How to get the most deleted off a Mac without factory reset?
May 17, 2022 2:37 PM Subscribe
I've left dealing with returning my old, replaced computer to my employer to the last minute and now I'm running into an issue I hadn't considered: they've put a firmware password on so that I can't just do a factory reset and wipe it before I give it back. What should I do to ensure I get the most I can deleted with this critical path blocked?
It's a MacBook Air running Monterey 12.2. I've deleted all my files (I think), I've deleted all my non-essential apps, but what else can I do to ensure enough of myself is gone from this machine? I don't want to do anything dodgy around resetting the firmware password or the like, but I also would prefer to make sure that as many traces of myself are permanently zapped. What should I do next? Any hidden folders I can nuke? Logging out from my AppleId? I have 12 hours!
It's a MacBook Air running Monterey 12.2. I've deleted all my files (I think), I've deleted all my non-essential apps, but what else can I do to ensure enough of myself is gone from this machine? I don't want to do anything dodgy around resetting the firmware password or the like, but I also would prefer to make sure that as many traces of myself are permanently zapped. What should I do next? Any hidden folders I can nuke? Logging out from my AppleId? I have 12 hours!
Does Internet Recovery mode (Cmd+Option+R / Cmd+Shift+Option+R) get you anywhere? Or Erase Assistant (mentioned in the same Apple Support link)?
posted by k3ninho at 3:02 PM on May 17, 2022
posted by k3ninho at 3:02 PM on May 17, 2022
Response by poster: Does Internet Recovery mode (Cmd+Option+R / Cmd+Shift+Option+R) get you anywhere? Or Erase Assistant (mentioned in the same Apple Support link)?
That's the critical path blocked by the password: both recovery mode and Erase Assistant require a password that only my IT department knows.
posted by Ten Cold Hot Dogs at 3:11 PM on May 17, 2022
That's the critical path blocked by the password: both recovery mode and Erase Assistant require a password that only my IT department knows.
posted by Ten Cold Hot Dogs at 3:11 PM on May 17, 2022
It's their laptop. Any data on it is probably theirs, in the legal sense. They probably don't want you to do what you're trying to do, and you may have signed paperwork agreeing not to do it. If you figure out a way to completely wipe it then that significantly increases the odds they will notice something odd about this laptop when they get it back, which might get you a phone call from infosec.
Nevertheless, almost all the interesting data you created while you used the laptop is stored in your home directory, so erasing the contents of that (and emptying the trash) will address most of the possible things you're worried about. One of the directories in your home folder (Library) can be invisible. You can change into it by doing cmd-shift-g then typing "~/Library", and then delete what you find. Note this has a high probability of breaking your account, so make sure you've done everything you need to do before you do this.
posted by caek at 3:15 PM on May 17, 2022 [3 favorites]
Nevertheless, almost all the interesting data you created while you used the laptop is stored in your home directory, so erasing the contents of that (and emptying the trash) will address most of the possible things you're worried about. One of the directories in your home folder (Library) can be invisible. You can change into it by doing cmd-shift-g then typing "~/Library", and then delete what you find. Note this has a high probability of breaking your account, so make sure you've done everything you need to do before you do this.
posted by caek at 3:15 PM on May 17, 2022 [3 favorites]
Best answer: Unless there are some weird apps you’ve installed I would say you should be fine with the following:
* Copying to external drive and deleting any files not in the cloud that you need to keep.
* Making sure anything that is in the cloud (on cloud-aware apps, iCloud Drive, etc) are indeed accessible from your other devices.
* Logging out of your iCloud account. (Assuming this is your personal iCloud account this is essential - someone else using the machine should under no circumstances have access to your iCloud info.)
* If you have the ability to create / delete local accounts on the machine, I would create a new one and log in to it, then delete the old one altogether. That’ll take care of the hidden Library folder and everything.
I don’t know what your work environment is like or what you use the machine for, but I wouldn’t imagine IT being surprised by any of the above steps — it’s just basic good hygiene to avoid leaving personal info of any sort on a machine you’re returning, and I don’t think it implies you have anything to hide. Most likely IT will wipe the machine themselves when they get it prior to redeploying it with someone else. (They probably prevent you from doing it yourself so that you can’t remove the corporate management or monitoring software on it, or claim it’s lost and sell it, etc. it doesn’t mean they care about what you leave behind on the machine unless they have some reason to.)
posted by sesquipedalia at 3:33 PM on May 17, 2022 [4 favorites]
* Copying to external drive and deleting any files not in the cloud that you need to keep.
* Making sure anything that is in the cloud (on cloud-aware apps, iCloud Drive, etc) are indeed accessible from your other devices.
