Secure Empty Trash missing on El Capitan

!cultOfApple wrote:

Did you read what I wrote because if you had, you'd notice that I'm not suggesting what you're claiming I am. Ditto RCR.

If you are suggesting that Terminal commands that may or may not actually securely erase anything are the "next best thing" to actually being able to do that reliably, then I have to disagree with you about that. If data security is important, then the only sensible choice is strong data encryption, period.

Would you disagree that just encrypting the file/folder in the first place is the best solution?

I agree that encryption from the beginning is the best practice but it is not always possible. For anything sensitive that I create, I use encrypted storage. But sometimes, I receive a file that I consider to be sensitive but it wasn't encrypted when I received it. I move it into encrypted storage and would like to securely erase the unencrypted copy.

I move it into encrypted storage and would like to securely erase the unencrypted copy.

... leaving unencrypted copies of it on servers over the world.

If despite the numerous limitations already explained, you remain bound and determined beyond all reason to duplicate the exact same function as "Secure Empty Trash", it remains available in El Cap. I illustrated a GUI implementation of it in the above screenshot, which you are free to use as you see fit. You can even use that nice looking translucent "shredder" icon to replace the Trash. Or perhaps a skull and crossbones is more to your liking.

You can even add a clever sound effect. What would you like? Chainsaw? Toilet flush? I'm open to suggestions.

I see. I think you may ought to investigate the Disk utility option. If I understand it correctly, you can encrypt existing files, though I could be wrong. Another option is that what Disk Utility does is create an encrypted folder. If the original that you received was sent to that folder, I think you would be starting with an encrypted file.

Whickwithy wrote:

I see. I think you may ought to investigate the Disk utility option. If I understand it correctly, you can encrypt existing files, though I could be wrong. Another option is that what Disk Utility does is create an encrypted folder. If the original that you received was sent to that folder, I think you would be starting with an encrypted file.

Filevault 2 does full disk encryption. This is by far the best way to secure the data on your Mac, since there are many places where that data or information about it can be stored on the drive.

Of course, as John pointed out that will only encrypt things on your drive, not anything on some remote server that is sent to you.

Filevault 2 does full disk encryption.

Exactly, who needs everything encrypted and all of the required additional, cumbersome steps? I could also argue that it has its security limitations, also. I wouldn't ever use filevault.

This is just bad advice, especially if you own a laptop, do any kind of e-commerce, banking etc. You don't know where all of these apps cache files with sensitive data. Simply having a single encrypted folder will not solve this. Full disk encryption solves this, and is arguably easier to setup and use (since its transparent) then a dedicated encrypted folder that you create with disk utils. FileVault2 is very performant and easy to use even for non-techie folks and when your laptop with all your bank account statements, tax returns etc. gets stolen you will be glad you used it.

Use of this command from the terminal is potentially disastrous to the integrity of data as well the OS installed on your hard drive as it can delete files the OS protects for a reason and will destroy them without so much as a warning.

Whickwithy wrote:

Exactly, who needs everything encrypted and all of the required additional, cumbersome steps?

There really isn't anything very cumbersome about using Filevault 2. Besides, if you really care about securing your data, you need to be using full disk encryption. If you just rely on copying files to an encrypted folder, you still have the original unencrypted version on the drive until you trash it ... which takes us right back to the problems inherent in the now MIA secure empty trash option.

But even if you manage to securely overwrite the file space used by the original, there is no guarantee that some or all of its data may not be in a cache file, or that buried in the logs, databases, etc. that OS X maintains there will be nothing recoverable that someone with the right forensic tools can use.

I could also argue that it has its security limitations, also.

Like what? Filevault 2 uses strong XTS-AES 128 encryption with a 256 bit key, as recommended by the US National Institute of Standards and Technology (NIST). It is the same scheme used to create encrypted disk images, so whatever limits it has for full disk encryption apply equally to them.

I also noticed that under disk utilities you can no longer do a wipe of free space on the local drive.

Maybe the NSA got after them because people could clean their disks making it difficult if not impossible to recover deleted items. lol

from what I've read about File Vault; nothing is 100% but Apple managed to seriously P. off the FBI for including this level of security in the OS.

