Technicians often access private photos and other files on the laptops and phones they’re repairing, a recent investigation revealed.
On Thursday, CBC Marketplace published the result of an experiment exposing major privacy breaches in Ontario’s tech repair shops, involving big brands like retail giant Best Buy and Mobile Klinik.
In nine of the 16 repair shops involved in the experiment, technicians improperly accessed personal data on the devices they were fixing. Some even copied these files or took steps to erase any signs they had rummaged through the files.
“On what planet is this permissible?” former Ontario privacy commissioner Ann Cavoukian told CBC.
‘Unacceptable’ Breach of Privacy
For the experiment, Marketplace researchers took laptops and phones to 20 different repair shops across Ontario. The devices were equipped with monitoring software that logged everything the technicians did. In some cases, the devices secretly captured video recordings of the technicians.
Assessing the data, the Marketplace team found that technicians accessed private data on devices in nine stores. Some technicians scrolled through the browser history, social media accounts, and pictures (including intimate photos) on the devices.
In one unsettling instance, a technician copied photos onto a USB. Not only is this a breach of privacy, but these photos may be used for fraud and blackmail or sold on the dark web.
One technician sought to erase signs they had accessed private files on the device by deleting the photo they’d viewed from the recently opened area. Another technician viewed photos discreetly by opening them as extra-large icons.
“These results are frightening,” Hassan Khan, an associate professor in the School of Computer Science at the University of Guelph, said. “It’s looking through information, searching for data on users’ devices, copying data off the device… it’s as bad as it gets.”
Notably, accessing these files was unnecessary for the types of repairs they were performing. “Going through those files to look for a fix does not make sense,” Khan said.
Khan, who has conducted a similar privacy study, collaborated with CBC Marketplace for this experiment.
Protecting Your Privacy
“We have to put a stop to this… And we have to find a way to bring it to the public’s attention,” Cavoukian added.
Khan suggests that tech repairs should be recorded and randomly audited to prevent privacy violations.
“The onus should not be on the users to somehow magically make sure that there is nothing on their device that these people would not snoop on,” he added.
Still, we recommend taking steps to protect your device before handing it over to a repairer. For starters, back up and encrypt your disk (FileVault for Mac, BitLocker for Windows) before handing it to a repairer. You can also set up a ‘guest’ account for repairs without having to open access to your main admin account where your files are located.
For more news, follow us on X (Twitter), Threads, and Mastodon!
