YSK: Apple has removed key security features from OS Sierra that prevent you from completely erasing your hard drive data.
Recently I was going through the process of restoring an iMac to its default, empty condition when I learned something about the new OS Sierra. The computer had been running OS Yosemite up until I wanted to sell it, so my plan was to erase the hard drive and install Sierra.
When starting the mac in Recovery Mode while running Yosemite, the Erase function under Disk Utility presented several security options from "Fastest" to "Most Secure." At the Fastest level, the computer would "erase" your data (meaning that to the computer, this space was available to be written over), but the 1's and 0's would still be written to the hard disk. This data would remain until rewritten by new data. At the Most Secure level, the hard disk would be rewritten 7 times, completely overwriting all the actual 1's and 0's that made up all the data that you created.
On OS Sierra, there are no such security options. Instead, you only have the option to Erase and are given no indication as to how thorough this process is. I am forced to assume that it is defaulting to the "Fastest" process as described for the Yosemite erasing. This makes sense because this was likely the most selected option by people erasing their drives, but it is not all that secure.
This matters because there are forensic tools for computers designed specifically to recover data that was "erased" in this fashion, and some of them are available off the shelf. Anyone who knows how to use these tools could recover valuable data from a drive that was not completely rewritten. In my opinion, this is a serious oversight on behalf of Apple. This change means that anyone running OS Sierra no longer has the ability to completely erase their data themselves, and are at risk to malicious recovery of that data.
I was on the phone with Apple support and nobody had yet to encounter this problem or had any solutions to it (even after being handed of to supervisor after supervisor). When speaking to my local Apple store to see if they had additional tools that could work around this problem, I learned that they wouldn't do anymore than I could do at home. Installing a new OS and "erasing" drive will not overwrite your old data, and it will still be vulnerable if you decide to part with your computer.
Below are photos of the Yosemite and Sierra "Erase" functions so that you can see the difference (not my pictures, but accurate representations).
