9 Replies Latest reply: Mar 22, 2012 5:54 PM by fane_j
JDLee Level 1 (5 points)

I have an appointment to bring my iMac in tomorrow for service at an Apple store.  I think all I need is for the inside of the front glass to be cleaned, and they told me I shouldn't need to leave it, but who knows.


I just realized that I haven't ever brought any computer in for service in 20 years of owning them (I've been lucky, I guess).  I want to do everything I can to protect my privacy. 


I've moved sensitive documents and information off both internal hard drives.  I've emptied the trash.  I've also cleared the history and cache on all three browsers I use.


I'm not going to go to the trouble to move all video files and pictures off my internal hard drives.  It's way too much data.  There is definitely stuff I consider private that I don't want others to look at, but I just can't see moving all of it.  I'd love to password-protect the folders so nobody can get in them, but apparently that isn't possible (I don't want to go through creating encrypted disk images--again, way too much data).


My questions:


Is there anything else I should do to protect my privacy before I bring my computer in for service?


Is there any easy way to password-protect folders and files?


I went in Finder and locked one folder, but it still opens up with no problem, so that didn't help.  I presume this is because I'm the only one who uses my computer and I don't require a password on startup.  I also presume that such a password wouldn't prevent techs from looking at something if they were so inclined.


I'm not as worried about all of this as I would be if I were bringing the computer in to some independent servicer (instead of the Apple store where I'm bringing it).  But I really don't like the idea that the techs will have access to everything on my hard drives while they are servicing my computer.


Any advice is appreciated.

iMac (27-inch Mid 2010), Mac OS X (10.6.4)
  • fane_j Level 4 (3,660 points)

    JDLee wrote:


    Is there anything else I should do to protect my privacy before I bring my computer in for service?

    You can try FileVault




    But the real solution (I don't think you'll like this) is simple:


    1. Back up. (You should always have at least 2 working backups.)
    2. Boot from an external clone or from install disc.
    3. Re-format (erase) the internal hard disk.
    4. Re-install Mac OS X (without entering any personal data).
    5. When you get back the Mac, repeat 2 and 3.
    6. Restore from backup.


    An even simpler solution: Remove the hard drive before taking it to the store. They don't need a hard drive to clean the glass; and, if they do need to boot up the Mac, they should have plenty of boot devices lying around.

  • JDLee Level 1 (5 points)

    It's an iMac, so I can't open it.  I'd be afraid to try.


    The rest of it sounds like a workable plan, but I have to admit it's far too much trouble for me.  I back up certain data, but not the whole system.

  • WZZZ Level 6 (12,875 points)

    Another possibility. What I've done in case the unexpected happens and I can't zero everything out because the drive has suddenly died: Move all the sensitive stuff into a password protected encrypted disk image. Make sure you uncheck have Keychain remember the password (tatoo the password on some inconspicuous body part.) Also, make a duplicate for backup purposes in case the original -- very unlikely -- gets corrupted. For redundancy, besides having two clones, I even put this on a Flash drive.




    Best to use sparse bundle. I'd avoid vile fault (file vault) like the plague.

  • ds store Level 7 (30,325 points)

    Filevault likely isn't going to work as the Genius Bar is probably going to ask for the password to check the machine operates after opening it up, likely as a matter of procedure against future complaints.


    Filevault needs a whole lot of empty space on the drive to place the newly encrypted data, if something goes wrong with a users machine, that data is not recoverable by direct access to the hard drive. Avoid Filevault, it slows down the machine and it's more trouble that it's worth.



    Also iMac's hard drives are not a user removable part, which is a substantial problem in the concerns of privacy. It can be done of course and should be done if the machine is going to be discarded,  Apple can/has refused to work on a machine that's been user altered.


    Only the MacPro and MacBook Pro lines can one be permitted to self-remove a hard drive and then take it into a Apple Store for repair. I've done this and simply had them install a new hard drive (paid for) as part of the repair process.



    What I would do is this, get two blank powered external hard drives equal too or slightly larger than the size of your internal boot drive and download a free copy of Carbon Copy Cloner (disconnect all other drives, TimeMachine etc)




    Simply launch CCC and clone your entire OS X boot drive/partition to each of the external drives, the default setting is perfect, all you have to do is select drive A to drive B and click Clone.


    (note: CCC won't clone Bootcamp partition, just the OS X partitition with no Filevault, if you have Bootcamp, boot into Windows and make a manual copy of your files to another drive, also Winclone can be used to image Bootcamp to another drive and later restore with)


    It will take some time, but it's effortless as the computer will do all the work, just turn off sleep/screensaver and let it work.


    Next once that is finished, reboot the iMac holding the option key down, you can select one of the external drives to boot from, so try that with each one to test them out.


