Metadata

Title: Security and Privacy with Second-Hand Storage Devices: A User-Centric Perspective from Switzerland
Category: general
UUID: abfd6fc1c3c44ef0bd4b97a2cce3cc3b

Source URL: https://iris.unil.ch/entities/publication/33e10c40-6a6f-4638-8e82-8c6f5ecfd532
Parent URL: https://wp.unil.ch/persuasivelab/2024/12/kevin-huguenin/
Crawl Time: 2026-03-23T21:51:11+00:00

Security and Privacy with Second-Hand Storage Devices: A User-Centric Perspective from Switzerland

Source: https://iris.unil.ch/entities/publication/33e10c40-6a6f-4638-8e82-8c6f5ecfd532 Parent: https://wp.unil.ch/persuasivelab/2024/12/kevin-huguenin/

Title

Security and Privacy with Second-Hand Storage Devices: A User-Centric Perspective from Switzerland

Type

journal article

Institution

UNIL/CHUV/Unisanté + partner institutions

Journal

Proc. of the Privacy Enhancing Technologies (PoPETs)

Author(s)

Salehzadeh Niksirat, Kavous

Author

Korka, Diana

Author

Jacquemin, Quentin

Author

Vanini, Céline

Author

Humbert, Mathias

Author

Cherubini, Mauro

Author

Métille, Sylvain

Author

Huguenin, Kévin

Author

Links to people

Salehzadeh Niksirat, Kavous

Korka, Diana

Humbert, Mathias

Links to units

Droit, criminalité et sécurité des technologies de l'information

Département des systèmes d'information

Science forensique

Centre de droit pénal

Editorial status

Published

Date Issued

2024-04

Volume

2024

Issue

First page

412–433

Peer-reviewed

True

Language

english

Abstract

Second-hand electronic devices are increasingly being sold online. Although more affordable and more environment-friendly than new products, second-hand devices, in particular those with storage capabilities, create security and privacy threats (e.g., malware or confidential data still stored on the device, aka remnant data). Previous work studied this issue from a technical point of view or only from the perspective of the sellers of the devices, but the perspective of the buyers has been largely overlooked. In this paper, we fill this gap and take a multi-disciplinary approach, focusing on the case of Switzerland. First, we conduct a brief legal analysis of the rights and obligations related to second-hand storage devices. Second, in order to understand the buyers’ practices related to these devices and their beliefs about their legal rights and obligations, we deploy a survey in collaboration with a major online platform for transactions of second-hand goods. We demonstrate that the risks highlighted in prior research might not materialize, as many buyers do not inspect the content of the bought devices (e.g., they format it directly). We also found that none of the buyers uses forensic techniques. We identified that the buyers’ decisions about remnant data depend on the type of data. For instance, for data with illegal content, they would keep the data to report it to the authorities, whereas for sensitive personal data they would either delete the data or contact the sellers. We identified several discrepancies between the actual legal rights/obligations and users’ beliefs

Subjects

Second-hand electroni...

Serval PID

serval:BIB_B69A6B006D03

DOI

10.56553/popets-2024-0057

Permalink

https://iris.unil.ch/handle/iris/222645