When asked for advice about how to encrypt collections of data, my normal answer is VeraCrypt. The program carries them mantle of former champion program TrueCrypt and I am fairly sure it should be pronounced ver-ra-crypt (as in veracity) rather than veer-a-crypt. However, in a discussion today, a colleague raised some interesting questions: why did deleted items appear unencrypted in the trash (on a Mac) and was this a concern?
After some experiments and a bit of reading, I have confirmed that this is a feature, not a bug. For any mounted filesystem, whether an encrypted container or a USB stick, deleted files appear in the central trash folder. However, they are still located on the original device. Put in a memory stick, delete a file and check the trash and you will see it; eject the stick and it will disappear; reattach it and the file reappears until you empty the trash (completely or selectively) while the stick is attached. No worries and no data exposed. Phew!
However, there are a couple of risks that this does create. Firstly, it means that external devices are likely to fill up with hidden ‘deleted’ files unless you regularly empty your trash while your devices (and encrypted file containers) are attached. Good for file recovery but not so handy if space is tight or you want to be sure something has truly gone. Secondly, while the device is attached, you can drag it from trash to another location. You now have a semi-hidden original on the device and a full copy somewhere else which might not be secure. It is an edge case but is just the kind of scenario where a user, who spots what should be encrypted data in an unexpected location, could come unstuck; they can’t examine the file in the trash and, if they drag it to their desktop, they have now created a copy where it shouldn’t belong.
Anyway, it is a Mac thing and not particularly a VeraCrypt thing; at least now I and my colleagues are better informed on the subject, although I agree with views I have found online that this is annoying.