Is it safe to unplug a blinking USB drive after 'safely' ejecting it?

usb windows-10 external-hard-drive

14,625

Solution 1

Usually it is, do what the user manual says

If the drive's firmware is written correctly, it announces to Windows that it's ready to be ejected when it is. It is therefore safe to do so.

If the drive's firmware is written incorrectly, it may announce that it's ready to be ejected while still busy with important stuff. It's therefore not safe to eject it, but then, it is never truly safe to eject (or do anything else) with a drive which has a buggy firmware.

For instance, here is a random HDD manual which says:

Click the “Hardware and Eject Media – icon” A pop-up message box will appear listing the external devices connected to your computer.

Select the TOSHIBA drive to eject. After a few seconds, you will get the notification that it is now safe to remove the device.

Click “OK” and you can unplug the drive now.

Note there's no mention of LED activity. Indeed you should check the manual of your drive, and if it says "wait for the LED to blink out EJECT in Morse code", you should absolutely do that. I'm yet to see such a manual though.

If you absolutely need your data to be there, verify the integrity of the data you have written, and make backups. Otherwise, when your data on a portable HDD is gone, the fact that you have waited until the LED blinks ten times will be of little consolation.

Solution 2

I haven't seen any official source that describes the reason for blinking disk indicator after Safely remove, so what I write here is only based on general knowledge and observation. This happens for some disks because of the way that the firmware interacts with the operating system.

Windows announces that the device is safe to remove once it has flushed all its data from the memory cache and signaled the device's firmware to spin down.

The firmware itself may take some time to process the spin down command. Many USB hard drives also incorporate cache memory that will be lost if the disk is brutally powered down. The firmware will need its own time to terminate all writes and to spin down the disk. While it is doing that, the disk's indicator will blink.

It is certainly not safe to unplug the disk and power it down while the lights are blinking, since they indicate that the firmware is actively doing something. Some disks can recover from an abrupt power down by using non-volatile cache memory, so they can pick up when the disk is powered up from where they stopped.

Beginning from Windows 10 version 1809, it is safe to unplug the disk whenever the disk is not blinking. Safely remove is no longer strictly necessary, although I would still recommend it.

Solution 3

Data is only guaranteed safe when electrical activity of external drive has stopped. Blinking shows that the external drive is still receiving electric power from the computer, therefore we cannot be sure that some data operation will not happen.

In Linux this is easy to make sure, because unmount and detach are two separate stages:

udisks --unmount /dev/sdb1 ..LED on, power ON

udisks --detach /dev/sdb ..LED off, power OFF

Windows does not have Power Off command but only Eject, which is similar to unmount, therefore in Windows in some cases it might be better to shutdown the whole computer as that guarantees that the external drive is also free of electric power.

Solution 4

No, it is not (completely) safe !!!

It should be (and in almost all cases it will be), but you cannot be absolutely sure in any sense.
^{Sadly life is not (always) what it should be.}

In my personal experience only a few times in several years (and specifically not with windows 10) I remember a data loss or file system corruption if removed quickly immediately after the go-ahead of the system. But it only happened with a second person ready to remove the USB and run away (immediately) after the go-ahead of the system and when writing operations were required at the very last moment.

The blinking indicates some activities in the device, or at least an hardware (not OS related) communication to the user. The blinking of some Seagate models is an error code ^[avid] communication. You may check if, with your model, that way of blinking (short or long pulses) has a special meaning. Usually 8 short pulses mean the byte zero, and 0 is the exit code of the program with no error at all...

TLDR

Premise. In general the scope of the question is so wide that there cannot be other single universally valid answers: too many models and brands may be involved. You must refer to both the manual of your HDD and the instructions of the operating system and drivers, consider the most restrictive and yet you will not be able to be absolutely safe.

Understanding what happens. The OS was reading/writing on the USB drive (HDD,SSD). You ask to remove this drive from the system. The OS stops/refuses the new I/O operation requests from its programs, waits the ending of the current I/O operations and checks if some lock is active on the device. When the device communicates that all the I/O operations are ended the OS will release the device declaring that you can safely remove the device.

In the ideal world it should be enough.

