Version 3.0 a HUGE step backward !!!

Started by acuraice, June 11, 2012, 09:58:54 AM

Previous topic - Next topic

acuraice

Along with myself are many many others who are very displeased with the latest version of Espionage as a whole. With its super buggy not launching at startup(although i have found a workaround) crashing after immediately entering the master password, not displaying folder content properly or size of folders not being updated properly,and instances of 2 epsionage apps running at the same time,which i only have one version installed which is version 3.0. I am the original person who fixed the initial release of the new version and posted it to macupdate.com to help the tons of mac users make the update/switch go smoothly since the original way was so flawed. I just dont see any advantages over the older version which after the last release/update was working perfectly! Why the hell did they decide to completely re-vamp the entire app from the ground up??? if it aint broke dont fix it!!! I am not alone with these angered views for the newest version of espionage. please take a look at the main mac app store page of comments or espionage 3 attached to this post. Nothing but angry people who miss the older version and its awesome coolness and stability instead of this new versions clunky and bugginess! Dont get me wrong,i absolutely love the developers and love the program as a whole,but it feels like it was rushed out and not tested barely at all. Also i had read on one of the forum posts that there was a major bug fix update coming soon almost 2 weeks ago,version 3.0.1, yet it has still not arrived on the mac app store or as a direct download on macupdate. If i was Tao Effect, i would simply revert completely back to the older version and contnue making that specific version better in anyway possible or just keep it the way it was and ditch the entire newest version.  :cry:

zsolt

#1
Dear Acuraice,

I do not want to enter into a flaming here, just post my opinion.
I'm providing support for TaoEffect. I did not contribute to the design and decision related to V3, so it took me by surprise like you, the users.
At first I was kind of shocked like many of you. But as I moved on using it, I liked it more and more.

The click to unlock I do not miss at all, in fact I think it is good that it is removed because if you want to keep something secret then you do not write "this is secret" all over it, and a password prompt would do exactly that. Now the folder simply looks empty, or even better, you can put some dummy files into it, once the folder is unlocked they will be replaced by the real content, when you lock it again the dummy files will be back, perfect disguise.

The application protection that is a bit tougher to justify, but with 3.0.1 you will get it back, just it will not be as automated as in V2. You will have to add the relevant folders on your own (I will be happy to assist you, and I'm sure other users on the forum will submit their hints too, and you can enable the auto unlock for those folders. So once you log on the folders will unlock and once you log off the folders will lock. The only thing you will miss is: if you do not start the app, the folder will be nevertheless unlocked during your login session, yes, this is indeed a drawback, especially if you protect a folder of the app which you use only occasionally. Maybe Taoeffect comes up with some idea later on....

The password only protection was removed, simply because it was not safe enough, so we did not want to give the user the false feeling or being protected.

Regarding the crashes...you compare 2.8 with 3.0. The .8 iteration surely means something. The sad fact of life is that .0 versions of the software are for early adopters, it is tested, but testing it with a group of beta users agains having it running by all of you is surely a big difference.

So all we want is some patience.

It is also correct that the V2 can run in parallel with V3 so you can still keep your important data in V2 and test the V3 at the same time, and once you are confident you can move to V3....

Just my 2 cents...

Zsolt
Follow @espionageapp on twitter for news! | For general Mac support, please visit Mac Me Support

