Espionage: Intuitive Data Encryption

Security is always a paramount concern when storing a decent amount of information on your computer. Fortunately, OS X is a reasonably secure operating system by default – user data is kept separate, it’s easy to password protect your account, and you can encrypt your whole drive with FileVault if desired. Unfortunately, there’s no simple way to encrypt a particular file, folder or application. This is where Espionage comes in, providing a simple method to password protect and encrypt only the data you want to.

The latest release has brought a number of improvements to the user experience, and integration with other areas of OS X. If you’re interested in securing particular pieces of information on your Mac, read on to learn about how Espionage can help.

The Basics – Protecting Files & Folders

Once you’ve installed Espionage, the most basic operation you will need to perform is to encrypt a particular folder. To do so, you simply drag and drop the folder over the Espionage icon. You can enter the desired password, then wait whilst the software encrypts the folder contents. This can take quite a while if it’s a large folder.

Setting up protection

Setting up protection

Espionage will display a list of all your protected folders when opened, and you can change any options at a later date. When trying to open an encrypted file, you’ll be presented with a window similar to the following:

Accessing a protected folder

Accessing a protected folder

After entering your password, you can continue working as normal. Espionage works a little magic in the background to alter aliases and deal with an encrypted disk image. The main benefit of this app is that you don’t need to worry about the technical aspect – it just works.

Application Association

Using this method is brilliant for single folders, but doesn’t work so well if you’d like to encrypt the files associated with an application. The latest version of Espionage has introduced support for “Application Association” which solves this problem. A number of applications have their data locations already imported into the app, and selecting New > Choose Application Template will bring up a list of those you have installed:

Supported applications

Supported applications

Selecting one of these will show you the path of the data to be encrypted, and allow you to assign a password as normal. This will mean that whenever you open or close that app, Espionage will automatically unlock and lock the associated files (after receiving the correct password).

If you have an app which isn’t supported by default, it’s easy to add an association – just select it’s data folder to encrypt, then select ‘Edit Application Associations’ to link that folder to an app. Espionage will check that the application isn’t running before encrypting the data to ensure no problems are caused:

Checking the application is not running

Checking the application is not running

Keychain & Encryption Standards

Obviously if you’re planning to entrust data encryption to Espionage, you’ll want to be sure that the standard it uses offers a high degree of protection. By default, Espionage uses the same AES-128 encryption used by FileVault. If you’re really paranoid, you can opt for AES-256. It’s slightly slower, but brings your folder encryption up to NSA standards!

There are also two options for where your master password to Espionage is stored. You can select either to keep it in your standard OS X Keychain, or in a different Keychain for additional security:

Selecting an alternative Keychain

Selecting an alternative Keychain

Backup & Searching

When dealing with encrypted folders, certain issues are introduced with regard to backing them up and searching their contents. By default, Spotlight isn’t able to access and index these files as it normally could. When unlocked, however, Espionage does allow searching within encrypted folders. It means that locked data remains private, but when unlocked it’s easy to find.

In addition, you can benefit from extra backup protection for your secured data:

Setting up backups

Setting up backups

Time Machine should backup your info as normal if enabled, but if you’re not a Time Machine user (or would simply like an extra layer of protection), this automatic backup solution is great.


After using Espionage for a while, I’m impressed. It does exactly what it claims to, and makes managing secure data remarkably easy. If you don’t want the system wide performance hit of FileVault but do have the odd application/folder to encrypt, it’s a great solution.

The new Application Association really increases the functionality, and means that you don’t need to worry about conflicts and problems which can arise from encrypting an app’s data.

The price tag of $24.95 is reasonable, and the app definitely provides functionality to match the cost. If you’re looking for a free solution, it may be worth checking out TrueCrypt, or (for a slightly lower price) BitClamp.

I’d be interested to know whether you feel the need to secure your information through one of these tools – if so, what’s the process you use for data encryption?


Add Yours
  • I have the need for this app, but couldn’t find a good solution for me. This app looks pretty good. Maybe I’ll give it a go. Nice review David.

    • Thanks Jake – glad you found it interesting!

  • I’ve already commented on tis one before and on some other places, so I’ll repeat it here. Please understand, this is not an attempt to bash either app or developers.

    I think people should finally understand that there is no elegant solution to folder encryption, unless it is supported natively by the file system. So, we have to wait for Apple to either implement file encryption in the HFS+, or to completely switch to ZFS.

    I really dislike applications moving my (supposed to be secret) data all over the place, without me knowing that. And that is exactly what this application does. It makes hidden sparse disk image out of your encrypted folder and move original to trash. Worse, once you “unlock” your “locked” folder, the disk image mentioned is mounted, the original folder is deleted and replaced with symlink to mount point.

    And now comes the trouble: move your “unlocked protected folder” (symbolic link actually) to the trash. Empty the trash. You’ll continue your life believing your secured data are deleted forever, nobody can see them any more. The sad reality is that sparse image (encrypted though) is still eating your disk space and will continue doing so (’cos you can’t see it easily). Even worse, the disk image WILL REMAIN MOUNTED as long as you don’t logout or reboot. It just take someone to browse into /Volumes directory and have full insight into your secret and “protected” data.

    Off course, one could say “off course you’ll logout and when another person login with different name, the disk image will be unmounted”. Correct, but why do I need to “lock” a folder in such a case anyway?

    • Thanks for copying your comment over here. I understand what you’re saying, though it doesn’t really have a huge security risk (more a disk space issue, right?)

      I’d recommend letting the developers know so they can consider a workaround to this in a future release!

    • Hey, Greg from Tao Effect here. I just wanted to clear up any possible misunderstandings:

      Espionage was designed to make it really simple to encrypt individual folders and for the user to not have to worry about any of the technical details, we tried to follow an “it just works” approach. However, for tech-savvy users, we provide lots of information both on our website, and in the extensive help documentation that comes with Espionage on what’s going on behind the scenes.

      This, along with other technical aspects of Espionage, allows it to do something that’s not possible with any other software on the Mac: encrypt individual folders, even application data such as email, and interact with all of it directly from the Finder.

      For example, it’s a bit of an overstatement to say that Espionage moves your data “all over the place”, as it only moves it (the hidden disk image) from the folder, to its parent (and back), when you lock, unlock (and re-lock) the folder. You can find much more detailed information in the help topic “How does Espionage work?”

      As for the mount-point at /Volumes, I’d like to assure anyone reading this, that those mount-points are protected from unwanted access by UNIX permissions, so no else but you can access a folder while it’s unlocked.

      As for any possible confusion over users mistaking the symbolic link (also referred to as an “alias”) for the actual folder, we have not received a single support email in this regard, suggesting that most, if not all of our users understand the difference. :-)

      If you have any questions about Espionage, you can always reach us via email, or our support forum:

      Greg @ Tao Effect

      • Okay, I’ll chime here one more time and then stop, otherwise people will really start thinking I do have something against your application or you.

        Now, I don’t know whether it’s my English or something else, but it looks like others don’t understand what I’m trying to say, nor I understand others’ defensive points. I’ll try to explain one more time…

        Since Espionage is, as you say, designed primarily for non tech-savvy users and “it just works”, I think it’s quite misleading to make those non tech-savvy users to think a folder is really “locked”, whereas that’s not really the case, and won’t be the case until natively supported by the file system (ZFS anyone). Also, as a non tech-savvy user I might think his/her data are still in that “locked” folder, whereas they are somewhere else. Finally, as such user I’d expect to move/rename protected folder without any fuzz of “unchecking enabled”, “locating missing…” etc.

        But the worst thing that happened to me during evaluation was when I “locked” a folder, then later on I unlocked it, and then moved it to trash (in fact, I just moved symlink). Then I emptied the trash. I assume you’d agree that non teach-savvy user would think that the folder (which used to be locked) is now permanently deleted, so no sensitive data that were there can be exposed to anyone. But, not only that hidden disk image is still wasting disk space (the image is still encrypted though, but non tech-savvy user may have hard time finding it), but all sensitive data is still available through mounting point. I know that it’s available only to that particular user, not to others due to file permissions, but it doesn’t make it any better; an ordinary user would be thinking that all data IS PERMANENTLY DELETED.

