Q: Erasing Hard Drive - No More "Secure" Options?

Skippy Stone wrote:

 

Note that this seems to indicated flash storage, not disks.  But, whatever. I have learned in this thread that it is impossible to run out of room on a hard-drive, because you can never write over all the data. Thus there must be blocks always available, right?  If you start at block A and step through every byte, until you reach block Z, you indeed will write over all the data. The disks will probably skip bad bytes and blocks, which means they are bad and not-recoverable, anyway. Or we can do it the hard way and randomly write data, here and there, and hope we erase what we are worried about.

For hard disks — and ignoring revectored (bad) blocks — yes.

For SSDs, the overwrite involves the entire disk plus the capacity of the pool of spare blocks.

It's the secure delete that does not work the same with SSDs as it did with hard disks.

The deleted data in an SSD eventually gets erased and released into the free pool and ready for use later.

As mentioned in my earlier reply, sectors don't have fixed mapping on SSDs.  This for various reasons not the least of which is that the erasure process is slow, and because it's beneficial to level the wear across all of the available storage rather than wearing out one or two specific sectors.

A request for a multiple-overwrite does nothing useful with an SSD, as it's not actually overwriting the same physical storage each time.   It's just churning through the free pool, uselessly writing to various parts of the SSD.   If you blow through the free pool, then the data will get erased — but it's erased secondary to the erasure process that the SSD does with each sector before it can be reallocated and reused, and not due to the erasure request.

Not until the deleted data goes through the erasure process — or the whole drive gets a security erase — is the data from the original deletion actually deleted.

Not that getting at the data that's still in the storage that's pending an erasure is at all easy, either.

Typical end-user of a Mac that's preparing for sale or disposal?   Wipe the disk and reload OS X, and you're very likely fine.   Use FileVault 2 for best results here, too.

If you're operating in an environment with specific disposal requirements or extremely sensitive information, then please check with the folks in your organization that deal with these questions directly, or chat directly with somebody that specializes in the area of data and hardware disposal.

MrHoffman wrote:

Overwrites don't work the same on SSDs as they do on hard disks — hard disks use the same storage area — the same sector — for each rewrite and for overwrites, up until when that sector gets an error and the host then revectors the storage to a spare block.   (Downside of revectoring, the old data can still be readable, even if there are errors in it.

For completeness, it should be mentioned that while a mechanical drive may use the same sector for rewrites or overwrites, the file system & the OS often does not. For instance, OS X uses techniques like delayed writes & hot file clustering to improve performance & reduce file fragmentation, which effectively copies data from some sectors to others without overwriting the old ones. Fusion drives dynamically move files between solid state & mechanical storage depending on the frequency of their access & do not necessarily place items moved into sold state memory back into the same sectors on the mechanical drive. The virtual memory system (VM) further complicates things because it pages data out of memory into storage & may not always use the same sectors for this. Likewise, some processes create temporary files for a variety of reasons & they too may contain user data that isn't overwritten immediately.

This is why the secure empty trash & any other secure erase function short of a secure erase of the entire volume are not reliable -- it is basically an all or nothing thing, even for mechanical drives.