Did your sister find any adult material that would have put you or her in an uncomfortable situation?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I sold my Mac mini last year and I'm scared
- Thread starter Kolok
- Start date
- Sort by reaction score
As many has pointed out the default option for macOS the last I think almost 10 years is that FileVault is on if you have T2 chip (and also M-series), but you can opt out. T2 and M-chips includes hardware AES-256 en–/decryption, so it is done without using any CPU, but initially after OS install it takes some time before everything is encrypted.
Maybe in 10 years or so it will start to be feasible to decrypt, but now it is not. (And if someone would have such a capability it will only be used for data that is really ultra valuable, if I had such a business I would have charged at least 6 figures $ per megabyte to recover). If you are some very special person, one might store the data for later, but I highly doubt that will happen. One thing to be aware of is that FileVault gives you two options, a decryption key you have to store locally, or one stored with your iCloud account. For the latter is if you chose to be able to use your iCloud account to decrypt your drive.
Formatting an encrypted drive is waste of time, and if you know that your data is very valuable you destroy the chips completely (physically). Remember also that SSD drives have internal logic, so writing zeros will not guarantee that is what will actually happen, it may just set the block to be garbage but data still present (this is not on the file system level, but controller level). And a big part of it are over-provisioned cache/reserved (not RAM but of the NAND chips), which the file system will not be able to touch.
Some drives support AES key crypto shredding, which just ensures that the private key of the encryption is not possible to use. As far as I understand the private key for internal Apple SSD is part of the Secure Enclave in T2 and M-series.
For magnetic hard drives, formatting by writing zeroes are not worth it. It is best illustrated if you ever tried to write silence to a magnetic audio tape, you can tell that it is not completely overwritten, because if you play it back you will still hear audio, but it is almost silent. So while it is much more noisy, "turning up" the volume on the HDD will eventually be able to bring some data back. The same with writing of random data, first time you can use the delta of the actual data and analyze the difference. It is because the magnetic particles need lots of power to align 100% to the direction you want. Several overwrite will eventually make it impossible to get the data back.
For private data, unless you do some rocket or nuclear science, I would not bother. If someone wants personal data, they will wait for some company is hacked and then leaked, or trick you through some social engineering or basic hacking. Exfiltrating data from drives is expensive, time-consuming and rarely worth the effort.
No, as mentioned earlier in the thread, data on T2 and Apple Silicon Mac internal disks is always encrypted, even if the user has not enabled FileVault. There is no delay in encrypting when enabling FileVault because all the computer is doing is requiring a key to unlock that disk rather than the Secure Enclave unlocking it automatically.
I did this hammer thing about 20-30 years ago with unencrypted HDDs that went in the trash. But mostly I just opened them and just kept the beautiful golden-colored disks inside.
10 years ago I got a used partly damaged Windows laptop and on the drive was very much private stuff even without a password. And bought some cheap damaged Macbooks for parts, what had all data on there disks. Without password I couldn't do anything and even If they were not encrypted I couldn't access the user folder from another Mac without the password. The Windows laptop someone send for free with a MacBook because she wanted to get rid of it.
I just had this iFixit kit new, what I mainly bought for iPhone battery change and then thought I could repair some old Macs. So I got some very good MacBook Pros for very cheap in 2014. But some were only for trash.
So for a standard buyer who doesn't but any effort in getting the data, mostly the password is already enough, if you sell a Mac with an undeleted/unformatted/unencrypted drive. What is not even approximately the case here.
Last edited:
By default, the data is encrypted. You can disable this but you'd remember doing it. So it simply does not matter one bit if you formatted the disk or not or if the data was overwritten. It is a non-issue.
Your paranoia is healthy and prevents you from making mistakes in the future. Hopefully nothing will happen but next time use filevault to encrypt your drive and encrypt time machine as well.
Thank you. How does this additional layer of security play in, when it comes to restoring data, which is already encrypted? Is it another password than the log in password or iCloud password?
Foremost, the nature of how SSDs function, namely TRIM and wear leveling, makes data recovery far more difficult.
darwinsdata.com
But yes… Apple has added several more blocks.
eclecticlight.co
eclecticlight.co
Also:
Ultimately:
Data Recovery on SSD is more difficult than HDD
Mention SSDs and HDDs together and its bound to lead to transfer speeds, IOPS, power consumption, and the impending demise of HDDs. However, this article takes a different route—it's not about SSD vs. HDD; it's about data recoverability. Undeleting data from a working HDD is easier than...
www.thestorageguy.net
Why SSD is a challenge for forensic analysis? - Darwin's Data
The TRIM command was introduced for SSDs to help maintain performance over time. When a file is deleted on an SSD, the operating system informs the SSD which
darwinsdata.com
But yes… Apple has added several more blocks.
