Am i being paranoid? are all my data safe?

[edwardjulio]

I purchased a macbook a month ago, i returned the macbook 2 times due to screen flickering, the 3rd replacement has no problem(which is good).

Suddenly i was thinking about my data on those 2 laptops that i returned, so here is what i did, every time i received a new macbook, i made a fresh back-up on the time machine (no data at all), after that, i started to fill the laptop with all my important data, including my office sensitive data which is really confidential, and also email( i used apple mail apps, which means my sensitive emails are stored locally).

After i found the flickering problem, i returned the macbook, instead of formatting the ssd, i simply restore the "fresh back up" that i have from the time machine. So that it erased all my sensitive data.

but then, i found that lots of software can recover almost all data from a laptop, if the data has not been overwritten with other data couple times. Now, i am really worried about my data on the previous laptop that i returned to apple, my assumption here is apple will sell the laptop as refurbished items(am i correct). How if somebody who bought that laptop needs to do some recovery, and find my sensitive data or email? i did not format the ssd, but i did restore my fresh back-up( i understand it erases the whole ssd, but i am still not 100% sure that my data is safe), can somebody comment on my concern? some experts maybe? any experience in recovering ssd on macbook? i know that traditional hard drive is really easy to be recovered, but how about ssd? i don't have OCD, but i do know how important and sensitive the data that i store on the laptop. Thanks, and sorry for the long explanation.

it is a macbook pro retina 13 mid 2014

 

[redheeler]

The concern comes from the fact that in a typical erase the space is merely marked as free on the drive and not actually overwritten with 0s. A secure erase will write over the space with 0s.

Apple should perform a secure erase and clean install before they sell it though, so there's nothing to worry about.

 

[Hieveryone]

I mean I'm sure Apple has got your back with this and they cleaned it up.

But in all seriousness, if you have that sensitive data, it should never leave your hands.

Even if it's an old external drive you want to sell, forget it.

If sensitive data has ever been on a hard drive, that hard drive should never leave your possession.

But regarding your concern, I would guess you're fine. Apple took care of it I would imagine.

BTW, what was the nature of the data? Just curious

 

[edwardjulio]

I mean I'm sure Apple has got your back with this and they cleaned it up.

But in all seriousness, if you have that sensitive data, it should never leave your hands.

Even if it's an old external drive you want to sell, forget it.

If sensitive data has ever been on a hard drive, that hard drive should never leave your possession.

But regarding your concern, I would guess you're fine. Apple took care of it I would imagine.

BTW, what was the nature of the data? Just curious

I do agree with you, i have never sold any laptops that i have, but in this case, i bought a quite expensive laptop with flickering screen and the laptop was 2 days old. i have no choice but to return it. I am sorry but i can't explain the nature of the data, what I can tell you is, if that data is read by someone else, I probably will lose my job, and my company will not be happy at all.

 

[simonsi]

Apple will likely carry out a format and reinstall of the OS as part of the refurb process but you are right, you took minimal to no precautions, restoring a backup that doesn't contain your sensitive data does NOT constitute any kind of secure erase. Any file that has not been overwritten or Trimmed will be potentially recoverable by file recovery software.

Disk Utility contains erase, erase free space and formatting options, any of those would be way better.

You should consider Filevault2 if you have sensitive information, that will force anyone (Apple, thief etc), to format the drive to boot from that drive without the Filevault password.

 

[Hieveryone]

I do agree with you, i have never sold any laptops that i have, but in this case, i bought a quite expensive laptop with flickering screen and the laptop was 2 days old. i have no choice but to return it. I am sorry but i can't explain the nature of the data, what I can tell you is, if that data is read by someone else, I probably will lose my job, and my company will not be happy at all.

You're probably fine dude. The chances of that happening are so low. I don't know anyone who bought a refurb MBP then started trying to recover data. Plus im sure AAPL has thought of this already.

 

[redheeler]

Apple will likely carry out a format and reinstall of the OS as part of the refurb process but you are right, you took minimal to no precautions, restoring a backup that doesn't contain your sensitive data does NOT constitute any kind of secure erase. Any file that has not been overwritten or Trimmed will be potentially recoverable by file recovery software.

Disk Utility contains erase, erase free space and formatting options, any of those would be way better.

You should consider Filevault2 if you have sensitive information, that will force anyone (Apple, thief etc), to format the drive to boot from that drive without the Filevault password.

I agree with this. If you have sensitive company data next time use FileVault or perform a secure erase through Disk Utility.

I recommend you use FileVault. That way if your laptop ever gets stolen your data will be safe.

 

[simonsi]

if that data is read by someone else, I probably will lose my job, and my company will not be happy at all.

Then the company should provide a machine to keep it on and control the security protocol around it (or force one on your use). If they allow that data to be on your personal machine without safeguards then that is foolish of them. If they don't allow that data on your personal machine then you are very exposed.

 

[Hieveryone]

Then the company should provide a machine to keep it on and control the security protocol around it (or force one on your use). If they allow that data to be on your personal machine without safeguards then that is foolish of them. If they don't allow that data on your personal machine then you are very exposed.

He MIGHT be exposed but chances of the scenario playing out are SO low man. Seriously, who buys a refurb then tries to recover the data on it?

And yeah, that company needs to step their game up.

I know companies that only allow data on paper and never leaves certain rooms let alone employees' computers.

 

[Mikael H]

I purchased a macbook a month ago, i returned the macbook 2 times due to screen flickering, the 3rd replacement has no problem(which is good).

Suddenly i was thinking about my data on those 2 laptops that i returned, so here is what i did, every time i received a new macbook, i made a fresh back-up on the time machine (no data at all), after that, i started to fill the laptop with all my important data, including my office sensitive data which is really confidential, and also email( i used apple mail apps, which means my sensitive emails are stored locally).

After i found the flickering problem, i returned the macbook, instead of formatting the ssd, i simply restore the "fresh back up" that i have from the time machine. So that it erased all my sensitive data.

but then, i found that lots of software can recover almost all data from a laptop, if the data has not been overwritten with other data couple times. Now, i am really worried about my data on the previous laptop that i returned to apple, my assumption here is apple will sell the laptop as refurbished items(am i correct). How if somebody who bought that laptop needs to do some recovery, and find my sensitive data or email? i did not format the ssd, but i did restore my fresh back-up( i understand it erases the whole ssd, but i am still not 100% sure that my data is safe), can somebody comment on my concern? some experts maybe? any experience in recovering ssd on macbook? i know that traditional hard drive is really easy to be recovered, but how about ssd? i don't have OCD, but i do know how important and sensitive the data that i store on the laptop. Thanks, and sorry for the long explanation.

it is a macbook pro retina 13 mid 2014

Being a bit paranoid regarding data isn't a bad thing.
There is a difference between storing data on an SSD when compared to storing it on a regular hard drive. As someone already mentioned, usually when you delete a file in an operating system, it just removes the index pointer to the file, leaving the actual data on the disk.
On an SSD, though, this behavior causes the disk to become sluggish over time ("because of technical reasons" ). Modern operating systems (after 2010-2011 somewhere) therefore support a disk command called "TRIM" which effectively resets the blocks used by a deleted file on an SSD.

In summary: If you have an SSD-based computer (which a modern MacBook is) and you delete a file (or clear the file system), and then let the computer hang around for long enough for the TRIM process to finish, you should be reasonably safe against people finding your old data.

It is generally a good idea to activate disk encryption via FileVault if you care about the privacy of your data should your computer be stolen.

 

[edwardjulio]

I agree with this. If you have sensitive company data next time use FileVault or perform a secure erase through Disk Utility.

I recommend you use FileVault. That way if your laptop ever gets stolen your data will be safe.

Thanks for your suggestion

----------

Being a bit paranoid regarding data isn't a bad thing.
There is a difference between storing data on an SSD when compared to storing it on a regular hard drive. As someone already mentioned, usually when you delete a file in an operating system, it just removes the index pointer to the file, leaving the actual data on the disk.
On an SSD, though, this behavior causes the disk to become sluggish over time ("because of technical reasons" ). Modern operating systems (after 2010-2011 somewhere) therefore support a disk command called "TRIM" which effectively resets the blocks used by a deleted file on an SSD.

In summary: If you have an SSD-based computer (which a modern MacBook is) and you delete a file (or clear the file system), and then let the computer hang around for long enough for the TRIM process to finish, you should be reasonably safe against people finding your old data.

It is generally a good idea to activate disk encryption via FileVault if you care about the privacy of your data should your computer be stolen.

Thanks for your suggestion, i will turn on the filevault

 

[simonsi]

He MIGHT be exposed but chances of the scenario playing out are SO low man. Seriously, who buys a refurb then tries to recover the data on it?

Only needs the refurb process to miss that step and the next user gets an installed machine (which will be obvious). Wrong kind of person (or do you think only nice people buy Macs?), perhaps just a journalist whose interest is tweaked and boom...

...and we don't know the nature of the data.

Anyhow, OP is worried, is right to be worried and will hopefully treat such data more securely next time (although that is a low bar).

 

[redheeler]

Only needs the refurb process to miss that step and the next user gets an installed machine (which will be obvious). Wrong kind of person (or do you think only nice people buy Macs?), perhaps just a journalist whose interest is tweaked and boom...

...and we don't know the nature of the data.

Anyhow, OP is worried, is right to be worried and will hopefully treat such data more securely next time (although that is a low bar).

"Installed machine"? The OP did restore it from a clean backup, assuming that Apple does neglect to secure erase the data will be hidden on the SSD and very few people would even think to look for it.

----------

I agree the OP has learned from this experience and will be more careful with their data next time.

