No Secure Empty Trash?

Discussion in 'OS X El Capitan (10.11)' started by marzfreerider, Oct 1, 2015.

  1. marzfreerider macrumors member

    Joined:
    Jun 13, 2014
    Location:
    Canada
    #1
    I just downloaded El Capitan and noticed my trash can no longer says empty securely. I've looked in the Finder menu where it used to be but it no longer offers the option. Any ideas or suggestions? Thanks.
     
  2. KALLT macrumors 601

    Joined:
    Sep 23, 2008
  3. mporcheron, Oct 1, 2015
    Last edited: Oct 1, 2015

    mporcheron macrumors member

    mporcheron

    Joined:
    Nov 13, 2011
    Location:
    Nottingham, UK
    #3
    I suggest you watch something like this video to understand why the option was pointless on SSDs (especially towards the end of the video where this is covered):



    Essentially, the SSD microcontroller manages the data on the SSD and does "wear levelling", meaning writing to a particular block with an specific ID might be mapped to a different physical block (because there is a limit to the numbers of writes possible to each cell of memory, the SSD manages this to maximise the life of the disk). The old approach of writing over with null data means that the SSD might not actually write to where the data was, but a different area of the physical flash.
     
  4. marzfreerider thread starter macrumors member

    Joined:
    Jun 13, 2014
    Location:
    Canada
    #4
    Thanks for the quick replies, I watched the video and it was very interesting, thank you. Now I see why they got rid of it.
     
  5. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #5
    Consider also the following options:
    1. Make sure TRIM is enabled (if your Mac came with an SSD, this is enabled).
    2. You can instruct OS X to delete a file immediately (and add it to the microcontroller’s queue). You can do this by selecting the file, holding the option/alt key and selecting File > Delete Immediately… This will bypass Trash (you can do this from within Trash as well, just by right-clicking on a file). This way the file doesn’t linger in Trash.
    3. Enable FileVault in System Preferences > Security.
     
  6. X--X, Oct 1, 2015
    Last edited: Oct 1, 2015

    X--X macrumors 6502

    Joined:
    Jun 11, 2015
    #6
    That's the ACTUAL hilarious reason

    [​IMG]


    No doubt the Mac OS X file system team can hack the already much-hacked HFS+ to fix this problem. But how is it that no one on the engineering team caught this problem?

    http://www.zdnet.com/article/mac-fail-ssd-security/



    Instead of fixing the problem they just remove the option...laughable.

    Government pressure?
     
  7. throAU macrumors 601

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #7
    As per below, secure empty trash doesn't really work with SSD due to the way they operate (wear levelling).

    If you want to be able to delete stuff and care about security, use FileVault to encrypt your stuff. The whole disk is inaccessible to others in that instance.
     
  8. throAU macrumors 601

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #8
    This isn't a problem that is fixable with the filesystem really. The SSDs contain their own logic which re-maps blocks to do wear levelling. The OS can't see what is going on with that and can not control it.

    Rather than leave an option that does not work with SSD and may be misleading to users, they removed it.

    As I stated above, if you care about this, run FileVault.
     
  9. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #9
    FileVault is definitely the way to go. Even the best secure erase seems to leave around 4% of data intact (see linked ZDNet article), so there is no perfect option that could satisfy the claim of a ‘secure’ erase. That being said, how did the other software perform better than Apple’s solution? When a program can achieve much better results, why not the system itself?
     
  10. mporcheron macrumors member

    mporcheron

    Joined:
    Nov 13, 2011
    Location:
    Nottingham, UK
    #10
    Given that OS X encourages you to enable FileVault during setup, it's highly unlikely that Apple is following orders from any government (assuming FileVault is secure and has no back doors).
     
  11. v04bvs macrumors member

    Joined:
    Oct 10, 2012
    #11
    Apple uses branded SSDs and they can do whatever they want with them. So their OS can safely delete anything, if they invest enough resources to implement that.
     
  12. Max(IT) Suspended

    Max(IT)

    Joined:
    Dec 8, 2009
    Location:
    Italy
    #12
    Actually the real reason is explained in post #3, but you keep ignoring...
     
  13. X--X macrumors 6502

    Joined:
    Jun 11, 2015
    #13
    "No doubt the Mac OS X file system team can hack the already much-hacked HFS+ to fix this problem."

    http://www.zdnet.com/article/mac-fail-ssd-security/

    Also Apple uses and exclusively supports its own branded SSD's. Absolutely they could easily fix this, but instead they just removed the option.

    Lazy.
     
  14. mporcheron macrumors member

    mporcheron

    Joined:
    Nov 13, 2011
    Location:
    Nottingham, UK
    #14
    I don't understand the fuss — if you're concerned about securely deleting data, simply use FileVault and all data is encrypted from the get-go.

    It seems to me that Apple shouldn't really devote resources to solving a problem that already has a much better solution.
     
  15. neliason macrumors member

    Joined:
    Oct 1, 2015
    #15
    I'm curious, does this apply to Fusion Drives? I understand the issue with pure SSD drives. But with a Fusion Drive some files would be on magnetic media and could be securely erased.
     
