Home Forums Mac Software Mac Operating Systems OnyX Secure Erase Warning for SSDs

I'm not sure why it is a terrible idea. You just write a large stream of anything to it and then you stop and you write a large stream of something else. Maybe Apple doesn't put new SSD drives in refurbs but at least this obscures what was on it...

It takes some getting used to, but there's apparently no need to obscure your data, because it's so scattered that just erasing your directory renders it unrecoverable.

I've read the secure erase cons more than once, and I still don't understand them fully, if at all....got to read them a few more times.

I believe that newer Macs (Edit: laptops, anyhow) have their SSDs soldered to their logic boards (i.e. bad SSD = bad logic board = scary thought out of warrantee), and I doubt that Apple changes either HDDs or (free standing) SSDs in refurbs unless it's necessary, but under any circumstances, I'd hate to think that they're doing something to SSDs that they're advising us against.

I think I wasn't clear above. Someone wanted to sell a used MBP that was still under AppleCare but wanted their drive wiped securely. There was no option to do this in Disk Utility because it had an SSD. So, I called Apple and they told me an SSD could not be securely wiped so what 'some people' do if they are especially concerned is write most (?%) of the drive with a continuous stream of ANYTHING, not zeros. Then do it again. From what I understand, it writes over the oldest data first, so what wasn't written over the first time is written over the second time. Not perfect, better than nothing.

Beats replacing the motherboard if that is what it takes to physically destroy the drive; the only other choice if they are not separate components...

Apple refurbs: AFAIK, not every refurb has a new motherboard,

How do you do that?

Somebody more knowledgeable than I will have to explain how differs from, i.e. is safer than, a one-pass zero all data. (Would 51% would be an "acceptable" "most" because doing it from both ends will amount to at least 100% if it in fact happens from both ends as the Apple tech said it does?)

Yeah, it beats replacing the logic board, but it may risk harming the SSD, and who wants to buy (or, for that matter, sell) a compromised Mac, particularly when a compromised SSD may mean a compromised logic board?

I think the world is just going to have to come around to the fact that with an SSD, no secure erase is secure anyhow, and until then, buying a used Mac with an SSD may be more or less of a mistake depending on whether the drive is soldered into place or free-standing. Either that, or encryption, such as FileVault, will have to become the norm. Under the circumstances, perhaps it needs to be made mandatory with SSDs.

As for refurbs, if I understand correctly, only those components that require replacement are replaced, and I doubt that lack of secure erasure is reason for an SSD's or logic board's replacement.

I don't use SSD's because I don't need to. Spin drives are so cheap I think of them as a consumables and speed is nice but not crucial. Not a fan, but that being said:

Of course, you have to 'erase' the entire drive first and between the two streamings to make space. Also, you can't fill it up each time to the point where the directory, or whatever voodoo an SSD uses, is damaged. Apple told me the percentage to fill it up to, but I can't recall. Then I'm guessing the drive space is first in, first out or it wouldn't work. (The files are still there with the dates created, right, you're just being told the space can be written over.) I filed it up each time with my books on tape. If that's the first thing a hacker uncovered, would he keep digging for an Excel spreadsheet or move on?

It makes some kind of sense, I think. As for the refurbs, I don't know if they would trash a motherboard that tests well simply because it has an SSD attached. But selling it with a used SSD creates the possibility of the buyer of the computer unmasking the previous owner's data and using it to commit a crime. What to do?

V1, what do they do?

Thanks.

1. They mentioned that zero all data is not necessarily effective, but not that it's dangerous to an SSD's health.

2. They didn't mention the degree of difficulty involved in recovering data after their procedures were run...CRITICAL to any evaluation.

3. They didn't seem to address the data remaining in those blocks(?) that were once used but are no longer functional (as per V1) and can't be overwritten.

4. Looks like Apple has figured out how to kill the used Mac market...paranoia over their SSDs.

I guess it really comes down to what kind of data you've got on your drive and your degree of warranted or unwarranted paranoia.

From where I stand, my only critical data has been stored in encrypted disk images - with their passwords nowhere other than in my head - since day one, so I believe it's unrecoverable.

The rest of my data is innocuous as is, I'll guess, most of everybody's data, so anybody willing to go the distance to recover it is welcome to do so.

And finally, I'll guess that it's pretty unlikely that anybody is going to go the distance to rummage through a previously used SSD without knowing it'll be worth their while, so perhaps it'd be helpful to make sure that nobody knows from whom they bought their used Mac.

That, and if you haven't encrypted your SSD from the get-go, make sure that newly created critical data is stored in encrypted disk images.

I guess you don't have the formula for Coca Cola on your SSD.

Ok, I posted this somewhere else and yeah, some of the stuff that's going on might keep you up at night, but there are experiments in cyber-security that are mind-blowing, quantum encryption keys, for example:

"PBS: Rise of the Hackers"

It's on Netflix

I wonder if it's maybe time for Apple encrypt Keychain Access? It would cover most people's potential exposure.

Sure, we've got FileVault, but its universality would be overkill in most instances.

Edit: Feature request submitted to Apple.

that DOES raise an interesting question with regard to refurbishing a drive - what do computer companies DO with them to erase them?

