Secure Empty Trash missing on El Capitan

The article the link points to cannot be found

Not only does the file in the link not exist, but 'Help' still gives instructions as if Secure Empty Trash' still exists

More bad advice. The command 'cd ~/.Trash && rm -rf *' does not do anything differently then a normal empty trash does. It does not securely delete anything.

OS X El Capitan: Delete files and folders

The help article from Apple still indicates the secure delete feature is in el capitan. How embarrassing for Apple to continue to promote on its website, features no longer available for those of us with computers using HDD instead of SSD. Somehow I don't think Steve Jobs would have let these kind of blatant errors be published on Apple's website as a help article... (c'mon, Cook - you have to get tighter control!).

That said, I always wondered why, when I put one or two files into trash, my computer would indicate it was securely deleting MORE than the number of files put into trash. I had always hoped it was just grabbing other bits and pieces of data not fully deleted. Guess I'll never know since I don't have the time to waste playing around with data recovery software, etc.

For now, the "delete immediately" seems to work (open the trash, highlight the files you wish to delete immediately, two-finger tap and choose this option).

SSD's are constantly moving data around in an attempt to even the wear across the flash chips. A TRIM operation is automatically performed after a file deletion and typically occurs within a few seconds after the user gives the command to deletes files. I recently attended a conference where a presentation was made by the CTO of Drive Savers. Because SSD's are constantly moving data around, recovering deleted file segments from an SSD is a difficult process unlike that of a magnetic hard drive where the data sticks around indefinitely until the OS decides to use those unused sectors for writing other data. So in a sense, SSD's are inherently less prone to data recovery attacks and over much shorter periods of time than a hard drive, it eventually becomes nearly impossible to recover deleted data.

Regarding Bigbopper's comment about secure erase of empty free space missing in El Capitan, there's a Linux command called "sfill" that replaces this functionality. I grabbed the source code for sfill out of Ubunutu's secure-delete package and built it cleanly under MacOS. It works perfectly to securely erase ALL free space on a specified partition. The default is to run a full 38 passes of various erase patterns which can an excessively long time depending on how much free space is on the partition. However, the user can specify less secure erases which run much faster. I generally use the 0xff/0x00 two-pass sequence on a regular basis which takes about an hour to run. Since there seems to be ongoing debate regarding what data is emptied via the Trash bin and if the actual areas where the data existed on the drive are truly securely erased, sfill provides confidence that regardless of what emptying the trash actually does, all existing free space is erased. For more info on sfill, see http://manpages.ubuntu.com/manpages/lucid/man1/sfill.1.html.

Note that sfill with the least secure erase options does nothing more than a one-pass write of 0x00 to all empty sectors. I've found that for SSD devices, this option can be used occasionally (e.g. on a monthly basis) with almost no degradation of the life of the flash chips. I also use this option on 32 and 64 GB micro-SD cards where only a small portion of the device holds data prior to compressing them and backing them up. Filling all empty sectors with 0's on a partially full SD card can greatly reduce the size of the compressed archive file being backed up.

My issue started when I tried to empty trash, but was told that a file (in this case a deleted podcast) could not be deleted because it was still in use. In the past I've been able to get around this by using Secure Delete - but this time I couldn't. Checking Help showed how to Secure Delete, but the function is not there anymore. Very inconsistent on Apple's part - if something has been added or removed, all documentation needs to be updated as well.

Somehow I don't think Steve Jobs would have let these kind of blatant errors be published

Clearly, Steve was a complex man. But he undeniably knew every aspect of his company's products very well.

I remember in 2006 watching him demonstrate iMovie, iDVD, iPhoto and the Mac OS. It was obvious that he was very involved in what Apple turned out. Say what you will about Steve, but he gave us what we wanted.

In fact, I called up Apple Support two days back to check what is happening to this option. The support adviser assured me that the normal delete - Empty Trash - actually does Secure Empty Trash. How bad !!

I have actually created a file, deleted, emptied trash, and then using a recover software recovered it in full !!!

Not just there is gap between what Apple says and implemented, even their support advisers don't know the full fact :-(

My gosh, the amount of apple kool aid wafting on these forums is nauseating... regardless, I do come here every now and then in hopes of dereferencing some nuggests.

Yes, post SJ apple have had yet another lightning flash - they've decided to do away with the GUI secure empty of trash - who knows why. Maybe they want to make it less cumbersome for the trolls up in fort meade or maybe they wanted to provide their flock with yet another genius bar line item.

Anyway, as long as UNIX is still around, here are 3 commands you could use - you could also create an alias for anyone of these - and feel free to use that other leech, google, to figure out additional options...

1. rm -rP /<path>
2. srm -rfv -s /path (try the m and z switches for more options)
3. diskutil secureErase freespace LEVEL /Volumes/<drive>

Thank you. I know the rm and srm commands but did not realize that there was a command line version of diskutil.

Still, it is frustrating that Apple removed this function. Secure erase of free space is not quite the same as secure empty of the trash. But it can get the job done.

Hi. Do you think Apple will bring again secure empty trash in the next updates? Not yet updated to the el capitan because of it.

Hi. Do you think Apple will bring again secure empty trash in the next updates? Not yet updated to the el capitan because of it.

BigBopper wrote:

Thank you. I know the rm and srm commands but did not realize that there was a command line version of diskutil.

Still, it is frustrating that Apple removed this function. Secure erase of free space is not quite the same as secure empty of the trash. But it can get the job done.

Note that (as has been mentioned more than once in this discussion) srm & the secure versions of rm will not necessarily securely remove all traces of a file on a SSD. Even the diskutil secureErase freespace command may not do this. In fact, this may even be true for modern mechanical hard drives because they can automatically map out bad sectors, making them inaccessible to these OS level commands, but they may still contain recoverable data.

If you are really interested in the nuts & bolts of secure data deletion, I suggest wading through Secure Deletion of Data from Magnetic and Solid-State Memory, the seminal paper written by Peter Gutmann, the author of the (almost always misused) Gutmann algorithm 35-pass secure erase. (See his comments in the first epilogue about that algorithm being regarded as a "voodoo incantation" for more about that.) Also check out his follow up paper, Data Remanence in Semiconductor Devices, particularly the conclusion section beginning on page 15.

The bottom line is truly secure deletion of digital data is extremely hard to achieve & strongly dependent on the type of device holding that data. If you want to keep your data secure it is much better to rely on strong encryption than any iffy deletion techniques.

R C-R you can't even get people to read the responses in this thread. How do you expect them to read, much less comprehend, a 16 page paper with 75 references written by a doctor of computer science?

Stop confusing people with facts. They want demand their illusions.

I, for one, appreciate the technical references. I am a retired IT professional with mainly a software background. I understand the principles of the storage hardware but don't know all the details. But then, I have a Ph.D. in Computer Science with a background in computational theory.