How to Use “Secure Empty Trash” Equivalent in OS X El Capitan

Oct 12, 2015 - 49 Comments

Secure Empty Trash equivalent in OS X

Many Mac users have noticed that the Secure Empty Trash feature has been removed in OS X El Capitan (10.11 or later), the reason the feature was removed is basically because it did not work all the time, but more on that in a moment. First, let’s cover how you can perform the equivalent of “Secure Empty Trash” on any Mac running OS X 10.11 or later.


For those with a knowledgable command line background, you’ll likely recognize this alternative approach of secured file removal as using the srm command, which performs a secure delete from the command line in OS X and linux.

This is intended for advanced users with a thorough understanding of the command line, and those who understand risks associated with using srm command, which is entirely unforgiving and irreversible with permanent removal of files. If you delete a file or folder with this command, it’s gone for good, you will never get it back unless you had made a backup elsewhere. Do not use this command if you do not understand file paths and the command line in general.

How to Perform Equivalent of “Secure Empty Trash” in OS X El Capitan (10.11.+)

This requires usage of the Mac command line and a very powerful secure remove command, this is irreversible.

  1. Locate the file(s) you wish to securely delete in the OS X Finder
  2. Hit Command+Space bar to open Spotlight, type “Terminal” and hit the return key to launch the Terminal application
  3. Type the following syntax exactly, be sure to include a space after the flag:
    • To delete a file:
    • srm -v

    • To delete an entire directory:
    • srm -rv

  4. Now drag and drop the file or folder you wish to remove into the Terminal command line, this will fill in the complete path to the file automatically
  5. Drag a file into the srm command at Terminal to secure empty trash for that file

  6. Confirm the path is to the file or folder you wish to permanently delete with a secure empty trash equivalent and hit the Return key
  7. Secure Empty Trash equivalent in OS X El Capitan demonstrated with srm command

  8. Repeat as necessary for other files or folders you wish to securely delete in OS X

Once you hit the return key there is no going back, this is truly irreversible. The deleted files are overwritten 35 times, which exceeds the US Department of Defense standard for securely erasing data by five times. In other words, your file or folder that you secure removed is gone for good.

If you’re adept with the command line, you can always skip drag and drop and use the following syntax to point at the proper path:

srm -v /path/to/file/to/securely/delete/example.png

You can leave off the -v flag if you’d like, but verbose mode gives you a nice progress indicator.

Secure removal of a file with srm like Secure Empty Trash in OS X

Those interested in understanding a bit more about the secure removal srm command and how to force remove a file too can can learn more here in our detailed walkthrough.

The video below demonstrates how srm works coinciding with the Finder using drag and drop to print the complete file path into Terminal:

While this is basically the equivalent of using what used to be the Secure Empty Trash function on the Mac, it’s obviously more complex, and entirely unforgiving, and thus it’s really only appropriate for advanced users with sufficient command line experience.

Why was “Secure Empty Trash” Removed from OS X El Capitan?

This is the next obvious question, why did Apple remove the Secure Empty Trash feature from Mac OS X in new releases? The short answer as to why the secure delete feature was deprecated is because Secure Empty Trash did not reliably work on some users with certain hardware. This is referenced in the security notes for OS X El Capitan, here as CVE-2015-5901 if you’re interested, and repeated below:

Finder

Available for: Mac OS X v10.6.8 and later

Impact: The “Secure Empty Trash” feature may not securely delete files placed in the Trash
Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the “Secure Empty Trash” option.

CVE-ID
CVE-2015-5901 : Apple

Makes sense to not include a feature that wasn’t reliably working, right?

Of course, privacy buffs and those who require file security may be frustrated to learn the feature is no longer bundled in OS X, but with alternatives and a few other techniques, you can safeguard data anyway. If you were using Secure Empty Trash to prevent retrieval of files from a snooper, perhaps a better option is to enable FileVault disk encryption on the Mac and maintain a strong password with the lock screen enabled to prevent unauthorized access to the computer in general. Combining FileVault, strong passwords, the aforementioned srm command, and even secure formatting of an entire disk when warranted should be more than sufficient to prevent unauthorized access to sensitive files and data.

.

Related articles:

Posted by: Paul Horowitz in Command Line, Mac OS, Security, Tips & Tricks

49 Comments

» Comments RSS Feed

  1. Jim says:

    Much appreciated!

    For other scanning the comments:

    > The rm utility attempts to remove the non-directory type files specified on the command line.

