Am i being paranoid? are all my data safe?

Discussion in 'MacBook Pro' started by edwardjulio, Mar 30, 2015.

  1. edwardjulio macrumors newbie

    Joined:
    Dec 7, 2014
    #1
    I purchased a macbook a month ago, i returned the macbook 2 times due to screen flickering, the 3rd replacement has no problem(which is good).

    Suddenly i was thinking about my data on those 2 laptops that i returned, so here is what i did, every time i received a new macbook, i made a fresh back-up on the time machine (no data at all), after that, i started to fill the laptop with all my important data, including my office sensitive data which is really confidential, and also email( i used apple mail apps, which means my sensitive emails are stored locally).

    After i found the flickering problem, i returned the macbook, instead of formatting the ssd, i simply restore the "fresh back up" that i have from the time machine. So that it erased all my sensitive data.

    but then, i found that lots of software can recover almost all data from a laptop, if the data has not been overwritten with other data couple times. Now, i am really worried about my data on the previous laptop that i returned to apple, my assumption here is apple will sell the laptop as refurbished items(am i correct). How if somebody who bought that laptop needs to do some recovery, and find my sensitive data or email? i did not format the ssd, but i did restore my fresh back-up( i understand it erases the whole ssd, but i am still not 100% sure that my data is safe), can somebody comment on my concern? some experts maybe? any experience in recovering ssd on macbook? i know that traditional hard drive is really easy to be recovered, but how about ssd? i don't have OCD, but i do know how important and sensitive the data that i store on the laptop. Thanks, and sorry for the long explanation.

    it is a macbook pro retina 13 mid 2014
     
  2. redheeler macrumors 603

    redheeler

    Joined:
    Oct 17, 2014
    #2
    The concern comes from the fact that in a typical erase the space is merely marked as free on the drive and not actually overwritten with 0s. A secure erase will write over the space with 0s.

    Apple should perform a secure erase and clean install before they sell it though, so there's nothing to worry about.
     
  3. Hieveryone macrumors 68020

    Joined:
    Apr 11, 2014
    #3
    I mean I'm sure Apple has got your back with this and they cleaned it up.

    But in all seriousness, if you have that sensitive data, it should never leave your hands.

    Even if it's an old external drive you want to sell, forget it.

    If sensitive data has ever been on a hard drive, that hard drive should never leave your possession.

    But regarding your concern, I would guess you're fine. Apple took care of it I would imagine.

    BTW, what was the nature of the data? Just curious ;)
     
  4. edwardjulio thread starter macrumors newbie

    Joined:
    Dec 7, 2014
    #4
    I do agree with you, i have never sold any laptops that i have, but in this case, i bought a quite expensive laptop with flickering screen and the laptop was 2 days old. i have no choice but to return it. I am sorry but i can't explain the nature of the data, what I can tell you is, if that data is read by someone else, I probably will lose my job, and my company will not be happy at all.
     
  5. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #5
    Apple will likely carry out a format and reinstall of the OS as part of the refurb process but you are right, you took minimal to no precautions, restoring a backup that doesn't contain your sensitive data does NOT constitute any kind of secure erase. Any file that has not been overwritten or Trimmed will be potentially recoverable by file recovery software.

    Disk Utility contains erase, erase free space and formatting options, any of those would be way better.

    You should consider Filevault2 if you have sensitive information, that will force anyone (Apple, thief etc), to format the drive to boot from that drive without the Filevault password.
     
  6. Hieveryone macrumors 68020

    Joined:
    Apr 11, 2014
    #6
    You're probably fine dude. The chances of that happening are so low. I don't know anyone who bought a refurb MBP then started trying to recover data. Plus im sure AAPL has thought of this already.

    :)
     
  7. redheeler macrumors 603

    redheeler

    Joined:
    Oct 17, 2014
    #7
    I agree with this. If you have sensitive company data next time use FileVault or perform a secure erase through Disk Utility.

    I recommend you use FileVault. That way if your laptop ever gets stolen your data will be safe.
     
  8. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #8
    Then the company should provide a machine to keep it on and control the security protocol around it (or force one on your use). If they allow that data to be on your personal machine without safeguards then that is foolish of them. If they don't allow that data on your personal machine then you are very exposed.
     
  9. Hieveryone macrumors 68020

    Joined:
    Apr 11, 2014
    #9
    He MIGHT be exposed but chances of the scenario playing out are SO low man. Seriously, who buys a refurb then tries to recover the data on it?

    And yeah, that company needs to step their game up.

    I know companies that only allow data on paper and never leaves certain rooms let alone employees' computers.
     
  10. Mikael H macrumors 6502

    Joined:
    Sep 3, 2014
    #10
    Being a bit paranoid regarding data isn't a bad thing.
    There is a difference between storing data on an SSD when compared to storing it on a regular hard drive. As someone already mentioned, usually when you delete a file in an operating system, it just removes the index pointer to the file, leaving the actual data on the disk.
    On an SSD, though, this behavior causes the disk to become sluggish over time ("because of technical reasons" :D). Modern operating systems (after 2010-2011 somewhere) therefore support a disk command called "TRIM" which effectively resets the blocks used by a deleted file on an SSD.

    In summary: If you have an SSD-based computer (which a modern MacBook is) and you delete a file (or clear the file system), and then let the computer hang around for long enough for the TRIM process to finish, you should be reasonably safe against people finding your old data.

