Application Associations

Started by mdisabato, May 28, 2012, 05:53:16 AM

Previous topic - Next topic

mdisabato

If I understand this correctly, I can no longer click on an application icon and have Espionage 3 automatically open the files and load the application. If that is true, you just broke the primary reason I use Espionage and made Espionage 3 non-functional in my use case.

I understand security and usability often need to be balanced, but if this was done just to get the app in the Apple App store, you've done your customers a huge disservice.

Michael

greg

#1
Hi Michael, we understand that our decision to remove application associations from Espionage will not be received with much joy. The truth is that the Mac App Store was only half the reason we decided to remove them, the other half is that the complexity between Espionage and third-party applications became too much to support and we felt that Lion's FileVault 2 is a better solution for that.

It is still possible to use Espionage 3 with third-party apps, but indeed it's nowhere as convenient. For example, you can encrypt the Mail folder, but it must be unlocked prior to running the Mail application. The easiest way to do this in Espionage 3 is to set it to autounlock when you login and leave the folder unlocked while you're logged in.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

greg

#2
Also, on Lion, we feel that the new update to FileVault (FileVault 2), is adequate protection for application data, and we recommend using Espionage 3 and FileVault together.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

mdisabato

#3
In spite of what Apple wants, I have no plans to upgrade to either Lion or Mountain Lion. What I've seen of the first and heard of the second lead me to believe I'll be losing a lot of functionality that I currently enjoy. I'm also not fond of being forced to purchase applications through Apple. I've always enjoyed customer to vendor interactions, and having them as an intermediary does not appeal to me.

The current method used by Espionage 3 would be no different than my creating an encrypted sparse image and opening that myself each time I need to run the application. If that is the case, why do I need your product?

As for unlocking the folder when I log in, that is a non-starter. The idea is to keep them locked at all times unless I am using them. As an enterprise security architect, it just makes more sense to me. Leaving them open all the time means they are vulnerable upon the system recovering from sleep mode or if by some odd chance, my password to the machine is cracked. I like the layers of security afforded by the Espionage 2 method.

Regards,

Michael

greg

#4
Quote from: "mdisabato"In spite of what Apple wants, I have no plans to upgrade to either Lion or Mountain Lion. What I've seen of the first and heard of the second lead me to believe I'll be losing a lot of functionality that I currently enjoy. I'm also not fond of being forced to purchase applications through Apple. I've always enjoyed customer to vendor interactions, and having them as an intermediary does not appeal to me.

Hehe, it's great to hear such sentiments from our customers, because we feel the same way. Do you think we enjoy jumping through Apple's hoops? They give us great headaches. Apple's ecosystem is changing, and there are some good things and definitely some not-so-good things about it (from our perspective). We are choosing this time to adapt instead of jump ship.

QuoteThe current method used by Espionage 3 would be no different than my creating an encrypted sparse image and opening that myself each time I need to run the application. If that is the case, why do I need your product?

Using Espionage 3 will give you much stronger security than using disk images directly (see the discussion of scrypt and plausible deniability on the announcement). It's also much more convenient, as it gives you features like auto-lock and the ability to easily manage the size of the disk image (if you use disk images directly, you need to use the Terminal to adjust their size and compact them, in Espionage 3 this is easy).

QuoteAs for unlocking the folder when I log in, that is a non-starter. The idea is to keep them locked at all times unless I am using them. As an enterprise security architect, it just makes more sense to me. Leaving them open all the time means they are vulnerable upon the system recovering from sleep mode or if by some odd chance, my password to the machine is cracked. I like the layers of security afforded by the Espionage 2 method.

Yes, encrypting application data on OS 10.7 in general has problems, even with Espionage 2, for example Espionage 2 is not compatible with Lion's auto-start feature. We're recommending users to use FileVault in combination with Espionage 3 to protect documents and files.

Thank you for your feedback, I've gone ahead and updated our FAQ with a more comprehensive list of reasons for why we decided to make this decision.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

pierce inverarity

#5
Greg, thanks for answering our questions here.  My needs are a little different from the security architect guy above.  I just want certain data encrypted in case my laptop is stolen.  I don't want to encrypt the whole drive because it's just overkill -- all I care about is my Mail/Mail Downloads folders, and a single encrypted standalone (non-application associated) folder where I keep sensitive data.  And I don't need it locked when I'm logged in -- I just want the data encrypted on my drive in case someone gets a hold of it.

As such, the new approach actually sounds fine to me, and if you add in the fact that I don't have to be constantly re-locking Espionage folders to make sure they are backed up correctly, it is a huge improvement.

I just want to verify that it works the way I think it will work:

1. I would add the Mail and Mail Downloads folders to Espionage, as well as my one standalone secure folder
2. I can set Espionage to automatically unlock these folders at login (with no password needed)
3. Then I can open Mail with no problem
4. The encrypted data can be backed up directly to Time Machine just like any other data (no need to lock the folders so that Espionage's backups run, then back up Espionage's backup files to Time Machine, like in v2)

Do I have that all right?  I think so but just wanted to make sure before I go through the trouble of migrating.  Thanks!

sjf_control

#6
Well, I am another customer who is (again) losing functionality.

