Tao Effect

Update (9/20/09): This post is slightly out-of-date now, if you’re looking for instructions on how to use Espionage with Time Machine, the best place to look is in the backup section of its manual. Espionage’s manual is accessible online *and* within Espionage itself.

This topic is covered extensively in the Help documentation that comes with Espionage, but from the amount of email I’m getting it appears it deserves a blog post as well.

While designing Espionage, I realized that its ability to intercept any access to folders could lead to problems with backup applications, since it would be quite annoying to the user if the password prompt appeared any time say, when Time Machine tried to backup their folder.

For this reason Espionage was given an ignorelist.  Now whenever Espionage detected that an application on the ignore list was trying to access one of its protected folders, it would automatically allow or deny that application access without prompting the user (depending on whether the application was “whitlisted” or “blacklisted”, respectively).

By default Espionage has rules for Spotlight, AppleFileServer, and Time Machine.  You can add other applications to the ignore list either by adding them manually in the preferences, or directly from the password prompt.  Here’s what the ignore list looks like with SuperDuper! whitelisted:

Keep in mind, however, that when “granting an application access” to the folder does not actually mean it can read the contents of that “folder.”  This gets us into the hairy details of how Espionage works.

When a folder is encrypted by Espionage, it takes the contents of that folder puts it into a sparse disk image*.  This disk image will be named “.<foldername>.sparseimage”, and is placed into the folder.  The original folder, meanwhile, is placed into the Trash where the user can back it up, securely delete it using the Finder, or do whatever they please with it.  When the folder is unlocked, the disk image is moved into the parent folder, is mounted in a special location, and a link is created in place of the folder pointing to that mount.

Thus, when you backup an encrypted folder, you’re really backing up an encrypted disk image.

Currently, restoring from a backup to an *unlocked* state will confuse Espionage, but your data will still be safe, just hidden.  We’ll be releasing a maintenance build very soon to address this issue and some others.  I suspect that this situation is rare enough though that we’ll fix the problem before anyone runs into it.  If, between now and the next release you do end up having to restore from a backup that has a folder in the unlocked state and run into problems, just contact support and we’ll help you out in a jiff!

Also, because we’re currently using sparse disk images, making a change to the folder’s contents will cause Time Machine to backup the entire folder.  Yes, we realize this is annoying for those of you using Time Machine, and you can expect sparsebundle support to come soon to solve this problem.

* Note: If the folder is less than 2048 MB (or whatever the value of “Minimum Image Capacity” is), the capacity will be set to that, otherwise the capacity will be 10x the folder size.  You can edit the default capacity, as well as the default filesystem of disk images from the Advanced preferences.  Look for major improvements related to this in a future release…

See this post if you are interested in licensing iSpy.

iSpy is the magic behind Espionage’s amazing capabilities.

Despite its sinister sounding name, iSpy has absolutely nothing to do with “spyware” whatsoever.  iSpy gets its name from its ability to spy on events in the filesystem.

What does that mean?

Well, let’s look at how Espionage uses iSpy.  Espionage asks iSpy to send it events whenever any of the folders that it’s monitoring are accessed.  So when a user double-clicks on a folder under Espionage’s protection, iSpy sends Espionage an event.  As far as I’m aware, it is currently the only system on the Mac OS X platform that has this capability.

But the magic doesn’t stop there.  iSpy can also moderate file operations. This is how Espionage’s non-encrypted protection works.

P.S. Tao Effect (and you can consider this a company philosophy) will never include any form of spyware in any of its applications.

This post comes straight out of Espionage’s built-in help.

Before Espionage came onto the scene, it was very difficult to securely protect individual folders. The ability to put a password on a folder wasn’t even possible. Because of Espionage, this has all changed.

The typical method of protecting data on Mac OS X has been the use of “vaults”, which are really just encrypted files called disk images that are mounted in a specific location.

Disk images have many limitations. While they allow you to securely protect data, they are difficult to use, and can’t be used to seamlessly protect application data on an individual basis, that is, until now.

Some applications have tried to make disk images easier to use by referring to them as “vaults” and giving you a “one-click” method for creating them. But the problem with this approach is that you still have to use a separate application to manage the vault, and you can’t use it to protect important application data (like email).

Apple’s FileVault has a single vault that does protect application data, but it does this by encrypting your entire home folder. This “all or nothing” approach can slow down your computer and drain battery life because the process of encryption is expensive.

Your home folder has a lot of data stored inside of it. Application data, movies, music, etc. Most of it doesn’t need encryption. Accessing this data, without encryption, is slow enough already because of the slow speed of hard disks, so why make it over 3x slower unnecessarily?

Espionage to the Rescue!

So we thought, “Why not simply have encrypted folders?”

That would solve all of those problems! Espionage lets you encrypt only the data that you want encrypted, and makes it easy to manage your encrypted data by doing all of the dirty work for you!

You don’t have to worry about disk images, or “vaults”. Just drag a folder onto Espionage and it takes care of the rest. From then on you can simply double-click on that folder and a password prompt will appear asking for that folder’s password. Once you’re done using the data that’s inside of
it, just right-click on it and select “Lock” from the menu to lock it. And protecting application data has never been easier.

Benchmarks

Encrypting data comes at the price of reduced performance when accessing that data. This is because the process of encryption and decryption results in data being passed through complex algorithms that transform the data into unreadable and readable states, respectively. Running these algorithms takes time, and makes the CPU work harder, all of which can impact performance (and battery life for laptop users) when accessing that data.

This is why Espionage gives you fine-grained control over what gets encrypted.

OK, but how much?

To answer this question we ran the standard suite of benchmarks using Intech’s QuickBench software with default settings on a Macbook Pro laptop with the following specifications: (more…)

Tao Effect is born on October 26, 2008.

Nice ta’ mee’cha!