Should unencrypted folder support be removed?

The next update to Espionage, Espionage 1.1.3, is turning into 1.2. It will be Espionage’s first major update, boasting many significant new features including: built-in DelayedLauncher, custom master-password support through a separate keychain, various UI changes, and more. Another huge feature (that’s currently hush-hush, involving some more of iSpy’s magical abilities), may make an appearance in this update as well.

However, this post is mainly about one of the features that you may see removed from the next update, and that’s Espionage’s ability to password-protect a folder without encryption, and hence, insecurely.

There are two reasons that I’m considering this:

The first is that it adds some inconsistencies to Espionage, one prime example is the ignore list. Normally, applications that are whitelisted still do not have access to the actual contents of a folder (when it is encrypted), however, they *do* have access to the real contents when that folder is not encrypted.

The second reason, is that it can unwittingly generate bad press. One example is this post by Alex Payne where he describes Espionage in the following manner:

The other tempting option for encrypting just a few files is Espionage, which looks to be part of the so-called “Delicious Generation” of high-gloss single-purpose apps. Unfortunately, this detailed review suggests that Espionage is more style than substance, as there’s a number of scenarios in which the protection it provides is rendered moot.

When someone like Alex Payne can misunderstand a review of Espionage that badly, it makes me wonder whether other, less technically savvy people, also discount Espionage because of this feature.

I should probably make it clear here, that Espionage’s primary method of protection, the encryption of folders, is as secure as FileVault’s1, because it uses the same encrypted disk image technology that FileVault uses, as well as OS X’s secure keychain system.

I know that unencrypted password-protected folders can be a convenient way to protect “a collection of videos that you don’t want your grandma to have access to but don’t care enough about to encrypt”, but does anyone make use of that feature?

We’re interested in hearing your thoughts on this issue, so let us know in the comments.

Thanks!

1Actually, it might be more secure because Espionage has the AES-256 option, and soon, a separate custom master password.

5 thoughts on “Should unencrypted folder support be removed?

  1. Reply

    Bo Rotoloni

    I use Espionage to encrypt, password protecting w/out encryption doesn’t really by me anything. I have no problem removing this feature.

  2. Reply

    Goobi

    I’d say please leave it. You could make it a two step process, but it’s a real nice feature to have.

  3. Reply

    Ronald

    Please leave the password protected folder without encryption feature. Its really good for private collection of videos & photos.

  4. Reply

    mostimport

    Password protecting a folder without encrypition is a very good feature. Not everyone is trying to build a high fence and a think wall of protection per chance someone should steal their data files and wish to dig deep. One may wish to simply deter potential casual intruders. If they really want it, let them break and enter and have more than they can bear. I tried to stop them.

  5. Reply

    Greg Slepak Post author

    @mostimport: That’s hilarious! 🙂

    We’re keeping this feature. Thanks all for your feedback!

Leave a Reply to Goobi Cancel reply

Your email address will not be published. Required fields are marked *