Safest method of ensuring data deletion when selling

[patent10021]

Selling my 2015 MBPr and I got lots of sensitive data on here so I want to make sure nothing is left to retrieve with forensic tools.

Should I use some OTS utility or should I actually consider keeping this SSD and selling the MB with a new SSD if I'm really worried about it?

I remember previous OSes had that high-level erase feature, but...

Note: With a solid-state drive (SSD), secure erase options are not available in Disk Utility. For more security, consider turning on FileVault encryption when you start using your SSD drive.

I know that SSDs and USB flash drives use a technique called wear leveling which makes it difficult to completely erase SSDs. I turned off FileVault a while ago.

Encrypting after the fact, means that any bad blocks will have readable data with the right tools, any SSD's with block that have not been pre-cleaned will be readable with the correct tools. Basically if you have a SSD and did not keep the SSD always encrypted, then you will expose some portion of your personal data to anyone with the correct tools when you sell your Mac.

Looks like I'm going to have to keep the SSD as extra storage, but a new SSD for the guy I'm selling it to and then by my new machine.

Insane.

However I read that Apple's new APFS file system /Sierra this changes that. No?

 

[FrancoisC]

Were you using filevault?

If so, just formatting and using a different key/password will make sure nobody can restore anything. The reason being that even if they were somehow able to restore files, they would be encryted anyway.

 

[patent10021]

Hello. As I mentioned above, nope. From what I understand there are only two solutions.

1. Use FileVault from day one. Or from day of having sensitive information.
2. Replace SSD then sell. Keep SSD for personal use or burn with flamethrower.

I heard that APFS will change that thought I'm not sure.

 

[FrancoisC]

Oh, I missed that part. (filevault)

One thing you could do, activate file vault, fill up the entire drive with random non important data (Quite easy to do), then re format again with a different password as I said earlier.

Or make a yourself a bootable macOS USB and format the drive from there using the security option available to you, the 7 times overwrite option (5220-22 M) will take care of making sure everything is gone, even on a SSD. The drive will be completely filled up with random data 7 times, so even with wear leveling in consideration your old data won't be recuperable.

 

[patent10021]

... then re format again with a different password as I said earlier.

you mean File Vault password or MBP login password?

...The drive will be completely filled up with random data 7 times, so even with wear leveling in consideration your old data won't be recuperable.

But I thought Disk Utility no longer has that multi-pass feature? You're saying with a Sierra OS on an external Seagate HD or USB Thumb drive I can select my MBP SSD in Sierra Disk Utility and do multiple-pass?

With the FV option you mentioned. I currently have 200GB available on a 1TB SSD. You're saying to activate FV then fill up the remaining 200GB with large easy to manage movies. Then backup with Time Machine to prep for new machine. Then reformat the current MBP SSD using MBP Disk Utility with new password. Then easy install to new machine via previous TM backup? I know it is possible to backup a FV encrypted SSD to TM but what happens to that backup if the discussed for TM is not also encrypted? Also that TM backup can be encrypted as well but it currently is not. After I install the TM backup onto the new machine I can then reformat the external TM disk and tell TM to encrypt that one too.

p.s. I will use a High Sierra USB thumb drive to wipe and format the MBP SSD. After I wipe and format should I immediate turn on FV? or install the FV encrypted backup from TM first? The backup will be encrypted but the new OS will not be. How will that work?

 

[patent10021]

but...Let's say I reformat the MBP SSD and write to it 7 passes from Disk Utility on a thumb drive. Then I install the UNencrypted backup from Time Machine. Then we're back at square one.

So I guess I should first like you said

1.turn on FV.
2. Fill up the drive.
3. Back up that SSD again with TM since FV was turned on.
4. That will be an encrypted MBP backup to an UNencrypted TM external HDD. (what will happen?)

 

[FrancoisC]

But why would you restore your backup on this machine? You want to sell it, so make the 7 pass erase thing (If available to you, maybe it depend on the machine. Not available to me when booted in High Sierra for my main drive, but it is when I boot from a bootable High Sierra USB installer), then do a clean install.

With a clean install on top of the security wipe, it'll be like brand new.

 

[Fishrrman]

Get ahold of the "Parted Magic" CD.
Boot from Parted Magic.
Open the drive formatter, and use the "ATA secure erase" command (I -think- that's the correct name).
It will literally "reset" the drive to factory-original status.
Once reset, nothing should be "recoverable" by "normal means".

This doesn't mean the NSA might not be able to "reach" it...