Giving away commercial iSpy licenses

iSpy is the low-level tech that powered Espionage versions 1 and 2. It is unique, there are no competing technologies that can do what it does (to my knowledge): monitor and intercept file-system events based on arbitrary filters. It’s how Espionage 2 could display a password-prompt when a user double-clicked on a folder and “pause” the Finder while it tried to open the folder.

Today we’re announcing that we’re giving commercial licenses to iSpy to anyone who wants one in exchange for 20% of the revenue generated from any sale of such software.

If you’re interested, contact us: (or id/greg on Namecoin)

Pootle Tutorial: Guide for translators and developers

We’re working on localizing Espionage into many languages, so we installed Pootle, an excellent free and open source web-based localization platform that developers and translators can use for that purpose.

To help our translators, I’ve put together what I hope if an easy-to-follow guide on how to use Pootle (partly because Pootle’s documentation on actually using Pootle is virtually non-existent at the moment).

In the event that it’s helpful to others, I’ve decided to share it publicly:

Pootle Tutorial

Hiring translators for these languages:

  • Korean
  • Persian
  • Arabic
  • Hindi
  • <Your Favorite Language Here!>

Already Have:

  • English (duh :P)
  • Spanish
  • Brazilian Portuguese
  • German
  • French
  • Russian
  • Mandarin
  • Japanese
  • Italian
  • Polish

If you’d like to help us translate Espionage into *your* favorite language, send us an email (replace the stuff in brackets as appropriate):

support [at] taoeffect [.] com

Enjoy! 🙂

Major improvements to plausible deniability in Espionage 3.6

UPDATE July 19, 2014: Espionage 3.6 is out! Go get it! 🙂

Plausible deniability (in cryptography) refers to methods of protecting users (and their encrypted data) from so-called gun-to-the-head scenarios”:

Any situation that involves some type of coercion stands to benefit from plausible deniability. Although unlikely, some users may find themselves threatened into giving up their encryption keys through physical force, or by the threat of loss of freedom (examples here, here, and here).

It is quite unfortunate, therefore, that it’s possible to count on one hand the number of data security applications that attempt to do anything to address this issue.

Data security does not stop at encryption

We believe that “security” which protects users in some circumstances (but not others), from some adversaries (but not all), is inferior to security that has no exceptions.

When we designed Espionage 3, we decided to focus on plausible deniability as a core feature. It was never an afterthought. We discovered, that In order to do plausible deniability correctly we had to build the entire app around the concept.

When we released Espionage 3 in 2012, it was (to our knowledge) the first data security app to sport not one but two types of plausible deniability:

  1. Unlimited isolated master passwords, each protecting a unique Folder Set.
  2. Multi-faced folders that can show different data depending on whether or not they are locked, and which master password was used to unlock them. This resulted in some fascinating possibilities (like having different versions of your email).

Plausible deniability is Hard

An operating system like OS X has thousands of moving parts, many of which are out of the control of users and third-party developers (like us). This makes hiding the existence of encrypted data a significant challenge.

For example, try observing your system’s primary log file by opening the Console application (located in /Applications/Utilities/ ) while you lock and unlock your encrypted folders. Depending on your version of OS X, you’ll see different types of information about your encrypted folders logged (like the path to the folder).

It is close to impossible to prevent this type of information leakage because it is created by applications and system components that are out of Espionage’s control (and shouldn’t be under its control). It is possible, however, to mitigate it by various means:

  • Periodically scrubbing your log files using utilities like OnyX.
  • By creating Folder Sets with different data using the same mountpoint
  • Etc.

One piece of data leakage, however, cannot be mitigated by users, and that is the number of user-created Folder Sets in Espionage’s database. This, however, is something we can fix (and do fix) in Espionage 3.6. We’d like to thank user tzugo for bringing this issue to our attention.

Fake Folder Sets are coming in Espionage 3.6

By having Espionage create a random number of fake Folder Sets, and then creating a user-specified-but-quickly-forgotten number of encrypted sparsebundles (each with a random number of files containing random data), we are able to restore the plausible deniability impacted by this information leakage.

Now, it still remains possible to check how many Folder Sets exist in Espionage’s database, but that information does not reveal the actual number of user-created Folder Sets! They might have one, five—even zero “real” Folder Sets! 🙂

The number of encrypted disk images on a user’s computer, also, does not give away the number of real encrypted disk images that the user has. It is even possible that none of the encrypted disk images contain any meaningful or user-created data (those might be on an external drive, for example).

