Messages

Hello, the instructions you found helped many users, so I guess they are written in an form which is relatively easy to understand.
The next level of support would be assistance through are remote session but this is reserved to Espionage 3 license owners only.

If you want to continue to protect your files with Espionage 3, then this will be no problem at all, if you are a registered user of Espionage 3, please let me know and we will arrange for a remote session.

If you are not, then give me a few more details which part of the instructions is not clear to you and I will try to write you a few more words of clarifications.

Rgds
Zsolt

Hello Philip,

I could not make it work reliably.
As you might know already, Espionage works by storing the data into encrypted disk images.
After you added the folder to Espionage we move the data from the folder into encypted disk image and leave the original folder empty.
When you unlock the folder, we "mount" or attach, the content of the disk image to the folder you protected, and to you it looks as if the folder contains data, but it does not, you are just looking at the content of the disk image "through" the (empty) folder.
So this mount, or attach is happening locally on your mac.

Now, when you connect to a shared folder from another mac, this mount happens too, in this case you are "mounting" the remote mac folder onto your local mac to see the content.

Now, if you would like to look at the content of an unlocked folder on a remote mac, this means you are expecting to see the content of a disk image mounted on a remote mac, through a folder which is mounted on your local mac....does not look very reliable and promising.

So let's try to do something else.

Let's connect to the folder on the remote mac which contains the espionage disk images, and then you can import them to your local Espionage installation.

####
All disk images of Espionage are by default located in the following folder

yourhomefolder/Library/Application Support/com.taoeffect.Espionage3/Data

to reach that folder, hold down the option key and select Library from the Finder's Go menu.
Once inside Library, you can navigate the other folder normally.
Make  the folder com.taoeffect.Espionage3 on your MacBook shared
Now you should be able to connect to that folder from your iMac.
If it worked so far, let me know and I will tell you how to import the disk image from the MacBook into Espionage installation on the iMac.
Then, whenever you need to sync the folders, you simply unlock the Photography folder and your Archive folder, both on your iMac and copy the content between them.

Let me know your comments,

Zsolt

3. I'm reffering to "Undercover says they won't work with FV on, and recommend Espionage. But the documentation for Espionage makes it seem very complicated, including the warning about 'knowing what you are doing.'" is this Undercover documentation or Espionage documentation? Share with me the section which is unclear.

4. With Espionage you cannot protect Files, just folders, so yes, all you want to protect has to be in a folder. However, I do not recommend to protect the "Main" folder, i.e. Documents, Pictures, Music, Movies etc....the folders which are directly under your home folder, as they have special permissions and the encryption might fail, I recommend protecting one or more subfolders of those folders.

5. Yes, you have to unlock the folder before launching mail, because we cannot intercept the application launch like we could in earlier versions of OS X, you can setup a folder action though, where unlocking the folder will launch Mail, it is a bit opposite approach, but it works well. But I'm not sure if you understood what I said before. Do you know which folders do you have to protect to protect Mail?

Remote session would definitely be better then this, as we will be writing for a long time, and at one point you will get frustrated as we will not make progress :-)

I'm usually available in afternoon/evening hours of GMT+1 time zone, mail me directly at taoeffect@macmesupport.com

Cheers
Zsolt

1. yes, filevault or Espionage, same thing, if something goes wrong, you loose, although, if you use Espionage you can do backups, the files will be protected on the backup disk too, so you can restore. Filevault is either all or nothing and to the best of my knowledge, the backup is unencrypted

2. protecting an application is protecting application's data. With Espionage 2 we were picking the right data for you, with Espionage 3 this is not possible any more so you have to pick it on your own. Which folders do you need to encrypt and how will that affect the application is all on you. I can give you some hints regarding Mail but again, this was not verified with every update of Mail or OS X. I will write a few more words at the end of this post

3. Can you share with me this documentation which seems to be very complicated?

4. If you want to protect your entire user folder then Espionage cannot do this, in Espionage you have to protect each folder separately, and these must be subfolders of default user folders (like Documents, Pictures, Movies etc.)

5. Regarding mail: as I said in my previous post, encrypting application data means that when you launch the application and the folder is locked, each application will handle this differently, trying to recover from this situation. If you launch Mail with folder locked, it will see that the mails are missing and will try to download them new from the defined internet accounts. The trouble is that it will succeed, because the internet account info is not stored within Mail, but within system preferences and those you cannot lock because OS X would not be able to function.
The Mail, however, has the option to move the mails locally, basically you remove them from the IMAP server and store them only locally. In this case, Mail cannot download them new, because they are not on the server any more, and locally they would be encrypted. So you can create a Mail rule, or do this by hand periodically, and move all confidential mails into local folder.

