I’d like to donate/sell my MacBook. To do this, I need to destroy the hard drive, right? That’s the only guaranteed method. I’ve personally recovered data from zeroed drives.
I guess soldered hard drives are marketed as more secure, but I don’t see it. How does Apple expect me to preserve the privacy of my data if I can’t remove the hard drive? Do I really have to bin the entire computer?
How does Apple expect me to preserve the privacy of my data if I can’t remove the hard drive?
Use it.
New Macs encrypt data by default. It can't be turned off. You just throw it out.
Same goes for iPhones. If lost or stolen, they're worthless.
Apple thinks about these things.
How does Apple expect me to preserve the privacy of my data if I can’t remove the hard drive?
Use it.
New Macs encrypt data by default. It can't be turned off. You just throw it out.
Same goes for iPhones. If lost or stolen, they're worthless.
Apple thinks about these things.
<<. I’ve personally recovered data from zeroed drives. >>
Those were likely rotating magnetic drives, and not zeroed but erased.
When you "erase" a rotating magnetic drive, the standard policy is the remove the directory information, only. That leaves the data blocks intact, to be "rescued" by commonly available software.
When security is an issue, the proper way for all but nuclear secrets is to literally write zeroes to every data block, or for ordinary military secrets, a series of random patterns. If you were able to recover anything, that process was NOT done.
On SSD drives, when you erase a block, the drive controller is sent a TRIM notice that these specific blocks have been deleted. Within seconds, the drive controller collects all the deleted blocks into a SuperBlocks, discards the block numbers, and bulk-erases the SuperBlocks for re-use.
SSD drive failures leave NO SURVIVORS -- there is nothing to be rescued. That is why backups are even more important than ever.
tetrapetrichord wrote:
Not sure you read my 4th sentence… AFAIK, data wiped with classic known algorithms is still recoverable, especially in a quantum/post-quantum age. I would prefer to remove and smash an SSD/HDD, and I did a lot of this for a previous employer in the medical sector.
More details than you probably want…
if we're discussing floppy disks or hard disks prior to the advent of embedded servo data tracking, overwriting is a thing. That would be the 1990s, and earlier. Really sloppy head positioning back then. (Trivia: the unique sound made by the Apple II and its floppy disks was directly related to head positioning.) That sloppiness led to the “Orange Book” repeated-overwrite recommendations from that era, either with zeros or with pattern data.
This “Orange Book”was from the US DoD / NCSC / NIST “Rainbow Books” era, which was from the 1980s and into the 1990s. (Red and Orange are probably the most interesting.)
With hard disks and particularly with embedded-servo head tracking form the 1990s and newer, the forensic gear needed to try to recover data got far more expensive, as the head-positioning tracking got vastly more accurate. Basically, you need to bring your own head positioning firmware or your own disk hardware, and this all to deliberately try to get the heads slightly off track, and see what data might have remained. And even that expense and effort probably gets you nothing, as the heads are more accurate, and given even with a single-pass overwrite.
Multi-pass overwrite is an attempt to compensate for sloppy head tracking. When we had 10 MB disks, and floppy disks, tracking could be sloppy. Or exceedingly sloppy. Modern hard disks inherently get their higher capacity with higher density and higher accuracy. And quite possibly with the use of lasers (HAMR, etc), lately.
Another decade or so onward, and Solid State Disks (SSDs) radically changed how storage is implemented. Everything always and inherently gets overwritten, as sectors can’t be re-used otherwise. And wear-leveling means the traditional overwriting implementations are entirely futile. Your sole option for an overwrite is to flood the entire storage device with writes, including over-provisioning.
Add to that more recently, Apple T2 and later always encrypt the stored data always, so erasing an entire volume is little more than a key-rotation operation. Swap the keys, and the data is cryptographically inaccessible. Sectors are filled with unreadable data, and with the generated decryption key long unavailable. Swap to a different Mad, and the data is unreadably encrypted.
As for enabling FileVault specifically, “If you have a Mac with Apple silicon or an Apple T2 Security Chip, your data is encrypted automatically. Turning on FileVault provides an extra layer of security by keeping someone from decrypting or getting access to your data without entering your login password.”
(On Macs prior to T2, FileVault must be specifically enabled. Otherwise, internal storage is not encrypted.)
(FileVault has the added benefit of encrypting the contents of sectors that might eventually become bad.)
