Secure delete files from MacBook Pro SSD ?

[Ian Oliver]

I've been holding off getting the keyboard fixed on my MacBook Pro. Can't hold off anymore. I've a bunch of client photos including boudoir and nude that I've deleted. Secure erase is no longer available for SSD's since in theory that cannot be done with SSD's due to how sectors are dynamically allocated including a somewhat large (20%?) buffer area for load leveling. So, these are just basic deleted.

I'd really really hate for someone at Apple to somehow recover one of these files and it get out. Any thoughts on how likely that is and what I can do? Pretty much everything I've found says it can't be done and to use FileVault. Too late for that? And I assume that Apple will need my PW for fixing my machine and will therefore have access to everything within FileVault? Or will FileVault effectively overwrite the entire disk including the leveling buffer and so anything deleted prior will now be securely erased?

On a side note, once encrypted with FileVault, is anything that is deleted now securely deleted so that even if someone has the PW they'd not be able to recover them?

Thanks,

 

[Hal P Anderson]

You could try almost filling the SSD with a bunch of files and then deleting them. That ought to hit most places on the disk. Probably what's left won't hold much of a photo. Evidently that's what will happen if you use your Mac's Diskutil in terminal mode:

sudo diskutil secureErase freespace 0 "/Volumes/[Disk Name]"

That said, I doubt a technician would go to the trouble of extracting deleted images from your computer. It seems likely that that would be a firing offense.

Here's a pretty competent open source encryption program: VeraCrypt - Free Open source disk encryption with strong security for the Paranoid

 

[LRList001]

If you can get to a command prompt, then first delete the files and second use dd (Unix/Linux systems) or cipher (Windows systems) to wipe the free space.

dd if=/null/zero of=anynameyoulike (make sure you have changed your directory location (cd) to be on the disk you want to wipe, du will tell you what is mounted)
cipher /W:C: (C: is the drive with space to erase, use which ever disk drive letter you want)

The dd command is using /dev/zero (if means input file) to fill a file called anynameyoulike (of means output file) with nothing. You will run out of disk space, delete the anynameyoulike file when finished (using rm anynameyoulike). If you search for the dd command using your favourite search engine, you will find additions to the dd command such as bs (blocksize) and other odds and ends. You could set bs=1024 in the command if you like, to erase images it won't matter much. Make sure the file name you use (anynameyoulike) doesn't already exist (ls).

In windows, the cipher command /W: fills blank space and needs to know which disk, in this case C:, use the drive letter you want. Cipher runs three times, for a SSD you could stop it after the first run (ctrl-c). As with any windows command, type cipher /? to get a help page on the command.

As already suggested, another option is to whole disk encrypt and then lose the key. (The partitions can be deleted, so this does not scrap the drive, it can be reused by deleting the partitions and then creating new, it does erase the WHOLE partition/drive though!)

 

[LRList001]

Oops, first time should read:
dd if=/dev/zero of=anynameyoulike (make sure you have changed your directory location (cd) to be on the disk you want to wipe, du will tell you what is mounted)