Google Chromebooks: You don’t own your data and can’t recover it if the laptop dies

A user came into my computer repair shop with an Acer laptop that happened to be a Google Chromebook. This laptop was dead. It simply doesn’t work. The hard drive works, and under Linux I can mount the filesystems on the hard drive, but the rest of the laptop is shot. We wanted to move the user’s drive to an external hard drive enclosure so that he could at least retrieve his family photos and other data stored on the computer. Obviously, the data would need to be copied off of the Linux filesystems and the drive reformatted to Windows’ NTFS so that it could be read on a Windows PC, and then the data would be copied onto the newly formatted hard drive. The user gets an external hard drive plus all his data, and everyone is happy.

Except for one tiny little problem.

Google Chromebooks encrypt all of the user’s data.

With a key stored in the computer’s Trusted Platform Module (TPM).

If the computer was stolen by someone, this would be a good thing, because that someone wouldn’t have access to the user’s private files. That’s what encryption is supposed to be for, after all…but this laptop wasn’t stolen. The owner had it in his possession, knew the login password, and that should mean that the owner can get into the computer and retrieve his data.

Except the password for that data is stored away in a chip that won’t hand it out unless the computer works and Google’s Chrome OS is what asks for it.

Where does that leave my customer? Simple! With absolutely nothing. A failure of the computer in this case has become equivalent to a total hard drive failure. All of his data is lost forever. There is simply no way I can retrieve it for him without the encryption key locked away in a chip I can’t extract it from. Because the encryption key is not available to the user, the user can’t give it to me to decrypt his information.

Thus, you simply don’t own your own data when it’s on a Chromebook. The maker of the computer and the writer of the operating system do. Please don’t waste your money on a Chromebook…but if you do, back up your stuff.

(To a real external hard drive, not “the cloud.”)

15 thoughts on “Google Chromebooks: You don’t own your data and can’t recover it if the laptop dies

  1. Hi,
    I have Acer Chromebook with 320 gb hd. I mostly ran chrubuntu on it. Few days back, I dropped it on floor. Now it says, to restore the chrome os from a usb stick. I can’t take it to developer mode and start chrubuntu without a powerwash. I had 50 gb of data on hd.
    I am planning to change the hd to a ssd. I have two questions:
    1. will I be able to use 320 gb hd as external hd?
    2. if i am able to start my machine and chrubuntu on it. Will I be able to connect 320 gb hd to it as an external hd and be able to retrieve my 50 gb data?

    I wish I would have seen your post earlier…..


  2. What you’re claiming is true, however:
    If a competent technician diagnosed the laptop’s mainboard it should almost always be possible to replace a failed component (usually with a completely unresponsive laptop/netbook it is something in the power regulation block of the mainboard) and restore the laptop to working order. Unless the laptop caught fire or was crushed, repair should be possible. Now, this would normally cost more than the laptop or netbook’s original sticker price, it would be far cheaper than what people typically pay to recover priceless data.

    1. Unfortunately, most motherboard component-level repairs are out of the capability of the vast majority of skilled computer technicians, and in my experience the failure of a motherboard in a laptop is more likely to be a problem with one of the huge BGA chips either failing or having broken solder points on the bottom which may or may not be repairable with reflow work within the financial restrictions and skill level found in the majority of tech shops. How common is the skill of diagnosis of failure of non-visibly damaged surface mount components? How practical is such a repair even ignoring the many problems I successfully performing such a repair in the first place? For most normal people, paying for component-level repair will be financially out of reach, and even I not one would find a field lacking in available skills and willingness to perform the work also. Let’s be honest: the skill required for this type of work is rare and the demand is effectively a niche market. Your suggestions are of the same level of practicality as buying up a cluster of 1000 GPUs to try to crack the TPM key or slicing and imaging the chip die to read the key out of it.

  3. I thought we were talking about not being able to recover priceless data. Data recovery services often run into the many thousands. Compared to that, replacing a large chip on a motherboard should be much cheaper. I didn’t suggest the original article is incorrect, just that recovery isn’t impossible as claimed.

    1. I understand that the repair of a motherboard at the component level may be a cheaper cost than a $5,000 data recovery job, and in the unlikely scenario that a Chromebook contains data worthy of an expensive recovery a person with sufficient funds would certainly see that as an option. However, the “impossible” assertion is intended in the context of “an average person who purchases a Chromebook.” For the average owner of a Chromebook, chances are that the data is not of such value that they would pursue expensive recovery options, and even if it might be, those people don’t have enough income to justify paying for any specialized method of data recovery, be it temporary hard drive repair or motherboard component repair. My ultimate point for readers is that the data is encrypted and if they don’t back it up, they have no recovery option that is practical unless they’re fairly wealthy, I which case they would not likely be using a cheap Chromebook anyway.