    Once your satisfied, then while booted from one of the external clones, run Disk Utility and select YOUR INTERNAL DRIVE and Erase > Security Option > Zero ALL DATA, let this go for a few hours until completed.


    (note: if your data is of interest to  govenments/corporations/criminals, use the 7x overwrite/erase but it will take overnight)


    Now your internal drive is completely wiped of all data, you have everything you need on the two external clones. Your operating system, your users folders, your programs, everything (except what was in the Trash)


    To make life easier for the Genius folks and cut your wait time, disconnect all drives, simply insert the 10.6 disk that came with your iMac, reboot and hold the c key down, you'll boot from the disk and can install 10.6 right onto your erased internal hard drive. This will take about 40 minutes. Then reboot to the Welcome to Mac screen and use your same user name as before. (different password is fine). Use Software Update to get current on 10.6.8.


    Thats it, take your iMac into the Genius Bar and let them do thier thing, there is no trace of you on the machine at all.




    Once you get the machine back, you can choose to either


    1: Install your 10.6 based programs again from fresh sources/update and then simply hook up one of the external clones and transfer files (or transfer users using Migration Assistant), not boot from the clone, simply transfer the user data you want.


    This is known as a "fresh install" which people sometimes do to optimize and clean up a machine. A new OS, new copies of programs and using the old copies of files. It's more work setting things back up again, but it's clean and pristine, machine runs faster.


    2: Your other option is to hold option key and boot off one of the clones, (grab any files on the new internal drive you may have made), then  simply use CCC to clone B to A (reverse clone)


    Reboot and your back to what you had before exactly.

  • WZZZ Level 6 (12,875 points)

    ds store wrote: (note: if your data is of interest to  govenments/corporations/criminals, use the 7x overwrite/erase but it will take overnight)

    Anything but a one pass zero is serious time wasting overkill. Maybe the NSA can do it, but even there significant data recovery is unlikely after a zero one pass.


    http://www.h-online.com/newsticker/news/item/Secure-deletion-a-single-overwrite- will-do-it-739699.html

  • ds store Level 7 (30,325 points)

    WZZZ wrote:


    Anything but a one pass zero is serious time wasting overkill. Maybe the NSA can do it, but even there significant data recovery is unlikely after a zero one pass.



    Zero pass is enough for most users, however if the OP has very sensitive data that is of interest to governments, corporations or organized crime who can use magnetic force microscopy machines to recover the data from a cloned then switched drive while being repaired (either done maliciously or part of the repair process), then they should use the 7x overwrite feature.


    Brain Manning started using the 35x overwrite, but that takes days and he grew impatient, so he swtiched to the Zero erase instead as it's faster. That's what got him nailed hard, Zero erase isn't good enough for very sensitive data.


    7x is D.O.D. approved method for secure drive erasure, any site saying less is acceptable for sensitive data is a moron.


    And it's not a waste of time if it's running overnight, the computer is doing all the work.

  • ds store Level 7 (30,325 points)

    I should note, if by chance you get a new Mac, you can't reverse clone the iMac's OS X onto the new Mac's hard drive.


    Only the same exact model, machine, year etc. can cloning occur.


    However you can install all your programs on the new Mac and then use Migration Assistant (or Setup Assistant when the machine first boots and past the Welcome video) to transfer the old user to the new Mac.


    Unless you want to do a fresh install, then just transfer use files manually into the same named user account on the new machine.

  • JDLee Level 1 (5 points)

    Thanks to all of you who have posted.  I guess I can only mark two as helpful, unfortunately.


    They cleaned my machine while I was waiting without needing to start it up, so I was lucky.  But all of this is good information for any future repairs.


    I don't have anything that rises to the level of government or corporate interest.  It's just stuff that I don't want anyone to see, including some video that is not mine and the owners don't want anyone else to see. 


    As far as wiping, I have a 2TB internal drive, and I find that even a zero wipe takes a long time.  One thing I really wish Apple had is the ability to wipe delete individual files without going through the trash.


    The last time I had to dispose of a hard drive, I beat it with a sledge hammer until it broke apart.  I then beat, bent, and scratched the platters.  I then threw it away in different trash cans.  It wasn't my hard drive, so I wanted to be very careful.  If someone can retrieve data after all of that, they've earned it.

  • fane_j Level 4 (3,660 points)

    JDLee wrote:


    One thing I really wish Apple had is the ability to wipe delete individual files without going through the trash.

    (1) <http://docs.info.apple.com/article.html?path=Mac/10.6/en/11847.html>


    (2) In Terminal


    $ man rm


    (3) Do a search on MacUpdate (or Softpedia, etc). You'll find quite a few tools for this purpose.


    (4) IMHO, for this issue you have to balance, on one hand, the time and trouble it takes for you to deal with it, and, on the other, the time and resources interested parties might be willing to put into recovering your data. It seems to me that, in your case, a simple delete for files or re-format for a whole drive is quite enough.