1. removable storage (CDRW)
2. local storage with encryption (something like a RAR archive, not a Zip). There's cheap osx gui software for rar encryption and probably some free tools around the rar format too.
3. remote storage (webmail account)
posted by holloway at 8:17 PM on February 4, 2004

If it were my PC, I'd password-protect my writing in a RAR file, PGP it for good measure, and then put it in Windows\System32 renamed as something like msie6.dll. I haven't used OSX extensively, but I imagine there's probably an equivalent you could use.
posted by Jairus at 8:24 PM on February 4, 2004

or if you just want a turnkey sort of solution, you might try PGP Desktop.

The last company I worked for sold a similar product, and ours was pretty transparent for the user, and I imagine PGP should be equally simple to use, as usually these sorts of things are directed towards, well, let's say management.

however, before you purchase the program, i'd recommend that you find out whether or not the file encryption is linked to your login (i'm assuming you'd prefer a separate password for the encrypted volume, rather than forcing all your friends to log in as Guest or something).
posted by fishfucker at 8:29 PM on February 4, 2004

I realized I should briefly explain how volume encryption software typically works --- first the program creates a large file on your drive, which is essentially a virtual disk in which everything is encrypted. When the drive is mounted (you'd be prompted for your password at this point) it usually acts as a regular drive, and you can copy files back and forth without any problems (whereas other options people have recommended might take a little more work on your part, although they are probably cheaper). When you unmount the drive there is no way to access the information you have copied to it without re-mounting it, or by breaking the encryption (the chances of which are effectively zero, although I'm sure someone will point out that various encryption routines once thought impossible to break have been successfully decrypted.)
posted by fishfucker at 8:35 PM on February 4, 2004

What about one of those keychain usb drives? That's totally James Bond kinda stuff....
posted by ph00dz at 8:53 PM on February 4, 2004

hidden directories. In unix this command:

mkdir \ \ \ \ \ \

creates a directory-name composed of 6 spaces. The only way to see it is "ls -la" .. then hang it off some obscure out of the way place in the directory structure. It is a favorite way for hackers who have taken over a machine to hide file archives so the owner doesn't know they are there or been broken into. It's not fool-proof, but someone would have to be looking hard to find it.
posted by stbalbach at 9:19 PM on February 4, 2004

or another trick is

mkdir ...

(that is 3 dots in a row)
posted by stbalbach at 9:22 PM on February 4, 2004

Even if you use an external storage device (my initial thought was an external firewire drive with an off switch, making it disappear when turned off), it is still going to be visible and/or accessible when it is turned on or inserted unless you can block access to the machine completely while you are using it.

Surely, if this is your own computer, you have every right to at least some privacy on it?
posted by dg at 9:23 PM on February 4, 2004

well, the only way you can really get what you want is to have off site storage. if you have to save it some where that you don't want it to be found by anyone, /dev/null is a good directory to save it in where no one will be able to find it.

but really, in the situation you are talking about, either get a free webmail account you can email your files to yourself, or get a cheap webhost that you can upload your files to.

and as for the hidden directories, it may not be staring anyone in the face, but is not very hard to find.
posted by chrisroberts at 9:24 PM on February 4, 2004

stbalach, you can do a similar thing in DOS/Windows by holding down the alt key and pressing 255 on the number keypad (doesn't work with the numbers above the alpha keys), but you can still see the directory icon in windows or the in the dir listing in DOS, although it is far less obvious. Neither of these help Miguel with his OS-X, though :-)
posted by dg at 9:29 PM on February 4, 2004

Boot from a knoppix cdrom and store everything offsite, hushmail perhaps.

Since knoppix runs off a cd, you don't have anything written to any harddrives for snoopy people to find.
posted by bobo123 at 9:32 PM on February 4, 2004

Is it totally unacceptable for these people to know that you have some important personal files that you encrypt to keep them secure? The encrypted filesystem solutions mentioned above are really the best/easiest options for privacy. You could play up the concerned-about-interweb-hackers angle so that they don't take it personally.

And if it wasn't clear, chrisroberts was joking about /dev/null -- anything that goes there gets deleted.
posted by sad_otter at 9:34 PM on February 4, 2004

Off site directories, or removable storage media. Periodic scheduled backups. Burn data to a CD - with PGP encryption if you wish - then store the CD wherever you want.
posted by troutfishing at 9:34 PM on February 4, 2004

Change the file extension to something different, .jpg for example, effectively disabling the associated application from opening it/them. When you feel the need to expel some of your creativity just change it back, changing it again when you are finished.

