Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - greg

Update (Feb 1, 2023): The forums are back online! We've upgraded them and enabled additional anti-spam measures. Hopefully we won't be overrun with spammers again.

Sorry folks, we've been having some very serious spam issues lately with this forum software, and it's gotten to the point where we have to temporarily shut down these forums.

It appears some bug in the software is allowing spammers to directly message our users, and we just cannot allow that.

So, please be patient with us while we get this figured out. We are right now in the process of fixing this issue.

In the meantime, users have two options:

Thank you for your understanding, patience, etc.

Greg Slepak
Get in touch with us if you're like to help us localize Espionage! We'd love to work with you!  :)

Details & contact info here:

Pootle Tutorial: Guide for translators and developers

Espionage 3 / go vote in the sticked poll
February 26, 2014, 06:15:17 PM
(just in case you didn't notice it.)
Espionage 3 / POLL: How's our "source available" policy?
February 26, 2014, 06:13:59 PM
Instead of giving out Espionage's source to anyone who wants it, we've chosen to offer Espionage's source to proven security professionals only, free of charge, and even with a complimentary license if they need it for their review.

We chose this route for the following reasons:

  • We cannot update Espionage without enough license sales.
  • We cannot provide you with professional support without enough license sales.

Without your financial support (a purchased license), Espionage would be either dead completely, or it would be like TrueCrypt (which is free and open source, but unusable).

We're happy with our current balance of "open for professionals" vs "closed enough to stay alive", but I personally am curious to hear your opinion. Feel free to share it with us here.

(If you'd like more info before making your choice, read through this blog post.)
It lives! :D

We put a lot of love into this, and we hope you find it helpful!

This thread is locked because it's a duplicate post of the one in the Espionage 3 forum. Post comments there instead:
It lives! :D

This guide is for those who did not uninstall Espionage 2.x with its built-in uninstaller prior to upgrading to Mavericks.

We put a lot of love into this, and we hope you find it helpful!
NOTE: If you have a version 2.x license, do not use this form! Please visit this blog post instead.

If you'd like to change your 3.x license after purchase, you can do so fairly simply by filling out and submitting the form below:

Modify existing 3.x License to include:
Name on 3.x License: (exact spelling)
Email on 3.x License: (exact spelling)

If all went well with your purchase you should receive your new license within 10 minutes, and if you don't please check your spam folder. If after 30 minutes there is still no sign of your license, please email our support team.

Once we receive payment we'll check our database to make sure the information is correct and then send you an updated license.

Two ways to replace your old license:

Downloading the license file that you receive and double-click it.

Or, if you are scared to double-click on email attachments (and you should be), then there is the manual way:

  • Quit Espionage
  • Open the Finder and choose "Go to Folder..." from the Go menu.
  • Copy and paste the text below and press the Go button:
    ~/Library/Application Support/com.taoeffect.Espionage3/

  • Move this file to the trash: license

Now open Espionage and register using your new license as before (the email the license file is sent in will contain exact instructions if you forgot how).
Source Code Applications / READ BEFORE POSTING!
September 15, 2013, 01:01:21 PM
Note: This section is under construction. Consider it a rough draft and expect its contents to change in the near future. Nothing written in this post is considered to be the final word. There might be errors and typos here. In all cases the actual wording of the contract you sign takes precedence. However, we expect the "spirit" of what is written here to remain the same.

Minimum Requirements for Applying

To obtain access to Espionage's source code, you must sign a Non-Disclosure Agreement and meet at least the following criteria:

  • You must be a software security professional with at least five years of publicly documented work in the field. We require that you send us some type of proof of your identity (driver's license, etc.). If we have any reason to believe that you are a sock-puppet, your application will be rejected.
  • You must have a publicly available GPG key (that belongs to you) that uses a key length of at least 4096 bits (or equivalent).
  • You must not have any past or present (or expected future) ties to any government security agency of any country, or any branch of the military. This includes having worked for any company that does work for these organizations, having a significant other who is an employee of said organizations, etc. Very limited exceptions to this rule may be allowed. For example, I worked on an autonomous vehicle at the University of Florida for the DARPA Urban Challenge, and I think that department had received grant funding from the US Air Force for said work. At our discretion, we may grant exceptions for similar scenarios.
  • You must not have any government security clearance, and no plans to obtain one in the future.
  • You must speak English fluently.
  • You must be presently "financially capable" (have cash or assets that you can liquidate immediately) of paying the minimal damages (listed below) in the event of breach of contract.
  • You must be at least 18 years old.

If you do not have a strong understanding of how to use GPG then DO NOT APPLY!

We reserve the right to reject any application, but we will publicly state the reason for doing so (or if you prefer us to give the reason in private, we can do that as well).