Now if your data is still sensitive, or you expect to be targeted by folks with access to gear well past that of any announced quantum computing capabilities (however unlikely that might be), and that’s all certainly your decision, or that of the site security officer, then shred the entire computer, and melt the results into slag.
For an SSD drive, multiple erasures does not improve security in the slightest. Once it is erased, it is GONE, and there is no residue of any description. All multiple passes does is increase wear.
Well, if it is still a hypothetical, then you should consider not only how modern SSD work, but also - if you are concerned about data security - how additional built-in security features like FileVault work. Modern SSD with full-disk encryption are basically impenetrable (we are not post-quantum yet) to data recovery. Modern SSD that have been erased cannot be recovered.
tetrapetrichord wrote:
Not sure you read my 4th sentence… AFAIK, data wiped with classic known algorithms is still recoverable, especially in a quantum/post-quantum age. I would prefer to remove and smash an SSD/HDD, and I did a lot of this for a previous employer in the medical sector.
Follow Neil's suggestion above. What to do before you sell, give away, trade in, or recycle your Mac - Apple Support
FWIW this is a hypothetical question. I’m considering my first laptop purchase in about 13 years, and the soldered hard drive is looking like a major deal breaker for a couple reasons. If there’s no good solution here I’ll likely go back to Windows for the 1st time since XP. Or maybe try client Linux for the 10th time (lol ok maybe not that).
Not sure you read my 4th sentence… AFAIK, data wiped with classic known algorithms is still recoverable, especially in a quantum/post-quantum age. I would prefer to remove and smash an SSD/HDD, and I did a lot of this for a previous employer in the medical sector.
Thanks for the background! While the other folks may correctly answer the exact question in the title by linking to a method proposed by Apple, the method doesn’t explain “why” the method is acceptable given my privacy concern. (I know you can erase a disk. Great. However, I did not believe simply writing one pass of zeroes was safe enough, and those instructions give absolutely no insight into the safety level of the data erasure. “This is safe”. Great, sure, I still want to verify why.)
You’re right, this was a long time ago and I definitely at that point would’ve only known how to format the drive by clearing the partition table, not how to run dd/use diskutil to actually zero it out. It was also for sure an HDD. The place where I was working which required destroying the drives seems to have had a policy based more on military protocol than NIST standards.
Good to know about SSD garbage collection! I didn’t realize that was built in to the device now. Thanks for the info—it makes sense, and at least now I have plenty of info to verify the claim. Apple’s back on the menu!
“More details than you probably want…” — No this is awesome! Love it.
As is this: “so erasing an entire volume is little more than a key-rotation operation”. It makes total sense if the whole disk is encrypted… Kind of like wiping the partition table but way cooler and more effective.
”then shred the entire computer, and melt the results into slag” — great mental image there, and I agree I wouldn’t even be here asking the question if I were in a key role and there was even the slimmest chance of sensitive data being revealed. Likely at that point I would at least have the budget to melt 1 for security and 10 for fun.
So basically, from all the responses here and the mac HW/SW updates in the past 15 years, I guess all of this is purely a thought exercise. I’m probably 5 trillion times more likely to fall for a well-crafted phishing attempt than to be directly targeted using high-cost lab equipment. Only the paranoid survive, right?
Thanks folks for the super detailed backstories, resolution steps, and incredibly rapid response here. I didn’t expect this to get so much attention immediately from so many key community members! This is awesome stuff—I’m looking forward to testing out a new Mac :)
tetrapetrichord wrote:
…
So basically, from all the responses here and the mac HW/SW updates in the past 15 years, I guess all of this is purely a thought exercise. I’m probably 5 trillion times more likely to fall for a well-crafted phishing attempt than to be directly targeted using high-cost lab equipment. Only the paranoid survive, right?
Which is part of why password managers and passkeys are encouraged too, as those tools don’t regurgitate the passwords into j-random lookalike website.
BTW, on phishing, website input fields should always assume to be live. Phishing websites can absolutely collect password input strings without the return or enter or submit.
Y de nada.
Click here and follow the instructions; if you're using a hard drive(not an SSD), also overwrite the data when erasing it.
(259836)
Erase the device two more times and it should be safe enough. In these days, it is impossible to recover deleted data from SSD.
Personally, I'd just do a standard OS reinstall. The Mac filesystem is much less subject to file recovery than Windows filesystems like NTFS and FAT.
How can I safely resell my MacBook if I can’t remove the hard drive?