        And as of data on mounting point being available to that particular user only through file permissions… Then what is the point of locking a folder anyway? I assumed the point is to lock it and leave machine while still being logged in and still nobody will be able to access it. Following your explanation, I can just make it inaccessible to others using file permissions and logout, and I don’t need Espionage for that.

        Once again, I don’t have anything against the app, or you. Espionage goes quite far to make “locking” of folder look easy as it is natively possible. But I don’t think it’s wise to mimic something that the system cannot do. Trying that can lead to situations I mentioned above.

      • I don’t suspect that you “have it in for us”, no, but it does sound to me like you have a basic misunderstanding of what the application is for, and why it works the way it does, so I’ll try my best to clear that up:

        “what is the point of locking a folder anyway? I assumed the point is to lock it and leave machine while still being logged in and still nobody will be able to access it. Following your explanation, I can just make it inaccessible to others using file permissions and logout, and I don’t need Espionage for that”

        Espionage provides folder encryption, which is entirely different from the notion of “permissions”. Permissions won’t stop somebody from getting access to your files if they’ve stolen your computer, but encryption will, and that is what Espionage provides.

        The details of ZFS’s encryption have not been set in stone yet, and if they have I’ve been unable to find any information suggesting that ZFS will provide the kind of per-folder encryption solution that Espionage does, what I’ve found seems to suggest that it will natively support filesystem-wide encryption, which causes the same kind of performance hit that FileVault can cause. If you have a reputable link that suggests otherwise though, I would be most interested in hearing about it. From everything that I’ve read on it, it does not appear that ZFS will be able to provide the kind of solution that Espionage does.

        Regarding what the non-tech savvy user thinks, in our internal tests, ordinary users understand quite clearly the meaning of the little arrow symbol on the folder. Windows users understand it to be a “shortcut”, and Mac users understand it to be an “alias”. The alias (symbolic link), is vital to the functionality of Espionage, and is what allows it to encrypt application data.

        For users seeking to encrypt data, whether it be important documents, or application data such as email, Espionage provides them with a solution that gives them the flexibility to encrypt that data, without encrypting everything else on their drive. If you don’t like it because you don’t like symbolic links, well, I’m not sure what to say, but if you’d like, you can send me an email and we can chat about this without spamming this beautiful website: contact [at] taoeffect (dot) com.

  • I installed the program, however wasn’t impressed. My attempt to uninstall is still ongoing … it seems to want to stick around and freezes my new mac upon every attempt. I even have to manually shut down the computer in order to halt the freeze. A true thorn in my side.

  • I forgot my password. What can I do? need help please.

  • Great things you’ve always shared with us. Just keep writing this kind of posts.The time which was wasted in traveling for tuition now it can be used for studies.Thanks
    צלם חתונות

  • Hello. excellent job. I did not imagine this. This is a remarkable story. Thanks!

  • Hello just wanted to give you a quick heads up. The text in your content seem to be running off the screen in Chrome. I’m not sure if this is a format issue or something to do with internet browser compatibility but I figured I’d post to let you know. The design and style look great though! Hope you get the issue solved soon. Many thanks

  • WONDERFUL Post.thanks for share..more wait .. …

  • hello there and thank you for your info – I have certainly picked up something new from right here. I did however expertise some technical points using this web site, as I experienced to reload the website a lot of times previous to I could get it to load correctly. I had been wondering if your hosting is OK? Not that I am complaining, but slow loading instances times will sometimes affect your placement in google and can damage your high-quality score if advertising and marketing with Adwords. Well I am adding this RSS to my e-mail and can look out for much more of your respective exciting content. Ensure that you update this again very soon..

  • I need to express appreciation to the writer just for bailing me out of this setting. After exploring through the world-wide-web along with seeing tricks that were not helpful, I considered my total life ended up being gone. Existing without the solutions on the problems you could have fixed by using this review is really a critical circumstance, as well because ones which could have badly affected our entire career only hadn’t encountered the blog. The competence and kindness in caring for every aspect was precious. I have no idea of what We would’ve done if i hadn’t come across such a topic like this. I can also at this stage look onward to my own future. Thanks very much for the reliable and also result driven guide. I will not think double to endorse your web sites to anybody would you like tips on this trouble.