When you normally delete a file, it doesn’t actually delete it, to save time it just marks the space as free, so any new files can be written into that part of your drive.

But the actual data just remains there until a new file is written to the storage.

SecureErase does the second part without making an actual file.

Normal delete:

File: 01010101 -> no file:01010101

Secure erase:

File: 01010101 -> no file:00000000

Erase takes the address off your mailbox and leaves the mail in it for the next resident to use. Secure erase opens it and scritches off all the words from your mail. Takes time though.

Normal delete just marks things as deleted, freeing up that space to be overwritten later, but the original data is still there until it is overwritten. Secure delete overwrites the data with random 1’s and 0’s, so it is actually gone and can’t be recovered. It’s the difference between throwing a physical document into the trash, but not taking the trash out, or instead putting the physical document through the shredder and then burning the shredded paper. In the first example anyone with access can reach into the trash can and read your document, and in the second example it’s unrecoverable.

Most of these answers are mostly right: deleting a file on disk doesn’t actually erase the data, it just marks the space as available to write over - meaning that so long as nobody’s used the space since, you can go retrieve the contents with an undelete utility.

Most of the time, people don’t care - but if for instance you’re selling the PC or there’s highly sensitive information involved, that might not be good enough.

As such, there are utilities that can go out and specifically overwrite the contents of a file with all zeroes, so ensure that it’s dead-dead - and there are other utilities that can do the same to an entire disk.

There’s one wrinkle: Magnetic HDDs don’t reliably erase and overwrite completely in a single pass; just like rubbing out pencil writing, it can leave faint impressions under the new content, and it is actually possible (with serious effort by forensic recovery people) to glean some of the previous content. If there’s serious money / security at stake, a simple overwrite is not enough, so there’s software that certifiably-randomly scribbles over each bit, seven times over, making the chances of recovering the original astronomically slim. Again, this can be done for individual files or the entire disk.

SSDs aren’t prone to leftover impressions, thankfully - what’s gone is gone. And they have one other neat feature: while a magnetic disk can only be erased one bit at a time, so large disks can take hours - SSDs can just open the floodgates and ground every cell at once, fully erasing the entire disk in an instant.

This instant-erase, while comprehensive… returns before you’ve even taken your finger off the ENTER key, so fast it feels like it can’t possibly have done anything, it must be broken, how can I trust it? So BIOS manufacturers hype it up, call it something impressive to underline that it’s big and powerful, and actually impose a 10-second countdown to make it feel like it’s doing something complicated.

Any of these different things have been called ‘secure erase’ at various points, so it’s a little context dependent. But from the end-user perspective: this data is getting shredded then incinerated then added to cattle feed; it’s not coming back.

With an HDD, your operating system can (mostly) directly access bits on the magnetic disks, so you can wipe them by just writing 0 to it over and over (historically, there was a paper saying 7 times would make any bits unrecoverable - this changed as density got higher)

With SSDs, your operating system has very little control over what bits a write is touching, a lot more was moved into the firmware on the flash memory itself

So SSDs need a special command “Secure Erase” to wipe them

Computers use an address to tell it where the data is stored on your memory drive

Erase just deleted the address referencing the location, meaning other things can overwrite it.

Secure erase actually deletes the address and overwrites the data that was at where the address was pointing to. Sometimes it’s all zeros, some programs will write random crap over it

I’ll take a shot at the metaphor. Delete: telling someone they can use the whiteboard (but you didn’t erase it) Secure: cleaning it off when you’re done for the next user.

Where do people see a secure erase option?

There’s a map that shows where every file on your disk is. Doing a regular trash just erases the map pointer for that file, but the 1s and 0s that the file is made of are still sitting there on your disk. Secure erase writes 0s into that area on the disk, so even if you knew where that file used to be located on the disk, now you’ll just find 0s there, instead of finding the 1s and 0s of the old file.