I just downloaded El Capitan and noticed my trash can no longer says empty securely. I've looked in the Finder menu where it used to be but it no longer offers the option. Any ideas or suggestions? Thanks.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
No Secure Empty Trash?
- Thread starter marzfreerider
- Start date
- Sort by reaction score
I suggest you watch something like this video to understand why the option was pointless on SSDs (especially towards the end of the video where this is covered):
Essentially, the SSD microcontroller manages the data on the SSD and does "wear levelling", meaning writing to a particular block with an specific ID might be mapped to a different physical block (because there is a limit to the numbers of writes possible to each cell of memory, the SSD manages this to maximise the life of the disk). The old approach of writing over with null data means that the SSD might not actually write to where the data was, but a different area of the physical flash.
Essentially, the SSD microcontroller manages the data on the SSD and does "wear levelling", meaning writing to a particular block with an specific ID might be mapped to a different physical block (because there is a limit to the numbers of writes possible to each cell of memory, the SSD manages this to maximise the life of the disk). The old approach of writing over with null data means that the SSD might not actually write to where the data was, but a different area of the physical flash.
Last edited:
Thanks for the quick replies, I watched the video and it was very interesting, thank you. Now I see why they got rid of it.
Consider also the following options:
1. Make sure TRIM is enabled (if your Mac came with an SSD, this is enabled).
2. You can instruct OS X to delete a file immediately (and add it to the microcontroller’s queue). You can do this by selecting the file, holding the option/alt key and selecting File > Delete Immediately… This will bypass Trash (you can do this from within Trash as well, just by right-clicking on a file). This way the file doesn’t linger in Trash.
3. Enable FileVault in System Preferences > Security.
That's the ACTUAL hilarious reason
No doubt the Mac OS X file system team can hack the already much-hacked HFS+ to fix this problem. But how is it that no one on the engineering team caught this problem?
http://www.zdnet.com/article/mac-fail-ssd-security/
Instead of fixing the problem they just remove the option...laughable.
Government pressure?
No doubt the Mac OS X file system team can hack the already much-hacked HFS+ to fix this problem. But how is it that no one on the engineering team caught this problem?
http://www.zdnet.com/article/mac-fail-ssd-security/
Instead of fixing the problem they just remove the option...laughable.
Government pressure?
Last edited:
As per below, secure empty trash doesn't really work with SSD due to the way they operate (wear levelling).
If you want to be able to delete stuff and care about security, use FileVault to encrypt your stuff. The whole disk is inaccessible to others in that instance.
This isn't a problem that is fixable with the filesystem really. The SSDs contain their own logic which re-maps blocks to do wear levelling. The OS can't see what is going on with that and can not control it.
Rather than leave an option that does not work with SSD and may be misleading to users, they removed it.
As I stated above, if you care about this, run FileVault.
FileVault is definitely the way to go. Even the best secure erase seems to leave around 4% of data intact (see linked ZDNet article), so there is no perfect option that could satisfy the claim of a ‘secure’ erase. That being said, how did the other software perform better than Apple’s solution? When a program can achieve much better results, why not the system itself?
Apple uses branded SSDs and they can do whatever they want with them. So their OS can safely delete anything, if they invest enough resources to implement that.
Actually the real reason is explained in post #3, but you keep ignoring...That's the ACTUAL hilarious reason
No doubt the Mac OS X file system team can hack the already much-hacked HFS+ to fix this problem. But how is it that no one on the engineering team caught this problem?
http://www.zdnet.com/article/mac-fail-ssd-security/
Instead of fixing the problem they just remove the option...laughable.
Government pressure?
"No doubt the Mac OS X file system team can hack the already much-hacked HFS+ to fix this problem."
http://www.zdnet.com/article/mac-fail-ssd-security/
Also Apple uses and exclusively supports its own branded SSD's. Absolutely they could easily fix this, but instead they just removed the option.
Lazy.
Secure Empty Trash is checkable, you can prove or disprove that it did or did not do what it was supposed to.