If you have further questions, I suggest that we make a remote session and I can explain you all in details.

 Which folder is shared in that structure?  How do you connect,  as registered user or as guest

The information put into the cloud is just an encrypted disk image, the data cannot be read in any way on the cloud server.

Give me the exact versions of the OS X on the two clients you use, and some folder structure example, so that I can try to reproduce it as you see it.

Rgds
Zsolt

Hello, I just tested it and I do not even see the protected/mountpoint folder itself.
Did you upgrade one of the Macs to Sierra recently? Considering Sierra has problems with protected folders on external disk I would not be surprised that the same applies to the network shares.

I remember that we were testing a while ago Espionage handling protected folders on remote network shares and that it worked to some extent but not reliably.

By "decrypting" folders on both Mac, I suppose you mean "unlocking" the protected folder, correct?

If you have dropbox, or if you use iCloud drive (although I prefer the dropbox) you could synchronise automatically, would you be interested in that as a solution?

Rgds
Zsolt

Hello, it is tough, I know...but all your questions are valid, so let me try to clarify to you...

File Vault (2) will encrypt your entire disk, including the user folder, so if all your files are already encrypted then it does not make much sense to encrypt some folder once again.

Whereas File Vault seems to be working fine and Apple continues to use it in OS X, there is always this "what if something goes wrong" and due to some bug in File Vault or error on disk, you loose it all? If the drive is encrypted then no recovery software can help you, it is either all or nothing.

The alternative is to protect only some folders and leave the rest unencrypted, yet, this assumes that you will protect your most valuable data which brings the very same question up again, "what if....", yes, you would not loose the entire disk, just your most valuable data :-)

So I guess the choice is yours, all I can say is that in several years since I support this product, there was no report on data corruption unless it was a corruption of the disk itself. If you add to it the possibility (and recommendation) to backup those disk images, then the whole thing is quite safe, in worst case we could restore an older copy of the disk image containing the data.

The data on the backup disk is saved in the encrypted form, so it is protected in the same way as on your startup disk, no worries here.

Now to the application protection, Espionage 2 offered an "no brainer" application protection, you would pick the app you want to protect and we would to it all automatically for you.
Due to tightened security in OS X, we had to change the way Espionage works, and this does not allow us to intercept application launch any more, so we had to give up on application protection all together. However, the application protection is nothing else then protection of specific folders where application stores it's data, so "if you know what you are doing" you can still do it, but in our tests with Apple's Mail, whereas it works and does what is expected, due to the way IMAP and Apple Mail work, if you lock the folders, Mail will simply download the messages from the server again, we cannot prevent this, as we cannot prevent it from accessing your mail account info. What would be protected are the local folders: if you move some mails from server into a local folder, then the local copy is the only one, and this could not be fetched again, and this would not show up if the Mail folders are locked.
So if you have a specific Mail workflow, then it is worth the trouble.

I hope I made it clear(er) to you, if you have any further questions, let me know

Zsolt

With espionage we rely on apple's disk utility mechanism, which you can access through Disk utility application but also through the command line using the diskutil command.

If you try to mount a disk image with a specified mountpoint folder (so that it does not mount in the default /Volumes folder), and you specify a mountpoint folder which is not on the internal disk, then the mount fails.

This worked before, and it is clearly a bug because all the options are still there, it is just that they do not work properly.

So this is what we are waiting to be fixed.

If you have any further questions, just let me know,

Rgds
Zsolt

Hello Charles,

Users normally do not have to understand the mountpoint folder concept, it is just due to the bug in Sierra that we are "forcing" you to understand how Espionage works so that you understand why do you have to move the mountpoint folder around.

Normally, if all works fine, the mountpoint folder will become the folder you protect, so "it just works".

Espionage 2 had mountpoint folders too, the only difference is that we kept the disk image inside the protected folder, now we keep them all in one place, inside your homefolder/Library folder, so that you do not delete it by accident.

In case of External folder protection, we do ask you where to save the disk image, but again, the mountpoint folder will be the folder you protect, unless you are runinng Sierra, where we have to use the workaround until Apple fixes it.

