Thanks so much for all these useful answers - really appreciate the speed of your response!
A few points below:
From what I remember reading yesterday (I read a lot while researching all that security business!...), it could be that the default is different in 10.6 for laptops (encrypted by default) and desktops (non-encrypted by default) - not sure about 10.7 but I would suggest people check their own settings.
Just a question here: how would I make sure that the backup program (I use SuperDuper) does not traverse the symlink?
Leaving us a bit on a cliffhanger here! ;)
Any more indications as to what could be different?
And when the next major release is due?
Should I worry about having to change my whole Espionage set up soon once the new version comes out?
A few points below:
Quote from: "greg"Quote3- I understand that there are lots of requests for timed or screensaver/sleep-triggered auto-locks (many messages from 2010 in forum) but this does not seem to have been implemented (yet?) as I could not see any mention of it in the app or help file. I understand the complexities of it (if a document from an encrypted folder is open, etc.) and the usual answer seems to be "to enable the sleep/screensaver password in the Security System Preferences" (which I already do). I completely understand the rationale behind this: if a thief resets my user password to be able to login (will need to log off/restart) or access the HDD from another machine, they wont be able to access my RAM, which is where the decrypted information resides.
However my question is with regards to the sleepimage file, which - as I understand - contains a dump of the RAM to disk. Does this mean that the Espionage-protected data (all unlocked folders) will implicitly be dumped in its RAM-DEcrypted state to disk as part of the overall RAM dump/copy?
4- If the above is true. Is it sufficient to set the Security System Preference "Use Secure Virtual Memory" to true to be protected (i.e. the unlocked Espionage folders will be dumped in their decrypted state as part of the overall RAM, which is in turn fully encrypted somehow by Mac OS)?
Correct, make sure that's checked. I believe (but am not 100% sure) that this is the default on 10.7 and later.
From what I remember reading yesterday (I read a lot while researching all that security business!...), it could be that the default is different in 10.6 for laptops (encrypted by default) and desktops (non-encrypted by default) - not sure about 10.7 but I would suggest people check their own settings.
Quote from: "greg"Quote5- In terms of backup, there should not be any of the problems above: if I keep to the recommendation of either using the built-in backups or ensure that the folders are locked when running the backup, only the encrypted data should be copied?
You can go ahead and run backups even while the folders are unlocked as per the reasoning above (so long as the backup program does not backup the decrypted data by traversing the symbolic link/alias). The reason we recommend running third-party backups while the folder is the same locked state as during the previous backup is to optimize the efficiency of the backup because the hidden disk image is moved each time the folder is locked or unlocked (see here for details).
Just a question here: how would I make sure that the backup program (I use SuperDuper) does not traverse the symlink?
Quote from: "greg"Note that the answers to these questions will likely be quite different in the next major release of Espionage.
Leaving us a bit on a cliffhanger here! ;)
Any more indications as to what could be different?
And when the next major release is due?
Should I worry about having to change my whole Espionage set up soon once the new version comes out?