peterfrommawson lakes wrote:
Apple's explanation of their reasons for removing this function make no sense at all. If there's a problem with the delete algorithms or a security breach is possible then why not fix the problem?
It is likely not fixable. For SSD's, there is no fix possible. Repeatedly writing to the disk serves little purpose as the cells may not actually hold the data anymore. Also, it will reduce the lifespan of the drive. The drive controller can do things with the data and not tell the OS. A similar problem happens on a spinning disk in that the controller can remap bad sectors without the OS knowing. Those "bad" sectors can store the data you wish to erase securely. The OS knows nothing about them or what is stored in them.
Does using the command directly as in "diskutil secureErase freespace LEVEL /Volumes/DRIVENAM" still have the same issues as the function that has been removed?
There is no difference. OS X is just a GUI wrapper that implements the unix commands.
Some articles suggest using the rm (or a variant of this command) command also works - but aren't these just the lower level calls used by the removed function?
It is srm, but I am not sure if that is actually used by diskutil or if they have their own algorithm. Regardless, it has the same flaws.
Going back to this:
why not fix the problem?
They did. It's called FileVault. If you fully encrypt the disk, there is no need to securely erase anything.