FileVault is a closed source encryption nobody knows if it has back doors, nobody knows if it actually does what it promises and nobody can check because Apple won't allow anybody to look at it.
The two things have completely different purposes.
Apple uses third party SSDs just like everyone else with commodity controllers (just with an apple badge on them - they don't make their own controllers or firmware), the OS still can't see what the SSD is doing.
This is by design. The blocks are presented to the OS as logical blocks, in the background the SSD is remapping stuff to spread wear across all the blocks even if only part of the drive is used to increase SSD life.
Could you do secure erase on SSD? Sure, but you'd trash the read/write cycles on your SSD, as to guarantee you wiped one block you'd need to write enough data to fill every free block on the drive several times to force the wear levelling in the controller to write to the same blocks several times. It's not really feasible or efficient.
Just encrypt your data.
edit:
oh and quoting zdnet on technical stuff as an authority (re: surely apple can fix HFS to fix it) = lolz
Last edited:
Yes, it applies to Fusion Drives too. The only really secure way to use them is to encrypt with FileVault.
Sure, they may have slightly different purposes, but if you're using an SSD the methods used by utilities to securely erase data are not reliable unless you write large, excessive wear inducing amounts of data to your SSD to get around the wear levelling in the SSD controller. Which is controlled by the SSD firmware. Which is not controlled by the operating system.
Secure delete is gone and not coming back. The only real alternative is encryption, to get some measure of privacy to prevent someone recovering your deleted stuff. It has the additional benefit of protecting stuff you haven't deleted yet.
edit:
Oh, and if you don't trust FileVault, then you may as well get rid of your Mac. And not get any recent PC either. There is no guarantee that there are not back-doors in the Skylake CPU either, and it does have a new secure microcode component in it that can run code in the CPU independent of the OS. That is proprietary, and no one knows what it does. NSA backdoor? Maybe, hardware/firmware backdoors are a thing.
Basically anyone who has a backdoor to FileVault is going to get your stuff whether it is encrypted (with another product with no backdoor), deleted, or not. You can have the best encryption in the world, if the attacker has a copy of your keys (which are stored in RAM and/or the CPU cache/registers to decrypt your stuff), you're screwed. If FileVault is backdoored, you can guarantee that plenty of the rest of OS X and/or the firmware also has enough backdoors to make it irrelevant (via retrieval of your keys).
I happen to think it doesn't but depending on how much tinfoil you wear (and i say that with respect, i wear a fair amount when it comes to Microsoft, Google, and the internet in general), YMMV and that's up to you to decide. But yeah.... if you don't trust FileVault (and maybe you shouldn't maybe i'm wrong) - then you shouldn't trust anything else Apple makes either.
Last edited:
Do you know how SSDs actually work ? You are going to ruin that with Secure Empty Trash, for no reason.
No thanks
Apple can do everything. They can ask Samsung or whoever did those SSD to modify firmware and they'll do it. And I'm sure that they already do modifications.
You don't need to rewrite blocks several times, one time is more than enough. And if I want to securely delete data, I don't really care about wearing.
Encryption is not efficient. Processor spends cycles to encrypt/decrypt data. And encryption doesn't deal with secure deleting. If someone recovers data and knows the key, he can decrypt the data I tried to delete. Not much difference here.
Processor spends far more cycles writing random data to every free block on your disk to get around the wear levelling.
yes, key disclosure is a thing (keep your keys safe!), but on balance the trade-off between writing to every free block to work around wear levelling, whilst still having all your non-deleted data recoverable by anyone who happens to plug into your mac with target disk mode vs encrypting your stuff has been made by apple it would appear.
Thanks again for all that have commented here, I do have FileVault on and always do. I thought maybe I overlooked the setting.
The thing I miss about Secure Empty Trash is the ability to delete a stubborn file in your trash. Say that you delete trash, but it stops because there's a file in the trash that can't be deleted. In Yosemite, you would just then select Secure Empty Trash and it would delete it anyway. I'm not sure if there's an equivalent in El Capitan.