In May, Sean Malseed hauled the latest addition to his computer collection into his Philadelphia home. The bespectacled software developer and YouTuber had acquired a sought-after specimen: the PowerComputing PowerWave 604/150, a Macintosh clone sold over just five months between 1995 and 1996. “I turned it on and the first thing I saw on the desktop was a file called ‘infectious diarrhoea’,” he says.
Malseed had inadvertently acquired the former workstation of a medical scientist. With its contents fully intact, the hard drive provided a candid insight into the former owner’s life. “I poked around a little bit because I wanted to see if there was any rare software or something. It was filled with the person’s work and personal stuff,” he says. “There was software on it for DNA sequencing and all kinds of medical and scientific information. It also had all sorts of personal files, like tax records and letters to mom.”
Malseed is a high-profile figure in the retrocomputing community. His ActionRetro YouTube channel, where he documents his latest projects, has amassed over two million views and nearly 30,000 subscribers. Like other enthusiasts, he regards vintage hardware not as something to be discarded, but rather historical artefacts worthy of preservation. This includes both the underlying hardware, as well as the files stored on their ageing mechanical hard drives.
Much like baking and crocheting, interest in retrocomputing soared during the pandemic, as the tedium of lockdown forced people to channel their frustrations into creative pursuits. Sales of vintage machines proliferated during the period, and many of these collectors have unsuspectingly amassed vast troves of sensitive personal and information. This presents a challenge, not just for the corporations affected, but for those forced to determine what to do with them.
John Bumstead, the owner of Minnesota-based computer restoration shop RDKL, INC, is no newcomer to the scene. For over a decade, he has earned a living from buying, repairing, and eventually reselling broken Apple laptops. His inventory primarily comes from two sources: recyclers, where the machines arrive pre-wiped, and individuals looking to offload their unwanted hardware.
“There are cases where I’ll buy a collection of Amigas or Commodores and they’ll come with hundreds of floppy disks. There’ll be lots of alternate operating systems (OSs) and utilities that change the look of the OS. Each one represents not just a person’s stuff, but also their conception of what the OS could look like.”
“It’s fascinating too, because there’s often no way to recreate that from scratch. These disks may have served a purpose that no longer exists. They might be setting up a bulletin board, or dial-up software to interact with some system that existed then, but doesn’t now,” he says.
Enthusiasts face a difficult ethical dilemma. The retrocomputing community is motivated, at least partially, by a desire to preserve computing history, of which software is a major component. However, this often clashes with the previous owner’s right to privacy, and, in the case of former corporate machines, security.
“If you’re interested in vintage computers, you’re always a bit curious. They’re like a snapshot in time. You’re interested in what the person used the computer for. What’s the story behind the machine? What life did it live? It’s very tempting to poke around, although I try not to do that anymore, because it feels invasive,” Malseed says.
“I will take a peek at what applications are installed, in case there is some long-lost software or rare hardware drivers that could be preserved somewhere,” he adds.
It’s impossible to determine how many vintage machines are sold each year with their historical files and applications intact, although conversations with members of the retrocomputing community suggest this scenario is common enough. Max Levy, a medical student based in Birmingham, UK, reported acquiring an Apple iBook G3 clamshell that seemingly belonged to an employee of the British Medical Association (BMA).
“The laptop was from circa-2000 and contained documents of executive decisions and minutes on — relevant at the time — world issues like HIV and AIDS. As a medical student, this was quite a find, and the documents represented quite significant decisions. I was quite excited to see who was attending the board meetings in the early 2000s,” he says.
Levy decided against contacting the BMA. He assumed the machine had been written off and the data it contained was redundant.
“The laptop was sold to me as DOA,” he says. “I also assumed that, given the nature of the organisation, they would have kept multiple backups and copies of the data. I also didn’t know who to contact. The laptop came from a reseller.”
Medical records are a recurring -- and troubling -- theme. One collector, Kevin Lenane, says he acquired a Macintosh SE that previously belonged to a Wyoming dermatologist and contained patient details and treatment notes. Posting on a vintage computing Facebook group, another enthusiast, Andre Ramon Garcia, reported finding an ex-hospital IBM-compatible tower in a similar condition. The machine, he said, booted directly into the Del Mar Avionics patient records system without any form of password protection.