  16. X--X macrumors 6502

    Joined:
    Jun 11, 2015
    #16
    Secure Empty Trash is checkable, you can prove or disprove that it did or did not do what it was supposed to.

    FileVault is a closed source encryption nobody knows if it has back doors, nobody knows if it actually does what it promises and nobody can check because Apple won't allow anybody to look at it.

    The two things have completely different purposes.
     
  17. throAU, Oct 1, 2015
    Last edited: Oct 1, 2015

    throAU macrumors 601

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #17
    Apple uses third party SSDs just like everyone else with commodity controllers (just with an apple badge on them - they don't make their own controllers or firmware), the OS still can't see what the SSD is doing.

    This is by design. The blocks are presented to the OS as logical blocks, in the background the SSD is remapping stuff to spread wear across all the blocks even if only part of the drive is used to increase SSD life.

    Could you do secure erase on SSD? Sure, but you'd trash the read/write cycles on your SSD, as to guarantee you wiped one block you'd need to write enough data to fill every free block on the drive several times to force the wear levelling in the controller to write to the same blocks several times. It's not really feasible or efficient.

    Just encrypt your data.

    edit:
    oh and quoting zdnet on technical stuff as an authority (re: surely apple can fix HFS to fix it) = lolz
     
  18. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #18
    Yes, it applies to Fusion Drives too. The only really secure way to use them is to encrypt with FileVault.
     
  19. throAU, Oct 1, 2015
    Last edited: Oct 1, 2015

    throAU macrumors 601

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #19
    Sure, they may have slightly different purposes, but if you're using an SSD the methods used by utilities to securely erase data are not reliable unless you write large, excessive wear inducing amounts of data to your SSD to get around the wear levelling in the SSD controller. Which is controlled by the SSD firmware. Which is not controlled by the operating system.

    Secure delete is gone and not coming back. The only real alternative is encryption, to get some measure of privacy to prevent someone recovering your deleted stuff. It has the additional benefit of protecting stuff you haven't deleted yet.


    edit:
    Oh, and if you don't trust FileVault, then you may as well get rid of your Mac. And not get any recent PC either. There is no guarantee that there are not back-doors in the Skylake CPU either, and it does have a new secure microcode component in it that can run code in the CPU independent of the OS. That is proprietary, and no one knows what it does. NSA backdoor? Maybe, hardware/firmware backdoors are a thing.

    Basically anyone who has a backdoor to FileVault is going to get your stuff whether it is encrypted (with another product with no backdoor), deleted, or not. You can have the best encryption in the world, if the attacker has a copy of your keys (which are stored in RAM and/or the CPU cache/registers to decrypt your stuff), you're screwed. If FileVault is backdoored, you can guarantee that plenty of the rest of OS X and/or the firmware also has enough backdoors to make it irrelevant (via retrieval of your keys).

    I happen to think it doesn't but depending on how much tinfoil you wear (and i say that with respect, i wear a fair amount when it comes to Microsoft, Google, and the internet in general), YMMV and that's up to you to decide. But yeah.... if you don't trust FileVault (and maybe you shouldn't maybe i'm wrong) - then you shouldn't trust anything else Apple makes either.
     
  20. Max(IT) Suspended

    Max(IT)

    Joined:
    Dec 8, 2009
    Location:
    Italy
    #20
    Do you know how SSDs actually work ? You are going to ruin that with Secure Empty Trash, for no reason.
    No thanks
     
  21. v04bvs macrumors member

    Joined:
    Oct 10, 2012
    #21
    Apple can do everything. They can ask Samsung or whoever did those SSD to modify firmware and they'll do it. And I'm sure that they already do modifications.


    You don't need to rewrite blocks several times, one time is more than enough. And if I want to securely delete data, I don't really care about wearing.


    Encryption is not efficient. Processor spends cycles to encrypt/decrypt data. And encryption doesn't deal with secure deleting. If someone recovers data and knows the key, he can decrypt the data I tried to delete. Not much difference here.
     
  22. throAU macrumors 601

    throAU

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #22
    Processor spends far more cycles writing random data to every free block on your disk to get around the wear levelling.

    yes, key disclosure is a thing (keep your keys safe!), but on balance the trade-off between writing to every free block to work around wear levelling, whilst still having all your non-deleted data recoverable by anyone who happens to plug into your mac with target disk mode vs encrypting your stuff has been made by apple it would appear.
     
  23. Max(IT) Suspended

    Max(IT)

    Joined:
    Dec 8, 2009
    Location:
    Italy
    #23
    You'd better care about wearing
     
  24. marzfreerider thread starter macrumors member

    Joined:
    Jun 13, 2014
    Location:
    Canada
    #24
    Thanks again for all that have commented here, I do have FileVault on and always do. I thought maybe I overlooked the setting.
     
  25. Aragornii macrumors 6502

    Joined:
    Jun 25, 2010
    #25
    The thing I miss about Secure Empty Trash is the ability to delete a stubborn file in your trash. Say that you delete trash, but it stops because there's a file in the trash that can't be deleted. In Yosemite, you would just then select Secure Empty Trash and it would delete it anyway. I'm not sure if there's an equivalent in El Capitan.
     

Share This Page