About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Learning Curve

Help Each Other with Knowledge, Not Hype

Wading through the swamp. Squish squish.

Get It

Try It

NYKÖPING (Rixstep) — Granted, there are always new arrivals to a platform. The many who come to macOS from another Unix are relatively educated before they arrive. Windows refugees should be thrilled to step off the boat, and yes, they'll need a bit of hand-holding. The legacy 'MacOS' users, on the other hand, should be a breed that's now long gone.

So why all the hype? Why all the dumbed-down clickbait? Where's the community spirit? Do things have to be so crass?

Apple did quite the marketing ploy before the New Millennium, trying to make their $429 million acquisition of the space age NeXTSTEP look more 'Mac-like', even though several members of management weren't too keen on the idea (and Apple lost major ground to Microsoft who'd yet to consolidate their market dominance with Win98SE).

But in 2019? Clickbait purporting to show people how to hide things on a Mac? Oy vey.

A few ground rules.

  1. Your Mac is not a personal computer. This isn't to say it's not a Windows PC, but that it's not personal. No Unix system is. Check where your own files are located. (If you need help with this, fire up Terminal.app and punch in 'pwd'.) You'll see that the path to your own files is under '/Users'. Note the 's' - it's PLURAL. That's where all user files go on a Mac.

    [Don't confuse this with '/usr' which is the legacy location, and for goodness sake don't do as that mainstream pundit who reckoned he already had a directory like that and used C*cktail to remove it. In general: if you don't know what you're doing, don't do it, and always assume by default that you don't know anything. Cheers. Ed.]

  2. There's no way to hide things on a Mac, because there's no way to hide things on Unix. Read that again until you know it by heart, like an eternal truth. Unix directory listings can skip certain files - but as a convenience only. You can't hide anything on a Mac. Period. True, your 'Finder', a supposed (ahem) file manager, will not reveal certain filesystem items, but that's definitely only Finder, Finder has precious little to do with your underlying system, and anyone after your treasures won't be using Finder anyway. (That's how they'll get the job done.)

    [Yes, this was used to great effect with the iPod, but was child's play to defeat. Ed.]

  3. You can go about making disk image files and encrypted PDFs and so forth, in a vain effort to prevent others from seeing your carefully guarded secrets - but do you really know what you're doing? You go to System Preferences -> Users & Groups and create a GUEST ACCOUNT (or activate one if it already exists).

  4. You should also mask off your own user area. You do this so no one else - save the superuser, whether something is 'hidden' or not - can get in there anyway. This is very simple. And it's very easily done from the command line (Terminal.app).

    chown -fR 501:20 ~; chmod 0700 ~

    Those two commands essentially make sure that 1) you (as a member of group 'staff') own everything in your user area, and then 2) you mask off access to that area so you and you alone can get in. Users running guest accounts on your Mac will have access to lots of stuff - but not to your stuff.

Security and privacy in a home context are not about locking down individual files, but about preventing access to entire areas. Ferreting out individual files is error-prone anyway: are you sure you got everything, didn't forget something important?

Own your home area, and mask it off.

'That being said...'

That being said, there are areas of your filesystem which may still contain sensitive personal data. This is mostly due to the - at times - rather confused ambitions and concepts in use by the 'engineers in charge'.

[Several US government agencies have released 'hardened' versions of macOS, but mostly you won't have to go that far, unless you have people from Chinese intel around for a sleep-over. Ed.]

For example: it's generally a bad idea to put your own software acquisitions in /Applications. Yes, every ISV product and its half-sibling want to push you in that direction, but resist if you can.

You should put your own software in ~/Applications. No, this directory won't exist on an OOTB Mac, but it's already recognised by macOS. It's only when you want other (guest) users to have access to your software that you put it in /Applications.

Traditionally ~/Applications has been an enormous headache for Mac users and Apple engineers. Permissions on those files have been enormously confused (and confusing). And those mess-ups were often caused by Apple. And they were highlighted in the Month of Apple Bugs. Avoid /Applications at all costs.

/Applications should only be used for 'user' software not associated with the system vendor (Apple) anyway. /System/Applications would be the ideal location for Apple's own stuff. They give you /System/Library/CoreServices instead.

For what it's worth: the following are the paths officially recognised by macOS Mojave 10.14.3. All the paths beginning with a tilde ('~') are in your user area. They're YOURS. Reasonably you need only ~/Applications. Use it.

NSAllDomainsMask, NSAllApplicationsDirectory

Then too the location /Library can also contain things you don't want others to see. Try out your guest account on /Library before lending the account out.

Money is King, Hookers on Every Corner

A lot of these new 'Mac sites', popping up like mushrooms in the past few years, exist only for one purpose: ad revenues. In a word: they live on clickbait. Stick to the sites that actually teach you things - preferably in a single page devoid of adverts. Mac Daily News, MacSurfer, and MacRumors come highly recommended. There are more and more of those senseless, beyond trivial, clickbait pieces out there. You might learn something - after wading through a swamp of doodads that generate impressions - so instead of shaking your head, count the number of ads per page. Then you'll begin to understand.

See Also
Reviews: The Very Ugly
Reviews: eyeHide 2.0
Reviews: Apimac Secret Folder 2.6.4
Reviews: Ghost Folder 2.0
Reviews: Hidden Files Widget 2.0
Reviews: Arsenic & Other Laces
Learning Curve: When Ignorance < Blissful

About Rixstep

Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.

Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.

All Content and Software Copyright © Rixstep. All Rights Reserved.

John Cattelin
Media Contact
ACP/Xfile licences
About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.