Previous 1 2 Next 16 Replies Latest reply: Jan 18, 2012 4:51 PM by the tall
the tall Level 1 Level 1 (0 points)

As a relative newbie, do you recommend erasing free space, and how would I do that?


I read about people using Onyx etc for security from web browsing, bank details etc. But does the erase free space do the same thing or just delete files, and  not web history from Safari etc. Can I gather that deleting from Safari doesn't make it unrecoverable for sensitive details when you are using bank payments etc. Can anyone help here please. There are a million and one options to secure delete on Windows but I see little on a Mac, But if disk utility does the same thing.... or does it not touch Safari history etc..

MacBook Pro
  • WZZZ Level 6 Level 6 (12,775 points)

    Anything you delete or simply move to the Trash and empty normally, without using secure empty, is theoretically recoverable. What you are doing when you trash or delete an item is you are removing its known path from the system, but the underlying file is still there potentially recoverable... until it is actually overwritten by new data. You could use erase free space, but I am hesitant to do that myself since there have been glitches and problems associated with that. One is that it may create a huge temporary file which consumes all the free disk space and hangs things up pretty badly.

  • the tall Level 1 Level 1 (0 points)

    Thank you, but you can't move anything from the Safari history/cache to the recycle bin, that's just a delete history and reset isn't it?


    How do you move that into a recycle bin? When deleting obviously that doesn't show in the trash, so how do you secure delete that?

  • WZZZ Level 6 Level 6 (12,775 points)

    My best answer, though there may be better ones: AFAIK, the browser history and cache of any browser contain only URLs. The purpose of history is to enable you to locate a previously visited site. The purpose of the cache is to speed loading of previously visited sites. It was probably much more useful when many people had very slow dial-up connections. Now I don't think it much matters. Anyway, I don't think there's any sensitive data recorded in the history or the cache, except if you wouldn't want someone to know which sites you had visited. Many browsers allow "private browsing" to defeat this.


    What might potentially be exploited is the form history, where the browser records for future use any phrases, keywords or answers to various fields. Many people recommend turning off AutoFill in Safari. I don't use Safari, but perhaps someone else will know how to find the AutoFill history and maybe selectively delete any previous entries. In Firefox, which I use, there is an Add-on to do this called Form History Control.


    From any browser, you would want to remove the following:


    Card numbers: Every credit and debit card number
    CVV/CVC: The 3 digit verification codes from the back of several cards
    Social security / national insurance numbers
    Bank accounts: Several bank account numbers and sort codes
    Addresses: Home address, amongst others
    Date of birth: Handy in combination with the above data
    User names: login name for many many websites, even those where I said not to remember the actual passwords
    Phone numbers: my home and mobile phone numbers, amongst others
    Answers to several “security questions” used to reset passwords on sites
  • the tall Level 1 Level 1 (0 points)

    Thank you, I would think the cache would also fill with images from every page you visit as it does on PCs, not just URLs, I have no idea how it would work on Apple though. Like files, wouldn't these also bloat the HD. Where would images store as they do on a PC?


    It's a good list of items to remove, but my point is it's just a delete, not a secure delete, that's what I would be happier about doing after bank details etc. Something like secure delete for Trash, but for finances websites from Safari. Assume reset safari is not secure as it could be?

  • ds store Level 7 Level 7 (30,325 points)

    If your really really paranoid, then you should remove the drive and destroy it, if it's a SSD then that's the only way to truly destroy data. SSD's can't be secure deleted at all despite what software says or does.


    If your moderatly paranoid, then learn how to use Lion Recovery (or 10.6 install disk) to 7x erase the entire OS X parittion and reinstall OS X and your files from backup.



    If your just wanting to remove traces of your  online adult type behavior, embarrasing if discovered, then:


    You need something like OnyX's cleaning and maintenance (all!) and CCleaner for OS X, once you have deleted the "caches" reboot the machine.


    Mac's have many hidden caches, also you need to reboot the machine to clear the DNS cache too.


    Once you do that you need to clean the "free space" on the drive using Apple's Disk Utility using the 7x overwrite feature, takes several hours.. 1x Zero is faster and may be good enough, isn't quite enough for the government spy types and that's how Brian Manning got caught. He used the 35x at first, but that takes several days to complete, it was taking too long so he used the Zero erase (about a hour) and then reinstalled OS X, it wasnt' good enough, the government got the communications with Wikileaks. LOL


    If you just want a clean machine for viewing makware laden adult sites, the best way is to use a virtual machine software and a guest OS either Windows or free Linux, then save a "snapshot" of a pristine guest OS version. Revert back to that older snapshot when your done and use the Erase Free Space 7x if your paranoid.


