Delete securely with linux

About

This guide is made mainly for linux as I don't trust windows. Most tools are closed source and I don't know what else windows does under the hood during formating.
All of these tools should be preinstalled on a typical linux desktop (example Fedora, MX Linux, Manjaro).
WARNING: Please use the correct method for your Drive. Do not overwrite a new SSDs with zeros via dd.

The problem with formating

Flash Based (SSD, maybe USB) save data multiple times / move it without deleting the old version.

This is thanks to Wear Leveling (https://en.wikipedia.org/wiki/Wear_leveling) and Write Amplification (https://en.wikipedia.org/wiki/Write_amplification).
This also means that, if you overwrite your SSD with all 0, you are going to write way more data inside of the SSD than only 1 time the size of it. This makes the SSD die more quickly. This is also the reason why "Defragmentation" is not recommended for SSDs.

Paper about the topic of multiple file copies on flash drives: https://www.usenix.org/legacy/events/fast11/tech/full_papers/Wei.pdf

Delete single file

The easiest way to safely delete a single file is the shred command.
By default it overwrites the file 3 times. To also delete the file after overwriting it run the command like this: shred -vu file.txt
-v makes it verbose, -u makes it deallocate and remove the file after overwriting.

BUT: It is recommended to, if you modified the file defragmented your drive, format the whole drive instead. The internal wear leveling could've copied the file multiple times, which makes it recoverable with special tools.

Format HDD / USB

To format a HDD or an USB you can use the dd or badblocks command.

To find out which drive is the one you want to overwrite use the fdisk -l command.
This shows you all the connected devices and their size. The first drive is /dev/sda, the second /dev/sdb and so on. The one you want to format is probably the last one in the list as it is sorted by time of connection.
The fdisk -l command also shows you the logical and physical Sector size. You have to use this in the bs=4096 argument of the dd command. It is recommended to replace the number with the logical sector size of the fdisk output.

Important notice: Using urandom as a source for dd limits the speed of the formating process. For me, with an i5 on manjaro, the urandom source was only producing random output at 40mb/s. It was actually faster to run badblocks with it's 4-times overwriting than dd with urandom once.

If you are sure you have the name of the disk you want to format you can run the command itself. dd overwrites the target with the source of your choice, either all 0s or random data. badblocks overwrites the target with 4 passes of fixed data (not random).
This means badblocks takes longer than dd to complete, but has 4 overwrites in total which makes it a bit better. (Ofcourse you can also run dd 4 times)

To overwrite your device with dd all 0s use the following command and replace sdX with your device from fdisk -l (example sdb):

dd if=/dev/zero of=/dev/sdX bs=4096 status=progress
To overwrite your device with dd and random data use the following command:
dd if=/dev/urandom of=/dev/sdX bs=4096 status=progress
To overwrite your device with badblocks use the following command:
badblocks -wsv /dev/sdX

For a more thorough explanation check the archlinux article for this topic:https://wiki.archlinux.org/title/Securely_wipe_disk

Format SSD

Warning: As mentioned at the Problems section it is not recommended to overwrite your SSD with random or fixed data. Your SSD should also be connected via ATA/SATA cable and NOT via USB. Also make sure that your SSD is not mounted during the format process.
To format an SSD you should use the ATA Secure Erase command.
To do this follow the guide from the archlinux wiki: https://wiki.archlinux.org/title/Solid_state_drive/Memory_cell_clearing.

Tips for the future

As you can read in the archlinux article from above it is no easy task to fully erase an SSD and be sure that all the data is gone.

That's why my tip is: Encrypt your drive itself (with for example veracrypt or cryptsetup).

The recovery tools for deleted files search data that is still on the disk. If you encrypt your data though it is basically unrecoverable as they would need the key to decrypt it aswell. Without the key they don't know if the data is garbage or actually an encrypted file.

This protects you from someone finding your USB in the trash and checking whats on it: Without the key they can't read the data anyways. This removes the need for thorough erasure and cleaning of old drives as one single wipe is enough to ruin everything.
Then you just have to delete / forget the key and your data is forever gone.