Since Apple removed the Secure Empty Trash facility, I've got into the habit of securely deleting files via the Terminal using the srm -m or srm -rf commands.
I have just upgraded from El Capitan to OS X Sierra, and this command no longer seems to exist??
Does anyone know what's happened?
MacBook Pro, macOS Sierra (10.12), 2.2 GHz Intel Core i7 8GB 1333 MHz
I don't know how srm worked, but from the man page for rm in Sierra:
-P Overwrite regular files before deleting them. Files are
overwritten three times, first with the byte pattern 0xff,
then 0x00, and then 0xff again, before they are deleted.
That won't meet strict secure delete standards or guarantee data vanish forever, but is better than nothing. And yes, FileVault on top of that is even better, but that only protects the data while the computer is not booted up.
That won't meet strict secure delete standards or guarantee data vanish forever
Nothing short of melting the storage subsystem into a puddle of slag is going to insure nothing can be read in a replaced sector, etc...
But srm and other secure erase methods are out-of-step with current storage technology.
In theory Apple APFS file system should address per file encryption, based on publicly available documents. But until it gets into the hands of users, we will not know for sure.
chrisfromaustin wrote:
That won't meet strict secure delete standards or guarantee data vanish forever, but is better than nothing.
I disagree. The illusion of security is far worse than nothing.
No one other than Apple can explain their justifications for removing srm, but it takes very little thought to surmise the reason. Apparently "very little thought" is too much for some.
Afaik the SRM command does not guarantee the secure deletion of files on SSDs because of the wear leveling. That's why it probably got removed in Sierra. And this was also the cause for the "Secure empty trash" option to be removed from the Finder.
So there's no way to secure delete files on a Mac?
That seems ... ridiculous.
I don't know if there is any way to secure delete files on SSDs at all (besides of completely filling the SSD with random data). Why they removed this option even for hard drives is inexplicable.
Because of how modern disk drives work there was NEVER a way to truly secure delete. A rotating disk will do bad sector replacement, but data can be read from bad sectors with the right tools. SSDs never write to the same place twice, then constantly remap pre-cleaned sectors to the old logical offset, and SSD bad block replacement moves a bad sector out of service, and again can be read with the right software.
A company like Apple, that gets sued because they have money in the bank, cannot afford to have a service or utility that claims it provides a secure delete if it does not 100% provide that service.
If you are concerned about sensitive data, you should be using System Preferences -> Security -> FileVault, so that deleted files are just a bunch of random bits. This will get even better when the new file system in Sierra is more commonly used by Mac users.
If you do not want FileVault, and want a srm tool, then follow the suggestions from sesser and install your own flawed tool, which keep Apple libel free.
Ok. Thanks all for your replies.
I was facing the same problem and hence I've created a tiny app for using "Secure Empty Trash" and "srm" feature in macOS Sierra that was found in previous OS X. For downloading it, watch this video on YouTube (Secure Empty Trash in macOS Sierra | iSecure)
Thanks. Using it. 🙂
Terminal srm command no longer works
