Q: I downloaded OS X El Capitan and lost my Secure Empty Trash, I just have Empty Trash.  How can I get the Secure Empty Trash back?

Secure Empty Trash is not a feature of El Capitan. You will have to contact Apple Support in your country for an explanation.

Cheers

Pete

See this discussion for more information:

https://discussions.apple.com/thread/7250851

lllaass wrote:

See this discussion for more information:

https://discussions.apple.com/thread/7250851

The "executive summary" version of that long discussion is this:

• Secure Empty Trash does not & cannot work with SSDs (solid state drives). There is nothing Apple can do about this; it is inherent in the way they store data.

• It may or may not work with conventional mechanical drives, but even when it does there may be traces of the file's data left on the drive.

• So-called "shredder" apps that claim to do the same thing as the Secure Empty Trash function don't do anything that function could not do, other than to increase the wear on SSDs slightly.

• Bottom line: the Secure Empty Trash function when used with modern drives (mechanical or solid state) is not a reliable way to prevent data recovery. Instead, use strong encryption for that purpose.

Your assumptions are half baked based on comments from someone who has partially understood the problem.

Anyway, as long as UNIX is still around, here are 3 commands you could use - you could also create an alias for anyone of these...

1. rm -rP /<path>
2. srm -rfv -s /path (try the m and z switches for more options)
3. diskutil secureErase freespace LEVEL /Volumes/<drive>

"Secure Empty Trash" is gone as per Apple's posting:

How to securely delete files in OS X 10.11 ‘El Capitan’

How to securely delete files in OS X 10.11 ‘El Capitan’ (2)

!cultOfApple wrote:

 

Your assumptions are half baked based on comments from someone who has partially understood the problem.

 

Anyway, as long as UNIX is still around, here are 3 commands you could use ...

No Unix command can overcome the underlying hardware issues in the drives themselves that make securely erasing all vestiges of trashed files a hit or miss proposition. Commands like the secure versions of rm cannot overwrite mapped out sectors on conventional rotating hard drives nor track down sectors where parts of a file were stored before they were moved during builtin defragmentation routines. Likewise, they cannot access memory cells in SSDs directly, so internal wear leveling routines in the SSD controller make it impossible to know if the command is overwriting the cells that contain the file's data or something else.

What using these commands definitely can do on SSDs is increase the wear on the memory cells & make them wear out a little faster.

!cultOfApple wrote:

 

Your assumptions are half baked based on comments from someone who has partially understood the problem.

 

Anyway, as long as UNIX is still around, here are 3 commands you could use - you could also create an alias for anyone of these...

1. rm -rP /<path>
2. srm -rfv -s /path (try the m and z switches for more options)
3. diskutil secureErase freespace LEVEL /Volumes/<drive>

SSDs don't map sectors in the same way that hard disks traditionally did (hard disks also no longer map the same way they once did, but that's fodder for another discussion), and when an overwrite is requested on an SSD, the SSD reallocates all writes into previously erased blocks or free space sourced from elsewhere on the SSD, and adjusts the mapping to reference the newly-written storage.   The user and the applications still the traditional view of the hard disk due to the mapping.  That mapping is used both as a cache to make writes faster as the erasure operation on SSD is glacial, and also to spread the write activity across all of the available storage to avoid wearing out specific parts of the SSD — but this means that the underlying storage isn't overwritten until it's erased and written sometime later, or until the whole disk is erased with an SSD-level reformat (technically the ERASE UNIT / Secure Erasure mechanisms)...    For how SSD storage is freed, see the TRIM command.  That's how the host tells the SSD that the storage is no longer in use and can thus be erased and cached for reuse.  So until and unless the user has written enough to clear out the cache of all previously erased data, traditional overwrite operations don't overwrite the storage that held the previous data.

srn and diskutil will probably get you most of the way here, but you'll want to overwrite several times to hopefully catch all storage.   (Depending on the sensitivity of the data on the device, words like "most" and "probably" and "hopefully" aren't what you want to hear, either.)

https://www.usenix.org/legacy/events/fast11/tech/full_papers/Wei.pdf

http://apple.stackexchange.com/questions/6278/how-to-securely-erase-an-ssd-drive

http://www.anandtech.com/show/2738

http://www.intel.co.uk/content/dam/www/public/us/en/documents/technology-briefs/ ssd-520-aes-tech-brief.pdf

http://www.kingston.com/us/community/articledetail?ArticleId=10

Apple recommends using FileVault (FileVault 2).  FileVault also has advantages around avoiding problems with data remanence in revectored (bad) sectors that can arise on hard disk drives, as well.

Eric Root wrote:

How to securely delete files in OS X 10.11 ‘El Capitan’ (2)

 

OS X El Capitan: Delete files and folders needs to be updated since Finder > Secure Empty Trash was removed in the final 10.11 release, per the already mentioned About the security content of OS X El Capitan v10.11 article.

Did you read what I wrote because if you had, you'd notice that I'm not suggesting what you're claiming I am.

That second one, Eric, is kinda screwy, especially since it's from Apple support.

Securely empty the Trash

Even after you empty the Trash, deleted files can be recovered using data-recovery software. For extra security, you can delete files so they can’t easily be recovered.

1. Drag the item to the Trash.
2. Click the Finder icon in the Dock, then choose Finder > Secure Empty Trash. When you see a warning message, click OK.

Files deleted in this way are completely overwritten by meaningless data. This may take some time, depending on the size of the files.

Am I missing something or is this in conflict with everything else said.

Whickwithy wrote:

Am I missing something or is this in conflict with everything else said.

You aren't missing anything, but Apple's K-base article is. Secure empty trash was removed from El Capitan for security reasons.

If you're real worried about it, best solution (better than secure delete in fact, because it is protected before it is deleted) is just encrypt the file folder using disk utility.

http://www.intego.com/mac-security-blog/how-to-use-apples-built-in-features-to-e ncrypt-files-and-folders/

I find it very strange that Apple has no comments anywhere that I can find on using this feature of disk utility.

Also, I need to warn that I haven't yet tried this capability so am not sure of the outcome.

Whickwithy wrote:

 

If you're real worried about it, best solution (better than secure delete in fact, because it is protected before it is deleted) is just encrypt the file folder using disk utility.

That article and that approach will work, though a more typical approach with newer releases — which will deal with data in the trash or other folders and incidental data, for instance — would be to enable and use FileVault (FileVault 2) to encrypt the whole drive. 

 

 

 

I find it very strange that Apple has no comments anywhere that I can find on using this feature of disk utility.

Not sure which feature you're referring to here; the secure delete change, or using Disk Utility to create encrypted shares.   If the former, then Apple has posted some comments (scroll down).   Or if the latter...

Filevault is just a much more cumbersome approach for me.

That article (the second one) talks about how to encrypt the whole disk image.  I cannot find one that talk about file>new image>image from folder...  While they are very similar, they are not the same thing.