Back in Version 1 (I think) I could set up shortcuts to data files in encrypted folders, then in order to bring up the application (Quickbooks), I'd click on the shortcut, Espionage would prompt for the password, and the app would open with the appropriate dataset open.  I lost that functionality with Version 2, and now have to click on the application shortcut directly, enter the password, and then select the appropriate dataset (if it wasn't the last one I used).  That added an additional step.

Now I lose that functionality too, and have to manually unlock the directory before starting Quickbooks?  And I'm guessing that I'll have to remember to lock the directory after quitting Quickbooks, too, or the files remain unencrypted.  The timed re-locking is not very useful to me. What happens if I leave Quickbooks running, and the time expires?  I can't image that would be a good thing in Quickbooks to suddenly lose access to it's data files.

greg

#7
Quote from: "sjf_control"Well, I am another customer who is (again) losing functionality.

Back in Version 1 (I think) I could set up shortcuts to data files in encrypted folders, then in order to bring up the application (Quickbooks), I'd click on the shortcut, Espionage would prompt for the password, and the app would open with the appropriate dataset open.  I lost that functionality with Version 2, and now have to click on the application shortcut directly, enter the password, and then select the appropriate dataset (if it wasn't the last one I used).  That added an additional step.

Now I lose that functionality too, and have to manually unlock the directory before starting Quickbooks?  And I'm guessing that I'll have to remember to lock the directory after quitting Quickbooks, too, or the files remain unencrypted.  The timed re-locking is not very useful to me. What happens if I leave Quickbooks running, and the time expires?  I can't image that would be a good thing in Quickbooks to suddenly lose access to it's data files.

I'm not sure about Quickbooks because I haven't ever used it. Is it a document-based application? By that I mean, an application that has document files that you can save wherever you want. Some applications store all of their data in a single folder and don't let you save individual documents. If it's a document-based app, you would encrypt a folder that contains your Quickbooks documents, and unlock it to access them. If the folder locks because of auto-lock while the document is open, then when you try to save the document you'll get an error (most likely saying that the application couldn't figure out where to save it). You just unlock the folder and save again.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

sjf_control

#8
Quote from: "greg"
Quote from: "sjf_control"Well, I am another customer who is (again) losing functionality.

Back in Version 1 (I think) I could set up shortcuts to data files in encrypted folders, then in order to bring up the application (Quickbooks), I'd click on the shortcut, Espionage would prompt for the password, and the app would open with the appropriate dataset open.  I lost that functionality with Version 2, and now have to click on the application shortcut directly, enter the password, and then select the appropriate dataset (if it wasn't the last one I used).  That added an additional step.

Now I lose that functionality too, and have to manually unlock the directory before starting Quickbooks?  And I'm guessing that I'll have to remember to lock the directory after quitting Quickbooks, too, or the files remain unencrypted.  The timed re-locking is not very useful to me. What happens if I leave Quickbooks running, and the time expires?  I can't image that would be a good thing in Quickbooks to suddenly lose access to it's data files.

I'm not sure about Quickbooks because I haven't ever used it. Is it a document-based application? By that I mean, an application that has document files that you can save wherever you want. Some applications store all of their data in a single folder and don't let you save individual documents. If it's a document-based app, you would encrypt a folder that contains your Quickbooks documents, and unlock it to access them. If the folder locks because of auto-lock while the document is open, then when you try to save the document you'll get an error (most likely saying that the application couldn't figure out where to save it). You just unlock the folder and save again.

No, it continuously reads/writes to it's database every time a change is made. There is no discrete "save" step.

It's too much effort to manually unlock and relock, and too error prone (forgetting to relock the files).  I think I'll stick to Espionage 2 until you guys come to your senses and restore the application functionality.   :)

greg

#9
Quote from: "pierce inverarity"Greg, thanks for answering our questions here.  My needs are a little different from the security architect guy above.  I just want certain data encrypted in case my laptop is stolen.  I don't want to encrypt the whole drive because it's just overkill -- all I care about is my Mail/Mail Downloads folders, and a single encrypted standalone (non-application associated) folder where I keep sensitive data.  And I don't need it locked when I'm logged in -- I just want the data encrypted on my drive in case someone gets a hold of it.

As such, the new approach actually sounds fine to me, and if you add in the fact that I don't have to be constantly re-locking Espionage folders to make sure they are backed up correctly, it is a huge improvement.

I just want to verify that it works the way I think it will work:

1. I would add the Mail and Mail Downloads folders to Espionage, as well as my one standalone secure folder
2. I can set Espionage to automatically unlock these folders at login (with no password needed)
3. Then I can open Mail with no problem
4. The encrypted data can be backed up directly to Time Machine just like any other data (no need to lock the folders so that Espionage's backups run, then back up Espionage's backup files to Time Machine, like in v2)

Do I have that all right?  I think so but just wanted to make sure before I go through the trouble of migrating.  Thanks!

Yes that's right. We made a mistake in 3.0 though that prevents encrypting folders in the ~/Library folder. This has been fixed in 3.0.1 though, which should be available in a couple of days as soon as Apple approves the update.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

pierce inverarity

#10
Thanks Greg...