Hey–the original maker of Knox here. Thank you for this trip down the memory lane. We launched the app in 2005 and sold it to AgileBits (makers of 1Password) in 2010. I just had a look and people are still discussing Knox on the AgileBits forums today!
Here's what has changed since 2010:
– Apple introduced FileVault 2 in late 2010, making full disk encryption of both internal and external drives simple and straightforward. Knox was always about convenience over the built-in tools in the OS, and for the simplest cases, the OS finally caught up.
- It was a time when a small menu bar utility could go for $34.99…
Before the AgileBits sale we were exploring some cool new stuff for Knox:
- App Vaults: swizzle some NSFileManager calls and have apps such as Mail or Safari direct all their reads and writes (including for preferences and Keychain access) to a vault. Multiple independent, encrypted, secret app instances.
- Online Backups: Knox Vaults were already encrypted and block-based, so many of the hard parts of backups were already taken care of. Backing up incremental Vault changes to an online block storage seemed straightforward enough, but in 2010 we just couldn't make the math work. (for example, in early 2010, S3 was $0.15/GB/mo and AWS still charged for inbound data transfer at $0.10/GB.)
In the end, it just wasn't sustainable. 2010 saw the launch of iPad and iPhone 4, and demand for Cocoa devs was becoming red hot. The opportunity cost of working on a niche Mac product like Knox was just too high.
Full disk encryption and individual encrypted DMGs ("vaults") have radically different use cases! Most encrypted DMGs aren't mounted (or "unlocked"), most of the time. They address a threat model where an attacker might have file read access to your running machine.
At Matasano, standard operating procedure was just to have the whole Mail.app library directory inside a Knox vault, "locking" mail cryptographically until you explicitly unlocked it.
Apple's existing tooling for encrypted DMGs is very cumbersome. I script around it, and that's OK, but Knox had a much better UX.
Here's what has changed since 2010:
– Apple introduced FileVault 2 in late 2010, making full disk encryption of both internal and external drives simple and straightforward. Knox was always about convenience over the built-in tools in the OS, and for the simplest cases, the OS finally caught up.
- It was a time when a small menu bar utility could go for $34.99…
Before the AgileBits sale we were exploring some cool new stuff for Knox:
- App Vaults: swizzle some NSFileManager calls and have apps such as Mail or Safari direct all their reads and writes (including for preferences and Keychain access) to a vault. Multiple independent, encrypted, secret app instances.
- Online Backups: Knox Vaults were already encrypted and block-based, so many of the hard parts of backups were already taken care of. Backing up incremental Vault changes to an online block storage seemed straightforward enough, but in 2010 we just couldn't make the math work. (for example, in early 2010, S3 was $0.15/GB/mo and AWS still charged for inbound data transfer at $0.10/GB.)
In the end, it just wasn't sustainable. 2010 saw the launch of iPad and iPhone 4, and demand for Cocoa devs was becoming red hot. The opportunity cost of working on a niche Mac product like Knox was just too high.