Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A method to securely empty trashed Mail messages' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A method to securely empty trashed Mail messages
Authored by: Mendenhall on Nov 10, '04 01:30:45PM

Warning! I doubt that there is any security associated with this at all.

Moved messages also remain in the source mbox file for a long time (until the mbox is rebuilt, usually). Thus, all you are doing this way is making a _copy_ of the message, and securely deleting the copy. The original is still probably sitting in the mbox file, just marked as deleted!

FWIW.



[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: Hamo on Nov 10, '04 01:38:11PM

Agreed!



[ Reply to This | # ]
Yap, keeping things secret on a computer is not that easy
Authored by: hamarkus on Nov 10, '04 01:50:58PM

Everything that has been in memory might have in swapped out at some point and might still sit there on your hard drive, even if the swapfile got deleted.



[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: szabesz on Nov 11, '04 06:50:49AM

The way Apple has implemented the "delete feature" in Mail.app is a shame! You cannot really delete mails and attachments from the mbox files. You loose the (easy) access to them by using the delete commands, but they keep lurking around in the mbox files even after they have been rebuilt. First your mail folder keeps growing over 1GB in no time. Second, you are unable to manage your own security! Things are going to get worse in Tiger. All the information that has ever materialised on your Mac will be recorded in the HSF+ filesystem! Your only way to get rid of all the confidental data will be the to preform low level format! Right now I do not really know what we can do against it. Any idea?



[ Reply to This | # ]
A method to securely empty trashed Mail messages
Authored by: Makosuke on Nov 11, '04 05:58:28PM

Indeed, the only thing this hint does in encourage people to waste their time while giving themselves a false sense of security.

It's akin to making a copy of a file, then securely deleting that copy while leaving the original intact, believing all the while that you've securely deleted the original. Bad news, and I hope this hint gets removed or prominently noted so as not to mislead people.

There are ways to get mail to purge deleted mail from the .mbox files, but I'm not sure what those are. In the mean time, here's the only definite solution I can think of off the top of my head:

1) Delete the messages from Mail.
2) Quit Mail.
3) Open the .mbox file in a text editor.
4) Find the messages you don't want sticking around, delete them, and save the mailbox.

5) If you want to be REALLY secure, you could instead save the mbox from the text editor into a new file, then securely delete the old one using the Finder, then put your newly saved copy in place of the old one. When you reopen Mail, it shouldn't know the difference.

Anyway, the point is that when stuff is stored in a simple flat-file database (which UNIX MBOX files are), security isn't that easy.



[ Reply to This | # ]