Just curious as I want to replace my original Steam Deck before the OLED releases.
Is a Steam Deck safe to sell after performing a factory reset? As in, will the next owner be able to obtain any passwords to my steam account or any other account/personal details?
Thanks in advance!
You would be 99% fine just factory resetting the device.
But….
The way factory resets work is by flagging all your data as over-writable. If you had any sensitive information on your Deck, that data would still be there and still be recoverable if someone knew what they were doing. Best practice when selling/trading in any device is to zero out the drive (overwrite every bit with a ‘0’) then reinstall the OS.
Most likely not necessary for a Steam Deck but it’s important to know how data storage works!
100% this. I was going to reply with something similar but you said it better than me!
It’s extremely important to know how storage works and that just doing a normal wipe isn’t good enough to truly protect sensitive data. The DoD does 7 passes of random data then also destroys the drives. Most home users would be fine with 1 or 2.
I have personally never given a used drive to anyone besides family. I’d rather keep it and put a new one in.
How does someone zero out the drive? Is that an option in the reimage screen or something?
I usually delete the entire drive and reformat.
I’m presuming this would do the same thing.
Isn’t there also a difference between hard drives and SSDs?
Is that the current best practice? I seem to remember reading that overwriting with random data, multiple times, is the most secure way to delete data.
This is well outside of my expertise so I’m asking out of curiosity.
Random writes and/or multiple zero-fills are just a waste of time. They don’t achieve anything, they’re just a placebo. Plenty of people/procedures recommend to do it, but they’re absolutely pointless in the real world. Once your disk is full of zeros, it doesn’t matter what came before.
Don’t trust me? If the US government was unable to recover the content of a drive related to Julian Assange’s case after a single zero-fill, I think you’re safe:
Johnson testified that he found two attempts to delete data on Manning’s laptop. Sometime in January 2010, the computer’s OS was re-installed, deleting information prior to that time. Then, on or around Jan. 31, someone attempted to erase the drive by doing what’s called a “zerofill” — a process of overwriting data with zeroes. Whoever initiated the process chose an option for overwriting the data 35 times — a high-security option that results in thorough deletion — but that operation was canceled. Later, the operation was initiated again, but the person chose the option to overwrite the information only once — a much less secure and less thorough option.
All the data that Johnson was able to retrieve from un-allocated space came after that overwrite, he said.
In the case of an SSD, random writes or zero-fills don’t work at all, though: they are not guaranteed to actually fill the disk with zeros (and most likely won’t), while at the same time wear the drive. For SSDs, you should run a secure erase command that’ll instruct the SSD to reset all its cells to their default state.
Are you storing your tax returns and bank account information on there? I’m an anxious guy but this sounds insanely paranoid.
Is that the current best practice? I seem to remember reading that overwriting with random data, multiple times, is the most secure way to delete data.
On current hardware when data is overwritten once the original data cannot be retrieved. The “Gutmann Method” hasn’t been necessary for about 3 decades, even though the myth seems to still propagate. https://en.wikipedia.org/wiki/Gutmann_method
No, it will probably talk about you behind your back sometimes - also the buyer could scape your dead skin from the thumbsticks and the cracks in the case and use your DNA to clone you.
Yes but let them know THEY need a steam account to use it. I’ve sold 2 in the past and i cannot stress that enough. A lot of new users buy steam decks n just don’t know what they are getting into.
If youre worried about it you could reimage it completely
Boot up a copy of your favorite Linux Distro, open a terminal, and run
lsblk
From that, find your deck’s SSD - Probably somthing along the lines of/dev/nvme0n1
Then do
sudo dd if=/dev/urandom of=/dev/nvme0n1 bs=4M status=progress
Once that’s done, do
sudo blkdiscard /dev/nvme0n1
Your Steamdeck is now very securely erased.
Boot up the recovery media from Valve - https://help.steampowered.com/en/faqs/view/1b71-edf2-eb6d-2bb3
And use the option
Re-image Steam Deck
from the Desktop. That will set it up as if it’s new from the Factory.I think this is the way for HDDs, but the steam deck has an SSD.
The support will still answer to the original steam account that it was bought with. Had this with my steamdeck which i bought over a friends account because he was a few months earlier than my reservation and didn’t need it. I didn’t use my reservation in the end but his. When i needed a replacement, the support first answered that i did not have a steamdeck, that it belongs to someone else and they would send it to him. But the original address that we put in was mine, so i could prove that i was the owner and it worked out in the end. But i just wanted to let you know that he be careful when using the support because the serial number is still registered to the ordering steam account.
I don’t know if it’s just me. but if i bought a steam deck from someone, and it was full of personal details, payment stuff, private pics and convos.
I’d just reinstall the os myself (or give back the SSD). i don’t care and i’m not a thief so, whatever.
but there are nefarious people for sure.
This applies only to 256/512 GB models; I don’t know that the 64 GB model supports this command:
NVMe drives contain an internal encryption key. By deleting this key, all data (including over provisioned blocks) is practically unrecoverable. (You’d need a sufficiently motivated attacker with knowledge of a flaw in the encryption algorithm.)
To use this command, you’ll need to boot from another Linux device, such as a thumb drive with Debian on it. Once you’ve installed nvme-cli you can use the following instructions:
https://tinyapps.org/docs/nvme-secure-erase.html
As always, I’m not responsible if you brick your device. And of course, you’ll need to reimage as soon as this finishes, as the drive will no longer contain a partition table.
If you keep sensitive data on your steam deck, what the hell are you doing lol
Yes it deletes everything including all user info. It literally resets the console to factory preset.