 

[simonsi]

"Installed machine"? The OP did restore it from a clean backup, assuming that Apple does neglect to secure erase the data will be hidden on the SSD and very few people would even think to look for it.

I just meant it won't be asking for the initial setup, hence it will appear "installed" as opposed to a fresh, factory first boot.

 

[redheeler]

I just meant it won't be asking for the initial setup, hence it will appear "installed" as opposed to a fresh, factory first boot.

This is true, but as I said in my initial post Apple should at least perform an OS reinstall.

 

[edwardjulio]

"Installed machine"? The OP did restore it from a clean backup, assuming that Apple does neglect to secure erase the data will be hidden on the SSD and very few people would even think to look for it.

----------

I agree the OP has learned from this experience and will be more careful with their data next time.

i did learn something.. thanks

 

[dyt1983]

The concern comes from the fact that in a typical erase the space is merely marked as free on the drive and not actually overwritten with 0s. A secure erase will write over the space with 0s.

A secure erase does not overwrite erased data on an SSD. The writing of 0s is intended to replace data marked as erased, but it is actually written to new, empty blocks. If the SSD is full, then it will start scavenging previously written blocks, but this is automatic and not under control of the operating system. Also if enough time has passed, then TRIM will overwrite the erase blocks. But trashing/emptying files and then immediately doing Disk Utility "Erase Free Space", or using "Secure Empty Trash" does not guarantee overwriting of the old data.

(I omitted your correct quote about doing a reinstall or Apple doing a secure erase, if the whole disk is marked as empty and doing an overwrite will certainly overwrite data, I'm just focusing on the "Secure Empty" and "Erase Free Space" not doing what most people assume it is doing.)

 

[newellj]

^^^ Which is why encrypting the disk before erasing it is a good practice. (I would say encrypting the disk is good practice, period, but that's a different topic.) If the disk is encrypted before it's erased, whatever's left on the SSD is useless.

 

[SavMBP15]

But trashing/emptying files and then immediately doing Disk Utility "Erase Free Space", or using "Secure Empty Trash" does not guarantee overwriting of the old data.

Not possible on mbp with SSD installed. Option is greyed out "Erase Free Space."

The only 99% sure way before you return, sell an SSD is to FDE then do a clean install of the OS.

 

[duervo]

You guys are mixing up traditional HDD secure erase with SSD secure erase. With the latter, zeros are not written to the drive like they are with the former.

SSDs are fast, but they are not THAT fast, to write zeros to a 256GB drive (for example) in less than 5 seconds. That's the usual amount of time it takes for me to perform a secure erase on a 256GB consumer grade SSD.

Bottom line is before you pass an ssd-based system out of your hands, and you are worried about the security of the data, do an SSD Secure Erase of the drive first.

 

[dyt1983]

edit: To remove personally identifying information not relevant to the thread. Remove dead picture link.

 

[duervo]

"Not possible" maybe on yours. Definitely possible. On my MBP it is not greyed out.

[url=http://i.imgur.com/RxLlCSu.png]Image[/url]



I think you're mixing up what we're talking about with what you're thinking about. I'm not referring to the "secure erase" command that can be passed to SATA drives, I'm talking about the "secure erase" available on Disk Utility. Last time I did the secure erase from Disk Utility on an SSD (last month), it took quite some time, not 5 seconds. I don't know exactly how long it was because I left the room after 5 minutes. I'm pretty sure it was overwriting the drive. Because all the free space wasn't scavenged and zeroed out previously, some of the writing required erase-write cycles which are obviously slower. I've also used one of the utilities from UBCD and that issued the SATA secure erase command, but that was on a spinner.

Maybe there are differences for different versions of OS X, but no one has specified which version they're talking about.

Oohhh, ok. Yeah I was mixing up what you guys were talking about. So, with that in mind, Disk Utility's secure erase is not the ideal method to wipe an SSD.

It will write zeros, which for an SSD, is still data. The SSD is completely full ... of zeros at that point. As a result, it will take a performance hit. Secure SSD erase will actually do a block level erase of the drive, and not write zeros to every cell, so it's extremely fast to complete. Once a memory cell is erased, the data is gone. Writing a zero isn't going to make it any more "gone" than it already is.

Another advantage of doing a secure SSD erase is that it uses the SSD's controller to do it. This means that even data on cells that cannot be accessed by the OS or the user will be erased (like with a cell that had been marked as "bad" because the controller detected that it was starting to fail. Its data will get copied to an empty cell, and the "bad" cell will get marked bad and from that point on, the OS/user will not be able to access it, but the data is still there, laying dormant.) As far as I know, Disk Utility's secure erase does not do this, but admittedly I have not tested it. I just stick to the method that I know works (you know ... that whole "if it ain't broke, don't fix it" thing.)

 

[edwardjulio]

Should I feel better after reading this?

https://support.apple.com/en-us/HT201949

Attached the screenshot

 

[dyt1983]

edit: To remove personally identifying information not relevant to the thread.