secure empty trash in Mojave

MIV204 wrote:

How do you do a secure empty trash in Mojave 10.14.1 ? It is no longer an option in the File menu of Finder. Thanks. Michael

To add— the secure empty trash option has been gone for several macOS now. It was a misleading option not applicable to SSD.

you can read more, if interested:

What happened to "Secure empty trash" option?

https://lifehacker.com/why-secure-empty-trash-is-gone-in-el-capitan-and-wha-1744 422665

Longer-winded version:

With SSD storage and its use of TRIM, all deletions are secure. All freed blocks are necessarily erased, as part of preparing that same storage for re-use.

SSD storage is fundamentally very different from how HDD works, how sectors are mapped and are freed for reuse, and particularly around how thr floppy-disk-era sector overwrites and related practices simply serve to further wear the device for no tangible benefits. You can’t require an SSD sector without erasing it first (TRIM is an optimization that speeds this erasure and reallocation and reassignment processint), and wear-leveling for relability and for performance means thatnyou can’t even address the contents of deleted SSD sector.

Full disk encryption further means that the entire contents of the SSD are inaccessible, absent the credentials necessary to decrypt and access the volume. If your passwords and credentials for FileVault and for your login are weak or exposed, then there are bigger issues lurking than any efforts to scavenge the SSD for what few in-flight deleted sectors might still be present in the cache between the deletion request and the cmpletion of thr SSD-internal erasure processing.

With an SSD, everything deleted gets erased.

If you’re dealing with HIPAA or financial or other data, check with your security folks for whatever additional compliance requirements and checklists they might have. For personal data, SSDs with TRIM and FileVault are fine. The Apple prepare-your-Mac formsale will do the rest: What to do before you sell, give away, or trade in your Mac - Apple Support

With SSD storage and its use of TRIM, all deletions are secure. All freed blocks are necessarily erased, as part of preparing that same storage for re-use.

SSD storage is fundamentally very different from how HDD works, how sectors are mapped and are freed for reuse, and particularly around how thr floppy-disk-era sector overwrites and related practices simply serve to further wear the device for no tangible benefits. You can’t require an SSD sector without erasing it first (TRIM is an optimization that speeds this erasure and reallocation and reassignment processint), and wear-leveling for relability and for performance means thatnyou can’t even address the contents of deleted SSD sector.

Full disk encryption means that the entire contents are inaccessible, absent the credentials to decrypt the volume.

Ah, this is a less-good case.

Since you’re concerned with security, FileVault 2 will probably already be enabled on that external HDD. If not, see to that first.

You might test the following tool or similar, though I’ve not tested it:

https://github.com/3vincent/secure-empty-osx-trash-hdd

I’d probably use the shell script in the above tool as a starting point, and rework it to always use the srm command and the path to your trash folder on your external HDD.

Before you test with the above tool or any similar deletion tools, have complete (and entirely disconnected!) backups. Errors with deletion commands can obviously be catastrophic.

Here’s some srm-related reading:

https://www.macworld.com/article/3005796/operating-systems/how-to-replace-secure -empty-trash-in-os-x-el-capitan.html