Hider 2 Promises File Privacy for the Masses
When it comes to encrypting files on OS X to keep them safe from prying eyes, you have a couple of built-in options. You could use FileVault 2, but that’s more to protect your data in case of theft, since it unlocks the data as soon as you log in. What if you want to keep some files private from a spouse, roommate, or child whom you allow to use your Mac and account?
The historical solution is to create an encrypted disk image and store the files on it so only those with the password can mount the disk image and read the files, but that gets messy. While the process itself isn’t too difficult, it’s not something I’d expect my non-tech-savvy mother to master. After all, the concept of a disk image isn’t entirely obvious. (“Let me get this straight, dear. It looks and acts like a disk… but it isn’t a disk?”) Besides, you’ll probably end up with a collection of encrypted disk images scattered haphazardly around your disk.
MacPaw’s Hider 2 ($19.99) takes a different approach. Instead of relying on an encrypted disk image, it stores all your encrypted files in an encrypted “vault,” and lets you organize and group them within the vault as you please. The vault is a hidden folder containing encrypted files; “hiding” a file with Hider essentially copies it to the vault and securely deletes the file from its original location.
[Editor’s Note: As of Hider 2.0.3, the delete is only a single-pass deletion, as discussed in the comments. MacPaw plans to add a more sophisticated approach to preventing data retrieval in a future update. We apologize for any confusion. -Adam]
Hider is best thought of as a fireproof safe for your important files and information — complete with a safe-themed login screen. The combination lock wheel even rotates as you enter your Hider password, as though you were trying to unlock a physical safe. Although over-the-top skeuomorphism can get in the way, this little touch doesn’t detract from Hider’s usability. It isn’t particularly functional, but it gives you a clear sense of the app’s purpose, and makes Hider more approachable. It sends the message, “Hey, you can trust me with your important stuff,” and it is, dare I say, kind of fun.
Your password should be strong and memorable, and although you can back it up in Mac OS X’s keychain, anyone who knows your keychain password (which is usually your login password) will then have full access to your Hider vault.
The main Hider window uses a familiar two-column view with a source list along the left and the main content pane — which lists your files — to the right.
In the source list, click the + button to create groups that contain files. The groups are more like Finder folders than iTunes playlists in that a file can exist in only one group.
MacPaw says this was a conscious design decision and that the company sees it as a more convenient approach to file management, but I’d like to see the app give you the option of using the more flexible playlist-like organization mechanism in a future version.
Adding a file to your encrypted Hider vault is as simple as dragging it into the Hider window, although Hider is over-sensitive about whether documents may still be open — every time you hide a file that you have previously opened and whose app is running, you’re prompted to verify that the document is not currently open. Although you can disable these warnings, Hider should be smarter about identifying open documents. You can also click the + button in the lower left corner of the vault pane to choose files from a dialog.
When you hide a file or folder, Hider copies it to your vault then encrypts it using the AES-256 encryption standard, and then securely erases the original on the drive so no one can recover it later. When you make the file or folder visible again, Hider decrypts it and copies it back to its original location.
MacPaw says that Hider always maintains one instance of every file — either encrypted or decrypted — at all times so there’s no worry about data being lost in transit. As the saying about putting all your eggs in one basket goes, don’t worry, since you can back up Hider’s vault. Just be careful to back up your user account’s Library folder. The vault itself is located in a hidden folder deep within ~/Library/Containers/com.macpaw.Hider2
.
When you try to hide a file or folder from an external drive, Hider alerts you that it must create a vault on that drive and asks you to grant access. Additional vaults appear in Hider’s sidebar, but only when the associated drive is mounted. It would be better if those files remained visible within Hider’s interface and Hider attempted to mount the external drive, prompting you to attach if it necessary. Vaults on external drives aren’t hidden away as they are on your main drive; they’re just normal packages at the top level of the drive.
Although Hider’s vault displays a list of your hidden files, you can’t open a file from within Hider. Instead, you must unhide it, and then open it from the Finder. The same goes for folders that you add to your Hider vault. I’d like to see Hider handle this more smoothly — perhaps have the app automatically unhide and open a file when you double-click it? (Double-clicking a file in Hider currently does nothing.) This small change would make using Hider that much smoother and more seamless. In the meantime, Hider
can optionally reveal a file in the Finder when you unhide it, and you can click the magnifying glass next to a visible file’s name in Hider to view that file in the Finder.
Unhiding and opening files may be a little clumsy, but what if you want to edit the file once you make it visible? That’s more problematic, since Hider is essentially juggling two copies of the file: the encrypted copy within the vault and the unencrypted copy in the Finder. If you make a change to the unencrypted copy and save, Hider notices and displays a confusing dialog; in essence, it’s saying that you have to hide the file (add it to the vault) manually again. I’d like to see Hider at least offer the user the option of re-hiding the file automatically.
In addition to files, you can also store secure notes within Hider’s vault. These notes can be just about anything: Swiss bank account numbers, phone numbers for your undercover sources, incriminating email messages, or even the selfies the White House doesn’t want leaked to the press (though the images don’t scale to fit the window nicely). You can save as many of these as you like, and you can organize them into groups, just as you can with files.
Hider’s secure notes work as advertised, but they are stuck in Hider. You can’t export them or turn them into files in the Finder; all you can do is copy and paste them into a separate document.