Disk encryption, FileVault and hardware encryption
What is FileVault encryption? Is it the same as that on an M1 Mac’s internal SSD, or something different? How can you use it instead of overwriting an SSD? Which boot volumes are encrypted?
eclecticlight.co
Correct, basically, Erase All Content and Settings deletes the “Data” volume, which houses the user (accounts) data. As part of that removal process:
Apple said:
Volume encryption with FileVault in macOS
In Mac OS X 10.3 or later, Mac computers provide FileVault, a built-in encryption capability to secure all data at rest.
support.apple.com
Explainer: xART and nonces
A strange volume named xART or xarts, secure memory management, and long random numbers: how they fit together to protect against replay attacks.
eclecticlight.co
Also:
And the UID:Apple said:
Apple said:
Secure Enclave
The Secure Enclave is a dedicated secure subsystem in the latest versions of iPhone, iPad, Mac, Apple TV, Apple Watch, Apple Vision Pro, and HomePod.
support.apple.com
Apple said:
Enabling FileVault doesn’t re-encrypt the volume. Instead, it rewraps the (“Data”) volume encryption key (VEK) with a new media key generated also on the account password.
Ultimately:
Nowadays… Social engineering is much more effective (and thus far more popular).
Last edited:
This is what I imagine it's like to get your draft thesis back from a generous advisor.
I own lots of Mac’s. Including Mac minis. I never ever use the internal drives for security reasons. I simply use external Samsung t-9 t-7 t-5 ssds. So the internal is base size the ram is high. I save money. And when I sell a mini the internal has basically no info of mine. Problem solved. I used clone of the internal with shirt-pocket clone software.
I have two external clones. I have an external Time Machine. Very easy way to run a Mac. Also I need 2tb ssd and apples price for that is stupid. Superduper works on 2018 mini and an m1 and a m2 I am ready to replace the 2018 but I am not sure the new m4 will clone for me using superduper.
I have two external clones. I have an external Time Machine. Very easy way to run a Mac. Also I need 2tb ssd and apples price for that is stupid. Superduper works on 2018 mini and an m1 and a m2 I am ready to replace the 2018 but I am not sure the new m4 will clone for me using superduper.
There is zero reason to worry about this. For one, it’s done. Nothing you can do now. Second reason is Apple is pretty good at data encryption. Third reason is it’s doubtful anyone you sold it to would use to scour your data. Most likely your data has been gone for some time due to formatting and other data overwriting it. The only reason to worry is when you’re selling to ensure you have done all you can.
I work with clients sensitive financial data, and I have never thought twice about this as I encrypt and protect every drive in Mac with the security key and don’t let it be recovered by iCloud. Far more likely some cloud services have given up your data than selling an old device online.
May you find inner peace and not let past decisions bother you. Cheers.
I work with clients sensitive financial data, and I have never thought twice about this as I encrypt and protect every drive in Mac with the security key and don’t let it be recovered by iCloud. Far more likely some cloud services have given up your data than selling an old device online.
May you find inner peace and not let past decisions bother you. Cheers.
A company computer would likely have the drive's decryption keys stored by the company and cloud backups also accessible by the company.
Not really possible or a good idea on an SSD. And not relevant to newer Macs anyway.
To write non-zero values to a block, the entire block must be zeroed out. It doesn't always happen right away. Trim just tells the drive it can do it. But it's not relevant to newer Macs.
Even if FileVault is turned off, the disk is encrypted.
It isn't once the Mac has been wiped with the option intended to do that.
Not possible once the Mac is wiped, since the keys are lost.
It's impossible in most practical sense
It just re-encrypts the underlying real encryption key.
Your internal drive is overall vastly more secure than your external ones, but whatever you like.
As others have pointed out, the odds of that are super low. Even disregarding for a moment the Secure Enclave and FileVault encryption, remember also that every moment the machine is on and running decreases the (already remote) possibility of anything being recovered from it. Why? Because stuff is constantly being written to disk, overwriting any latent deleted data. That could happen with cache files or virtual memory, all stuff generated in the course of normal operation.
When IT forensic investigators go to recover stuff of a machine, they absolutely do NOT run it in any way. They isolate the storage drive from the volatility of the device its installed in, then use special tools to clone it bit by bit to another drive where they can try extract data.