The problem is... The OS can answer only on the base of what the device itself answered. Usually both the device firmware and the OS drivers are closed source, so you have to rely on their documentation and on the License Agreements. The problem is that both sides are often valued considering their performances. They may rely on the fact that between the go-ahead of the system and the average human reaction time needed to unplug the device there usually is enough time for the modern devices to finish the internal operations in progress.

Moreover, the responsibility of each side is limited by the License terms. Limitations written to safeguard the company as much as it is possible, even if they knew or should have known about the possibility of the damages (see below for Windows 10, but you can find similar for the devices producers).
So, since they discharge the consequences in advance and are valuated on their performances, it is up to you to decide to what extent you can trust them and you will feel safe.

When you have at least one side that is open source you can read what happens

^{From a comment of another answer.}
It returns when the drive claims it has flushed its own cache to the platters. You can read the SQLite source code or some NSFW comments in the Linux kernel source code about drives that are, shall we say, "less than honest" in the interest of improving benchmark figures. –

Safe and its meanings.

Now we can even specify in which sense you want to be safe...

Data transfer safe. As I really rarely experienced, you may believe to have saved your data on the external drive, but it was not all saved, or the FAT (or equivalent) was not updated... and next time you check you will find some sector to fix or that some files are not present. Write disk cache enabled may had played its role in the past.
Hardware safe. On some external HDD drive you can feel (and I did) that for some seconds after the system said you can remove, they still spin (you can even hear the vibrations). Unplugging the cable you interrupt the energy supply. If the plates are not spinning at their maximum speed it can rarely occur that there is not enough energy to park the heads safely onto the parking ramp ^[2].
Privacy safe. Ok let's suppose that the firmware is moving some data from a location to another (Some SSD do this in background to rotate the sectors used, some HDD firmware may do the same on sector that presented a reading problem on a sector). Before it copies the data in the new sector, then updates the FAT (or equivalent), finally frees the old sector or if required deletes the data from it. If the process is interrupted before the end, you can finish with a sector in which that data is copied, but it is not reported and managed correctly. If that was sensible data you are exposed to a security risk.
Legally/economically safe. You are protected for the data loss up to what fixed in the License terms, after that you will be able to proof the guilt and the culprit...

Conclusion: Wait some second more. `:-)`

From Win10 License Term [9.d]^[3]

The damage exclusions and remedy limitations in this agreement apply even if repair, replacement, or a refund does not fully compensate you for any losses, if Microsoft, or the device manufacturer or installer, knew or should have known about the possibility of the damages, or if the remedy fails of its essential purpose.

moreover

If your local law allows you to recover damages from Microsoft, or the device manufacturer or installer, even though this agreement does not, you cannot recover more than you paid for the software (or up to $50 USD if you acquired the software for no charge).

View more solutions

14,625

Lawrence

Updated on September 18, 2022

Comments

Lawrence almost 2 years
There is a lot of information about how to safely unplug USB hard drives. However, the articles tend to stop at the part where the operating system says it is safe to unplug, or where you're sure nothing is writing to the drive, etc.

Relevant set up:
- Windows 10 PC or Windows 10 notebook
- External USB hard drive (not a USB stick)
- Click "Eject External USB 3.0"
- Wait for "Safe To Remove Hardware" notice
After the operating system declares that it is safe to unplug a USB hard drive, the LED on the drive blinks about 10 times before the drive shuts down.

I've used a number of external 1TB to 4TB HDDs by Toshiba and Seagate, and they all consistently blink their LEDs about 10 times when ejected. The blinking happens after the OS says it is "Safe to Remove Hardware". Although the OS is limited to seeing the completed buffer-flush whereas the drive's firmware can detect when the writes have completed, the 10 blinks happen even when the drive is just plugged in and immediately ejected with no writes at all. Likewise, it's still the same 10 blinks when the drive is written to extensively, then ejected.

Some theories:
- The 10 blinks are just a courtesy to make it easier to identify which drive was ejected when multiple drives are plugged into a single computer.
- There is a fixed latency between the OS flushing its write buffers and the writes getting physically encoded. This would explain why any non-zero amount of writes produces a fixed delay on eject. However, the 10 blinks still take place if there was a long delay between writing and ejecting, or if there wasn't any (intentional) writing at all.
- The 10 blinks represent a safety margin for the drive to park its heads. That sounds like a rather long time just to park heads, though, with each blink lasting about a second.
So, is it safe to unplug the hard drive while its LED is still blinking?

