jump to navigation

How to hide a folder on a Mac June 29, 2006

Posted by farshadf in G4 & G5 Macs, Intel Inside, Uncategorized.
trackback

Sometimes you have a folder of data that you really don’t want someone to see or use on your computer. This could be financial data, old email, files you shouldn’t have, or, well, porn. Whatever it is, and we’re not judging, you need a way to keep others out of it and so I’ll run over some tips and tricks for keeping prying eyes from poking around.

ONLY DO THIS IF YOU UNDERSTAND THE DIRECTIONS %100


The very first answer some folks will knee-jerk to is “permissions” for something like this. Well, that works in some cases that I’ll cover, but, in general, the prevention we’re talking about is if your user has been compromised and someone is sitting down at your computer. This could be because you share a computer, or you handed your MacBook Pro to a compatriot to view his webmail, or whatever other reason. Permissions in this case would have to lock you out of the folder to be effective. Not ideal.

Multiple Users

This isn’t what you think. Sure, if you have several people using your computer you can make accounts for them and they can’t see your documents, but if you walk away then your security did nothing. Now, if you’d followed my previous advice on the issue then in five to ten minutes the system will secure itself, but that’s a long window.

No, what I mean here is make a whole new user for no other purpose than to hold the files you’re hiding. This puts a whole other password in place and a whole other home directory hierarchy on the disk for you to keep the data in. In fact, if you hide the user then no one knows you have another user account, really. Sure, they could look in /Users and see the home, but if you’re going to the trouble to hide the user then I’m sure you would move the home elsewhere…

Enable Fast User Switching and you can leave this faux identity open and flip back and forth at will. A variation on this technique would be to make a guest account to switch to when someone needs to use your computer for web access or the like. You can leave it without a password and just flip to it before handing the unit over. You get the same protection (more, I’d say) as your home is now just as inaccessible.

Dot Folders

In Unix (and thus, Mac OSi X) files starting with a dot are hidden by default. There are a myriad of ways around this, in and out of the GUI, but this keeps the casual user from knowing that there’s anything of interest at all in your system unless they go poking around.

In Terminal, create a folder in your home that starts with a dot (say, .super-secret-stash). In the Finder, Select Go → Go to Folder… and enter ~/.super-secret-stash and the Finder will open the folder like any other. Fill it up and close the window and no one’s the wiser.

Well, except that the Finder remembers your last entry in the Go to Folder… window, so when done you need to open that again and tell it to go to your home folder by entering just a tilde (~) and pressing return.

Encrypted Disk Images

This one solves two problems: first, it hides your files from Spotlight searches and wondering eyes like the previous solutions; second, it actually encrypts the data on-disk such that data recovery monkeys have no chance of a decent recovery of the data. As long as you have good backups of the data, then your concern should be what to do if the unit falls into the wrong hands. This way, normal recovery methods can’t get to it, and it’s safe.

This has the added benefit that in Panther and later aliases can reference inside disk images. Put your Quicken Data file in an encrypted disk image and make an alias outside of it. Start Quicken with the alias from now on and you’ll get the password first.

In Plain View

People are stupid. Well, that’s a pessimistic view. People are machines of routine and do what they know to do on a sort of automatic pilot. They pick up your computer, see a lot of bland names in your Documents, and since nothing piqued their interest they move on and do whatever they were going to do.

Put your secret data inside several folders in your Documents folder, in plain view. Something like: AAPL 2006Q2/Raw data/super-secret-stash.dmg. Toss some dummy Excel and CSV files in the root folder there and prying eyes will usually pass over it (unless you’re the Apple CFO, and then I’d suggest “Home Movies (Kids)” as a title instead; we get enough of them at MacWorld, thanks).

More fun, while we’re being obvious, is to be less obvious. Put them somehere in /System/Library. Be careful, be smart, but drop your folder inside something like the printer drivers or whatever. While Spotlight will index the above items, it doesn’t go into /System at all.

You could also, for large amounts of data, drop the file into /Library/Application Support/Garage Band or Audio Loops or whatever. No one will notice the larger size; they’ll just think that you think you can make music, you starving artist, you.

Package Files

While we’re avoiding Spotlight and latching onto large files, put them inside large file packages like iDVD or something. Just be sure to put it inside the Contents folder, but stuff your magic DMG inside something like the Resources folder. Be sure to set the locked flag on the folder/DMG after you do this so updates will error out when removing it, if they do, but it’s a good way to keep things hidden in plain sight again.

Back to the Documents folder, you can do this with TextEdit. Create an RTFD with some faux data and save it in your Documents folder as something like “sardine recipes” and close it. Open the package it made and drop your stash there. Be sure to lock the file to prevent deletion…

Remote File Share

All of the previous is on your computer. The best hidden data is not on your computer, but somewhere only you can get to it. Now, I’m not talking about iDisk, because someone else can get to that (Apple) and the damn thing is down daily and you may forget to pay and then it all goes to digital heaven without so much as a wake (damn relatives never invite the friends).

Here, you want to have another machine at your beck and call and put the data in your home folder on that machine. If you connect over AFPi as guest, you get everyone’s Public folder. Authenticated, you get the full home. Drop it in there (perhaps combined with the above ideas) and you’re good. The data’s not on your machine any more, so no one will see it unless you leave the share up.

IMAP

A curiosity this, and good for small files only, but attach it to an email message on an IMAP server and save it as a draft. Especially useful if Mail is set to never cache messages.

But then we have the same digital heaven problem if you neglect to pay the bill, so watch it.

iPod Disk Mode

The iPod is one useful little toy. Turn on Disk Mode, drop your files onto it (perhaps using the above ideas) and then turn off Disk Mode. Hmm, just a media player with a little less space now, and it’s not on your computer to find.

And you let go of that toy far, far less than your Mac, I’ll bet.

Well, intentionally. iPods are far smaller than your Mac, and stolen far more often. It’s a good place for Amy and Angie’s pool party but not so hot for your financial or personal data unless it’s both encrypted and you have a backup. Just remember that any dedicated cracker can find a way to decrypt most files given enough time, so weigh your use of this with the importance of the data. Most home users would encrypt their financial data for privacy concerns, not security concerns, so this would be acceptable if you have a backup elsewhere. However, if this is where you’re keeping your SVN repository of the Next Big Thing, think twice before doing it.

Strength in Numbers

The best security is multi-layered. Put the data in an encrypted disk image in a dot-folder in a hidden second account on a remote computer. You know it’s there, but there’s little chance anyone will break through all those levels and find it. Just watch out for the monkey that deletes that second useless account because he didn’t see any data in it… (But you’ve locked everyone out of System Preferences on that computer like I told you to, right? So that’s not a problem, is it?)

Security through authorization and security through obfuscation are two valid methods of security, as long as you understand that obfuscation is much weaker and gets everyone except those that know the data exists and are looking for it. Combine methods with passwords (AFP or encrypted images) with obfuscation (on your server, in a dot folder) and you lock out a good deal of people, even those that know it’s there and are trying to get to the data.

You also avoid that really awkward moment when the wife discovers your photos of Bea Arthur on a Harley wearing nothing but a little whipped cream and some cherries.

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: