Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Well encryption solves that for you. But more broadly, we used to do quite a bit of ITAR work here, and of course that comes w a maximum data security req. At some point we were assured OSX's secure erase is sufficient, and further that data on drives formatted in APFS is unrecoverable anyway, secured erase or not. ...and when selling used SSDs, reformatting it in one file system, then reformatting a second time in a different file system, makes any recovery attempt completely impossible (as long as one file system is APFS).

One major concern was when an iPad died, I took it in to the Apple Store, they confirmed it was toast and offered a replacement via applecare. But as mr Geniusman is taking the dead one, I ask him if there's ANY chance that SSD gets disassembled in China and its contents looked at. He replies "probably not", and I'm like yea but if you're wrong, I am absolutely going to prison. At this point I have to explain what ITAR is because the look on their faces tells me they're alarmed that I'm the worst kind of pervert. I asked if there was a way we can ensure the dead ipad is processed without ever leaving the US, and they just taped a little note on it that said "USA" to get me out of there lol. I walked out feeling somewhat relieved they only thought of me as a sex offender instead of as a guy who worked on those kind of weapons, a realization that led to the end of that kind of work.

My favorite thing to do is to overwrite a drive manually, filling it with rare & vintage sci-fi & art films, then just leaving them all on there for the buyer to decide what to do with when they get it. If they're skeevy, it shows them right away there's nothing to recover, and if they're not, they get to decide what to do with a bonus humungous rare film archive.
 
Last edited:
Before selling it I remember that I formatted it, (I have a screenshot I had taken, I hope that's what it is)

But now that I've been trained in security and I've seen that the best thing to do is to overwrite the left space data, I've become paranoid and I don't want to sell any more equipment, but I've already sold it and I'm afraid that someone might recover the data with special programs. (I had work documentation)

IMG-20241112-152019.jpg


Do you think that macOs performs some kind of overwriting when formatting?

What are you afraid could actually happen?
 
Theoretically if some one can recover your encryption keys and then decrypt the drive to recover. After T2 chips and Apple silicon, it’s probably not something you can do it in practice. It’s not impossible but very hard to do.
 
Theoretically if some one can recover your encryption keys and then decrypt the drive to recover. After T2 chips and Apple silicon, it’s probably not something you can do it in practice. It’s not impossible but very hard to do.
Among the recent scary forum topics involving Macs, it's comforting to know that data recovery from an erased T2 or later chip after falling into just the right hands at just the right time, is far lower on the scary scale than a 2-hour courier delivery from the Apple Store theft, or a Mac being removed from the box prior to delivery from the reseller warehouse theft. Thanks.
 
Among the recent scary forum topics involving Macs, it's comforting to know that data recovery from an erased T2 or later chip after falling into just the right hands at just the right time, is far lower on the scary scale than a 2-hour courier delivery from the Apple Store theft, or a Mac being removed from the box prior to delivery from the reseller warehouse theft. Thanks.
If some one is going to invest time and money going lengths to recover encryption keys, if it is even possible. And then decrypt, the target has to be high value. If you are high value target, mac encryption is least of your problems.
 
I have nothing to store on my Mac or other devices that isn't on iCloud, but they all get access to my keychain which gives them access to whatever passwords I've chosen not to memorize, most of which requires 2FA, so tell me, boi who lives in the shadows, does it really matter that I'm choosing convenience over security in this life we have in 2024? [edit: in case it wasn't clear, this is a serious question.]
Keychain is good. I store all the useless passwords here. I mean, stored before my Face ID no longer works🤣 For key services (iCloud, Gmail, GOG, banking) I have few “master passwords” that I store in my head. As you mentioned, most services are 2FA protected anyway so there is low chance of cracking unless someone steals my phone maybe.

In response to OP I was referring to the other types of data, such as photos and videos, documents, browsing data (which is better to set to be cleared in 1 week-1 month). I doubt he stores passwords in txt files🤣
 
If some one is going to invest time and money going lengths to recover encryption keys, if it is even possible. And then decrypt, the target has to be high value. If you are high value target, mac encryption is least of your problems.

Yes. XKCD neatly describe exactly what happens in real security circles:

1732695313399.png


The security models we work with ensures that even if our staff are hit with $5 wrenches they will not be able to give anyone anything useful anyway because they don't know themselves.
 
Paranoia at it's worst. Can your data be recovered? YES, will the average/general mac buyer have the tools to recover your data? NO

If your paranoia get's the better of you then ask the buyer to resell it to you. Do a military grade data erase and then sell it again.
 
  • Like
Reactions: Cape Dave
Paranoia at it's worst. Can your data be recovered? YES, will the average/general mac buyer have the tools to recover your data? NO

If your paranoia get's the better of you then ask the buyer to resell it to you. Do a military grade data erase and then sell it again.
I am already calm.



Worse is when last year I went to a cyber and logged in with my Google account. Nothing happened either.



Bad paranoia, it doesn't let me live.



I wish I had known about all this security stuff.
 
  • Love
Reactions: Adora
Is File Vault removed from Si Macs, since the data is encrypted anyway?

It's still there and I just saw it is even disabled, but my drive is formatted APFS (encrypted). Must be because I am using an external drive that was formatted encrypted before. On my MBP with internal boot drive it's turned on and I can't remember doing that on purpose.


Screen Shot 2024-11-27 at 12.42.45.png



When I turn it on, there are those options, but I don't think it will encrypt the whole 2.2TB data again.

Screen Shot 2024-11-27 at 12.43.33.png
 
  • Like
Reactions: AlixSPQR
It's still there and I just saw it is even disabled, but my drive is formatted APFS (encrypted). Must be because I am using an external drive that was formatted encrypted before. On my MBP with internal boot drive it's turned on and I can't remember doing that on purpose.
When I turn it on, there are those options, but I don't think it will encrypt the whole 2.2TB data again.
Am I correct that the encrypted data is encrypted once again with FileVault? For what purpose? 🤔
 
Before selling it I remember that I formatted it, (I have a screenshot I had taken, I hope that's what it is)

But now that I've been trained in security and I've seen that the best thing to do is to overwrite the left space data, I've become paranoid and I don't want to sell any more equipment, but I've already sold it and I'm afraid that someone might recover the data with special programs. (I had work documentation)

IMG-20241112-152019.jpg


Do you think that macOs performs some kind of overwriting when formatting?
I’ve used data recovery programs before to recover data I had accidentally deleted. (On hard drives anyway, not sure how it works with SSDs.)

I’ve also bought used Macs before.

Yet I never once had the idea or inspiration to try recovering the prior owner’s data. When I get a Mac, I load it up with my own data.

This is going to be the case with most people getting a used computer. They want their own stuff on it.

Someone buying old computers for hundreds of dollars to try to get someone else’s data off them seems like such a niche form of data harvesting. It’s not common or people would’ve actually heard about it, when people’s old data leaked out or something.

The problem isn’t having erased your drive without overwriting it. The problem is your paranoia.

Meditate. Reflect on the core route of your fear. Talk to a therapist. Etc. Only that will bring you peace.

You’re trying to pin your emotions on a past event you cannot change and a future fear you don’t even know if it has occurred. Technically, that’s crazy.
 
  • Like
Reactions: Cape Dave
Am I correct that the encrypted data is encrypted once again with FileVault? For what purpose? 🤔
No, it doesn't encrypt again. It only encrypts the key and only takes seconds for it to turn on for T2 / Apple Silicon Macs (compared to before, when it took time to encrypt the entire drive). With the key being encrypted, it adds an additional layer of security by requiring the password to decrypt the key, which is then used to decrypt your data.
 
Charles wrote in reply 22 above:
"the only way you can ever see the dialog box in your screenshot again is if you have gone into Settings > Transfer or Reset > Erase All Content and Settings."

No.
There's another way to make that setup sequence "appear again".

You need to search for the invisible file named ".applesetupdone" and delete it.

I think this command will do that:
rm /var/db/.applesetupdone

If the file ".applesetupdone" is present at boot, the initial startup sequence (beginning with "choose your language") WILL NOT RUN. That's the way your Mac is right now.

However, if you delete that file, the startup sequence WILL RUN again.

Here's a page to check out:

This can be useful. I was able to help a friend change his main account from "standard" back to "administrative" after he had (somehow) changed it to standard. I did this by removing ".applesetupdone", then going through the startup sequence and creating a NEW account (the original was left alone). I then was able to change the attributes of the original account back to "administrative".

OP:
You never told us exactly WHAT you did to prepare the Mac before selling.

If you "re-formatted" the drive and then re-installed the OS on that, you're almost certainly "good" -- that will pretty much make it impossible to retrieve any data from it (notwithstanding what special tools government agencies might have).

Did you by any chance use the "erase all content and settings" option?
That works, too.
 
Last edited:
Before selling it I remember that I formatted it, (I have a screenshot I had taken, I hope that's what it is)

But now that I've been trained in security and I've seen that the best thing to do is to overwrite the left space data, I've become paranoid and I don't want to sell any more equipment, but I've already sold it and I'm afraid that someone might recover the data with special programs. (I had work documentation)

IMG-20241112-152019.jpg


Do you think that macOs performs some kind of overwriting when formatting?

If you ran FileVault, you're good - the data was encrypted and the key has been destroyed when you wiped the device.

If you didn't, its still unlikely anyone bothered to recover it.
 
In earlier times when you had an unencrypted HDD it was recommended to overwrite all data, maybe even several times. There was an option in DiskUtility to do the long format a few times in a row. Don't know if it's even still there.

This is a major, major benefit of disk encryption these days - especially in servers!

CPUs can do it effectively "free" now (they're fast and efficient at it) - and it means you just need to destroy the key, rather than overwrite terabytes of data multiple times (which takes forever).
 
  • Like
Reactions: Adora
Charles wrote in reply 22 above:
"the only way you can ever see the dialog box in your screenshot again is if you have gone into Settings > Transfer or Reset > Erase All Content and Settings."

No.
There's another way to make that setup sequence "appear again".

You need to search for the invisible file named ".applesetupdone" and delete it.

I think this command will do that:
rm /var/db/.applesetupdone

If the file ".applesetupdone" is present at boot, the initial startup sequence (beginning with "choose your language" WILL NOT RUN. That's the way your Mac is right now.

However, if you delete that file, the startup sequence WILL RUN again.

Here's a page to check out:

This can be useful. I was able to help a friend change his main account from "standard" back to "administrative" after he had (somehow) changed it to standard. I did this by removing ".applesetupdone", then going through the startup sequence and creating a NEW account (the original was left alone). I then was able to change the attributes of the original account back to "administrative".

OP:
You never told us exactly WHAT you did to prepare the Mac before selling.

If you "re-formatted" the drive and then re-installed the OS on that, you're almost certainly "good" -- that will pretty much make it impossible to retrieve any data from it (notwithstanding what special tools government agencies might have).

Did you by any chance use the "erase all content and settings" option?
That works, too.
I really only remember that before selling I wanted to format it (obviously) and I remember going into recovery mode and seeing the utilities menu, then I remember waiting a long time for the Mac to install, and then the screenshot I posted came up.

I didn't delete that file you mention, so I understand that before I did the reinstall, I erased the disk, only now I don't remember exactly since it's been a year.

I also remember I followed a tutorial for that. (I'm a Windows user)
 
If someone is very motivated, they can recover some degree of data from a drive even if it has been formatted. For this reason, I don’t sell anything that includes the drive I used. I smash the drive to death with a hammer and recycle the remains. Yes, I’m on the bleeding edge of data security and I have zero regrets.
 
  • Haha
Reactions: VicVendrell
Ilove wrote:
"For this reason, I don’t sell anything that includes the drive I used. I smash the drive to death with a hammer and recycle the remains. Yes, I’m on the bleeding edge of data security and I have zero regrets."

What are you going to do with the new Macs (desktops and laptops) that don't have removable drives???

Will you smash them with no regrets, as well...?
 
If someone is very motivated, they can recover some degree of data from a drive even if it has been formatted. For this reason, I don’t sell anything that includes the drive I used. I smash the drive to death with a hammer and recycle the remains. Yes, I’m on the bleeding edge of data security and I have zero regrets.
I don't get this kind of sentiment.

Like, what are you guys doing on your Macs that warrants this kind of burn-down-the-house-after-moving kind of attitude?

Do you store all your passwords locally as plain text files?
 
  • Like
Reactions: CharlesShaw
In earlier times when you had an unencrypted HDD it was recommended to overwrite all data, maybe even several times. There was an option in DiskUtility to do the long format a few times in a row. Don't know if it's even still there.
This thread is reminding me of how much unnecessary effort I sometimes spent destroying old HDD's and removable media decades ago. In hindsight, very little of the data required any protection, but that's what we did.

Moving my personal life to the Mac in the mid 2000's greatly reduced my negative impact on the landfill, as I'd just let Disk Utility take its time doing a very lengthy erase. The last HDD in my life resides in my Time Capsule which I'm still using for Airport, but a few years ago I let Disk Utility do a lengthy erase on it, even though the TM backups I used to keep on it were encrypted. Funny, it was replaced in 2012 under warranty when the Airport part broke and the Genius Bar sent me home with a new one and I trusted that the encrypted backups were safe from prying eyes at the time. As if anything I kept on my Mac back in 2012 really mattered. iTunes purchases, copies of old resumes, family photos, etc. And oh, a million emails from friends who were also on limited texting plans with overpriced carriers, so we emailed instead.
 
this is same reason i didnt sell my laptop a year or 2 ago. instead just gave it to my sis.
Giving to family might be more dangerous. They are the ones more likely to want to possibly snoop or try to find some info they can use to pressure one later on ("You help with____ and I won't show this photo taken of you when you were drunk at that one party") LOL
 
if you wiped it a normal person cannot recover much, if anything. and the longer they use it the less is recoverable. nothing if it was encrypted.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.