Agreement Preview

Before applying, please keep in mind that you will be asked to agree to at least the following. The wording of the actual contract supercedes anything written here:

  • To consent to an identity check upon request prior to receiving Espionage's source code.
  • To take all precautions necessary to safeguard Espionage's source code. This includes using the latest release of Espionage itself to encrypt the source code and any binary data related to it (we will provide you with a free license if you don't already have one).
  • To not share Espionage's source code (in whole or in part), or any information about Espionage's source code with anyone else without our express written permission. You understand that any unauthorized leak of our intellectual property damages us not only financially but also harms our reputation. Therefore you understand that any such leak by you (either intentional or due to negligence on your part) is a breach of contract for which you are liable (regardless of how it was leaked).
  • To delete every copy of the code once you have finished reviewing it, or after 60 calendar days of receiving it (whichever happens first). We'll send only one copy of the code per release version.
  • To immediately report all security issues you find in Espionage's code to us (via secure channel) and give us three months to fix the bug(s) and release the necessary updates before mentioning them to anyone else.
  • To pay a minimum of $5000 liquidated damages (2013 USD) in the event of breach of contract. You further agree to pay the damages within 14 calendar days of our sending you electronic notification of breach of contract. Failure to promptly pay within the aforementioned period results in additional $1000 damages plus the cost of our legal expenses.

Your Rights

For some people, the fact that we are sharing Espionage's source code may not be enough to prove our trustworthiness. Therefore, we additionally allow approved applicants to release copies of Espionage subject to (at least) the following terms:

  • You may build and release copies of Espionage using the original and unmodified source code that we send you (and all associated materials). You may not: sell, re-brand, or add anything to the copies that you distribute that was not included in the original materials that we sent you. Additional terms may apply. See full terms in the contract we send you.
  • You may publish and document any security vulnerabilities that you find in Espionage as long as you do so in the manner specified in the agreement (see previous terms).

Applications may take anywhere from one day to one month for approval (depending on how many we receive and how long it takes us to process them). In extremely rare circumstances, it is possible that it may take longer for us to approve an application. You're always free to contact us publicly or privately about the status of your application.

How to Apply

If you meet the criteria for applying and agree with everything above, then create a thread in this forum that includes at least the following information:

  • Your first and last name.
  • Your contact details encrypted with our PGP key (permanent home address, cellphone phone number, and email address).
  • The company you work for (or 'self' if self employed).
  • A link to websites showcasing your work. We reserve the right to reject your application if we feel that your work is questionable for any reason.
  • An explanation of why you are asking to see Espionage's source code.
  • Your public 4096-bit GPG key, which should be publicly available somewhere else online, and listed on one of the well known key servers (e.g.

Yes, you may encrypt your entire post with our GPG key if you desire.

Our Public GPG Key

You can find our 4096-bit key by searching for A884B988 on a keyserver (an old key, DB147F1C, was revoked, so don't use that one).

You must obtain our PGP key through one of the well-known key servers out there (like, the default in GPG). This prevents you from using a compromised or outdated key.

As a convenience, you may also verify that the the key you obtain from the keyserver is the same as the one listed below:

Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools -


If you have any questions, please post them in this thread.

November 9, 2013: Fixed typo, "your" => "you".

October 3, 2014: Added link to for key strength equivalency.
We've moved to new forum software because phpBB3 was giving us headaches. Hopefully this new forum will work better!  :)

Please note, some stuff broke during the move:

  • Some user posts got lost. You might see threads that have answers but no questions. Search for the a thread with the same topic name in the old, disabled forum in such cases.
  • Many old threads include links to posts in the old forum. Below I show how to convert these links.

How to convert old forum links:

Just remove the forum number from the URL and keep the topic ID (and add ".0" to the end):

Old topic link:

New topic link:

If a link points to a thread in the old forum, and you can't figure out how to make it work, post here and we'll give you some hints!

If you notice any issues with the new forum software please let us know here!

Thank you!
Your friends at Tao Effect
The Espionage Tips forum contains many handy tips, including:

  • HOWTO: Send a diagnostic report
  • Folders mount order
  • How to modify an encrypted folder's capacity
  • Using Chronosync (or similar apps) to synchronize folders
  • Disabling Spotlight for a folder
  • Using Dropbox to synchronize folders across machines
  • Ensuring optimal Time Machine backups
Update (Feb. 14th, 2012): Tao Effect is thrilled to welcome Zsolt as part of our customer support team!

Please have a look at this blog post for more details: ... pecialist/
Espionage 2 / >> ATTENTION: Customer Support On Hold! <<
December 08, 2011, 01:09:27 PM
UPDATE (Feb. 14th, 2012): Tao Effect is thrilled to welcome Zsolt as part of our customer support team!
UPDATE: We're hiring!

Dear customers,

It pains me to say this, but for the month of January, and possibly extending into part of February, I, Greg, am not able to fulfill my responsibilities in providing any customer support.

I was running the day-to-day operations of this company for several years on my own, and I experienced an overwhelm of life events and trauma that completely burnt me out. Right now I have to take care of my body and bring myself back into order, so that I can delight you and deliver on my promises, and once again "bring this ship in order". I am recuperating, doing what needs doing, and I hope to have this situation resolved soon. In the meantime I ask for your understanding, forgiveness, and have listed the following resources for self-assistance:

Espionage Support Forum:

Espionage FAQ:

Espionage Manual:
Choose "Espionage Help" from Espionage's Help menu in Espionage (you can search it too!).

