Last Saturday, I wrote about a new app which I had started to develop, which attempts to close many of the routes which can ‘leak’ the contents of sensitive documents, both within the volume on which they are stored, and to other volumes, i.e. the startup volume.
I now have a first alpha release available for testing and comment.
Although I am designating this an alpha release, I believe that its code is robust, and it is close to having all its features fully implemented. However, what it does is not without risk: if used inappropriately, it will destroy data which you may regret losing. There is no undo: once it has removed old versions or metadata, there is no command to replace them.
I have, though, introduced a layered approach to protection for its more drastic features.
For example, it lets you disable the Spotlight metadata store, and empty it, but only on external volumes, not the startup volume.
In this version, it won’t actually let you delete your logs, and to ensure that when a future version does offer this feature, the user has a safeguarded by having to make a full logarchive before that option is enabled (this version will do that, even though log removal is disabled).
Scrub won’t alter anything until you have specified a file/folder/volume for it to scrub, and run an audit to assess how many files there could lose extended attributes and versions, if you were to use those options. I intend building in some additional auditing help in later releases, which should help guide decision making.
This version can remove:
- extended attributes (xattrs), either partially (which preserves those of greatest importance to macOS and apps) or completely,
- Spotlight metadata, which has to apply to the whole volume (and cannot be applied to the startup volume),
- old versions, stored in the macOS version system,
- QuickLook caches, which apply to all volumes,
- item dates of creation and last modification, which are set to a time on 1 January 1970.
It doesn’t attempt any app-specific measures, such as emptying Safari’s history and caches.
I recommend that it is best tested on an external volume containing files which are completely disposable. One nuisance in assembling this is that the Finder doesn’t copy across old versions, for which you’ll need to use my free DeepCopy from DeepTools. However, extended attributes are normally copied fully.
Please read its documentation before opening the app.
I welcome your feedback and comments, please.
This first version, which should run on El Capitan (no log feature), Sierra, High Sierra and Mojave (not yet optimised for Dark Mode, though), is available from here: scrub 1.0b1 (new!)
I have now added the beta version to the Downloads page too.