Thanks for your input, we took notes on your remarks,

Cheers
Zsolt

Hello, in espionage 2 the disk images are protected with user defined password, so if you remember the password at the time you protected the folder, you can unlock the disk image simply by doubleclicking it, the only trouble is that it is hidden so you cannot doubleclick it... but here is what to do:

- download the following software http://www.macupdate.com/app/mac/24682/ivisible 
- launch it, and click on "make files visible" button (in case OS X does not allow to launch ivisible, you have to go to System Preferences -> Security & Privacy, click on padlock icon in lower left corner and authenticate, then under General Tab, under "Allow apps downloaded from" select anywhere, wait for confirmation window, and then try to launch iVisible again)
- now revisit the protected folder and you will see a disk image inside, named same as the folder name, but having a dot in front of the name
- dobleclick it, it should ask you for password, enter it, and the image will mount as a volume, like for example an USB stick would mount
- open it and you will access to all your files
- copy them out, unmount the volume and delete the protected folder containing the disk image you just opened

You do not need to purchase Espionage 3 to access the data from Espionage 2, they do not read each others data. Of course, if you would like to protect your data, then Espionage 3 is fully supported and feel free to download it, test it and eventually purchase it.

Let me know if you need further help,

And sorry for delay in answering, your post got lost among the spam in the forum :-(

Rgds
Zsolt

For the public: the conclusion was that the problem happens when one locks espionage using Espionage menu, and remains until is not restarted (Espionage). It was put on the bug list and will be addressed in the future updates.

Considering you opened a support ticket too, I will reply you there and then post the conclusion here.

Rgds
Zsolt

A protected folder in Espionage 3 consists from the disk image and the mount point folder. The disk image is the one containing the data, and the mount point folder is the folder in which the disk image will mount when you unlock the folder.

​So what happens when you unlock the folder is: by using the disk image password from Espionage database, we mount the encrypted disk image through the mountpoint folder. To you it looks like you are reading the folder, but in fact you are reading the data from the disk image through the folder.
​Considering the folder info is known only to the espionage instance which did the encryption, you have to "import" this info into the espionage on the other mac.
​
​Here is how to set it up using dropbox:

- pick a local folder for protection
- add it to Espionage
- wait until it is done with encryption
- (if you have more then one protected folder) once done, click near the folder name onto small i, and check the disk image name under "Disk image" drop down menu, record it somewhere
- then click on copy password, and paste the disk image password in some text file
- lock the folder and quit espionage
- go to Library/com.taoeffect.espionage3/Data folder, move the disk image into some folder in Dropbox
- launch Espionage, again click on small i near the folder name, you will see that it will complain that the disk image is missing, click on the Disk image drop down menu - "Choose", and select the disk image in your dropbox, this should make him happy. Try to unlock, change, lock, just do not rush to fast, allow Dropbox to sync as you do things... if all OK, lock the folder and we are done with this Mac

- now on the other Mac
- create a local folder which will be used as mount point
- launch Espionage and drag the disk image over it, it will ask you for disk image password and will give you a "choose mount point" menu,
- enter the recorded password, and select the folder you created to be used as mount point
- if all fine the folder will be added to Espionage
- now try to unlock it, update it, lock it.
- again make sure the sync from Dropbox is done

- now move to the first mac, unlock the folder and see if the content has the update you did on second mac...

here is one user generated guide too: http://www.dafacto.com/2014/02/09/how-to-share-confidential-documents-using-dropbox-and-espionage-for-mac/

I hope this helps
rgds
Zsolt

OK, so here it is: first a few words of explanation:
Espionage stores the protected data in encrypted disk images. When you protect a folder, the data from that folder will be copied into a disk image and the original data will be moved into trash. The original folder will remain empty after this and will be used as so called mountpoint. When you unlock the folder in Espionage, the data in the disk image will be displayed "through" this mountpoint folder.

Now, if you protect a folder on your boot drive, we will store the disk image in a predefined default folder, and the original folder will automatically become the mountpoint folder

If you protect a folder on your external drive, we will ask you where do you want to store the disk image, but again, the original folder will again become the mountpoint folder.

This all worked before Sierra, but due to bug in Sierra, if the mountpoint folder is on an external drive, the folder unlock will not work. What you have to do is to move the mountpoint folder onto your boot drive.

To do this, first move the folder itself, and after that tell Espionage that you moved the folder.

So:
- make sure folder in Espionage is locked
- take the (mountpoint) folder on the external drive and move it onto your boot drive, for example into your Documents folder
- unlock espionage
- click onto small "i" near the folder name in Espionage folder list, this will take you to the folder options window
- use the mount point drop down menu to point espionage to the folder you moved onto your internal disk

After this is done, it should start to work normally

I hope this helped

Zsolt