I've tried finding an authoritative answer, even checking on Seagate's and Toshiba's websites, looking at the datasheet in the case of Toshiba. I'm looking for answers that reference credible sources regarding what the drive does during the shutdown blinking sequence, to understand whether unplugging during that sequence is safe.

Here are some other areas I checked:
- Searching Google: is it safe to unplug flashing usb
  
  I got a whole bunch of tips about how to safely unplug USB drives, but nothing to do with the USB.
- Searching Google: is it safe to unplug blinking +LED usb
  
  Some other posts come up, mainly to do with troubleshooting, but nothing to do with the routine 10 blinks on eject.
- Searching Super User: [usb] [hard-drive] [windows-10] eject
  
  This produces 7 results (or 8 results if I replace [hard-drive] with [external-hard-drive]), mainly about problems. Nothing about the routine 10 blinks on eject.
- Admin almost 5 years
  
  If its blinking the OS is either reading or writing the usb, not safe to unplug.
- Admin almost 5 years
  
  In the way you're asking (i.e. Windows says safe to remove, drive shows activity for a few seconds afterwards), wait until the OS and kernel have completely ceased all I/O activity. There's likely a way to see a log of such activity (in Linux, it would be the kernel log), however I'm not sure how to in Windows. There could be a myriad of reasons for this extra communication, but needless to say, wait until all I/O activity has stopped, else you risk data loss or corruption (which may not be immediately noticeable)
- Admin almost 5 years
  
  I have found on occasion that my external hard drive is still spinning when I unplug it and go to pick it up. I wonder if those 10 seconds are after the writes are done and the heads are parked, but before the platters are done spinning. (If that were the case, I assume unplugging would be safe, but picking it up and moving it might not? I'm not sure.)
- Admin almost 5 years
  
  LEDs are not a required standardized feature of USB storage, therefore their existence and behavior should only affect how you treat the device if the device manufacturer explicitly tells you to.
- Admin almost 5 years
  
  Have you tried asking Seagate or Toshiba (we can't do that for you; we don't know what model number you are using)?
- Admin almost 5 years
  
  Theory: "Safe to Remove" commits all writes and prevents future writes, but does not affect reads. Then, the data is safe and committed, but it can still safely read from the drive, until the moment you unplug the device.
- Admin almost 5 years
  
  @Brian I checked their websites. I think Seagate has something about LEDs providing status information on another storage product, but nothing relevant to ‘ordinary’ HDDs and the routine 10-blinks. Toshiba’s datasheet has nothing relevant to this issue either.
- Admin almost 5 years
  
  @kayleeFrye_onDeck Fair enough, though there seems to be quite a bit of consistency over a few years (maybe up to a decade?) on low-end external USB HDDs from Seagate and Toshiba, both in their older chunky drives and as well as the modern sleeker ones.
- Admin almost 5 years
  
  @MooingDuck if there is a chance of the head crashing on sudden loss of power, even reads should be prohibited for a drive to be safe to remove. The OS likely unmounts the drive altogether before declaring that it is safe to remove.
- Admin almost 5 years
  
  Were you writing to it shortly before unplugging? Interrupting a read is less dangerous than interrupting a write.
- Admin almost 5 years
  
  @Mast Not in the cases I'm asking about. I'd complete my work with the drive, go through the Windows eject procedure, and wait for the pop-up to say that it's safe to disconnect the drive. Once the pop-up pops up, the drive blinks about 10 times before shutting down. I wait until after the blinks stop before unplugging the drive. It's the 10 blinks I'm wondering about - they happen after the pop-up. The drive has disappeared from Windows File Explorer once the pop-up pops up, so I'm not accessing the drive for reading or writing at this point.
- Admin almost 5 years
  
  Depends on the type of HDD you have. My WD Passport blinks a couple of times after ejecting too, but not 10 times. Seems vendor (perhaps even type) specific.
- Admin almost 5 years
  