Sometimes less is more.
posted by geekyguy at 9:37 PM on February 4, 2004

I do the thumbdrive / keychain drive / usb flash drive thing and it works great.

Just make sure you don't loose it.
posted by bshort at 9:47 PM on February 4, 2004

I may be missing something here, but how about using "user switching" in OS X? What kind of access do these people have? 10.3 (Panther) also has FileVault, which is a way of encrypting your home folder/directory. I haven't tried it (and I've seen good and bad reviews), but, fwiw, it's built in.
posted by anathema at 9:50 PM on February 4, 2004

You might try the purloined letter approach - "burying" all that stuff right smack dab in the middle of your desktop, in a folder named something so crashingly banal nobody'd ever dream of looking in it. It's worked for me in the past, as most tactics dependent on eternal human nature rather than some technical hack do.
posted by adamgreenfield at 9:52 PM on February 4, 2004

Sounds like you need some Steganography, Miguel.

HTH! :-)
posted by shepd at 9:53 PM on February 4, 2004

There used to be a program for Windows called Encrypted Magic Folders. It worked wonderfully. Find it.
posted by banished at 10:16 PM on February 4, 2004

Shit you said OS X, nevermind. (unless they have a version for Mac)
posted by banished at 10:17 PM on February 4, 2004

file vault is great, unless these people are logged in under your account when they use your computer, which they shouldn't be.
posted by rhyax at 11:11 PM on February 4, 2004

Another vote for filefault here, so long as you don't have gigs upon gigs of mp3s in your home directory it should work fine. Back it up as well, of course, but you should be doing that anyway.
posted by Space Coyote at 12:38 AM on February 5, 2004

In this week's NTK, there's mention of an encryption program called
Phonebook. I don't know if that would suit your needs.
posted by salmacis at 1:30 AM on February 5, 2004

Lower-end solutions: get a yahoo account and email stuff to it. Bonus - it's availble from more places. Don't let your browser remember the password, and don't stay logged in. As above, your Mac almost certainly has USB ports. There are keychain-sized critters that hold data. Mine has 128 megabytes, plenty for swiping company documents (kidding!) and storing resume and cover letters.

Put your best jokes, funny graphics, .wav files, etc. in a folder on your desktop. Tell them it's there and invite them to peruse. Techweenies love that stuff.

Password protect and hide some meaningless files like more jokes and those emails your mom forwards you and keep them busy on that stuff.
posted by theora55 at 5:06 AM on February 5, 2004

get a yahoo account and email stuff to it.

Or use Yahoo Briefcase, which is designed for storing files.

Either of these approaches would require downloading, re-uploading (or emailing), and deleting a file whenever you want to work on it, though. Seems cumbersome. I'd just get a thumb drive, and back up by regularly making an encrypted archive and burning it to a CD.

See SecureMac.com for some other potential solutions (lots of applications linked in the menus on either side of the page).
posted by staggernation at 7:17 AM on February 5, 2004

Apple's Filevault

As rhyax said - this would work perfectly as long as you made separate user logins for all your guests. (or just a guest login)

And it's free, and built-in.
posted by milovoo at 7:39 AM on February 5, 2004

Sorry, but I have to dissent from the filevault (aka VileFault) recommendations. Even with all 10.3.x updates installed, it has the ability to wreak considerable havoc. I speak from personal experience, and from mining the apple.com help forums. It's not ready for prime time yet. If you do try it, please make a full backup first.
posted by stonerose at 7:50 AM on February 5, 2004

Also - Do you have a .mac account, Miguel? Among other goodies, it gives you a means of storing material off-site, and you can integrate it with whatever sorts of password protection you might want to use. It works seamlessly with OS 10.3, and allows you to access your material wherever you may be.
posted by stonerose at 7:55 AM on February 5, 2004

One problem with encryption based solutions where the files will be left on the machine is key logging. A savvy user could log keystrokes to a file or device and then gain access to the files.

Another problem is that any user with access could install a back door trojan that will do things like log all files opened, display your desktop remotely, create an avi from screen captures, etc.

In other words, if someone is savvy and determined enough there isn't anything you can do to keep them from seeing your stuff. Fortunately hardly anyone is that savvy or determined.

