- This topic has 14 replies, 1 voice, and was last updated 2 weeks ago by
.
-
Posts
-
Have something to say about Hide Files? Say it here!
Have suggestions, comments, or need help? Post it here! If you know of better software than Hide Files, post it here! If you know of issues with Hide Files, post it here! Share your knowledge with all of us. :-)
I was concerned about some personal or confidential info being visible during any remote access tech support, so I used the built in OS file & folder facility for rendering those items hidden. I subsequently confirmed that what was thereby hidden would only show up *locally* to a file manager I have that displays *everything*, along with its status — whether visible or hidden. In fact, a bunch of installed programs that apparently did not like hidden stuff being present — even though those particular files & folders were not at all involved in those programs’ operations ! — would temporarily cease working. Until I later undid what had been done.
So, I’m wondering about a couple things. It sounds like this may be a much stronger method of hiding sections ? Secondly, I’d be concerned about something going wrong in the course of using this solution, painting myself into a corner, “getting hoist on one’s own petard” — so to speak, if you follow me.
Is the “native” method I was using somehow inadequate, at least for casual use ? The remote access will be rather time limited, and won’t be onsite here to linger over things. If the program developer happens to see this and cares to respond, that would be fine.
[@Gene] Thanks for your thoughtful question, you’re absolutely right to be cautious.
The built-in Windows “hidden” attribute is quite limited. It only hides files visually, but they can still be accessed by many tools or even cause issues with some programs, as you experienced.
Vovsoft Hide Files works differently. It doesn’t just toggle visibility, it moves files to a protected location, renames them, and controls access via a password, making them effectively inaccessible without the app.
It can also optionally use encryption (SHA256/PKCS7), though that’s slower.Regarding safety: the software includes a recovery mechanism, so you’re not easily “locked out”.
More details here:
https://vovsoft.com/blog/hide-files-faq/Impossible de telecharger Hide File sur mon smartphone sur ma tablle sur mon pc portable et sur mon pc de bureau
The only problem with having this installed on a PC is there is no plausible deniability like all other similar better or worse programs and don’t forget if you don’t encrypt the locked away files they WILL be viewable by utilities designed to recover lost data by scanning the drives sector data and bypassing the filesystem. You could end up being coerced into providing the passphrase under duress by threats of personal injury to ones self or family members… I personally prefer not putting truly confidential information on computers in the first place.
Note as usual the technical details here are inaccurate, according to vendors product page this is also Windows Vista compatible not just Windows 7 and above.
without encryption the hiding is superficial, once an item is locked a standard windows hidden attributed folder is created on the C: drive “C:\VVSFTFLDRHD” with security through obscurity a file is created for each hidden item N.db where N is a number that appears to increase sequentially. the file is NOT an sqlite database but the original file renamed… If one enables encryption then the *.db files contain the encrypted contents and not the plain text. As I said there is zero plausible deniability, even if stealth mode is enabled which for some reason just hides the GUI from view so you cannot do anything more with the program… not even exit normally… not sure it’s purpose as the C:\VVSFTFLDRHD folder with contents still remain and the process hidefiles.exe still shows in task manager details page and would have to be End tasked to return to normality. Ah just read on vovsofts product page CTRL + ALT + SHIFT + Z toggles stealth mode so now it kind of makes sense even if the stealthiness is superficial and proof of the programs activity remain. Oddly there is no portable edition of this even though that would make the most sense that the program not be installed on the host machine but just the obscure data files… renaming the appdata/roaming subfolder to be something more obscure would be advisable too. The use of fixed folder and file naming and installation on the host computer destroy the possible security through obscurity… One suggestion I can make is go a little deeper, most modern drives have multiple partitions to produce the EFI boot environment and that leaves often megabytes sometime hundreds of megabytes of slack space between GPT partitions that are free to hide away data if you compile in your own filesystem driver into your program to have an extended slack space partition table in the slack between the GPT/MBR records and boot sectors and the first partition which is often a megabyte later… to define the slack space partitions to be used for storing a few hundred megabytes of encrypted data in place that will not be touched by windows.
The hide files FAQ:
“I forgot my password. I get “wrong password” error message. How to recover my password?
Open “Hide Files” software. Click: “Forgot Password”. A reminder email will be sent to your email address associated with your license key. It is not possible to send a password recovery email without a registered license key. The software must be activated.”
implies that a copy of our password is shared with vovsoft! But also means the recovery process cannot function with the SOS giveaway license as no email address is associated with the license… I do object to having a copy of a password I have chosen being shared with anybody, as they or a hacker if their database is hacked could use the database to add to a list of leaked passwords as this recovery mechanism seems a data leak in itself no matter how trustworthy vovsoft intend to be!
[@TK] Thanks for your detailed feedback.
Just to clarify: passwords are stored locally on your PC, not on our servers. The only time our servers see the password is during the password recovery process, when it’s sent to your registered email, and even then, we do not store the password or email.
[@TK]
I’m afraid that your post # #23998011 is crossing the uber-techie line for me.And I’m in general agreement about the storage of confidential info on the computer, often preferring to relegate that to external storage which remains under my exclusive control. Under redundant storage, as a wise precaution. However, as a matter of practicality and convenience, I find that some such info must be there on the computer. We have to assess the acceptable level of risk. Other alternatives I’ve seen include things like a good password manager program. Still further removed and more failure proof might be printed hardcopy reference, suitably organized.
I appreciate the comments from Vovsoft, but I still get queasy over the prospects for accidentally shooting oneself in both feet, using a solution like this.
I’ve avoided Bitlocker all this time for much the same reasons.
[@Vovsoft] You say:
“Just to clarify: passwords are stored locally on your PC, not on our servers. The only time our servers see the password is during the password recovery process, when it’s sent to your registered email, and even then, we do not store the password or email.”
I would consider it a security risk to store the passphrase locally even if it is encoded and maybe encrypted as disassembling/decompiling your code is possible if anyone has the will to do so and can learn the code to decode stored passwords, much like they do with browser saved password recovery tools are reverse engineered even on non-open source browsers. I would suggest that in the reminder email with a copy of the original password in plain text, advise the end user to change the password once they are logged in to the program too since emails are in no way secure in transmission or storage locally or on the server.
Your help pages describe a different password creation wizard… you may want to update that as there is now no longer an input box method for recovery email as presumably you no longer offer password recovery service to non-registered users. We just get two password input box methods on the password creation wizard.
Also what happens if I press the Add drive button and select a 2TB drive does it move across all the drives contents it has the rights into a sub folder C:\VVSFTFLDRHD or a folder \VVSFTFLDRHD on the root of the drive just added? The uncertainty and undocumented nature of that button is just plain scary! Adding a drive to hide the data on the drive is inadvisable since unless we encrypt the data too there will just be hundreds of gigabytes of writes to storage media when locking and then later unlocking the drives… VERY undesirable for SSD drives and thermally stressful for electro-mechanical hard drives. If an entire drive needs to be hidden then the BEST solution is to do whole drive encryption with something like VERA-CRYPT and keep the drive encrypted all the time and use it encrypted.
[@TK] You made some great points.
We’ve updated the old help page and improved the recovery email to recommend changing the password after login, since email isn’t fully secure.
The app does not move data across drives. It simply creates a special folder on that drive and only manages files you choose — no full-drive operations or mass writes.
[ @Ashraf] 5th April and no new offering since th 1st April?
Sale has ended but no new offering!
