily mailbox pickup and you can even schedule one
free).

Having an alternative shipping method should help.

~~~
sj4nz
You could very well charge a large, hefty premium to have a private courier
service pick up drives to be destroyed. I'm sure that there would be a small,
select client base that would pay for it. Or, subsidize part of the cost for
this premium service from users of the lower-end services.

~~~
alexnucci
You are right, that's an option that would serve some of our customers.

We'll definitely expand in our service and shipping options as we grow.

Thanks a lot for taking the time to give us some feedback. Cheers!

~~~
sj4nz
You're welcome!

------
junto
Reminds me of a story about Dell support, who have provided PCs previously to
the UK security services. Goes something like this. PC sent to Dell because it
had some issues booting.

Support tech opens the box and tries to boot the PC. Indeed, it doesn't boot.
Can't find any bootable media.

Inside he finds that the drives have been removed and placed in static bags at
the bottom of the box.

After a closer examination he finds all drives have been drilled through
multiple times. Standard procedure for SS secure PCs when being sent off site.

Made me laugh that one.

------
LoneWolf
I didn't read much through the website but how can they assure me the disks
are not imaged or read or anything else before they are destroyed?

~~~
alexnucci
Great question. Naturally, most of the inquiries or concerns around this
service are going to revolve around trust and security.

The obvious and straight forward answer is that we don't do that. The more
complicated one would be that we'd break a large amount of serious laws if we
were doing something like that.

When testing the service out, some users asked for further assurance . The
solution that seemed to be liked the most involved a video feed (or pictures),
that showed how we opened the package, removed the drive and destroyed it.
That's something that I'd build down the road if I get enough requests or feel
that it would move the needle in the right direction.

For now, here's what we do: receive the drive, degauss (demagnetize) it,
destroy it. The customer is notified when the package arrives and when the
drive is destroyed, at which point we send a certificate of destruction.

Also, we're in the process of getting our NAID AAA, eStewards, R2 and ISO
14001 certifications. The machines and processes that we use follow all of
their guidelines, it's just a matter of getting approved (and paying the
fees).

Let me know if you have any other ideas on how we could show/proof that we're
trustworthy. Interested in listening to any suggestions.

~~~
s9ix
Might be a random dream, but could you place magnets in the box or bag it's
shipped in? As in, here - start the process / rub magnets against it while
shipping and then degauss it again once it gets there?

~~~
alexnucci
Yes! This idea had actually come up before.

I'll definitely give it an in depth look, this could make the whole process
safer.

Thanks for the suggestion!

~~~
yellowapple
Do that, and I'll be much more comfortable with the idea of recommending your
service, since it helps to alleviate the issues of things being lost/stolen
during transit.

~~~
alexnucci
Excellent, point taken.

We're really looking at giving customers the option of doing something to the
drive before it ships out. It seems that there's enough demand for it (based
on comments we've gotten over the past two days).

------
ShaneCurran
To be honest, it seems like a bit of overkill to pay $20 and ship a HDD to a
3rd party to have it destroyed. Wiping it in software, running it through a
strong electromagnet and drilling a few holes in the platters or just beating
the crap out of the drive is perfectly ok for destroying the data unless
you're some top-secret government agency or whatever

~~~
alexnucci
Thanks for the comment.

Yup, you can definitely destroy a hard drive (or almost anything, for that
matter) yourself. This is just a guaranteed, safe and secure way to get it
done for you.

Also, we recycle all of the parts, nothing ends up in a landfill. Hard drives
can be pretty toxic.

Cheers!

------
chatmasta
This is a nice, clean, simple idea. I like this kind of business model, where
dev time and technical overhead is minimal, and the focus is on operations. It
seems to me that operations based businesses are more defensible, create more
jobs, and in general are more fun to run/optimize.

My question: who is your target market? Seems like you want enterprise
customers, but specifically I'm wondering which industries?

Do companies interested in this service already employ somebody to do it? And
is it a matter as simple as wiping, magnetizing, and drilling the drives? It
seems like that would take < 5 minutes per drive of unskilled labor, so I'm
wondering exactly how willing companies will be to dump their in-house
(probably cheap) labor already performing this service, in a seemingly safer
environment.

