Many SSD controllers have built-in encryption keys which are used to encrypt all data written to the flash. Apple’s most recent systems (T2 in Macs, A-series chips in iOS devices, M-series chips in newer Macs) do this.
Doing this prevents the flash chips from being separated from the SSD controller. If you try to remove the chips and read them directly, or attach them to a different SSD controller, you’ll get garbage data because the decryption key is stored in the original SSD controller.
But this is not a substitute for FileVault.
If you have an encrypting SSD controller, but don’t use FileVault, anybody can read the data as long as they don’t separate the flash chips from the SSD controller chip. An external drive can be connected to a different computer. If your Mac is stolen, its internal storage can be read from Recovery Mode, or if the computer is booted into Target Disk mode.
FileVault protects against these attack vectors in addition to attempts to bypass the SSD controller.
So many people basically want secure locks on their doors but no need to deal with keys. Not aimed at anyone in particular just an observation of the world these days.
The way to deal with not losing your data if you lose your keys is to use a secure backup system. Some people think such things don’t exist. But you either have to live in a cave or trust someone. I use Backblaze.
Oh, and while most SSDs now do self-encryption, many of the implementations over the years have been flawed to the point of near uselessness. So while most brands have cleaned up their act I just figure they haven’t and work around that.
To the seeming arguments about how to really erase something at a practical level, you either trust the laptop encryption or not. But if you have an external NAS for the house or office or just some external drives … at some point you may need to get out the drill press and just move on.
A big part of this issue is we’re dealing with an all most black box situation. Very few people really know what is going on inside of any one SSD and we all want to make assumptions about how they work and how to erase our data without much effort. But each brand (and model) can be very different internally. Fighting against the firmware is a losing game in my opinion. And one where we many times don’t even know the rules.
To be honest I’m more worried about a breach at a vendor taking an online order from me than someone extracting the data off my person storage devices. But this gets emotional at times. People tend to worry about what they think they can control (things they can touch) and not worry about things far away. (That vitamin mail order sales company 7 states away.)
And to wrap this up. As a teen I got yelled at if I took the keys out of the car when I got home. The keys were to be left in the ignition where they could be found when needed. And the door to our house were not locked most of the time until after I had moved away from home at the age of 20.
This has been a very informative thread, @Lucas043 , but if you want to discuss the relative merits of cloud storage tools, I think you should start a new topic. I think I hear the sound of the drawer opening where @ace keeps his thread cleaver.
To pile on, err, expand Jeff’s comment file, syncing and backup are different things. And while some syncing systems CAN function as a backup you really need to know the issues and get the settings correct. And not all syncing systems can be reliably used as a backup.
A separate thread would be good. And I suspect there’s a Tidbits article and a Take Control book on this. Likely multiple. Plus past discussions here.
regarding FileVault, doesn’t the fact that the apple store requires the admin password for repairs defeat the idea of privacy ?
My mac recently crashed . I could not even turn it on to erase the drive before sending it in for repairs. The apple service provider will request my admin password.
thank you
When I have sent machines in for repair, I’ve taped a note that says “I have backups. Feel free to erase all storage if necessary.” I have never been asked for my password.
for my education and my understanding of Mac OS security
one article from a reputable site suggests always having a second admin account called Repair with its own separate admin password, and when it comes back from the repair shop to delete the account and create a new one with a different password.
I am confused about admin accounts. Can I have 2 separate admin passwords ? If that is the case, could someone logged in as admin with a separate password see my data?
You can have many administrator accounts, just create accounts in the Users & Groups preference pane and check the “Allow user to administer this computer” checkbox. Administrators cannot see passwords for other accounts (or even their own!) but they can change passwords for any account. Once anyone (other than the guest account) is logged on to a machine with FileVault enabled, the disk decryption key is active so data on the disk is visible to any administrator and most data on the disk is visible even to non-admin users.