There is no consensus among the community for how to react in these situations. Some choose to disclose their findings to the previous owner. This is not always a welcome gesture. One collector reported being blocked after trying to reunite the former owner of a 2008 MacBook with their old pics. Another was forced to surrender their machine to the police after discovering that it was stolen from the former owner.
That’s why many prefer to remain silent, fearing retribution, whereas others don’t see the point. Malseed says he had agonised in the past about whether to contact the former owners of his collection, but opted against it to avoid causing distress.
“I don’t know if it would be creepy to be like: ‘Hey, I wiped your old hard drive. I found your name and stalked you on LinkedIn’,” he says.
Tom Van De Wiele, Principal Security Consultant at F-Secure, warns the age of a machine doesn’t necessarily reduce the risk posed to an organisation. “Some data expires, but that’s not always the case. This is especially true with medical records, social security numbers, or even the data held on industrial computers, where there are lists of ingredients and processes. Once those are exposed, you can use them for as long as that product or service is in existence,” he says.
“It’s kind of scary to know that people are sitting on very sensitive data, and you won’t hear about it unless they turn malicious.”
Many of the machines currently in circulation predate contemporary information security best practices, like the use of strong authentication and full-disk encryption, Van de Wiele says. And many organisations are unaware of the extent of the problem, lacking inventories of their historic equipment and records of how they were disposed of.
“You can’t put the toothpaste back in the tube,” Van de Wiele explains. But modern security measures may not be enough to prevent corporate secrets from landing in the hands of future collectors. “We all have SSDs in our laptops now. These are hard to wipe because they come with firmware that stops the same sector being written over multiple times. This means the data you want to wipe isn’t completely removed, or at the very least, can be recovered by someone sufficiently motivated,” he says.
Referencing an article from security expert Bruce Schneier, Van de Wiele compared the way corporations and individuals handle data to how European nations managed pollution during the 19th century.
“The way we generate, handle, and dispose of data will define us over the next hundred years. And, just like we look at the Industrial Revolution and think ‘what the hell were they thinking,’ we’ll do the same thing about today. We’re doing the same thing, leaving data sticks around. That kind of thing can bite you in the ankles if you’re not careful,” he says.
The likelihood of this happening has increased in recent years, with the pandemic driving interest in the retrocomputing hobby. “Just about anything retro tripled in value during the pandemic,” Bumstead explains. “The days of finding a Commodore 64 for $10 at a garage sale are absolutely over.” A check of recently completed eBay listings shows working examples of the iconic home computer selling for as much as $285 and as low as $93.
Bumstead also cited the example of the original polycarbonate MacBook sold between 2006 and 2009. Prior to the pandemic, these had a negligible resale value, but has since had an almost Lazarene revival.
“Two years before the pandemic, I told recyclers to stop sending me those. During the pandemic, that machine came back, and was suddenly a $100-$300 laptop. Computers that recyclers were actively scrapping came back to life and suddenly were viable again,” he says.
Although demand has started to calm, Bumstead says it remains above pre-pandemic levels, and prices remain high. This buoyancy provides an opportunity for people to make easy money by listing their former personal and work devices for sale. But this comes with risk, not just for individuals, but also for their former employers.
“If you don’t properly dispose of your old hardware, you effectively pass the buck to someone else to protect your data,” says Van de Wiele. “And once that happens, it’s done. It’s a problem you can’t retrospectively fix.”
- 💼 Sign-up to WIRED’s business briefing: Get Work Smarter
- Glaciers are melting. One ski resort is fighting back
- The race to grab all the UK’s lithium before it’s too late
- Spotify is breaking podcasts – is it for better or worse?
- Elon Musk flew to Berlin to woo the locals. He failed
- Squid Game is the weird future of local-global TV
- All the ways Netflix tracks you and what you watch
- 🔊 Subscribe to the WIRED Podcast. New episodes every Friday
This article was originally published by WIRED UK