  @Mast As noted in the question: Toshiba & Seagate, 1TB to 4TB USB HDDs. Yes, possibly vendor-specific.
- Admin almost 5 years
  
  @Lawrence Just to be precise... is it 10 time blinking, about 10 times or maybe just 8? [moreover are they all the same? Are they short pulse or long pulse?] This because for example the Segate implements an error report signaling based on led pulses: 8 short pulses means error number 0 that is widely used to say no error at all... so, if true, that you can remove safely.
- Admin almost 5 years
  
  @Hastur I don’t always glance quickly enough at the HDD to say with certainty that it is 10x precisely, every time, but based on the perceived time elapsed, I am fairly confident that it is precisely 10 blinks each time. They are fairly short pulses at roughly 1 second per blink-cycle. The blinking is also consistent over multiple Toshiba and Seagate drives.
- Admin almost 5 years
  
  Since the information is not on their websites either, it might be worth writing them a physical letter.
- Admin almost 5 years
  
  @JanDoggen I've just contacted one of the companies; awaiting a reply.
Lawrence almost 5 years

I've used a number of external 1TB to 4TB HDDs by Toshiba and Seagate, and they all consistently blink their LEDs about 10 times when ejected. The blinking comes after the OS says it is "Safe to Remove Hardware". Although the OS is limited to seeing the completed buffer-flush whereas the drive's firmware can detect when the writes have completed, the 10 blinks happen even when the drive is just plugged in and immediately ejected with no writes at all. Likewise, it's still the same 10 blinks when the drive is written to extensively, then ejected.
Lawrence almost 5 years

Thank you for your answer. I've added to my question in an effort to clarify what I observed. Do you have any sources that say what the drive does during the shutdown-blinking sequence? (I understand that although that sequence always occurs on my external USB HDDs, it may not be standard behaviour across all drives.)
John almost 5 years

I have seen various articles, nothing completely conclusive. Here is one such article: answers.microsoft.com/en-us/windows/forum/windows_10-files/…
Lawrence almost 5 years

Thanks. I think there were a few characters missing in that link. Is this the one you were referring to? It talks about problems with ejecting USB hard drives. In my case, ejecting the hard drive succeeds. It's just the trailing blinks following successful ejection that I'm wondering about.
gronostaj almost 5 years

Can you provide any sources for your last sentence (about safely remove not being necessary anymore since Windows 10 version 1809)?
harrymc almost 5 years

@gronostaj: Sure. Microsoft article Windows 10, version 1809 and later: Change in default removal policy for external storage media.
Dmitry Grigoryev almost 5 years

@harrymc I couldn't help noticing that the article in your link doesn't mention blinking at all. Not that I thing that removing a blinking drive without even ejecting it is a good idea of course.
Dmitry Grigoryev almost 5 years

And I'm pretty sure Windows doesn't just signal the drive to spin down and calls it a day. IMO it sends the SCSI sync-cache command first, which only returns once the HDD has flushed its own cache to the platters.
Lightness Races in Orbit almost 5 years

Thinking about your penultimate paragraph, that also means that Windows now defaulting to "Quick removal" is lulling users into a false sense of security :(
Jörg W Mittag almost 5 years

@DmitryGrigoryev: It returns when the drive claims it has flushed its own cache to the platters. You can read the SQLite source code or some NSFW comments in the Linux kernel source code about drives that are, shall we say, "less than honest" in the interest of improving benchmark figures.
Lawrence almost 5 years

This makes a lot of sense. I wasn’t aware that the OS got an eject-ready signal from the drive.
harrymc almost 5 years

My impression was that this post is about disks that blinked after the safe to remove message. For disks where this doesn't happen there is no problem and the question is mute.
Dmitry Grigoryev almost 5 years

@JörgWMittag Shouldn't a good benchmark write enough data to the disk so that a single sync in the end wouldn't affect the results much? In any case, I don't expect the discrepancy to matter on a human scale. How long does it take to notice a Safe Removal message, click OK and pull the connector? One second?
Ben Voigt almost 5 years

@Lawrence: The signal isn't specifically "ready to eject", it will be more along the lines of "all pending operations (up through command #X) are fully committed". And the OS, because it knows it is going to eject the drive, doesn't send any new commands after the flush/sync.
Jörg W Mittag almost 5 years