    > -P – Overwrite regular files before deleting them. Files are
    overwritten three times, first with the byte pattern 0xff,
    then 0x00, and then 0xff again, before they are deleted.

    > -R – Attempt to remove the file hierarchy rooted in each file
    argument. The -R option implies the -d option. …

    > -d – Attempt to remove directories as well as other types of
    files.

  2. ctaya says:

    I think the rm command is not a secured erase.

  3. ctaya says:

    I tried. But Terminal returned with “-bash: srm: command not found”.
    So Apple might have removed the srm command as well.

  4. Bernard says:

    In 10.12, srm is gone.

    Use “rm -P” instead for files, or “rm -PR” for folders.

  5. william says:

    This for me, a quadriplegic, makes El Capitan useless. I need to securely delete trash, but now it seems Apple has denied that feature to me. Thank you Apple for screwing up my system.

    • Dave says:

      If your Mac has an SSD it is not necessary to use secure delete in El Capitan. Regardless I wish they would not have removed the feature.

  6. TC says:

    Just tried this three times, and received an “invalid option” reply from Terminal each time. Cannot get this to work.

  7. silvia says:

    I tried the srm -v on terminal but was no able to delete the files from the folder from the trash, as the computers says they are in use. But the folders are now empty and I still can delete the from the trash

  8. Lorne B says:

    I was looking to trade in my MBP (SSD, late 2013) for a newer model with higher capacity and believed it was safe to do so but had wrongly assumed that the lack of secure empty trash since El Capitan was a sign that the empty trash was now always secure, rather than the reverse.

    I can see from the comments here that everything I have deleted since upgrading to ElCap is still hanging around somewhere (and, probably, everything I thought securely deleted prior to that too.) My guess is that there is no command for ‘go back and securely delete everything that I have tried to trash since ElCap’.

    Going back to my opening paragraph: does this mean that there is the potential for the next owner to recover/access sensitive client data that I thought was gone forever? And are there any steps I can take – without having to get too technical – to put this beyond doubt, or do I need to bury the MBP in radioactive concrete at the bottom of the Pacific to be sure?

    Is it even possible to do a manual overwrite of the ’empty’ space by filling up the SSD with harmless files and deleting a number of times?

    I would really appreciate your advice. Thanks people.

    • MrRobot says:

      Use Disk Utility. It has several features. Erase works if you use the most intrusive setting. I believe it will write over 30 times? However, don’t quote me on that. You will need to have another HDD or SSD to do it though to load the OS, because you will have to mount your current SSD and not load it as your primary disk. Does that make sense? If you have questions I can certainly explain further, but understand the UNIX file system is complex. However, data is always recoverable if one really wants to recover it. Writing over 30 times, would result in taking someone months to recover what’s on your SSD. If you’re really that concerned, destroy your SSD.

  9. Tom says:

    It may not be obvious to everyone, but you can also run srm on items that are already in the trash. Just drag the item from the trash to your terminal window (to complete the srm -v command, as explained in Step 4 of the article). It will have a path like /Volumes/DISKNAME/.Trash… or similar, depending on the volume it is on.

    Note that each volume maintains its own trash. Thus, if you put an item from a USB memory stick in the trash, that item will still be on that USB memory stick (in a hidden folder, even after you unmount it), until the trash is emptied (which requires that USB memory stick to be mounted)!

  10. Steve says:

    This is a simpler command in a Terminal to securely wipe all items that are readable in the Trash can:

    “`
    srm -v ~/.Trash/*
    “`

  11. Reggie says:

    Type sudo rm -rf ~/.Trash/* in terminal to empty Trash

  12. Joe says:

    The article should make it clear that you should *not* use “srm” if you have an SSD (flash) drive. Just like “secure empty trash” (which used “srm” to actually do the erase), “srm” does not work on SSD drives! It can’t be fixed. It’s not Apple’s fault, it’s just the way the drives work. The only thing Apple can be criticized for is not warning people about this sooner.

    There’s no point in looking for some other file-overwriting utility like a shredder or Onyx to do it, or going back to a previous version of OS X. It’s just not possible, none of them ever worked on SSD drives.

    Not only is it useless, but using “srm” or some other utility on an SSD drive really can cause it to wear out prematurely. SSDs from only a few years ago can fail after only 3,000 writes to the same area. So if you are regularly secure-erasing hundreds of files with the 35-pass erase, it can have a real effect.

