USB drive, reimagined

How Window’s NTFS Tracks Files & Expose Your Identity

This blog explains the origin, functionality, and concerns of computer filesystems, especially those with journaling system like NTFS.

The Origins of Filesystems

Filesystems are a core application which must exist for any computer software to operate. It tells where the data is and where that data should be sent, in a relatively human readable format using paths.

There are many types of filesystems out there. A popular one used within the Linux community is called FAT (File Allocation Table) and NTFS (New Technology File System) was first introduced by Microsoft in 1993. Since then, NTFS has been the default filesystem for every Windows version moving forward, with its main advantages being a near limitless max file limit (8 petabytes) and a journaling system which tracks changes in the file systems and data for quick recovery in case of failure, signified by a $ sign.

While this is all well and good, and prevents the average computer user from running sudo rm -rf –no-preserve-root / (rm means remove and / means root, the center of the linux filesystem, and -no-preserve-root is self explanatory) and bricking their entire PC, this comes at a cost, and this cost is privacy.

The issue with journaling systems

Within the NTFS journaling system lives an attribute called $OBJECT_ID NTFS, and what this attribute does is record the location of every drive that is has ever been in, leaving behind a paper/digital trail every time it is transferred to another NTFS volume. In order words, every photo, document or image could be tracked to an origin point, with a specific machine ID, and be physically located using geolocation.

Imagine you are reporting undercover in a warzone, and you decide to send highly sensitive videos about an official from your Windows computer to another Windows computer. When you do this, that video will leave your computer and be saved in the other, but it will also record that it originally came from your computer. Now let’s say the individual that you sent the video to is compromised, and their computer is confiscated and a group of tech whiz tears it apart, to look for that video.

They found the video: Mission Failed, but to add insult to injury, they decide to check the $OBJECT_ID NTFS attribute, and discover that it was originally from another computer, your computer. They track your device down and you with it, and the rest is history. Thanks Microsoft.

But perhaps there was no ill intent when this attribute was created. Maybe it was done in order to enforce authorship validity, because if you wrote a patent for example, and someone copied it off your computer, you could prove that the file originated from your computer and therefore you were the original author thanks to the $OBJECT_ID NTFS attribute.

FAT, a more secure alternative

Regardless, FAT has existed for over 50 years, long before NTFS was old enough to drink, and is still commonplace in almost every Linux distro out there. Sure it has a smaller max file size of 4GB instead of 8PB, but individual files are rarely that large, only folders are, and proper compression would reduce the file size anyways.

So to keep with protecting and securing user privacy, every i-SECUR drive is formatted for FAT16, as the highest data capacity is at 128GB. There is also another popular and new file system developed by Linux called ext4 (4th extended file system), boasting a ridiculous maximum volume of 1 Exabyte (10 times larger than Petabyte) and a maximum file size of 16 Terabyte). Unfortunately, this system also uses a journaling system, which could compromise your privacy, but ext4 is something out of my needs, at least until the i-SECUR drive can fit a 1 Exabyte memory chip on it.

Leave a Reply

%d bloggers like this: