- Hide menu

Setting up a Macbook with SSD – ensuring information privacy

As virtually all Apple Macbook laptops now come with a non-removable SSD, a little known serious issue is there is no simple way of deleting-removing your data securely when you want to dispose of your SSD-powered Mac. When you get a new computer, the last thing you think about is getting rid of it, but a couple of simple setup considerations will make disposing of your Macbook a lot easier down the track.
Previously, with non-SSD Macs, you can use Apple’s Disk Utility to erase a disk, with an option to do it securely. This process overwrites empty space with zeros a number of times. But, on MacBooks with a SSD, there is no option to do this because data is stored differently on SSDs. There’s an extensive article here that explains why. There are two options if you don’t want someone getting hold of your data when you sell your Mac. Remove the SSD, which isn’t really a practical option as Apple integrates the SSD into the Macbook, or use Apple’s Filevault 2 encryption. That’s right – to erase the contents, first use FV2 to encrypt the contents which occurs at the disk level, and then after that’s been completed, erase the disk and remove the encryption.
Using FV2 works because when you enable it via the System Preferences > Security & Privacy panel, the operating system starts encrypting the entire disk with all its information with the password you have entered. FV2 is a disk level encryption which means data and empty space is encrypted. The older FV1 was a file-level encryption which only encrypted files and not the empty space. This means your entire disk is gobbledygook unless it is decrypted with your password.  Therefore, the process goes like this. Make my disk gobbledygook; Delete my data; Turn off FV2 which converts the gobbledygook back to normal readable files (which now contains only Mac stuff without my personal data).
This process will take several hours, maybe even overnight, but it won’t protect you if you lose your computer or if it gets stolen. So my advice is to enable FV2 as soon as you get your new Macbook, before you put any personal data on it.  Doing that means that when you want to dispose your Macbook, it’s 2 clicks to securely delete you data, and if it falls into an unauthorised users hands, your data is protected via encryption.
The slight downside of using FV2 is that there’s slight hit on disk performance. But when the new Macbook Pros are getting over 700MBytes/s read and write, the FV2 overhead is trivial compared to the old magnetic disk speeds. However, if this bothers you, these two tutorials (12) will give you info on moving your home directory on a FV2 partition and leaving the operating system and apps on a standard partition. This would allow you to have raw video or images or whatever you didn’t need encrypted being accessed at the SSD’s full speed.
FV2