    “srm” is still useful in some cases to secure erase files on old spinning hard drives – though temporary or backup files, or the OS X “Versions” system can make it pointless. In any case, using a 35-times overwrite is a waste of time. One time is enough. So you should use, for one file:

    srm -sv filename

    Or for a directory (recursive):

    srm -srv directoryname

    Also the suggestion by “Lisa” to use “delete immediately” does not do a secure erase, the file could still be recovered. It’s only useful when you want to “empty” one file from the trash, but not the others.

  13. Jimmy says:

    Doesn’t work with or the out the “-v” in front of it. Did like what was shown. Says No such file or directory

    • cassidy says:

      You are entering something wrong, “Says No such file or directory” means you are pointing it at something that does not exist, hence no such file, or no such directory. You are doing somethign wrong. The command line is over your level of experience, that is OK, best to leave it alone so you don’t break something.

  14. Lisa says:

    Just right click on the folder in the trash and choose ‘delete immediately’… voila!

  15. j Gregory says:

    Wow. Very easy to follow instructions because you gave details (and visuals) and didn’t assume the reader knew more than he/she knew. Well done. Start writing manuals.

  16. Larry Gilman says:

    “Makes sense to not include a feature that wasn’t reliably working, right?”

    No, it doesn’t make sense at all. What would make sense would be to repair the feature.

    If all features that had reliability issues on some systems were simply removed, OS would have no features at all by this time.

    Apple’s at fault here. But I thank you for the workaround instructions!

  17. Redland says:

    I just purchased a popular, commercially available ‘shredder’ program that states it ‘securely deletes files on OSX, including El Capitan. Immediately after purchase, I found a singular review stating all data was recoverable using the previous edition running OS10.5 (no mention of HD). Wondering if I wasted my money? Both of my newer Macs are equipped with SSDs.

  18. para noid says:

    NSA/Homeland security feature

  19. aryu says:

    Onyx is a very good Mac OS X tool that can access hidden settings. One is “Secure Delete Trash” under the heading “Cleaning” then “Trash”. Read it very carefully as with everything in Onyx.

    http://www.titanium.free.fr/onyx.html

    All Mac techs should have a copy.
    Besides, it’s Free. It’s full-featured and not a demo.

    It’s not intended for the average user.

    [I am in no way associated with Onyx or it’s organization.]

  20. Tom says:

    Yes, thanks for the option. Would be nice if Apple would also update the help files as opposed to burying the info in a security note.

  21. Andrew says:

    If you are using whole drive encryption and only you have the key to decrypt the drive, then ‘secure’ deletion is not very necessary at all. It can add to the obscurity of finding a file if the drive can be decrypted, but the decryption itself kind of does enough.

  22. Okami says:

    A few months ago I read a forensic publication about the persistence of deleted files on SSDs. The gist is that the now ubiquitous TRIM function (available for non-Apple drives since OS 10.10.5) takes care of deleted files in a definitive manner without the need of further intervention by the user.
    The problem for investigators being that if they power up an SSD, even when connected to special forensic read-only interfaces, just by being powered up, the drive will progressively and inevitably erase the charge of available cells, thus making deleted files irrecoverable.
    Granted, this does not help the millions of users with traditional Hard Drives, but you have to bear in mind that Apple is usually looking ahead. Remember the elimination of floppy drives or Super Drives? Almost all new Macs are equipped with SSDs, or have those as an option. The “Secure empty trash” command is redundant on those machines for the aforementioned reasons.
    From the “common user” point of view, removing that option solves a big problem: new users tend to roam System Preferences and activate every “promising” option (File Vault? that sounds great, let’s turn it on! Secure empty trash? Why not? I want to be sure my groceries lists get erased properly!). As an Apple-certified tech, I got innumerable customers complaining for how slowly their trash emptied. Guess what, they had activated Secure Empty Trash.
    Apple’s “walled garden” policies make life easier for the vast majority of users. For more “security-conscious” (read paranoid) users, there are several apps that can solve the issue.

  23. Leon says:

    Yet another reason to get back to 10.8.5

  24. Ali says:

    Actually guys what you are doing is the same what apple did with secure empty trash. so find another way guys which based on Trim or Trim garbage or I do not know … they only way by make volt to set the blocks or pages in SSD to zeros works … how we do it?

  25. MrMagoo says:

    I use Main Menu Pro which has the Secure Delete and Secure Empty. However, i rarely ( never ) use that feature because in my +30 years of using Mac’s i have found it’s a complete waste of time. When i did try the Secure Delete data recovery programmes were able to recover those files that supposedly were ” secure ” deleted.

  26. OSXWEEKLY says:

    “Makes sense to not include a feature that wasn’t reliably working, right?”

    No, it makes sense to make it work reliably.

