I am considering giving away my 2012 MacBook Pro with an SSD but have learned that there is no way to securely erase the contents of that SSD unless, from the very beginning, you turned on FileVault. Someone with the right skills and software could access all your data on that SSD. For all of us with internal SSDs, your answer would be very helpful. Thanks, Gary.
—–
Bob Gerard
MacMost Q&A Forum • View All Forum Questions • Ask a Question
Can You Secure Delete an Internal SSD?
Comments: 6 Responses to “Can You Secure Delete an Internal SSD?”
Comments Closed.
First, it is extremely unlikely you will have a problem if you just erase your Mac's drive normally and give it away. While it isn't impossible for an erased SSD to contain some phantom data, and it isn't impossible for there to exist a person who would get it, then decide to dedicate the time and effort to try to recover that data, it is very very unlikely. If you are a Senator, on the board of a major company, a member of the CIA or MI6, or a character in a movie or TV show then sure, you may want to take the precaution. But you probably have an IT department that handles this for you.
There are far easier ways to "get information" from people. Social engineering is much easier. Weak passwords are much easier. If you want credit cards, any wait staff in the US handle dozens of cards out-of-sight each night.
If you really want, you can always turn on FileVault now. Let it encrypt your drive (could take a while). Then erase the drive and reset the Mac. Any phantom data would then be encrypted data.
Also, it was far more likely that you'd get your laptop stolen while you were using it, and someone could have accessed your data then (you said you had FileVault turned off). So if carrying around a non-encrypted laptop for 10 years wasn't an issue, why is spy-level security an issue now? Something to think about.
Thanks for putting my mind at ease on that score, Gary. Most appreciated.
While waiting to see if you would take my question, however, I did some research on this question, and saw the allegation that for the method you describe to work, you have to have had FileVault turned on from the outset. Is there any truth to this? I am hoping your advice to turn it on now & then erase the SSD will work.
Bob: Well, suppose you had 400 GB of data on a 500 GB drive. Then you encrypted it. 4/5 of the drive would be encrypted. I'd assume the blank 100 GB would be just blank, which is no problem. But suppose you deleted the contents. So you used to have 400 GB of data, now you have 20 GB (system, etc). Then you encrypt. It would encrypt 20 GB and 480 GB would be left alone. If that 480 GB contained phantom data, it could potentially still be there since that space was considered blank and those bits wouldn't be changed. But at the same time the entire encryption process is writing lots of new files to the drive, so it is unlikely much would remain that was salvageable.
So I think that is what they mean. It is more effective if you actually encrypt the actual data before you erase the drive.
But again, this is spy or tv/movie stuff.
In the past I have booted from an external drive; both an external SSD and HD. I then use Drive Genius to securely erase the SSD; using the DOD level of security . I believe that will do the trick.
I believe Gary's suggestion about using file works really well. When ever I am passing on a ssd or hd; I FileVault the drive and put in a very obscure password.
Just and idea; it might not be everyone's cup of tea.
Gifting your old laptop is a great gesture as well as the repurposing / recycling aspect of it. But let face it, these devices are consumables. A 2012 laptop ending it lifecycle in 2022 has had good use & provided good service viewed in 'technology years'. (And the internal fans have had it.) The only way to be sure that stored data is unaccessible is to remove the SSD drive (easy to do as I owned a 2012 mbpr) and physically destroy it. You can still gift the device & they buy a new drive.
Here is what I did with a 2012 mac air about 6 months ago. I went to local computer shop and asked if he would remove the hard drive for $10. He did and then I cut the chips apart destroyed each with 2.5 lb. hammer and then over a 5 week period put one in the trash can.
I sleep pretty well now.