“Everyone needs to securely erase data at some point — even on a Mac,” Jay Vrijenhoek writes for Intego. “After all, securely erasing your data ensures your personal and private information does not end up being found and abused by someone else.”
“Whether it’s the NSA, a burglar or someone who rummages through garbage for old hard drives with the intention of extracting data, we can rest assured (or not so much) that there are people out there who are after your data,” Vrijenhoek writes. “Targeted or by accident, if a nefarious individual gets their hands on your data, you can very well end up in trouble.”
“Even though all new Macs these days come with Flash storage (which I’ll cover later), there are still plenty of hard drives around and in use today. Whether it’s a hard drive in an older Mac or an external hard drive, if it is accessible, you can use Disk Utility to securely erase it,” Vrijenhoek writes. “Because Solid State Drives (SSD) and Flash Drives store data differently, a secure erase with Disk Utility is not possible… If we can’t be confident an SSD was properly erased, then there is only one route to take that will ensure all data is beyond the reach of anyone: Using encryption.”
Much more in the full article here.
MacDailyNews Take: Securely erasing data from your Mac is an especially good idea before you sell it or give it away.
What other methods exist to protect data on SSDs from prying eyes other than a hammer, drill, or rock crusher?
1) Perform an ‘erase’ of the SSD via Disk Utility. This will enable step 2.
2) Fill the drive with new, worthless crap data. It could be the same file over and over again as long as you give it different names. If you simply ‘duplicate’ a file within a single directory over and over again, mac OS will create new names for it.
Example: The 227MB archive file for LibreOffice can be downloaded for free off the Internet. Put it into a directory on your erased SSD and duplicate it over and over until you’re sick of it. Then navigate outside that directory to root and duplicate the directory over and over, ad nauseam until the SSD is full to the brim. That will overwrite everything that used to be there with something innocuous.
The article suggests encryption of the SSD drive, which is far less labor intensive. Just be sure you use a whopping huge, incoherent encryption key that no one or no machine could ever guess.
Filling the entire drive with data is essentially what the old “erase securely” option in disk utility did, just with zeros or random data. The reason it was removed was because SSDs have over-provisioned space that is not exposed to the OS, which they use to take care of write-related overhead. You cannot guarantee a complete fill (overwrite) of an SSD’s over-provisioned space, even when the SSD reports there is no free space remaining.
You can attempt to purge the over-provisioned area by continuing to remove data and then write again, particularly on a nearly full SSD, but there is no guarantee that the entirety of the over-provisioned space will be overwritten even then. Data may still remain and be recoverable.
This is why Apple removed the option for secure erase and secure empty trash in the first place: because on SSDs it gives a false sense of security where none can be guaranteed. Even encrypting the drive won’t address this for data that was originally written unencrypted, before enabling FileVault2, which is why you should enable FV2 is soon as possible after obtaining a Mac, rather than waiting and encrypting later. The original plaintext data cannot be guaranteed to be overwritten by its encrypted replacement.
For more information on over-provisioning, see: http://www.seagate.com/tech-insights/ssd-over-provisioning-benefits-master-ti/
Filling the entire drive with data is essentially what the old “erase securely” option in disk utility did, just with zeros or random data.
Correct. Except of course we can’t do that any more with Disk Utility on SSDs. It’s gone. Kaput. Removed.
You cannot guarantee a complete fill (overwrite) of an SSD’s over-provisioned space, even when the SSD reports there is no free space remaining.
Thank you for pointing that out! But of course it is highly unlikely any coherent usable data will be in that area of memory.
In any case: Encryption is easier, faster, more thorough, as the article pointed out.
The original plaintext data cannot be guaranteed to be overwritten by its encrypted replacement.
OH NO! I was afraid that would happen! That borks everything!
😿 *sob*whimper*sniffle* 🤧
Any other ideas? (Besides pry out the SDD and smash it).
What technique did The Clot use?
BleachBïtch®? …somethin’ like that.
Heya botvinnik✓ᵀᴿᵁᴹᴾ,
The Clot said she used a cloth to wipe her server. It makes sense that The Clot would use The Cloth. She’s not terribly imaginative.
All we need is to use The Chloroform with The Cloth on The Clot. Her hubby Bill Clot-ton could could then use the chloroform cloth on his private parts to disinfect them.
Is The Clot any good? Nyet!
Nyetvynnyk✓ᴿᵁᴹ has spoken.
And he likes, on occasion, to drink ✓ᴿᵁᴹ
Shut up.
SSD? I just delete my account, then copy large movie files across until it is full, then delete the movies.
What’s so difficult about that?
Why would you do that? The described method (using the built-in Erase feature inside the Disk Utility, with advanced security options) is faster, easier, simpler and more reliable.
Frankly, I don’t see the practical benefits from 3rd and 4th option (three passes with random data and seven passes). Option 2 is more-or-less what you are suggesting (two passes, first one writing random data over each sector, then second pass writing zeros), and it effectively obliterates all of your data. Only extremely well equipped forensic data teams would be able to recover anything meaningful from that drive, and it would come at a significant cost. The DOD-approved 7-pass method is a massive overkill (but there it is, available for the most paranoid).
Yeay, that 7 pass method means you write a different move the second time (passes 3-4) and yet a third movie the next time (for passes 5-6) and one final write of something different still. For best results, leave that final movie (assuming it isn’t illegally acquired!) sitting there to soak in magnetically. (Is that really still an issue on SSDs? I would assume so, but don’t really know.)
But at least you didn’t have to use a utility to do it!
‘TheTruth’: I don’t know what Predrag and SJBMusic are going on about as you clearly designated and SSD. Their suggested erase methods won’t even be allowed by Disk Utility for an SSD.
Go to the source article MDN has linked above and go to the section ‘How do you securely wipe a Mac SSD?’. It will explain why you can’t use Disk Utility. It will explain how you can instead use File Vault to encrypt the drive, leaving only random garbage on the SSD. At that point you can ‘erase’ the drive using Disk Utility, which will leave most of your encrypted data intact, but who cares as it will look like random noise without the encryption key.
Ahem, you clearly designated AN SSD.
All the more reason to have removable storage media- which Tim Cook and Jony do not want you to have.
I can take the HD or SSD out of a Mac Pro tower and not have to worry about it. Try that with the glued shut shit that is now Apple’s stock in trade.
With a HD you erase it, hit it with a strong magnet, then take a drill to the HD- putting holes in the platters. That will fix it against all but the deepest pocketed.
This actually can be quite fun, although time consuming. Every hard drive contains a whopping powerful magnet. It’s fun to tear them out and collect them. I have several on my refrigerator in various sculptural contortions.
You want to be absolutely sure? Melt it in a vat of molten metal. Think Terminator type melting.
Or you could journey to Mordor.
[Mount Doom…]
I agree, Hiliery Clieton needs to be lowered into a vat of molten metal. That or nuke the bîatch from outer space.
Bonus award winning IRS administrator Lois Lerner prefers the hammer method for HD erasure. So simple, even a political hack can do it!
This author seems to have very limited imagination about how to permanently erase something.