    “You were having problems with your catalytic converter, right? We fixed it by removing it. Don’t get pulled over. Have a nice day!”

    • Panos says:

      Hahaha…like!!!!

    • Sebby says:

      Making it work reliably on flash is hard, though.

      But they could have made the effort. TRIM the blocks on which the file is located. Or make a TRIM-based method of erasure accessible in Disk Utility. That would have been a nice start.

      • Guest says:

        But why bother? HDDs (i.e. spinning disks) are in decline and will lose their relevance soon enough, whereas SSDs can’t be selectively and reliably overwritten, not even securely wiped through this method (as SSDs tend to have more pages available internally than are made available to the computer in order to facilitate garbage collection. For these cases the firmware can emit the ATA Secure Erase command to zap the entire drive). Even TRIM is not reliable as the system still doesn’t control when stale pages are actually zapped, the SSD controller will do that eventually, but you could never tell when that happens. It would be fruitless to put a lot of effort into a program that fewer users will use over time. Encryption is the way to move forward as it does exactly what people want from the start, namely keeping all of your data private.

        • Dax says:

          HDDs are only in decline for laptops. Anyone with large storage requirements will still use HDDs for a long time, thanks to SSDs being stupidly expensive. Encryption is indeed a good solution for actual security, but even with an encrypted filesystem you may want to wipe files if you’re using an HDD. Oh well, at least you can still do it via command line.

  27. Michael Long says:

    SSD drives use wear-leveling to remap sectors (pages) on the drive. As such, there’s no way to reliably write to the the same sector 35 times.

    In effect, you’d be writing to a new sector 35 times, leaving the original intact.

  28. david says:

    I second what RPK say uper, Apple remove the secure empty trash because with SSD is no sens to do ! secure empty trash going to write ” 0 & 1 ” at the place of the files by 7 or 35 …

    In a traditional DD is worth to do, not in a SSD , in the case you insisted by ereasing your file with this mode, your SSD’s going to died more quickly….

    I do not check already the exact doing of holding the option key & select ( on the finder menu ) empty trash, but it can be a new way to explore…

    Also, once a file is on the trash, right clic & you see “remove completly…….” maybe this way too is another option ( or the same then with the option key holded….)

    • Jason says:

      Die more quickly? Technically you’re accurate.

      Noticeably? I doubt it. SSDs have a ridiculous lifespans, the more modern ones have even longer with write leveling and more resilient storage chips. You would have write 30-600GB of data to an SSD every day to make it fail in five years. This is reaching Petabytes of writes.

      My strongest recommendation is to use full disk encryption so that when you’re done with the drive, you format it and the decryption keys are destroyed – rendering any remaining data absolutely irretrievably gone.

  29. vdiv says:

    If the secure delete option of the trash can was not secure enough then is the command srm more secure? If not why not remove that as well, what is the difference between the two?

  30. rpk says:

    If you have a SSD drive, it’s quite likely that ‘srm’ isn’t going to help you unless you erase the whole drive.

    Apparently it has something to do with the way SSD filesystems are mapped. There are cases where the data isn’t even touched.

    It stands to reason that thrashing your SSD with ‘srm’ is needlessly shortening the life of your SSD disk.

    As stated above, if you want serurity, use an encrypted file system.

    It’s also simple enough to make an encrypted .sparsebundle DMG with Disk Utility. But over time, as you delete files from it, the space is not reclaimed and the DMG will consume more space on disk.

  31. Robert D. says:

    Occasionally (more often than I would like) I run into a problem where I cannot empty the trash due to a file in use error. The only way to clear this situation was to use the secure empty option. So now, the only way to clear this type of error is to go through the command line method?

    • Rijish says:

      You can still delete those files by going in to trash, right clicking those files and use the option ‘delete immediately’.

    • Leonard says:

      It happens when the system does not effectively transfer the deleted file to the trash and there are residues. Another method to get around this is to restart the Mac, then the caches will all be initialised, then the empty trash would work.

    • JAY says:

      It’s quicker,EASIER and a DAMNED SIGHT SAFER to
      do a simple RESTART of your Mac ! It does the trick
      and keeps the uninitiated OUT of the COMMAND LINE !
      JAY

  32. This is great. Thanks for posting the explanation behind the missing secure delete feature.

  33. Wharf Xanadu says:

    There is also a new delete immediately option but I don’t think it’s secure

Leave a Reply

 

Shop on Amazon.com and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks

News

iPhone / iPad

Mac

Troubleshooting

Shop on Amazon to help support this site