acuraice

#2
none of the features are useful to me. how can you ignore the fact that 60% or more of the users hate the new version ??? read the mac app store comments. the new version is buggy and broken. i expect a few bugs with new software but this seems so obviously rushed out and has basic major flaws to it. the auto unlock before was priceless. i would simply enter my one designated master password,the folders i wanted to auto unlock..did just that ..they auto unlocked. now it crashes after entering the master password,they dont auto unlock,you do have to click the switch for each individual one regardless of the auto unlock setting enabled,it doesn't launch at startup half of the time and is ugly as hell. my two cents! The new feature where you can apparently group a bunch of folders and then have them auto unlock on launch seemed great to me,just like i had it with the older version before. Yet that will nOT let you,the owner,the customer set ONE master password for ALL of the folders as in the past version did.plain stupid. i hate it when login details have to be set up based on what the developer or website wants(such as must include a #,7+ letter,one lowercase,one uppercase etc) i can understand that request with a website which is very annoying but with a password protection app that i purchased just for that sole purpose,who the hell are they to tell me what passwords i can and cant use. i dont need military encryption,i just need to keep some important documents private, personal financial information private etc. i would definitely revert back to the old version that used to work perfectly the way i had it set up with none of this BS,but then it would never get updated and it would only be a matter of time until apple's new OS would come out and there would be a chance it would be broken again. The way this new version is such a pain in the ass between the bugs and getting to learn the new procedure to lock and unlock simple folders is ridiculous bc me myself,the owner of the files and the owner of the master password is struggling to get unlock my own data. now its so secure that even the administrator cant get to the files. lol i'd be willing to bet you that if you posted a poll on your website to the customers/users who hate the new version, if they would either you continue to build on the newer version or revrt back to making the already perfect older version better,the poll would most definitely be in the older version's favor. perhaps that poll should have happened BEFORE your team decided to just say F-it and create a whole new app from the ground up. hmmmm :roll:

sjf_control

#3
Quote from: "zsolt"Dear Acuraice,

I do not want to enter into a flaming here, just post my opinion.
I'm providing support for TaoEffect. I did not contribute to the design and decision related to V3, so it took me by surprise like you, the users.
At first I was kind of shocked like many of you. But as I moved on using it, I liked it more and more.

The click to unlock I do not miss at all, in fact I think it is good that it is removed because if you want to keep something secret then you do not write "this is secret" all over it, and a password prompt would do exactly that. Now the folder simply looks empty, or even better, you can put some dummy files into it, once the folder is unlocked they will be replaced by the real content, when you lock it again the dummy files will be back, perfect disguise.

The application protection that is a bit tougher to justify, but with 3.0.1 you will get it back, just it will not be as automated as in V2. You will have to add the relevant folders on your own (I will be happy to assist you, and I'm sure other users on the forum will submit their hints too, and you can enable the auto unlock for those folders. So once you log on the folders will unlock and once you log off the folders will lock. The only thing you will miss is: if you do not start the app, the folder will be nevertheless unlocked during your login session, yes, this is indeed a drawback, especially if you protect a folder of the app which you use only occasionally. Maybe Taoeffect comes up with some idea later on....

The password only protection was removed, simply because it was not safe enough, so we did not want to give the user the false feeling or being protected.

Regarding the crashes...you compare 2.8 with 3.0. The .8 iteration surely means something. The sad fact of life is that .0 versions of the software are for early adopters, it is tested, but testing it with a group of beta users agains having it running by all of you is surely a big difference.

So all we want is some patience.

It is also correct that the V2 can run in parallel with V3 so you can still keep your important data in V2 and test the V3 at the same time, and once you are confident you can move to V3....

Just my 2 cents...

Zsolt
Zsolt:
Much is made of the "plausible deniability" of an empty folder. However, when things are encrypted, the mount point is not the point of attack. If I were analyzing a computer looking for hidden/encrypted items, the mount points would not be where I'd look first - I'd be looking for disk images. Specifically encrypted images.

So what is to prevent an attacker from performing a simple search for all disk images, then requiring the owner (through force, or force of law) to provide passwords for any encrypted images found?

Unless I'm missing something, "plausible deniability" is more of a marketing gimmick than an actual feature.

greg

#4
acuraice, I understand and appreciate your sentiment of "don't fix it if it ain't broken". We receive lots of support email and it became clear to us that Espionage 2 did have a critical design flaw, and that is that is the way it stores disk images. They are moved around instead of staying in one location and this can cause various problems, not to mention it makes for a poor backup experience for users. Further, Apple introduced Lion and this caused many other problems, particularly with Espionage's ability to protect application data, as explained in the announcement blog post. So there was a lot to fix, and the changes that needed to be made were so radical to its core design that we decided to write a new program from scratch.

