Pixel Envy

Written by Nick Heer.

“Secure Empty Trash” is No Longer Available In El Capitan

I didn’t spot this in the El Capitan security notes, but it turns out that it was removed:

Impact: The “Secure Empty Trash” feature may not securely delete files placed in the Trash

Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the “Secure Empty Trash” option.

FileVault is on by default in the setup process of recent versions of OS X. OS X Daily, who I’m linking to, recommends the use of the srm command, but my understanding is that “Secure Empty Trash” is just a prettier way of accessing the same command, and which has been flagged as insecure.

Update: Eric K on Twitter:

@nickheer secure empty trash is gone in elcap *only* on systems with flash storage, because Apple couldn’t guarantee that drive controller was writing zeroes, or even erasing correct pages, on SSDs they sourced.

And:

@nickheer srm is still present and on flash drives still suffers the same issue, yes.