@DmitryGrigoryev: The ACID guarantees of SQL RDBMSes rely crucially on making sure data actually is persisted on spinning rust, so they will heavily use synchronous writes. Databases and database loads also happen to be a very lucrative benchmarking target. This incentivizes both filesystem authors and HDD manufacturers to cheat on synchronous writes. So, it is not about a single synchronization at the end of the benchmark, it is about continuously synchronizing after writing an atomic piece of data.
J... almost 5 years

Do you have a reference to back up the assertion in this answer?
Headcrab almost 5 years

@LightnessRacesinOrbit According to my observations, many users don't bother with "safe removal" anyway (don't even know about it, perhaps?) So that lulling may still be the lesser of two evils.
Peter Cordes almost 5 years

@DmitryGrigoryev: also journalling filesystems need write ordering. (So e.g. benchmarks that stress metadata operations)
Lawrence almost 5 years

@BenVoigt That would be sensible, but I don’t think the drives blink 10 times every time a series of operations is done. It looks as if it is specific to a shutdown sequence.
Lightness Races in Orbit almost 5 years

@Headcrab Honestly not sure whether it's worse to let them continue that way, or to reinforce the behaviour
Wes almost 5 years

@JörgWMittag I'd kind of like to see that. Do you know of any particularly dishonest disks?
Ben Voigt almost 5 years

@Lawrence: Well, most operations do not use the flush/sync command. But perhaps the OS is also sending a "park heads" or similar (which a flash drive would interpret as prepare for power down even though it has no heads to park)
Bora almost 5 years

@Lawrence OS Head parking without spinning down is done by laptop drives to make the drive more resilient to shock, and is counted by the SMART 'Load_Cycle_Count' counter. Heads are automatically parked when after spin-down. There is not a reliable method of parking a head manually, (hdparm says otherwise, but trust me, not all drives behave the same)
Doktor J almost 5 years

Drives no longer blink on a "per operation" basis, many drives just have an "LED on" and "LED off" state, and when "on" it blinks. Try writing a 1 byte file to an SSD or thumb drive (or in Linux, touch a file) -- you will likely observe that it blinks rapidly for a solid second or two for that one tiny write. I think it's more of a UI thing, with the blinking persisting long enough to be perceived by the user... thus these last 10 (or however many) blinks are that persistence after the final write.
Lawrence almost 5 years

When you use the detach option, does it cause your external USB HDD to do a 10-blink sequence?
Dmitry Grigoryev almost 5 years

@DoktorJ Touching a file on many Linux systems first creates a transaction in the journal, then after some time the transaction is committed and finally the journal is cleaned up. And the drive will be sync'd before and after the commit.
Dmitry Grigoryev almost 5 years

Shutting down Windows to remove an external HDD seems like a massive overkill. And according to Arch wiki, --detach is needed to prevent the disk from being re-mounted on systems that re-mount disks automatically. If you really have problems with unmounted drives reporting errors after being unplugged, try udisks --inhibit-all-polling
Jonathan almost 5 years

@Headcrab: Presumably, Microsoft collects actual telemetry on how frequently this happens, and made the 1809 decision based on that data. Would be cool if they provide the actual numbers.
Dmitry Grigoryev almost 5 years

@JörgWMittag You ignored the most important part of my comment: such tweaks are likely to save a few milliseconds here and there, so they will be invisible on a human time scale.
Lawrence almost 5 years

=1 for thinking of working it out via the terms & conditions. That’s out-of-the-box thinking.
Dmitry Grigoryev almost 5 years

Sorry but I have to disagree. Sure you can wait for 10 seconds, but if waiting for Safe Eject confirmation may not be enough, waiting for the LED to stop blinking may not be just as well. Why not wait until the drive goes to sleep then? That would obviously be even safer, since heads are already parked, or what ever modern drives do. Is that what you meant by "no sounds coming from the drive any more"?
Damon almost 5 years

@DmitryGrigoryev: That's what "no sounds coming from the drive any more" suggests, for a traditional drive. Unluckily, in the days of SSDs hearing the sound of electron traps being filled with electrons may be challenging. The LED is your only indicator, really, and so your best bet..