* Logging out of your iCloud account. (Assuming this is your personal iCloud account this is essential - someone else using the machine should under no circumstances have access to your iCloud info.)
* If you have the ability to create / delete local accounts on the machine, I would create a new one and log in to it, then delete the old one altogether. That’ll take care of the hidden Library folder and everything.
I don’t know what your work environment is like or what you use the machine for, but I wouldn’t imagine IT being surprised by any of the above steps — it’s just basic good hygiene to avoid leaving personal info of any sort on a machine you’re returning, and I don’t think it implies you have anything to hide. Most likely IT will wipe the machine themselves when they get it prior to redeploying it with someone else. (They probably prevent you from doing it yourself so that you can’t remove the corporate management or monitoring software on it, or claim it’s lost and sell it, etc. it doesn’t mean they care about what you leave behind on the machine unless they have some reason to.)
posted by sesquipedalia at 3:33 PM on May 17, 2022 [4 favorites]
One additional note - I think when you log out of iCloud macOS will package up the iCloud-related data that is stored locally on the machine into a folder all ready to be copied elsewhere and deleted. Not sure where this folder winds up but you should make sure it’s deleted (either as part of deleting your user account or otherwise) before you return the machine.
posted by sesquipedalia at 3:45 PM on May 17, 2022 [1 favorite]
posted by sesquipedalia at 3:45 PM on May 17, 2022 [1 favorite]
Response by poster: it’s just basic good hygiene to avoid leaving personal info of any sort on a machine you’re returning, and I don’t think it implies you have anything to hide
Yes, 100% agreed. I trust the IT folks have better things to do than rummage through my Firefox caches, but I've also always been taught that you don't hand things back without a scrubdown first.
If you have the ability to create / delete local accounts on the machine, I would create a new one and log in to it, then delete the old one altogether.
This is what I was missing, thank you! We do in fact use our own personal AppleIDs (not contraindicated by said IT dept, and common practice across the org for good or ill) and I discovered—since I was methodically opening every app—that Messages requires a separate logout from the one you do in System Preferences, which is pretty shocking considering the SP one feels very final and universal. Deleting that main user from a fresh admin account does away with the problem altogether. Cheers sesquipedalia!
posted by Ten Cold Hot Dogs at 3:47 PM on May 17, 2022 [2 favorites]
Yes, 100% agreed. I trust the IT folks have better things to do than rummage through my Firefox caches, but I've also always been taught that you don't hand things back without a scrubdown first.
If you have the ability to create / delete local accounts on the machine, I would create a new one and log in to it, then delete the old one altogether.
This is what I was missing, thank you! We do in fact use our own personal AppleIDs (not contraindicated by said IT dept, and common practice across the org for good or ill) and I discovered—since I was methodically opening every app—that Messages requires a separate logout from the one you do in System Preferences, which is pretty shocking considering the SP one feels very final and universal. Deleting that main user from a fresh admin account does away with the problem altogether. Cheers sesquipedalia!
posted by Ten Cold Hot Dogs at 3:47 PM on May 17, 2022 [2 favorites]
Response by poster: I think when you log out of iCloud macOS will package up the iCloud-related data that is stored locally on the machine into a folder
It asked to do that, but you can decline and it just deletes the local stores for you. Ta!
posted by Ten Cold Hot Dogs at 3:49 PM on May 17, 2022 [3 favorites]
It asked to do that, but you can decline and it just deletes the local stores for you. Ta!
posted by Ten Cold Hot Dogs at 3:49 PM on May 17, 2022 [3 favorites]
Just as a counterpoint, at the places I've worked:
posted by Blue Jello Elf at 5:22 PM on May 17, 2022 [1 favorite]
- Copying files to an external drive would be a huge no-no (and probably blocked by IT, but if not would result in an unpleasant conversation with the infosec team).
- Any files you ever created on the laptop would probably already be backed up somewhere.
- No one would be going through any remaining files on the laptop because they'd just reimage the whole thing.
posted by Blue Jello Elf at 5:22 PM on May 17, 2022 [1 favorite]
I worked in IT for many years and I trust 98% of folks in IT to not look for personal data. I did some searching, link link link When people were caught (and dismissed), they were always looking for porn or music, not banking or personal info, but you bet I wiped my free drive space when I returned my laptop. And you should change the icloud password when you're done.
posted by theora55 at 7:30 AM on May 18, 2022 [1 favorite]
posted by theora55 at 7:30 AM on May 18, 2022 [1 favorite]
This thread is closed to new comments.
posted by rhizome at 3:00 PM on May 17, 2022 [2 favorites]