HN

Need help?
<- Back
Veracrypt Project Update

Veracrypt Project Update

super256

Comments (123)

  • zx2c4
    This is the same problem I'm currently facing with WireGuard. No warning at all, no notification. One day I sign in to publish an update, and yikes, account suspended. Currently undergoing some sort of 60 days appeals process, but who knows. That's kind of crazy: what if there were some critical RCE in WireGuard, being exploited in the wild, and I needed to update users immediately? (That's just hypothetical; don't freak out!) In that case, Microsoft would have my hands entirely tied.If anybody within Microsoft is able to do something, please contact me -- jason at zx2c4 dot com.
  • pogue
    They need to get some tech site like Arstechnica to write about it, like they did when neocities couldn't get ahold of bing. The only way to contact these tech companies to speak to a real human being and not a chatbot is if you know somebody who works there or if the media writes about it.
  • firen777
  • Topfi
    Honest question, did we ever get an answer what was the cause for the sudden change from the original Truecrypt developer?Even if one doesn't want to maintain that project for purely private reasons, recommending Bitlocker as the drop-in-replacement always made it smell fishy to me.
  • mapontosevenths
  • dizhn
    Microsoft disabled the developer's certificate so no windows releases can be made.
  • 0xCE0
    Linux is the only hope at this point for the future of computing.Windows and macOS are just too risky to do any business with. Waste of all resources.
  • folbec
    I would not be surprised if it was some sort of AI driven mistake.Some guy somewhere deciding to delegate threat assessment to Copilot or some other automated tool.
  • shelled
    I am somewhat also concerned that this software was still being distributed on SourceForge.
  • tomgag
    Sorry to hear about this turn of events, but it was pretty much to be expected given the way the world is turning, and Microsoft being Microsoft.Switch to Linux if you can, and come give Shufflecake a try ;)https://shufflecake.net/
  • trashface
    Hope this is resolved. I guess I could run linux in a VM and mount volumes there, but this is getting a bit dicey. But Win 10 is my last windows anyway.
  • no_time
    prediction: they are testing the waters. If there is enough outcry they will go "oopsie whoopsie, hehe :3 your account is restored".If there isn't enough outcry they will go forward and disable more signing keys related to things like torrent clients, VPN software, eject UBO from the edge store etc etc.Atleast now I'm a bit more certain that VC is indeed safe.
  • ninjagoo
    Looks like Linux and some of the BSDs are the only remaining truly open OSes.
  • _s_a_m_
    Microsoft doing everything in their power to be assholes, as always
  • nixpulvis
    We need a better way to sign and verify software. Clearly companies like Microsoft and Apple have not been good for the open source communities and are inhibiting innovation.
  • RandomGerm4n
    That's especially ridiculous because this whole security mechanism that Microsoft is forcing on Windows user doesn't even work. There are tons of leaked certificates and on forums dedicated to game hacking you can find guides on how to get your hands on one yourself. People there use them to write kernel drivers for cheating in games. Game developers often blacklist these in their anti-cheat software so that the game no longer launches on a computer using a driver with that certificate. Microsoft however does not do this and malware developers can then simply use the certificates for their own purposes. So all this nonsense is basically just a restriction on regular users and honest developers while the “bad guys” can get around it.
  • 8cvor6j844qw_d6
    Seeing this kind of friction makes me more confident in VeraCrypt. The tools that never seem to run into trouble with platform gatekeepers are the ones I'd worry about.
  • avaer
    Forced software signing should be illegal.
  • speedgoose
    It's perhaps naive, but could he create a new organisation, like a "TotallyNotVeraCrypt" French loi 1901 association, at a different address, and create a new microsoft account by making sure it passes all the requirements.
  • saidnooneever
    maybe an old vulnerable signed driver can be used to load the new version :D. on a more seirous note, i think contact with a person at MS, likely via socials triggering that, might help here. It all depends on the reason for the ban/block/cancel.if they had a reason other than 'oops mistake' its likely just going to remain in place. (sadly, that is how MS is. if you care for privacy maybe go to BSD)
  • shevy-java
    This is always a problem when big mega-corporations are involved, be it Google or Microsoft. They want to control the platform.We really need viable solutions. I have been using Linux since +21 years or so, so it does not affect me personally, but I think Linux needs to become really a LOT more accessible to normal people. And it really has not (on the desktop); all the various "improvements" on GNOME3 or KDE are basically pointless, they have not solved the underlying problem. Ideally problems should be auto-resolvable. If someone wants to use the proprietary nvidia driver, that should be a single click - on ALL Linux distributions. Instead you see some distributions have their own ad-hoc solution and other distributions have no easy solution (for simple people).
  • kwar13
    very much sounds like microsoft
  • teekert
    I'm sorry, is this some sort of Windows joke that I'm too Linux to understand?
  • anon
    undefined
  • hernanhumana
    cool project
  • bilekas
    And yet another example of companies turning actively hostile against their users.The burden of usage/access is now solely on the customers and the feeling is that regular customers are just a nuisance to be ignored.
  • ErroneousBosh
    Jesus, sourceforge is still on the go?