    It is generally a good idea to activate disk encryption via FileVault if you care about the privacy of your data should your computer be stolen.
     
  11. edwardjulio thread starter macrumors newbie

    Joined:
    Dec 7, 2014
    #11
    Thanks for your suggestion

    ----------

    Thanks for your suggestion, i will turn on the filevault
     
  12. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #12
    Only needs the refurb process to miss that step and the next user gets an installed machine (which will be obvious). Wrong kind of person (or do you think only nice people buy Macs?), perhaps just a journalist whose interest is tweaked and boom...

    ...and we don't know the nature of the data.

    Anyhow, OP is worried, is right to be worried and will hopefully treat such data more securely next time (although that is a low bar).
     
  13. redheeler macrumors 603

    redheeler

    Joined:
    Oct 17, 2014
    #13
    "Installed machine"? The OP did restore it from a clean backup, assuming that Apple does neglect to secure erase the data will be hidden on the SSD and very few people would even think to look for it.

    ----------

    I agree the OP has learned from this experience and will be more careful with their data next time.
     
  14. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #14
    I just meant it won't be asking for the initial setup, hence it will appear "installed" as opposed to a fresh, factory first boot.
     
  15. redheeler macrumors 603

    redheeler

    Joined:
    Oct 17, 2014
    #15
    This is true, but as I said in my initial post Apple should at least perform an OS reinstall.
     
  16. edwardjulio thread starter macrumors newbie

    Joined:
    Dec 7, 2014
    #16
    i did learn something.. thanks
     
  17. dyt1983 macrumors 65816

    Joined:
    May 6, 2014
    Location:
    USA USA USA
    #17
    A secure erase does not overwrite erased data on an SSD. The writing of 0s is intended to replace data marked as erased, but it is actually written to new, empty blocks. If the SSD is full, then it will start scavenging previously written blocks, but this is automatic and not under control of the operating system. Also if enough time has passed, then TRIM will overwrite the erase blocks. But trashing/emptying files and then immediately doing Disk Utility "Erase Free Space", or using "Secure Empty Trash" does not guarantee overwriting of the old data.

    (I omitted your correct quote about doing a reinstall or Apple doing a secure erase, if the whole disk is marked as empty and doing an overwrite will certainly overwrite data, I'm just focusing on the "Secure Empty" and "Erase Free Space" not doing what most people assume it is doing.)
     
  18. newellj macrumors 601

    Joined:
    Oct 15, 2014
    Location:
    Boston, MA, US
    #18
    ^^^ Which is why encrypting the disk before erasing it is a good practice. (I would say encrypting the disk is good practice, period, but that's a different topic.) If the disk is encrypted before it's erased, whatever's left on the SSD is useless.
     
  19. SavMBP15 macrumors 6502

    Joined:
    Mar 26, 2010
    #19
    Not possible on mbp with SSD installed. Option is greyed out "Erase Free Space."

    The only 99% sure way before you return, sell an SSD is to FDE then do a clean install of the OS.
     
  20. duervo macrumors 68000

    duervo

    Joined:
    Feb 5, 2011
    #20
    You guys are mixing up traditional HDD secure erase with SSD secure erase. With the latter, zeros are not written to the drive like they are with the former.

    SSDs are fast, but they are not THAT fast, to write zeros to a 256GB drive (for example) in less than 5 seconds. That's the usual amount of time it takes for me to perform a secure erase on a 256GB consumer grade SSD.

    Bottom line is before you pass an ssd-based system out of your hands, and you are worried about the security of the data, do an SSD Secure Erase of the drive first.
     
  21. dyt1983, Apr 2, 2015
    Last edited: Jun 2, 2015

    dyt1983 macrumors 65816

    Joined:
    May 6, 2014
    Location:
    USA USA USA
    #21
    edit: To remove personally identifying information not relevant to the thread. Remove dead picture link.
     
  22. duervo macrumors 68000

    duervo

    Joined:
    Feb 5, 2011
    #22
    Oohhh, ok. Yeah I was mixing up what you guys were talking about. So, with that in mind, Disk Utility's secure erase is not the ideal method to wipe an SSD.

    It will write zeros, which for an SSD, is still data. The SSD is completely full ... of zeros at that point. As a result, it will take a performance hit. Secure SSD erase will actually do a block level erase of the drive, and not write zeros to every cell, so it's extremely fast to complete. Once a memory cell is erased, the data is gone. Writing a zero isn't going to make it any more "gone" than it already is.

    Another advantage of doing a secure SSD erase is that it uses the SSD's controller to do it. This means that even data on cells that cannot be accessed by the OS or the user will be erased (like with a cell that had been marked as "bad" because the controller detected that it was starting to fail. Its data will get copied to an empty cell, and the "bad" cell will get marked bad and from that point on, the OS/user will not be able to access it, but the data is still there, laying dormant.) As far as I know, Disk Utility's secure erase does not do this, but admittedly I have not tested it. I just stick to the method that I know works (you know ... that whole "if it ain't broke, don't fix it" thing.)
     
  23. edwardjulio thread starter macrumors newbie

    Joined:
    Dec 7, 2014
    #23

    Attached Files:

  24. dyt1983, Apr 8, 2015
    Last edited: Jun 2, 2015

    dyt1983 macrumors 65816

    Joined:
    May 6, 2014
    Location:
    USA USA USA
    #24
    edit: To remove personally identifying information not relevant to the thread.
     

Share This Page