Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: How to automatically delete decrypted files

  1. #11
    I wanted to add my voice to this topic - I too was horrified to discover unencrypted versions of my files in the default folder.

    Silently creating unencrypted versions (of the data you assume is encrypted), is a huge security risk. According to the answers given here, that folder acts as a default sync folder (even has 2-way sync'ing); clicking 'sync' merely allows the user to relocate it. It is not clear that even if you do not sync a folder, there is an unencrypted version lurking out there. The Viivo docs even say:
    If you do not want to risk having the decrypted files stored on your hard drive, then this feature is probably not a good fit for you, and you can keep the Sync switch off.
    However, that risk is absolutely there even if the switch is off.

    Putting the onus on the user to clean up files that aren't clear that they exist in the first place isn't a good idea...logoff scripts are a hack at best, and problematic on certain OS'es.

    In the interest of transparency, the existence of that folder should be made clearly known in the documents - security through obscurity isn't security at all. There are some simple ways the risk of its existence could be somewhat mitigated...it could be configurable (without any default) at installation time, which would reveal its existence to the user and allow them to relocate it.

    And, double-clicking could be disabled until the folder location is configured. In UX terms, Viivo has made double-clicking an 'extract and unencrypt' action rather than a 'view' action, with unclear consequences.

  2. #12
    Viivo Staff
    Join Date
    Apr 2013
    Posts
    565
    As noted by the many posts in this thread, this is how the product is designed to work. Viivo was built to protect files as they go to the cloud. The File-Edit folder exists as the location where files are decrypted to when you double-click on a Viivo file to open the file. Viivo doesn't automatically delete the files in the File-Edit folder, because we do not know when you are done editing the files. Some applications create lock files, but not all applications do. I believe another forum user has posted this in this thread or in a different thread, but if this is a problem for you, you can delete the files in the folder yourself.

  3. #13
    Hi Jack, IMO it's pretty clear at this point that everyone understands this is how your company designed it to work.

    It seems that you might be missing the other valid points in the thread though. The documentation around the sync switch is badly misleading, the existence of that directory should be made obvious, and there are simple ways of working around this security risk on Viivo's part without changing the design of how it works.

    Quote Originally Posted by Jack View Post
    As noted by the many posts in this thread, this is how the product is designed to work. Viivo was built to protect files as they go to the cloud. The File-Edit folder exists as the location where files are decrypted to when you double-click on a Viivo file to open the file. Viivo doesn't automatically delete the files in the File-Edit folder, because we do not know when you are done editing the files. Some applications create lock files, but not all applications do. I believe another forum user has posted this in this thread or in a different thread, but if this is a problem for you, you can delete the files in the folder yourself.

  4. #14
    Viivo Staff
    Join Date
    Apr 2013
    Posts
    565
    I appreciate the follow up. I can see how the statement from the Lockers documentation "If you do not want to risk having the decrypted files stored on your hard drive, then this feature is probably not a good fit for you, and you can keep the Sync switch off." can be misleading. Apologize for the confusion.

    Sync'd Lockers -> All your files are decrypted on your device.
    Non-Sync'd Lockers -> If you decrypt (by double click) the .viivo file is decrypted to the File-Edit folder, then opened with the default application for the file-extension.

    Viivo will not clean up the File-Edit folder. I understand the confusion on that line in the documentation. I hope this has cleared it up. I can update the documentation as well for those who read it.

  5. #15
    Maybe there's some script that will do this automatically?

  6. #16
    I imagine most users are completely unaware that unencrypted files are sitting on their PC.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •