I need to hand my rMBP in for repairs. Is FileVault enough to keep my data private?

[danqi]

My 2014 rMBP is in need of a display repair (also, one of the rubber feet fell off, which apparently means that the whole underside has to be replaced...). I have to hand it in at the Apple Store in the next few days and I am concerned about the privacy of my data. I tend to be somewhat paranoid about privacy in general and it doesn't help that I have some sensitive business data on the drive. I'd prefer to just take the SSD out, but since that is not really an option anymore, what is my best course of action here? The drive is FileVault 2 encrypted. Is that enough to keep Apple employees out? Would it be better to erase the drive and restore from a backup afterwards? Is erasing even helpful, when it comes to SSDs?

Thanks!

 

[keysofanxiety]

Yep, FileVault would be enough. But at the best of times they're so busy, they'll just look to fit the hardware ASAP rather than snoop through all your personal stuff.

 

[jerryk]

I am paranoid about this stuff and would remove the information temporarily. Hopefully it is just in a folder or two.

 

[Mobster1983]

I am paranoid about this stuff as well. I would save a time machine backup and restore my laptop to factory settings before taking it in, then just restoring it from time machine when I get it back. Pretty extreme measure, but you never know with people.

 

[ZapNZs]

Unless you have highly sensitive data on it along the lines of trade secretes or national security archives or the true identity of DB Cooper, yes, it should be sufficient.

If you are extremely paranoid, you could use Veracrypt for your most sensitive files. This is probably overkill, but it provides an extra layer of security through the use of open-source security software.

You could go even further and take action to securely erase the content. This is almost certainly overkill, and a huge time expenditure.

You could also ask that they replace the bottom case while you are there, as it is only several screws. I tend to take my Macs to a specific Apple Authorized repair provider in my area, as I know the techs on a first name basis who will work on the computer, and trust them even if they are working on a computer that is not using full disk encryption (which obviously then would not have sensitive data on it - otherwise, it would be encrypted.)

 

[Apple_Robert]

I suggest you make two backups of your MBP before sending for repair. I would also wipe the drive. You will be assured nothing personal is accessed this way.

 

[wjw0111]

All depends on your level of paranoia and how you set up your FileVault.

I think when you set up FileVault you can either have it linked to iCloud or you can keep the recovery key yourself. If you chose the latter I would say your data is near 100% safe. If linked to iCloud you're probably still 99.8% safe, but I guess potentially a conspiracy of Apple employees at both retail, data centre and corporate levels could work together to unlock your data...

Either case you're probably just fine, but keeping your recovery key in an offline and secure method (paper in a safe) is the only way to really protect it. Just make sure the safe is good

 

[ZapNZs]

All depends on your level of paranoia and how you set up your FileVault.

I think when you set up FileVault you can either have it linked to iCloud or you can keep the recovery key yourself. If you chose the latter I would say your data is near 100% safe. If linked to iCloud you're probably still 99.8% safe, but I guess potentially a conspiracy of Apple employees at both retail, data centre and corporate levels could work together to unlock your data...

Either case you're probably just fine, but keeping your recovery key in an offline and secure method (paper in a safe) is the only way to really protect it. Just make sure the safe is good

I keep mine in an ISM

 

[thesaint024]

Sort of a related question about harddrive security for you experts. Do SSD's behave the same way as HDD's in that they require actual overwriting to permanently and securely delete contents? I currently use a 3rd party app for permanent deleting, but maybe this isn't necessary for SSD's?

 

[ZapNZs]

Sort of a related question about harddrive security for you experts. Do SSD's behave the same way as HDD's in that they require actual overwriting to permanently and securely delete contents? I currently use a 3rd party app for permanent deleting, but maybe this isn't necessary for SSD's?

I was interested in this as well and found this thread to be very interesting of a read
https://apple.stackexchange.com/questions/6278/how-to-securely-erase-an-ssd-drive

Some of it is presumably dated since it was written prior to TRIM support became more common

 

[thesaint024]

I was interested in this as well and found this thread to be very interesting of a read
https://apple.stackexchange.com/questions/6278/how-to-securely-erase-an-ssd-drive

Some of it is presumably dated since it was written prior to TRIM support became more common

Thanks for that, it is one heck of a read. Not sure if I am clear on the takeaways though. It sounds like SSD's work a little different than HDD's in that you need to essentially erase the whole thing with certain steps and cannot do secure file by file permanent deletions. Sounds like Filevault encryption should be secure enough to just use regular empty trash. Did I misinterpret any of this?

 

[Apple_Robert]

Sort of a related question about harddrive security for you experts. Do SSD's behave the same way as HDD's in that they require actual overwriting to permanently and securely delete contents? I currently use a 3rd party app for permanent deleting, but maybe this isn't necessary for SSD's?

If you use FileVault, deleting the contents (erase disk) with FV engaged will make for a clean, secure erase.

 

[ZapNZs]

If you use FileVault, deleting the contents (erase disk) with FV engaged will make for a clean, secure erase.

