keithfromkeighley

Q: How to secure empty trash in El Capitan

How to secure empty trash in El Capitan

iMac, OS X Yosemite (10.10.2)

Posted on Oct 31, 2015 5:59 AM

Close

Q: How to secure empty trash in El Capitan

  • All replies
  • Helpful answers

  • by rkaufmann87,Helpful

    rkaufmann87 rkaufmann87 Oct 31, 2015 1:53 PM in response to keithfromkeighley
    Level 9 (58,795 points)
    Photos for Mac
    Oct 31, 2015 1:53 PM in response to keithfromkeighley

    Secure empty trash is now an antiquated term with El Capitan. When you empty the trash in El Capitan it is securely emptied. Please refer to

     

    About the security content of OS X El Capitan v10.11 - Apple Support

     

    You can find the section under Finder where it states:

     

    • FinderAvailable for: Mac OS X v10.6.8 and laterImpact: The "Secure Empty Trash" feature may not securely delete files placed in the TrashDescription: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option.CVE-IDCVE-2015-5901 : Apple
  • by Linc Davis,Solvedanswer

    Linc Davis Linc Davis Oct 31, 2015 1:52 PM in response to keithfromkeighley
    Level 10 (208,000 points)
    Applications
    Oct 31, 2015 1:52 PM in response to keithfromkeighley

    The Trash is not emptied securely in El Capitan, and cannot be emptied securely on an SSD-based system. If you need that kind of security, use FileVault.

  • by keithfromkeighley,

    keithfromkeighley keithfromkeighley Oct 31, 2015 1:51 PM in response to rkaufmann87
    Level 1 (0 points)
    Oct 31, 2015 1:51 PM in response to rkaufmann87

    Hi, Your info did the trick thank you very much for your time.

  • by annabelle,

    annabelle annabelle Nov 15, 2015 4:30 PM in response to keithfromkeighley
    Level 3 (520 points)
    Apple Watch
    Nov 15, 2015 4:30 PM in response to keithfromkeighley

    There is an app Permanent Eraser that does the job, it's free and has a contextual menu too

    You don't even need to put the file in the trash,

    just option-click  the file and choose ERASE

  • by Linc Davis,

    Linc Davis Linc Davis Nov 15, 2015 4:43 PM in response to keithfromkeighley
    Level 10 (208,000 points)
    Applications
    Nov 15, 2015 4:43 PM in response to keithfromkeighley

    Any software that puports to securely erase files from an SSD is at best useless.

  • by keithfromkeighley,

    keithfromkeighley keithfromkeighley Nov 15, 2015 11:53 PM in response to annabelle
    Level 1 (0 points)
    Nov 15, 2015 11:53 PM in response to annabelle

    Hi Annabelle,thank you for your suggestion have already installed a shredder that is ok for me.

  • by keithfromkeighley,

    keithfromkeighley keithfromkeighley Nov 15, 2015 11:56 PM in response to keithfromkeighley
    Level 1 (0 points)
    Nov 15, 2015 11:56 PM in response to keithfromkeighley

    Hi,thank you for your input,I do not use an SSD and have found a file shredder that does the job well.

  • by BobHarris,

    BobHarris BobHarris Nov 16, 2015 5:44 AM in response to keithfromkeighley
    Level 6 (19,597 points)
    Mac OS X
    Nov 16, 2015 5:44 AM in response to keithfromkeighley

    keithfromkeighley wrote:

     

    Hi,thank you for your input,I do not use an SSD and have found a file shredder that does the job well.

    Be aware that due to the nature of hard disk sector replacement, file system optimizations, application file handling, your data could exist on the disk after you perform your shredder operations.

     

    hard disks can decide to replace a sector that is starting to report too many read errors.  Someone with sufficient skill can recover data from these replaced sectors.  If your data is in those sectors it can be recovered.

     

    The file system may decide to defragment your file, which will leave the original storage unshredded.

     

    A Fusion drive will first write a file to the SSD, then later move the file to the hard disk. The original storage on the SSD will be unshredded.

     

    An application that is processing your data may use cache files, and it is very common for an app to write the modified file data to a new file, then rename the new file to the original name.  The rename operation will release the original file contents unshredded.  In fact OS X has a file system call that makes this approach trivial for applications, so it is frequently used.

     

    If you have sensitive data on your system, you should be using System Preferences -> Security -> FileVault (make sure you do not loose the encryption key).  Then deleted files are just a bunch of random bits, as are any intermediate copies and remapped sectors.

  • by keithfromkeighley,

    keithfromkeighley keithfromkeighley Nov 16, 2015 8:36 AM in response to BobHarris
    Level 1 (0 points)
    Nov 16, 2015 8:36 AM in response to BobHarris

    Hi Bob,so it looks like I wasted my time with the shredder jobby?,I do and have done for some time used "File Vault". Thank you for the assistance,Apple ought to consider people as we are not all geniuses grrr. Thank you now for some app deleting.

  • by BobHarris,

    BobHarris BobHarris Nov 16, 2015 8:54 AM in response to keithfromkeighley
    Level 6 (19,597 points)
    Mac OS X
    Nov 16, 2015 8:54 AM in response to keithfromkeighley

    keithfromkeighley wrote:

     

    Hi Bob,so it looks like I wasted my time with the shredder jobby?,I do and have done for some time used "File Vault". Thank you for the assistance,Apple ought to consider people as we are not all geniuses grrr. Thank you now for some app deleting.

    They did.  They gave you FileVault.  They remove the wrongly named "Secure Erase" because it was never secure.  Mostly because it is after the fact.

     

    Since the operating system and every application you run does not know that you eventually want to securely erase this file, so it is mishandled right up until you finally say I was to it to be securely erased.  Oops!   Too late, we have already mishandled your data. Sorry.

     

    Also SSDs just do not work they way you think they work.  Every write is to a different sector, and the sector with your data is just moved into a pool of sectors to eventually get reused.  A Secure Erase (shredder) operation on an SSD just wears out the SSD faster, without touching any of the original data.

     

    And keeping in mind that Apple (and the rest of the computer industry) are moving towards using more and more SSD drives, and fewer rotating hard disks.

     

    It is much better now, that Apple is not giving you false hope, and encouraging you to encrypt your data if you want security for your sensitive data.

  • by keithfromkeighley,

    keithfromkeighley keithfromkeighley Nov 16, 2015 1:07 PM in response to keithfromkeighley
    Level 1 (0 points)
    Nov 16, 2015 1:07 PM in response to keithfromkeighley

    This matter has now been resolved,thank you to all who helped to bring this about