Shred your digital documents
Protect your privacy: destroy your data, don’t just delete it
‘Delete Printer’, ‘Delete User’, ‘Delete Reminder’. These are all things that your Mac will do, and they’re all things you need to do from time to time. But there’s one notable absence, both from the list and from OS X as a whole – nowhere in the operating system does Apple so much as mention specifically deleting files. And files, more than anything on that list, seem like a strange thing to leave out since we delete them all the time – or at least, we think we do. Really, we’re more used to the idea of ‘Move to Trash’.
That’s why in this tutorial we’re going to look at what this means for you, your files and your privacy, and how you can use OS X’s built-in tools to keep your discarded data safe from prying eyes and malicious algorithms.
First, it’s helpful to understand what happens when you click ‘Move to Trash’. That language is a near-perfect description of what goes on in the background: the selected files move to the Trash folder. That’s it. No files are deleted, no data is erased, and no disk space is freed up; the files are simply removed from their original locations and placed in a special folder in your user directory: ~/.Trash. You won’t see that folder in Finder because it’s hidden by default, but clicking the Trash icon in the Dock opens a special window pointed to it. From there, you can see everything you’ve moved to the Trash, drag files out to recover them, or click the Empty button.
This is where things get more complicated. Once the Trash is empty, you can no longer see the files it contained, but they aren’t exactly gone. In the interest of speed and reducing disk wear and tear, emptying the Trash does as little work as possible. Under the hood, in fact, only one thing happens, at least in the case of hard disks: any file system links to files in the Trash are removed. That means that the
Even after you empty the Trash, your data still exists on disk for at least a little while
underlying data is dissociated from the names and parent folders that used to lead to them, meaning they don’t exist in a particular place or with a particular way to be identified. However, though you won’t find them easily, they do still exist on your hard disk – or they do for at least a little while.
After the links to a block of data have been removed, it’s treated by the file system as unused storage, which is why deleting files frees up disk space: when it comes time to store a new file, the space taken up by an unlinked (‘deleted’) file is reused. When this happens, the data that made up the deleted file is finally destroyed, overwritten by the new file’s data. Depending on how large your hard disk is, this could happen after a few seconds, a year or never, which means that the data making up a deleted file could linger for quite some time before being truly erased.
The fact that emptying the Trash doesn’t wipe out your data immediately can be good or bad depending on circumstance. It means that you can sometimes use the lingering, unlinked data (called ‘data remanence’) to restore an accidentally deleted file, but it also means that a thief could potentially access personal information you thought you had deleted, or that reselling an external hard disk you thought you had erased could expose your private data to its new owner. However, OS X does include easy-to-use tools to remove data securely so that it can’t be recovered.
It’s important to note that while these tools are effective on hard drives, SSDs use a more complicated process to handle deletion, which makes the tools covered here largely ineffective (Apple even disables some of them for SSDs). If you have an SSD, FileVault encryption is a better way to protect your data, but make sure you read up on what you’re getting into with it. Nathan Greenstein