How to Use “Secure Empty Trash” Equivalent in OS X El Capitan
Many Mac users have noticed that the Secure Empty Trash feature has been removed in OS X El Capitan (10.11 or later), the reason the feature was removed is basically because it did not work all the time, but more on that in a moment. First, let’s cover how you can perform the equivalent of “Secure Empty Trash” on any Mac running OS X 10.11 or later.
For those with a knowledgable command line background, you’ll likely recognize this alternative approach of secured file removal as using the srm command, which performs a secure delete from the command line in OS X and linux.
This is intended for advanced users with a thorough understanding of the command line, and those who understand risks associated with using srm command, which is entirely unforgiving and irreversible with permanent removal of files. If you delete a file or folder with this command, it’s gone for good, you will never get it back unless you had made a backup elsewhere. Do not use this command if you do not understand file paths and the command line in general.
How to Perform Equivalent of “Secure Empty Trash” in OS X El Capitan (10.11.+)
This requires usage of the Mac command line and a very powerful secure remove command, this is irreversible.
- Locate the file(s) you wish to securely delete in the OS X Finder
- Hit Command+Space bar to open Spotlight, type “Terminal” and hit the return key to launch the Terminal application
- Type the following syntax exactly, be sure to include a space after the flag:
- To delete a file:
- To delete an entire directory:
Once you hit the return key there is no going back, this is truly irreversible. The deleted files are overwritten 35 times, which exceeds the US Department of Defense standard for securely erasing data by five times. In other words, your file or folder that you secure removed is gone for good.
If you’re adept with the command line, you can always skip drag and drop and use the following syntax to point at the proper path:
srm -v /path/to/file/to/securely/delete/example.png
You can leave off the -v flag if you’d like, but verbose mode gives you a nice progress indicator.
Those interested in understanding a bit more about the secure removal srm command and how to force remove a file too can can learn more here in our detailed walkthrough.
The video below demonstrates how srm works coinciding with the Finder using drag and drop to print the complete file path into Terminal:
While this is basically the equivalent of using what used to be the Secure Empty Trash function on the Mac, it’s obviously more complex, and entirely unforgiving, and thus it’s really only appropriate for advanced users with sufficient command line experience.
Why was “Secure Empty Trash” Removed from OS X El Capitan?
This is the next obvious question, why did Apple remove the Secure Empty Trash feature from Mac OS X in new releases? The short answer as to why the secure delete feature was deprecated is because Secure Empty Trash did not reliably work on some users with certain hardware. This is referenced in the security notes for OS X El Capitan, here as CVE-2015-5901 if you’re interested, and repeated below:
Available for: Mac OS X v10.6.8 and later
Impact: The “Secure Empty Trash” feature may not securely delete files placed in the Trash
Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the “Secure Empty Trash” option.
CVE-2015-5901 : Apple
Makes sense to not include a feature that wasn’t reliably working, right?
Of course, privacy buffs and those who require file security may be frustrated to learn the feature is no longer bundled in OS X, but with alternatives and a few other techniques, you can safeguard data anyway. If you were using Secure Empty Trash to prevent retrieval of files from a snooper, perhaps a better option is to enable FileVault disk encryption on the Mac and maintain a strong password with the lock screen enabled to prevent unauthorized access to the computer in general. Combining FileVault, strong passwords, the aforementioned srm command, and even secure formatting of an entire disk when warranted should be more than sufficient to prevent unauthorized access to sensitive files and data.