      1. I agree completely that users NEED to keep solid backups, especially with any computer that uses a TPM. And i also agree that those backups should not be solely on the cloud. 3-2-1 is it? 3 copies, at least 2 types of media, with 1 copy at a remote location.


  4. You are correct, if the person is trying to use a Chromebook like Linux, Windows, or OSX, it will lead to disaster.
    Chromebook = browser + keyboard + screen + WiFi
    It’s designed to always be in “the cloud.” The default apps are all Google services, which are in “the cloud.” All of the third party apps from the chrome web store are “cloud based.” It’s all SaaS.
    Absolutely everything from Google about the Chromebook points this being a fancy web browser, which stores everything in the cloud. They are very upfront about what a Chromebook is. The tutorials on YouTube. The tutorials on the Chromebook itself. Heck, even go look at the specifications of the current Chromebook powerhouse, the Pixel. It only comes a 32GB solid state drive, and 1TB Google Drive cloud storage.
    Look at how photo importing was designed to work on a Chromebook. By default, through the Photos+ app it uploads them to the cloud. Then if they want a copy on local storage, they have to move it there.
    The beauty of the Chromebook. No matter what computer they use, as long as there is an internet connection, they can always access all of their data. It’s in “the cloud.” It’s backed up. There are historical copies of your documents in Google Drive. There is an offline mode for working on documents when WiFi is spotty, and it syncs to the cloud when another connection is available.
    RTFM and you’re good to go. Otherwise, ouch.

  5. Everything I have read about Chromebooks say you can log into the cloud from another chromebook and have access to all your data. I have even read that school systems love this because if the youngster breaks or loses his chromebook, he just gets another one and logs in and has access to all his data. So why couldn’t you do that?
    Thanks, Denny

    1. Not everyone sets up the Chromebook to put all of their personal information on Google’s servers, and even if they did, suppose the hardware fails after transferring photos to the device and there’s not enough time for syncing to complete. In these scenarios, the data on the drive is lost forever because it’s encrypted with a key that the user doesn’t have direct access to.

  6. If you are using any computer with a tpm module (pretty much ANY business class computer) and have on turned disk encryption, you can have this situation.

    1. Of course. However, this is a part of a Chromebook that is automatically enabled without the user asking for it. In a business computer with full disk encryption using TPM key escrow, someone has to take an affirmative sequence of steps to enable it. My problem is that the Chromebook user is given no choice in the matter and stands to lose all their data if anything goes wrong with the hardware.

      1. My thought exactly! Why on earth would Google make the DEFAULT be encryption of files to a local folder instead of putting it in the Google Drive in the cloud? The average user has NO CLUE that their data is being encrypted by default, that the data is stored locally, and that the encryption key is the FIRST password they signed in with to the Chromebook. This is a GUARANTEED recipe for a data disaster. People always forget even their current password…you think they’ll remember an OLD one? Hahahahaha. Joke of the century!

        It would have been much more user friendly to set the default as unencrypted to the Google Drive or even a local folder with sync to the cloud. Then if the user so wishes, have the user affirmatively choose to encrypt their data. Upon such choice, provide the users with massive warnings in bright flashing red that the user MUST REMEMBER the key they provide to encrypt the data because without that key, if the data needs to be unencrypted in future, then the data is as good as lost from the moment it is stored.

        Frankly, which “average” user needs to encrypt their data anyway? And why make te key be a password without telling the user that oh, by the way, I just assigned your password to be the encryption key for the data and plaese go write it down somewhere because there will be hell to pay if you forget this key?

        And a user who would choose to encrypt data would probably not be using a $200 Chromebook in the first place! Takl about OVERKILL.

        Google’s thinking on this issue simply boggles the mind, especially when they themselves say that the whole objective of the Chromebook is to keep everything in the cloud? It all makes absolutely no sense whatsoever!

  7. Ok ! So what sense does that make.. I have to throw it away ?? All my life is on my lap top ..wish you would alert the buyer .. my life is on my lap top ! I am so heartbroken 🙁

  8. The TPM “device owner password” is offered to the user during initial set up. It says something to the effect of, “Write this down, it will only be available for a limited time.” I have mine recorded (in a non-Google cloud service).
    You can actually get yours right now! Back up your data and do a “powerwash.” A newly generated password will, again, be available to you to during (re)setup. Google never intended to own your data, but they have, effectively, protected it.
    Of course, one should always have backups of any data they care about. Your customer may have brought in a laptop with an unencrypted but dead drive. The result would have been the same but the title of the corresponding blog post would be, “Computers: You don’t own your data and can’t recover it when it dies.” Though much funnier, it’s not actually any more wrong than the title of this one.

Leave a Reply

Your email address will not be published. Required fields are marked *