~~~
alexnucci
Thanks for the kind words!

Our target market, at this point, is: small businesses and end consumers.

Our goal is to eventually serve enterprise customers, but we're not going
after that for the moment for several reasons (resources, depth of product
offering, etc.)

A typical customer would be a small business that goes through 50 or so hard
drives per year, enough that they'd want to send us a batch every month. They
would also be interested of getting a third party (us) certificate of
destruction for their records (industry standard).

Thanks for your feedback and questions. Let me know if there's anything else
that I can answer for you. Cheers!

~~~
chatmasta
What kind of small business fits that profile? I'm having trouble imagining a
business requirement that calls for filling an entire hard drive every month,
only to destroy it. Is this for something like banks (mentioned on your
website) where 30-day record keeping of sensitive data is necessary? What
aspect of the data disallows them from simply reusing disks?

~~~
alexnucci
We're not targeting a specific small business kind, we're going more by size.
Big enough to have several hard drives in their offices, small enough that
enterprise shredding services are too expensive and big for them.

A lot of companies are moving their storage to the cloud, and the old hard
rives need to be destroyed. Other companies upgraded their hard drive size
(from 500gb to 1tb) and have no use for the old one. And finally, a lot of
hard drives fail (there's about a 10% chance your hard drive will fail, each
year, after its second year.

We want to destroy all of those drives :)

------
alexnucci
Gals and guys, thanks a lot for all of your comments.

We just launched 2 days ago, and it really means a lot to get this amount of
feedback so soon. It helps us make the product better right away (it already
did).

Giving you more information and clearing up our messaging will be the first
thing to tackle, we already got started. Followed by additional shipping
carriers, video feed of our facility (or the destruction of your drive) and
better packaging. These things will all make our product more attractive and
make our customers feel more confidence towards our service.

We want to help all of you destroy your drives, give us a shot (some of you
already did, thanks!)

Please let me know if you have any other questions. Cheers!

------
jdong
Outsourcing sensitive data destruction sounds like a EXTREMELY good idea.

Also, the fact that the faq page contains blatant lies makes this company seem
even less trustworthy.

"The only way to make sure that your data will never bee accessed is by
physically destroying the disk."

Why wouldn't dban work?

~~~
alexnucci
Hi, hope all is well.

Nothing on the site is a lie. Especially, the fact that erasing data from a
hardware using software is not a guaranteed way of ensuring that your data
ever sees the light of day.

As a matter of fact, check out DBAN's homepage:
[http://www.dban.org/](http://www.dban.org/). The first bullet point: No
guarantee of data removal (e.g. DBAN does not detect or securely erase SSDs)

Also, do a quick google search for "data extraction after formatting", you'll
find plenty of solutions. From software downloads to forensic labs.

I will admit, however, that the FAQ answer lacks some depth. The site just
launched, and the FAQ section is very much a work in progress. I will make
sure to give more details, and reference some articles that back the point up.

Let me know if you have more questions. Thanks for the feedback!

~~~
yellowapple
> data extraction after formatting

That's not what DBAN is.

In order to recover data from an overwritten drive, you'd need to remove the
platters and run them through specialized laboratory equipment - often running
upwards of hundreds of thousands of dollars or more - in the hopes of finding
residual evidence of the previous data. This isn't even close to surefire with
modern hard drives.

You're correct about SSDs, and are correct that physical destruction is the
only absolute guarantee. However, it's disingenuous to imply that formatting
and overwriting are equivalent (that's _far_ from accurate), and for most
consumers and even small businesses, they're dealing with a level of security
that - per NIST standards - is sufficiently handled with overwriting alone.