Hider includes a couple of ways to access its features quickly. First, a pair of global keyboard shortcuts let you lock Hider or hide all visible items. Press Command-Control-H to hide all visible files; Command-Control-L locks Hider. Second, a menu bar item provides fast access to existing vault files without opening Hider, although you must still enter your password if Hider is locked (which can happen automatically after a specified amount of time).
The menu bar item is turned off by default, but you can easily switch it on in Hider’s Preferences window. However, while you can hide and unhide files already stored in your Hider vault through the menu bar icon, it doesn’t allow you to add anything to the vault — you must still open Hider’s main window for that. Also, you can’t view secure notes via the menu bar assistant, though that makes sense, since it would become unwieldy if it took on too much functionality.
Although I didn’t encounter any noteworthy problems with Hider in the time I’ve used it, some App Store reviewers report losing data.
According to MacPaw, data loss resulted from two issues, one of which was a custom permissions problem that was fixed in the Hider 2.0.2 update. The other is an underlying issue with the way Hider stores large amounts of data: MacPaw says it has “partially fixed” this problem in Hider 2, but that it’s working to further improve its data storage system. You might not want to put gigabytes of data into Hider just yet, but as long as you have a good versioned backup, you should be able to recover Hider’s vault at previous points in time, before any corruption occurred.
In all, though, Hider 2 seems to be a polished, solid encryption tool for those who want to keep some files confidential without messing around with encrypted disk images. Hider is simple enough to understand and use, but I’d love to see MacPaw address the rough edges surrounding unhiding files, editing files, and working with external disks in a future update.
I find Knox, a similar "security vault" product from AgileBits (of 1Password fame) to be a great product for my needs. https://agilebits.com/knox
"Concealer" from www.BeLightSoft.com is similar in using encrypted disk images, but is much easier to use and has no problems. I rate it above other similar programs such as Hider 2.
I like Knox also with one exception to keep in mind. If a user does not actually MOVE the files into the vault they are simply copied into the vault and are still available for anyone to see.
If I am reading the advertisement correctly, Hider 2 takes care of this automatically. Yes. I could Control-Click when I "move" files into Knox. From my perspective, they both sound like good tools. It is probably a matter of what you get used to.
I love Agilebits, but I've only got Knox to work as expected one time. I always have to make the vault two to three times before it works correctly for me...I understand it is user error. But they could make it a bit more intuitive for non-technical people as me.
To be very clear - this is a REVIEW, not an advertisement. We have no business relationship with MacPaw, apart from them providing a review copy of the software, as is standard in the industry.
That said, yes, Hider takes care of deleting the original (securely even, so someone couldn't look at the disk sectors to recover the data) when it's copied into the vault.
I noted that one reviewer tested Hider 2's deletion, and found it was a one-pass, and they were able to recover the file. Perhaps it's better left in the hands of the user to delete the files securely since apparently Hider 2 doesn't do a thorough job of it.
I wonder if that review came before the secure deletion feature was added, since it wasn't in the initial release of Hider 2. I'll ping them to see what I can find out.
I've checked with MacPaw, and this was a miscommunication in our fact checking. They had told us that they were planning to add a secure delete feature, and we were under the impression it had been added in an update, but that turned out not to be the case. So, at the moment, yes, the delete is an insecure, one-pass delete.
I'll amend the article to note this error. Sorry for any confusion!
OK, I've gone back and forth with MacPaw again, and they've apologized for adding to the confusion. There IS a secure delete feature in the app (hence the "Securely delete remaining file data after hiding" option in the preferences).
However, it is only a single-pass overwrite, which is not as secure as a multiple-pass overwrite, should you be worried about the NSA or other organizations with highly sophisticated forensic retrieval capabilities. (Honestly, if that's the case, you shouldn't be relying on advice from us regardless!)
MacPaw says that the overwrite uses a single pass for performance reasons, but they are working on a more sophisticated algorithm in order to make data retrieval virtually impossible.
As an expandable sparsebundle user (created using simply Apple's Disk Utility), I don't have encrypted files scattered anywhere. They're all in one place. I have the sparsebundle in my Login Items list. It resides, after opened, on my desktop for all my private files.
What's somewhat difficult about this method of encryption is sharing it across multiple computers. I have it sync via DropBox. Thankfully, DropBox is smart enough to update just the files within the smartbundle across computers. This is an adequate solution for my geeky self. But as pointed out in the article, this isn't for newbies or grannies.
I think Nick's point about ending up with multiple encrypted disk images is that people might see them akin to folders, creating a new one for specific projects rather than having a single one for all encrypted data. Or, it's possible that you'd think of multiple ones as a solution for additionally sharing some stuff with a spouse, for instance, but keeping it away from a teenager who also uses the machine.
I'd like to know which of the Mac security applications work best for encrypting specialized folders, i.e. the application folders where data is stored. Mail being a good example, or contact applications, which might use databases in ~/Library/Application Support.
I've looked at Espionage, which seems to have the best explanation of this, and a sort of macro launcher so that you can be sure to decrypt such folders before the application launches (probably critical since all sorts of bad stuff could happen otherwise).
Anyone try any other applications for this?
Espionage looks pretty good - they're using encrypted disk images behind the scenes, although I can't quite figure out from their description how they're mounting those in place of special folders. I'm not aware of any other apps that do what you want, but I suspect the short answer is FileVault and simply not sharing the Mac with anyone else.
I have my applications on an SSD (boot drive), and my data on my hard drive. When I try to hide a file on my hard drive, Hider reports it has no access to the drive. MacPaw reports "due to Apple restrictions, there is no way to do this." Thus there is no way for me to use Hider.