This is such a basic question, searching hasn’t turned it up. How do folks securely delete that one file like a bank statement that you no longer need? There used to be a way to empty trash and encrypt it, but Apple changed the process. Is all trash assumed to be securely erased now?
Thanks!

I like CleanMyMac. It has a secure file wipe feature.

Do you have FileVault turned on? If so, your files are encrypted at rest. Wiping is another level of security - nothing wrong with that.

The short answer is you don’t, unless your SSD supports secure erase. And I suspect there is a reason Apple removed the secure erase feature from Macs.

Since it is possible to destroy an SSD using incompatible secure erase software the best solution, IMO, is to turn on FileVault before you copy any data to your Mac. Then there is no chance of recovering any of the encrypted data after you erase the drive.

With wear leveling in SSDs, file debris lying around is less of a concern. That also means the possibility of file recovery is worse.

The same holds for recovery on SMR hard drives due to the way they rewrite data when modified.

No, but your entire drive is encrypted now, assuming you use FileVault, which is hard not to do these days.

(See disclaimer at the bottom.)

I don’t tend to have a lot of these files around, but if I wanted to delete a file, let’s say ~/Downloads/Bank Statement.pdf then I would do something like this (in Terminal):

cd ~/Downloads/ 

date > "Bank Statement.pdf"

That will take the output of the date command (something like Thu Sep 23 23:52:52 EDT 2021) and overwrite the contents of the file ~/Downloads/Bank Statement.pdf with it.

You could also open a Terminal.app window and type this

date > 

and then drag the file from the Finder into the Terminal window, which will automatically add the full path to it, something like

date > /Users/tj/Downloads/Bank\ Statement.pdf

That will have the same effect.

Then you can just delete the file. If anyone is able to recover the Bank Statement.pdf file, it won’t be an actual PDF, it will just be the output of the date command.

Recovering the contents of a file that was changed before it was deleted is going to be extremely difficult.

Note/Disclaimers

1. I am not a security expert, so I can’t guarantee this will work. But it is what I would do. Use at your own risk. If you have governmental secrets or similar, look for something more robust.

2. If you make backups, make sure those are encrypted too, and you might delete any backup copies too, just for good measure.

3. If you’re highly paranoid, reboot your computer after deleting a sensitive file to make sure that it’s not in memory and cannot be recovered from memory.

4. If you use Time Machine, not only should you make sure that it is encrypted, but you might also want to exclude the ~/Downloads/ folder from your Time Machine backup (assuming that is where you download private files to). That will prevent them from ever getting into your Time Machine backup.

5. If your secret personal documents are pictures, and you use an iPhone, remember:

• pictures are automatically sync’d to iCloud Photo Library if you use it

• there is a “Recently Deleted” album on your iPhone and on iCloud Photo Library that keeps pictures/videos from the camera app for 30 days after you delete them.

This only overwrites the first 10 bytes or so, leaving the rest of the file’s contents on the disk.

To do a better rudimentary command line wipe, one could use the dd command.

dd if=/dev/random of=filename bs=1k count=n

Where n is the file size in kilobytes.

Using a file wiper is much easier and more secure if multiple passes are used.

Thanks everyone. It’s surprising to me that in a security-conscious era and the Mac’s user-friendly interface, one needs to be a power user to delete a file securely. But I’m reassured since I use FileVault.