Again, my sincere apologies for being unable to provide you with a personal response at the moment!!
Espionage 2 Tips / HOWTO: Send a diagnostic report
October 14, 2011, 03:19:41 PM
  • Do whatever it is you were trying to do that caused the error message (so that Espionage can log more details to the system log before you run the diagnostic report)
  • Download the diagnostic tool.
  • Double-click to unzip the app.
  • Double-click on the app.
  • Go through the steps, it will attempt to send us the report and fail, and then it will place a zip file on your Desktop (it should open up the Finder and select it).
  • Email this zip file to our support address (obfuscated to protect against spam): support at taoeffect dot com
When Espionage encrypts a folder, it uses the same technology that Apple's FileVault uses: encrypted disk images. These special files must be given a capacity upon creation, which determines how much data they can potentially hold.  The actual size of the disk image can change, and thus the disk image can grow in size on your hard drive, but it can only grow up to the capacity.

When Espionage encrypts a folder, it calculates the folder's capacity using a value called the Minimum Image Capacity (MIC) as defined in the Advanced preferences:

if 10 times the size of the folder is greater than the MIC
folder capacity = 10 times the size of the folder
folder capacity = MIC

By default, the MIC is 10GB.

The capacity can be changed, and a future version of Espionage will make this simple to do.

However, it is also possible to change it yourself, but it does involve the use of the Terminal.

Below are instructions for doing this that should be easy enough to follow, even if you've never heard of a "Terminal":

Verbose Instructions for Adjusting a Folder's Capacity

  • Open Espionage and select the folder you will resize
  • Uncheck its 'Enabled' checkbox and click 'Save Changes'
  • Open the Terminal application in /Applications/Utilities
  • Type (omit the quotes, note the extra space): 'cd '
  • Locate the folder you wish to resize, and drag it onto the Terminal window where you've typed 'cd' followed by a space
  • You should now have something that looks something like this in the terminal:

       [prompt]$ cd /Users/[your username]/path/to/folder
  • Press the 'enter' or 'return' key
  • Type 'ls -a'
  • You should see a listing of files, one of them will have a dot, followed by the folder name, followed by ".sparsebundle" or ".sparseimage". Copy this entire name (including the dot at the beginning)
  • Enter this into the terminal, where your see [paste], instead of typing [paste], press Apple+V to paste the file name you copied in step 9. Note that what you paste should be surrounded in double-quotes:

       hdiutil resize -size 10g "[paste]"
  • Do NOT press enter, use the arrow keys to position the cursor on top of the 'g' in '-size 10g', and press delete twice to delete the number 10. Enter the capacity you wish the folder to have (units are in gigabytes). So if you want  your folder to have a capacity of 250GB, then the final line will look like this (if your folder is called "Secret" and it's a sparseimage:

       hdiutil resize -size 250g ".Secret.sparseimage"
  • Press 'return' or 'enter'
  • Type in the folder's password when prompted for it. It will appear as though you are not typing anything, this is so that no one can see your password as you type it. Press 'enter' or 'return'.

In a future version of Espionage this will be handled in an easy-to-use interface.

Alternative Methods

If you are running out of space in an encrypted folder and would prefer an alternative method to the above instructions (with the current version), simply restore the folder by removing it from Espionage, and then re-encrypt it. You can also simply set the MIC to be a very large value, although that will only apply to folders you encrypt after modifying it.
Say you have Espionage installed on two computers on the same internal network, and you'd like to have an encrypted folder that's shared between these two computers. With normal folders you might use a program such as ChronoSync (with Apple File Sharing) to accomplish this task, but with Espionage, you can still use ChronoSync! There's just some things that you need to keep in mind:

  • On both machines, have ChronoSync added to Espionage's whitelist.
  • Only sync the folders when both the destination and the source folders are locked.
  • On the machine you're syncing to, before syncing, disable all of the encrypted folders that are about to be synced. This is only required if you're syncing across the network using Apple file sharing. If you're syncing to a folder that's on an attached USB or Firewire drive, the folder is already "disabled".
  • Never do a bi-directional sync on an encrypted folder, sync one way or the other only. You can switch directions at future syncs.

That's about it. To summarize the important points: make sure that ChronoSync (or your favorite synchronization app) is whitelisted, and that you only actually perform the sync operation when all folders that will be synced are locked (or disabled).
Espionage 2 Tips / Disabling Spotlight for a folder
April 09, 2009, 05:32:46 PM
When unlocking a folder, you may notice that Spotlight takes a couple of seconds to import the Spotlight index associated with the folder:

While this does not mean that the entire contents of the folder are being re-indexed (that only happens the very first time the folder is unlocked), it can still be annoying, especially if you have many folders set to autounlock when you login.

Thankfully, turning off this behavior for a particular folder is simple:

1. Open the Spotlight preferences and click the Privacy tab:

2. Unlock the folder and open it in the Finder.
3. Click and hold the mouse button down on the folder icon in the toolbar until it changes color, then while continuing to hold down the left mouse button, drag it onto the Privacy list:

That's it.  To re-enable Spotlight support for that folder simply remove the folder from the Spotlight privacy list.