    If the law wants to check you out, they will consult the ISP records for the last year to see if you have been doing anything illegal, those records are not erased, I think the government gets a copy of that and keeps it forever. LOL.


    You do know your cell phone is tracking you and recording all your behavior on it right?


    You need to read Slashdot daily, you learn there is no such thing as online privacy.

  • WZZZ Level 6 Level 6 (12,775 points)

    Unless there's some as yet unknown exploit that can read the erased data the way specialized recovery software does, I don't think there's much to worry about as you are actively using your computer. I can't imagine an exploit that would go to all this trouble, or even if it would be possible. Anyway, there are much easier ways of stealing data.


    For Safari Cache, have a look at this old thread, which might or might not still be applicable.



    Or navigate to Caches/ in your home Library, and move the Cache.db to the Trash. Then secure empty.

  • the tall Level 1 Level 1 (0 points)

    Thank you for your answers.


    Why does everyone assume that when we're asking for safety online, relating to sites that have personal information and bank details you automatically suspect we're trying to hide p*rn sites? Every thread I've searched makes the same remarks,... was kind of hoping I could avoid it. I moved to Apple to avoid the problems of Windows and having bank details/credit card nicked from the laptop....


    And what is 'local storage' and plist files that can't be viewed properly when opened.


    When you reset Safari, the 'local storage' has all the history in there anyway, so what is the point?


    Wzzz, What is the difference between Cache/Safari, and the Safari folder in Library, you delete both, or does cache empty the Safari Folder

  • ds store Level 7 Level 7 (30,325 points)

    the tall wrote:

    I moved to Apple to avoid the problems of Windows and having bank details/credit card nicked from the laptop....


    Mac's offer little protection for this, your life is a open book on a Mac, just like is on iPhones and iPads. Haven't heard of CarrierIQ yet?



    it's just harder to gain access remotely, but Mac's have been cracked and trojaned. What's bad about it is most won't know because of the most clever will get in and be sure to be covert and low key, not gain a wide attention with a mass infection.




    Anyone who does banking online or ATM, debit/checks with amounts they can't afford to lose is not well informed of the dangers.



    Banks love online bankers, it takes the responsibility off their shoulders.



    More details of the story.


  • the tall Level 1 Level 1 (0 points)

    And what do you suggest about the caches in Library, not to bother and use Onyx, Is it easy to use for someone who knows little about the ways of Apple?

  • WZZZ Level 6 Level 6 (12,775 points)

    If they're going to get your on line banking information, it's much more likely your bank's database or third party processing will be hacked.

  • the tall Level 1 Level 1 (0 points)

    thanks, but can you delete the cache and safari folder stuff too if I'm lending it out to be safe?

  • WZZZ Level 6 Level 6 (12,775 points)

    I already said you can delete the Cache.db. I hardly use Safari, so what's in mine is not at all representative, but you could open yours with TextEdit and look inside to see if there's anything remotely sensitve. I don't see anything in mine to be concerned about. But that may be because I use Safari so rarely.


    I would be more concerned with AutoFill. It looks like this may be where that stuff is kept. You would have to do some more research on your own to determine exactly how to go about removing any or all of those entries. Maybe some Extension for Safari to do that. I don't know, since I don't use Safari. You might ask here.



    I really don't know enough to pursue this any further. Not to be patronizing, but I think you are taking this to an unnecessary extreme.


    This is in your home folder Library/Safari. Mine is completely empty.


    Screen shot 2012-01-18 at 10.55.27 AM.png


    Reset should take care of it.


    Screen shot 2012-01-18 at 11.13.33 AM.png


    Message was edited by: WZZZ

  • fane_j Level 4 Level 4 (3,660 points)

    WZZZ wrote:


    If they're going to get your on line banking information, it's much more likely your bank's database or third party processing will be hacked.

    Yes. A lot of people who worry about this don't realise just how small a target they are. Nowadays, much of this stuff is done for profit, and it just doesn't pay to break into computers retail-fashion. How many credit cards does the average Mac user store on his machine? Say, 10? Is it worth a hacker's time to break through 10 different routers in 10 different configurations into 10 different machines -- when he can break into STRATFOR's (ha!) servers and get hundreds or thousands of cards in one go?


    < us_says_hacker_target.html>

  • the tall Level 1 Level 1 (0 points)

    Thanks again for your help.


    The reset Safari you show above does not remove the files and they still have alot of the files with old site info in the folders. So wondered what reset actually does, because it doesn't delete them



    I saw the cache.db folder, but wondered what the 'webpage previews' one is in the same folder, and also all the files in Library/Safari. Can you delete any of them?

Previous 1 2 Next