Correct me if I'm wrong (a very real possibility) but, once you have logged into your Mac with FileVault, you have access to all files. If so, that means anytime the Mac leaves your sight, you need to log out, put it to sleep, or something. Otherwise, your files are at risk. That is cumbersome and less secure for certain situations, unless you are always extremely careful to log out each and every time. That's not even to mention things like key-loggers, etc.

In the case somebody has one or two files (my case exactly) that they want to have secure and the files are seldom (if ever) accessed, then just encrypting those specific files means I don't have to worry about always having to use a password on my computer. The likelihood that my computer gets stolen are slim to none and, even so, it wouldn't really matter except for a couple of files. So, yes, in my case, Filevault is extremely burdensome. I would have to log out any time I left the computer's presence. I leave the thing running 24/7 because it consumes so very little power and I can turn on the display in a heartbeat and go right to work. No need for logging in or inputting a password because the files at risk are not open. Therefore, they are secure.

And, again, the way I read the disk Utility option, you can place those files, as they arrive on your computer, directly into the secured folder. Again, I could be wrong but, if it works that way, it seems the simplest option to completely secure specific files. Or, in my case, where I create the files, I'm pretty certain, I can create them directly in the secured folder. If I am wrong about this, than all bets are off.

Filevault seems complete overkill except in extreme cases where every bit of info on the computer is sensitive. If you need complete and ultimate security (involved in espionage?) and can take no chances then, great, you may need Filevault.

Whickwithy wrote:

Correct me if I'm wrong (a very real possibility) but, once you have logged into your Mac with FileVault, you have access to all files. If so, that means anytime the Mac leaves your sight, you need to log out, put it to sleep, or something.

If you aren't doing that now, then you leave yourself wide open for all kinds of security issues, including someone installing key-loggers & various kinds of malware. If you are normally logged into an admin account they could even quite easily create a new one & delete your entire home folder & everything on it, or turn on Filevault 2, set a password you know nothing about, or do any of several other things to deny you access to your own computer.

There is nothing cumbersome about using this minimal level of security. Just go to System Preferences > Security & Privacy > General tab & click the "Require password" box, & set a convenient interval to require entering a password after the screen saver or system sleep kicks in, then go to the Energy Saver preference & set it to something other than keeping the system from never sleeping.

Actually, you don't even have to do that last step if you are using a laptop & set it to sleep automatically when you close the lid. For almost any Mac you can also use the keyboard shortcut to sleep the system immediately (command + option + eject) or set up a 'hot corner" to put the display to sleep or start the screensaver. At least one of these things should not be too cumbersome for anyone even minimally concerned about security to use.

And, again, the way I read the disk Utility option, you can place those files, as they arrive on your computer, directly into the secured folder. Again, I could be wrong but, if it works that way, it seems the simplest option to completely secure specific files. Or, in my case, where I create the files, I'm pretty certain, I can create them directly in the secured folder. If I am wrong about this, than all bets are off.

As already has been explained more than once by more than one person in this long thread, there is more to it than that. I'm not going to repeat any of it again, other than to say it is a bet, one that is by no means a sure thing.

use cmd + space

type in terminal

terminal window will open, wrote:

man srm

mac:~ mac$ man srm | cat | head -40

SRM(1) SRM(1)

NAME

srm - securely remove files or directories

SYNOPSIS

srm [OPTION]... FILE...

DESCRIPTION

srm removes each specified file by overwriting, renaming, and truncat-

ing it before unlinking. This prevents other people from undeleting or

recovering any information about the file from the command line.

srm, like every program that uses the getopt function to parse its

arguments, lets you use the -- option to indicate that all following

arguments are non-options. To remove a file called '-f' in the current

directory, you could type either "srm -- -f" or "srm ./-f".

OPTIONS

-d, --directory

ignored (for compatibility with rm(1))

-f, --force

ignore nonexistent files, never prompt

-i, --interactive

prompt before any removal

-r, -R, --recursive

remove the contents of directories recursively

-s, --simple