Good anti-virus, PGP, and removable thumb drive would be my suggestion.
posted by y6y6y6 at 7:58 AM on February 5, 2004

Not being a Mac user or having even touched one in years I have a suspicion that my method probably won't work for you, Miguel, but I'll throw it out there anyway: Since my compter has two hard drives in it, I have the OS, programs and all non-private data on one drive and my confidential stuff on my second drive. If I feel I'm going to be in a situation where the computer is unsecure I just pull the power plug out of the second drive and *poof* it's gone.

(This obviously woulnd't protect me if someone decided to steal the hard drives, but like y6y6y6 said, if someone wants your stuff that bad they're going to get it.)
posted by Cyrano at 8:31 AM on February 5, 2004

If they came up against a barrier, however effective, I would already be guilty of hiding something - which I'm not

Miguel could you perhaps just say "I want this private space?" I don't know about you but I couldn't abide by people invading my privacy, whether I have anything to hide or not. I would encrypt and then say "tough biscuits" to anybody who had a problem with it.

If people can't respect your right to privacy then they don't respect you. So maybe your problem is only partly technological and as such your solution probably requires more than just a technological solution.
posted by srboisvert at 9:15 AM on February 5, 2004

If you're keeping sensitive data on the box, and you're concerned about others with physical access to the machine and a high level of curiosity, there are a few things you have to do before looking for a security solution:

Foremost, if you find yourself in this situation, you must now consider the entire machine untrusted. Every aspect of it. Every program that you run is now a potential trojan of some kind, including and especially components of the OS itself. The system now has leprosy. If untrusted persons have physical access to the system, they can and will get access to all data on it.

Assume everything you type is being recorded. As of this moment passwords of any kind are useless measures, and every time you type one you might as well be slapping it up next to the monitor on a sticky note.

Assume all removable media -- USB keychains, floppy disks, CDs -- are being copied every time you stick them in the machine. If you're trying to keep your secrets (GPG keys, secret documents) separate from the system, do not reintroduce them to the box. Ever. Don't use the system to read them until the problem of physical access is resolved.

Now you have to secure the system. First, introduce physical barriers to compromise: put the system into a locked room. Have some high degree of confidence that the lock will remain in place and that you are the only person who can open it.

Next, rebuild the system. Ideally, you will destroy everything and reinstall it from read only distribution media, like a CD. Hope you had backups!

Then you'll be reinstalling software, documents, and so forth from distribution media and trusted backups. Generate a nice fresh encryption key, with a brand new pass phrase, and move it offline to secure and portable storage.

Keep those sensitive documents encrypted.

But you're not out of the woods yet! Now you need to maintain the technical and physical barriers. Get a tripwire system installed and set the baseline. Tripwires aren't perfect by any means, but they can catch changes to your system if the attacker slips up at all.

And how about that physical lock on the room? Where will you store the key? A safe might be a good idea unless you're pretty confident nobody will ever have access to your keychain. Take measures to protect that key. Keep it separate from the offline storage of your encryption keys.

You'll want to inspect the lock from time to time for signs of tampering. Woah, but wait! What's this?

"...you wouldn't wish to hinder their access..."

Oh, in that case, forget it. You're doomed because you've intentionally undermined the root trust of any security you put in place. You cannot reasonably expect to protect your data from anyone who will have physical access to the system, particularly if those people know what they are doing and are motivated.

You can place low barriers, such as encryption or steganography -- but because the machine is untrusted, may be infested with keyloggers, mountcopy daemons, and trojan system and application software, you should never decrypt or decode with it, rendering the encryption or stego practically useless. They are empty gestures without the physical security in place to prevent them from being subverted.
posted by majick at 11:51 AM on February 5, 2004

To take adamgreenfield's idea and modify it: If I really wanted the files to be locally available, on non-removeable drives, and "inaccessible" to someone snooping around on my hard drive: I'd create a master document with something banal in it and then keep the sensitive stuff in someplace embedded like the footnotes or templates or something. An Excel spreadsheet would be ideal, except that Excel is so horrible for any kind of word processing. Every Excel spreadsheet, upon creation, has three tabs, two of which are almost never used. To stow stuff on that page and password-protect it, and then place it among similarly inocuous Excel files ... no one would think to look there.

I don't know how you overcome the "Recent Documents" problem (which you would have to do at both the Finder and Application level), but, really, it's perfectly hidden in that while someone might "justifiably" snoop through your file/folder hierarchy, no one is going to open up a useless Excel document and click on the third tab and then have any defense for their nosiness.
posted by blueshammer at 12:50 PM on February 5, 2004

This thread is closed to new comments.