Quote from: "acuraice"Yet that will nOT let you,the owner,the customer set ONE master password for ALL of the folders as in the past version did.plain stupid. i hate it when login details have to be set up based on what the developer or website wants(such as must include a #,7+ letter,one lowercase,one uppercase etc) i can understand that request with a website which is very annoying but with a password protection app that i purchased just for that sole purpose,who the hell are they to tell me what passwords i can and cant use.

I'm not sure I understand how you got that impression, as Espionage 3 lets you pick any password you want, and in its default mode of operation, that password is the one password that opens all of the folders associated with it. If you are referring to the Folder Sets feature which allows you to have multiple passwords, note that that is completely optional, you do not have to use it.

If you experienced any crashes with the autounlock feature we would be most interested to hear from you exact details of how they happen, and if you can provide us with a crash report, that would be helpful as well.

Quote from: "sjf_control"So what is to prevent an attacker from performing a simple search for all disk images, then requiring the owner (through force, or force of law) to provide passwords for any encrypted images found?

Namely that the user genuinely does not know what the password is to those disk images. This is information that only Espionage knows, and it's guarded by the user's master password. The magic is that, unlike the previous version, Espionage 3 doesn't divulge much information about what is encrypted. So a user can give up their master password to a "throwaway folder set", and that will give others access to those folders, while making it very easy to overlook the existence of another folder set (that protects the real important data). In other words, the question of *what* is encrypted is hard to answer with the new version whereas with the previous version the answer was in plain sight.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

sjf_control

#5
Quote from: "greg"
Quote from: "sjf_control"So what is to prevent an attacker from performing a simple search for all disk images, then requiring the owner (through force, or force of law) to provide passwords for any encrypted images found?

Namely that the user genuinely does not know what the password is to those disk images. This is information that only Espionage knows, and it's guarded by the user's master password. The magic is that, unlike the previous version, Espionage 3 doesn't divulge much information about what is encrypted. So a user can give up their master password to a "throwaway folder set", and that will give others access to those folders, while making it very easy to overlook the existence of another folder set (that protects the real important data). In other words, the question of *what* is encrypted is hard to answer with the new version whereas with the previous version the answer was in plain sight.

And once the owner has given up the 'throw-away' password, the attacker has access to the information regarding which disk images are made available, right? So if there are still encrypted images of interest, he again requires the owner to give up yet another password until all disk images are revealed. Easy-peazy.

greg

#6
Quote from: "sjf_control"And once the owner has given up the 'throw-away' password, the attacker has access to the information regarding which disk images are made available, right? So if there are still encrypted images of interest, he again requires the owner to give up yet another password until all disk images are revealed. Easy-peazy.

Well, in that case you'd be right, but the attacker would have to be very clever in this case. It's certainly possible they wouldn't know at all about the other existing disk images, and unlike the previous version, Espionage 3 allows you to change the location of the disk image to be wherever you like. If you're especially concerned about such a scenario occurring, you can tell Espionage to move the disk image to an external disk that you keep hidden somewhere (such as a USB stick).
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

sjf_control

#7
Quote from: "greg"
Quote from: "sjf_control"And once the owner has given up the 'throw-away' password, the attacker has access to the information regarding which disk images are made available, right? So if there are still encrypted images of interest, he again requires the owner to give up yet another password until all disk images are revealed. Easy-peazy.

Well, in that case you'd be right, but the attacker would have to be very clever in this case. It's certainly possible they wouldn't know at all about the other existing disk images, and unlike the previous version, Espionage 3 allows you to change the location of the disk image to be wherever you like. If you're especially concerned about such a scenario occurring, you can tell Espionage to move the disk image to an external disk that you keep hidden somewhere (such as a USB stick).
You might be right if the only person you're worried about cracking your encryption is your 14-year old nephew.  :D
On the other hand, if its a professional forensic analysis, you'd be screwed.

sjf_control

#8
By the way, am I properly understanding that version 2 will cease to work under Mountain Lion?

greg

#9
Quote from: "sjf_control"By the way, am I properly understanding that version 2 will cease to work under Mountain Lion?

In our tests version 2 continues to work on Mountain Lion. Version 3 definitely provides better security than version 2 though.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!