Spared blocks do still happen on regular HDDs, but much less often. And the wipe process has been pretty straightforward for year.

It sounds like the advice they're giving out is more of a statistical "your information is totally hidden from the average Joe, and probably, mostly gone for a determined person."

I had a customer bring in a brand new G5 that was "starting up funny". It had been shipped to them with INDY on it, the internal, low level Apple hardware test suite on it. I assume it's what they use while developing the hardware and drivers. The level of control it has over the computer is amazing, I had full unrestricted access to pretty much every piece of hardware in the box. Cool to look at.

I can only assume they bought a refurb, where that one had been tossed after dev testing, and it got into the queue past the HDD swap / erase step in the process. So accidents DO happen. And I saw it happen again a year or so later.

The source of the information on the TechRepublic article linked above:
http://nvsl.ucsd.edu/index.php?path=projects/sanitize
Interesting stuff.

Oh, and Coca Cola is a citrus beverage.
(Oops, gotta run and hide, loud banging at my door...)

It's interesting that you found that level of testing software on a refurb more than once. Might lend some credibility to something someone at Apple told me about buying a refurb, that each one is more carefully tested than those that come off the assembly line and in some ways you are better off if you don't want to spend time at the Genius Bar after you get your assembly line Mac delivered.

Possible explanation?

Explanation All else being equal (which it never is) HDs are slower than SSDs because of…

1. seek time — the time it takes the drive to mechanically move the read/write head to the track on the disk containing the desired data and
2. lag time — how long it takes after the read/write head reaches the track for the desired data sector to rotate under the head.

For that reason a lot of time, money, and intelligence has been built into the drives and various disk utilities to as much as possible assure files are stored in contiguous data sectors and there is as little unused space between files as possible. This is good for HD performance but it makes data recovery, even deep data recovery a lot easier because once a file segment is identified the rest of the file can be assumed to be in consecutive segments. Add to that the magnetic impressions on HD media can be retrieved up to 8 levels deep or more and you have a distinct security risk in case the NSA or FBI wants your data badly enough.

Since SSDs have no mechanical moving parts they have no appreciable seek nor lag time delays so the data can be written to the first available data sector on the drive without regard to whether or not the data sectors are contiguous or there are blank data sectors. This makes data recovery enormously more complex and difficult.


Not to start an argument but given the data in Keychain is encrypted and to access the data requires the user's password. What part of Keychain would you have Apple encrypt


When encrypting everything on the drive — be it an HD or SSD — as either the solution or alternative to the ineffectiveness of securely erasing, how would you envision that being any different than FileVault either in concept or execution?

Thanks for that great explanation of precisely why SSD data is so scattered...why data recovery is so difficult; I think it probably clarifies the matter for many more posters than just me.


Uhhh... I apologize for that one!

I was close to dropping off to sleep when I realized that Keychain Access must, of course, already be encrypted, and it just wasn't a particularly opportune time to edit my post.


I think you misunderstood me on that one.

I simply meant that FileVault may be considered overkill...even more dangerous that merely encrypting Keychain Access (which, of course, is now off the table).

(The only possible difference in execution of which I'm aware is that en/decryption is faster if done by the drive, itself, rather than by OS X, but that option seems to be limited to Windows users.)

Just a note here, The Non-Volatile Systems Laboratory, mentioned above when I posted this link:
http://nvsl.ucsd.edu/index.php?path=projects/sanitize
are trying to find SSD manufacturers who want to partner with them to develop built-in encryption. The last paragraph mentions that.

I think the NSA has suggested a few encryption algorithms for them to use....

Don't forget Settling Time. The time it takes the head to stabilize after moving, stop shaking and wobbling, and start flying smoothly on the new track before reliable I/O can occur

Assuming the developers of on SSD encryption have three functioning brain cells hardware encryption would, at most, involve a minuscule addition to the ATA/SATA interface standard and would be completely OS neutral. Another major advantage of hardware/firmware encryption.

Just to add a little info . . .

FILE SHREDDER, SHREDIT X and PERMANENT ERASER did not securely delete some "stubborn" files/folders that ONYX was able to do.

Score 1 for ONYX.

Aaah! I just grasped that.

When I said that en/decryption done by the drive, itself, rather than by OS X (should have said "by the OS") seems to be limited to Windows users I meant that when I've seen the option (on HDDs only, I believe) it has been bundled software that disappeared when the drive was formatted for Mac. Sorry for not being explicit.

Edit: Your scenario is an excellent idea whose, with the proliferation of SSDs, time has probably come.

I believe what you are seeing in Windows is not hardware encryption rather the same thing found in OS X under the sobriquet FileVault.

Depends on the drive in question. Some hard drives ship with (Windows-based) software encryption. Some provide hardware-level encryption, though often with only Windows drivers or Windows apps to set the hardware encryption password.

Those that ship with hardware encryption often fail at providing security. For example, Western Digital offers USB hard drives with hardware-based encryption that will (supposedly) encrypt the data as it is written. However, a weakness in the cryptographic key generation routines in the drive's firmware renders the hardware encryption useless.

No, that's not it (Very happily, I've got no occasion to ever see anything in Windows!); it's something that's pre-installed on the HDD (as per tacit):