When users update to Espionage 3.6 (or install anew), they will be taken through a setup assistant that creates all of these faux Folder Sets and disk images. Here’s a sneak peak at what it looks like:


Important notes and considerations

Because Espionage 3.6 is a significant update that makes many changes to Espionage’s database, Espionage will backup the database prior to running the setup assistant and add a “-v2migration” suffix to it. It will be placed in the standard database backups folder, located here:

/Users/[your username]/Library/Application Support/com.taoeffect.Espionage3/Backups

Note that these old backup databases can be used to compromise your plausible deniability (because they show an accurate count of the Folder Sets you created).

Once the assistant finishes successfully, and you’ve verified that you can unlock all your Folder Sets and encrypted folders, you may then delete all of the old backups in that folder to restore your plausible deniability.

Also: starting with version 3.6, we will be signing all Espionage releases with our public key. Espionage 3.6 will also include a pinned 4096-bit public DSA signing key for Sparkle updates (instead of relying solely on HTTPS for securing updates).

Remember: plausible deniability is ultimately *YOUR* responsibility!

Espionage can only do so much for you. It is ultimately *your* responsibility to create convincing enough Folder Set(s) to protect you from gun-to-the-head-scenarios.

Most users won’t need to worry about this at all. For some, however, failure to take due diligence in this regard can result in undesirable consequences. If you think this applies to you, please make sure to do your homework!

Espionage 3.6 is currently getting its finishing touches and final testing. As per usual, it will be released “when it’s ready.” 🙂

Espionage 3.5.3 Released!

Version 3.5.3 addresses an important data leak introduced in 3.5.2, improves Mavericks compatibility, and adds other important bug fixes, please update right away!

If you’d like to localize Espionage into your language, please contact us.

  • SECURITY: Bug introduced in 3.5.2 that resulted in all folder paths of an unlocked Folder Set being logged to the system log. After several days (or weeks) these messages will disappear from the log files, but you can force their removal using a tool like OnyX. For OnyX, use these settings.
  • IMPROVED: Added retina support for lock/unlock slider. Retina support for other graphics coming too.
  • FIXED: Removed several instances of unnecessary folder path logging (on folder lock/unlock) to help with plausible deniability. This is a losing battle because folder names and paths are logged to the system log by other background processes that Espionage does not have control over. Logging folder paths is also necessary if an error occurs.
  • FIXED: (Mavericks) Wrong folder icon.
  • FIXED: (Mavericks) Error decrypting a folder.
  • FIXED: (Mavericks) Problem unlocking folders for anyone who enabled the hidden setting “enableDiskArbitrationMethod”.

Enjoy! 😀

SHA1(Espionage.dmg)= 5d02150ca6da3fd4017a244d83db33aa536f9edc
SHA1( 8e92c0b2ab730c4ddd62358d3f59f818126e9d53

Phasing out support for Espionage 2 + Last chance to upgrade!

It has been almost five years since we announced Espionage to the world. Since then, we’ve gone through three major versions. I would like to sincerely thank all of our customers, and everyone who has supported our work in any way, whether it was by purchasing a license to Espionage, writing a review, or just taking the time to send us an email or a tweet. Thank you.

Espionage 2 was a remarkable application, but its time has passed. It taught us many lessons. We took those lessons and used them to create Espionage 3, a product that not only provides significant security improvements, but a more intuitive user experience. We will continue to listen to our customers, to read your emails, your forum posts, your reviews, your tweets, and use that to make Espionage even better.

Espionage 3 is our focus now. Therefore, we are redirecting traffic to Espionage 2’s homepage to Espionage 3.

December 31st, 2013, will be the last day we provide support for Espionage 2.

The community support forums for Espionage 2 will remain online. Zsolt, Ernesto, or myself may choose to respond to threads in that forum, but we will do that on our own time, and at our discretion.

One more chance to upgrade at a discount

We know that some of our users are still using Espionage 2. We want to make it easy for you to upgrade to Espionage 3 so that you have the security improvements and bugfixes found in Espionage 3.

When we announced Espionage 3, we released it on the Mac App Store, which made it difficult for us to offer discounted upgrades. To get around this, we lowered the price of Espionage 3 to $9.99 for one week, and sent an email to all Espionage users, letting them know that this was their opportunity to upgrade at a discount.

Many users upgraded at that point in time, but some did not. To those that missed out, we’re offering you one more opportunity to upgrade at a discount. We also want to be fair to everyone who decided to purchase Espionage 3 at full price, and so the discount will not be the same as it was the first time.

If you’re a current Espionage 2 user and would like to upgrade to Espionage 3, send us an email (see below) and we’ll send you a code that’s good for 15% off Espionage 3. Update: This offer expired December 31st, 2013. You can still follow the instructions below to receive 10% off Espionage.

To qualify, send an email to:

Your email MUST:

  1. Contain the name and email of your Espionage 2 license
  2. Contain the name and email you’d like for your Espionage 3 license
  3. Do one of the following before December 31st, 2013:
    • Be sent from the same email address that your Espionage 2 license is registered with. (preferred!)
    • Or, include your PayPal receipt for Espionage 2 to the email.
    • Or, have your Espionage 2 license attached to the email. (Not recommended. Will likely delay your license.)

Remember that Espionage 3 needs at least Mac OS X 10.7 to run!

Thank you for helping us make Espionage the best encryption software for the Mac! 🙂

“The FBI has not been here” as it applies to Espionage

Some smart librarians figured out a way to get around FBI gag orders through an interesting technicality:

The FBI has not been here (watch closely for the removal of this sign).

Taking cue from the librarians, we’ve updated Espionage’s homepage with the the following blurb:

We have not placed any backdoors into our software and have not received any requests for doing so. Pay close attention to any modications to the previous sentence, and verify the signature of this

Viewing the source for Espionage’s homepage reveals a signed section that explains the types of changes that can and cannot be made to the text itself:

Espionage 3 — Source Code Available to Security Professionals

Oh boy, we’re really excited about this!

Not only do we have an update for you today, but we’re super thrilled to announce that as of today, security professionals can obtain access to Espionage 3’s source code! 😀

I’ve wanted to do this for a while, but I never felt comfortable releasing the code for Espionage 2 for a variety of reasons having to do with complexity of the code. Now, thanks to the rewritten Espionage 3, I can say with confidence that Espionage is as beautiful on the inside as it is on the outside, and so I have no problems letting others have a peak inside. In fact, I believe Tao Effect has a duty to its customers to do so.

Espionage’s homepage now has a new section that explains what we’ve done and how to get the source:

We know that for software to provide any meaningful security guarantees, its source code must be available to third-parties for inspection. We also recognize that releasing Espionage’s source code can hurt Espionage and its users because of software piracy.

We want to continue giving you stellar customer support and timely updates, so we follow a middle-path by giving security experts access to Espionage’s code so that they can verify its security. We’re also allowing them to distribute unmodified copies of Espionage that they’ve built themselves, so that anyone who doesn’t trust our copy can download it from them. Apply here.

Espionage 3.5.1 Released!

Also on today’s menu, an update! (With more to come!):

  • NEW: Source code access for security professionals!
  • NEW: Autolock on screensaver and screen lock!
  • FIXED: Failure to execute folder actions after folder autolock while Espionage is locked.
  • FIXED: Don’t unlock folder if an application for a folder action is already running.
  • FIXED (3.5.2): Crash on startup related to Folder Actions.
  • FIXED (3.5.2): Updated Growl to (hopefully) fix a Growl-related crash.

Enjoy! 😀

EDIT: Thanks to “Red H.” for pointing out that “source code available” != “open source”. The two are quite different, as for something to qualify as open source software, it must be distributed for free. My apologies for the error, we will update all references accordingly, and if we miss one please let us know!

The Apache (Contributor’s) License Agreement Is Very Dangerous

EDIT: All of this applies to the regular Apache License (v2) as well, and any other licenses that use its language. I’ve contacted Apache on their legal list about this and am waiting to hear back.

UPDATE 2 3: Apache’s last reply on September 15, 2013“In response to your request for a formal answer to your question. I will say, as President of the ASF, please give us a little time to consider your comments.”

I recently published a paper1 about my experiences exploring and contributing to Numenta’s open source NuPIC project, during which I discovered a very concerning clause in their Contributor’s License Agreement (emphasis mine):

Subject to the terms and conditions of this Agreement, You hereby grant to Numenta and to recipients of software distributed by Numenta a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was submitted.

In brief, I let Numenta know that I couldn’t sign the agreement because:

[..] it appears to allow an interpretation that states that I’m potentially giving away royalty-free licenses to all the software patent claims I ever make should I make a single contribution to NuPIC, whatever it may be.

For a complete understanding of how such an interpretation is possible, please read part of the email exchange.

I was told that it was a word-for-word copy of the same section in the Apache CLA (v2) (a very common CLA with a long history of use), and therefore it would not be changed. However, after some additional poking, they brought up the issue with their legal team and discussed it internally. Eventually, they agreed to add a few clarifying words that would address the issue completely.

Of significance, Numenta announced the changes via their blog, and stated that they would allow existing contributors to sign the updated version. Matt Taylor, Numenta’s “Community Flag-Bearer”, explained the essence of what was clarified in the update:

This addition bounds the rights of Numenta, preventing us from exercising a royalty-free license to any patents a contributor creates in the future unassociated with the NuPIC project.

I am quite grateful for Matt’s help in addressing this issue. I have no doubt that his professionalism played an important role in Numenta’s decision.

Regarding the resolution, a good friend of mine remarked:

No small feat, getting a company to understand the implications of a contract its executives probably didn’t actually read closely in the first place, and then to send the document back to their lawyers to make it reasonable.

[..] a sympathetic stance would entail understanding that virtually no one reads this boilerplate stuff, that “bad code” gets passed along from one attorney and one organization to others, and then it gets defended for the surface-defensible reason that ‘standard contracts’ allow for legal interoperability. None of that sympathy is to endorse the going ‘standard’ — and it takes something like what [happened] to put things in better stead.

Significance for the Open Source Community

That a fairly large and well known company took these steps to clarify the Apache CLA has fairly significant consequences for the entire Open Source community.

In effect, Numenta’s actions legitimize the concerns that were raised, which sends a strong signal to every other company out there that uses the Apache CLA. It also sends a strong signal to every single developer who has ever signed a CLA that contains an identical (or similar) patent license clause.

The group most affected, however, are developers who have not yet signed an Apache-based CLA and have become aware of this issue (either through this paper or some blog post). The reason for this is that even if most companies would never abuse the CLA in the manner that the original language allows, the mere awareness of the possibility implies consent.

Why? Because if you are aware of the potential consequences that signing a legal document can have, and you still put your signature on it, then you cannot even use ignorance as a defense should the issue ever arise. That was the reason it became impossible for me to sign Numenta’s original CLA:

Given that multiple individuals now have (in written form) my understanding of what the document allows for, I cannot in good faith sign such a document as-is, because written as-is, it appears to allow an interpretation that states that I’m potentially giving away royalty-free licenses to all the software patent claims I ever make should I make a single contribution to NuPIC, whatever it may be.

At the time of publishing, the Apache CLA was at version 2.0. Hopefully, the Apache Foundation can amend their CLA in a future update.

1 Hierarchical Temporal Memory, NuPIC, and Numenta’s Commendable Behavior

Humans are basically blind


In searching for “what percent of the light spectrum can humans see” I found answers varying from 0% to a maximum of 2.3%, depending on your definition of “light spectrum,” whether you’re asking in terms of a linear scale or a logarithmic scale, and whether you’re using wavelength or frequency [1] [2].

Painfully slow frame rate

The problem doesn’t stop there, however. Searching for “frame rate of human eye” suggests and upper bound of 60 fps.

When someone drops a piece of gelatin, is this what you see?

Dark matter + Dark energy

The above image is a screenshot of the universe’s virtual machine as it existed approximately 13.7 billion years ago. From it, we learned that:

It also constrained the content of the present-day universe; 4.6% atoms, 23% dark matter and 72% dark energy.

That means that everything you learned in school about the world, and everything our scientific instruments can see, only deals with just 4.6% of the universe. And that’s just what our scientific instruments can directly see. Of that, we only see a fraction (0% to 2.3%) with the naked eye, and only at about 60 frames per second (when you’re really paying attention).

Conclusion: don’t make fun of schizophrenics

Perhaps they can simply see more of the universe than you can.