I was under the impression that a simple erase can still leave recoverable blocks on the drive, but, provided Filevault is enabled, it becomes a moot point because any recoverable data would be encrypted? (and consequently, deleting a drive without FV enabled using a fast-erase would leave recoverable data that is potentially usable because it would not be encrypted?)

 

[SarcasticJoe]

If I'm not mistaken FileVault uses uses the encryption algorithm called the AES (Advanced Encryption Standard) with a 256 bit encryption key.

It may be the most common encryption algorithm in use right now, but because of this it's been very heavily studied and is thus probably the most thoroughly vetted encryption algorithm out there. People have put some pretty considerable amounts of effort into cracking it, but nobody's son far come up with a practical attack (in the sense that it can be cracked by a supercomputer in a matter of years rather than centuries) against it. Even the U.S army uses it, thou with keys that are 1024 bits or longer.

If we want to move to borderline conspiracy theory land, certain three letter U.S government organizations have over the last decade been forced to use alternative methods of getting access to encrypted data due to how good encryption algorithms like AES are. The most well publicized method has been hacking people's devices to extract data before it's encrypted and after it's decrypted. However the more insidious method, which is more in the realm of conspiracy theory than hacking after the Snowden and Vault 7 leaks, is that they've been tampering with the random number generators used to generate encryption keys. The theory is that they've successfully made the key generators less random and more predictable, meaning that they can "guess" the keys a number of orders magnitude easier than they otherwise would.

So I guess the only 100% secure way if you can still boot the machine is to turn on use one of the various "safe erase" techniques you can use to delete files in a way where they can't be recovered anymore before you send it in for repairs.

 

[alFR]

With FileVault enabled, if you erase the disk using Disk Utility it deletes the encryption key so (barring you being of very high interest to the NSA) your data is gone. To the OP in particular:

1. You need to back everything up before it goes in anyway, Apple don't guarantee your data will survive the repair process. Probably not an issue in your case, but don't chance it.
2. You'll probably need to give them your login (or set up another account they can log in to) so they can test the machine after the repair, so if you're really worried do a TM backup (and ideally a clone of the drive using Superduper or Carbon Copy Cloner as well), erase the drive and reinstall macOS before you take it in then restore from backup after you get it back.

 

[Fishrrman]

ZapNZs wrote:
"I was interested in this as well and found this thread to be very interesting of a read
https://apple.stackexchange.com/questions/6278/how-to-securely-erase-an-ssd-drive"

I'm surprised that there has yet to appear ANY kind of utility to invoke the "secure erase" command on an SSD.

This command DOES exist, as evidenced that it CAN be invoked while using Parted Magic (booted into Linux).

But -- why no utility on the Mac by which to do so?

Is this command "not executable" (not even sure if that's the right term) in the Mac OS?

 

[BLUEDOG314]

Secure erase is no longer in disk utility sure, but you can use terminal. I believe its "diskutil randomdisk x diskn" where x is the number of times to overwrite the drive and n is the disk number, usually 0 if you are erasing the primary internal drive.

 

[Fishrrman]

Bluedog wrote:
"Secure erase is no longer in disk utility sure, but you can use terminal."

The "secure erase" I'm talking about has never existed in Disk Utility.

It's a command that [if I understand correctly] tells the SSD controller to "reset" ALL the memory cells on the drive back to "original state".

It can be executed using "Parted Magic" running under Linux.

I know of no utility running under the Mac OS that can issue it.

 

[Weaselboy]

Bluedog wrote:
"Secure erase is no longer in disk utility sure, but you can use terminal."

The "secure erase" I'm talking about has never existed in Disk Utility.

It's a command that [if I understand correctly] tells the SSD controller to "reset" ALL the memory cells on the drive back to "original state".

It can be executed using "Parted Magic" running under Linux.

I know of no utility running under the Mac OS that can issue it.

https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

Yeah... I think you are talking about the ATA secure erase command under Linux hdparm. I have seen sites where people were able to make a bootable Linux CD and get that to work on a Mac and run the command. But last time I looked all those sites were fairly old. I'm not sure it can even be done on newer Macs.

 

[Fishrrman]

Weaselboy wrote:
"Yeah... I think you are talking about the ATA secure erase command under Linux hdparm. I have seen sites where people were able to make a bootable Linux CD and get that to work on a Mac and run the command. But last time I looked all those sites were fairly old. I'm not sure it can even be done on newer Macs."

I have a PartedMagic CD (bootable to Linux that supposedly can issue that command), but all my SSD's are USB3, and the PM software won't touch them. It seems to "aim for" internally-mounted drives only.

Just wondering... but...
...how can a command be present in an SSD's controller, which can be executed under Linux, but -NOT- executable under the Mac OS?

Again, just wondering.

 

[Weaselboy]

I have a PartedMagic CD (bootable to Linux that supposedly can issue that command), but all my SSD's are USB3, and the PM software won't touch them. It seems to "aim for" internally-mounted drives only.

Just wondering... but...
...how can a command be present in an SSD's controller, which can be executed under Linux, but -NOT- executable under the Mac OS?

Again, just wondering.

I think this is the same reason TRIM won't work over USB. Those ATA commands cannot be passed along the USB bus.