In other words, you can’t give friends, family, or a service technician access to any account and expect your data to remain private. That’s why you should always have good, current backups (that’s plural) and let the technicians know it’s okay to wipe the machine.
More specifically, you can configure any account to be a FileValult-unlocking account. FV’s system settings let you specify which users are capable of unlocking the volume. Any users where this is not specified can’t unlock it (and therefore can’t log in until some other user unlocks it).
The idea is that the initial boot on a system where the boot volume is FV-encrypted doesn’t take you to the normal login screen. Instead, it goes to a “pre-login” screen that accepts a user ID and password. If the user you log in as has permission to unlock the volume, the volume is unlocked and the system boots the rest of the way, including logging in the selected user.
When you log out (without a shutdown/restart), you will then end up at the “real” login screen, which can accept logins from users that don’t have permission to unlock the volume (including guests and users defined by remote authentication servers.)
As for giving others access, you should be able to create a non-admin account for the purpose of giving it to service techs. This will let them unlock the volume, log in and run diagnostics (at least whatever can be run without being an administrator). They shouldn’t be able to access your documents without admin privileges if you set up file system permissions appropriately (e.g. don’t grant read access to your Documents folder to any other users).
But these days, there probably is no need to grant this kind of access. Any Apple utilities that are needed to complete a repair (e.g. if a TouchID sensor needs to be replaced) can probably done by booting a special repair volume, and shouldn’t require booting your locked-down system.
I think that it is reasonable to be cautious. Some (many) apple repair shops service providers in my area are extremely dishonest low life and have all kinds of scams going. The most common one is convincing customers (at the time they pick up their mac from repair) that routine maintenance / upkeep includes changing the primary drive every 3 years. I know because of friends who consulted me. One tried to even convince my wife when she picked up a mac from repair which irritated me to put it mildly. One of them (an official apple provider) tried to sell a friend a new mac with 3rd party parts (ram, primary drive, etc). They are on par with used car dealers. I don’t know why so many people hold them in high regard. Probably because they think that they are dealing with “apple”. When you send / bring in your mac in for repair, it’s not repaired at the apple store. Mac are distributed to different service providers for repair. It’s a big part of the privacy issue that concerns me.
The Financial Times published an article today on Big Tech and institutions shredding perfectly working drives that can be reused.
Underpinning the reluctance to move away from shredding is the fear that data could leak, triggering fury from customers and huge fines from regulators.
Last month, the US Securities and Exchange Commission fined Morgan Stanley $35mn for an “astonishing” failure to protect customer data, after the bank’s decommissioned servers and hard drives were sold on without being properly wiped by an inexperienced company it had contracted. This was on top of a $60mn fine in 2020 and a $60mn class action settlement reached earlier this year. Some of the hardware containing bank data ended up being auctioned online.
While the incident stemmed from a failure to wipe the devices before selling them on, the bank now mandates that every one of its data-storing devices is destroyed — the vast majority on site. This approach is widespread.
…
While the shreds are widely sent for recycling, today’s processes only recover about 70 per cent of the materials, according to Julien Walzberg, a researcher at the National Renewable Energy Laboratory.
The small amounts of critical raw material lost in shredding add up, contributing to the 54mn tonnes of electronic waste produced globally every year. Every speck lost requires more to be mined, often from areas of the world embroiled in conflict. Demand for such materials is projected to grow as the world electrifies itself away from fossil fuels.
“Shredding causes a massive problem for sustainability,” says Deborah Andrews, professor of design for sustainability and circularity at London South Bank University.
Corporations definitely are paranoid about data leakage. Many of my former customers would never let a drive out of the building once it had been used. Yes, they are concerned about leaking data, but I’m not so sure that the prevalence of this action is due in no small part to to government or industry regulations.
Hopefully this nonsense can be controlled as companies decide to do full disk encryption of data at rest. Then it won’t matter if drives that can be refurbished leave the building, and there’ll be less e-waste.
