TrueCrypt Is Dead -- Long Live TrueCrypt!

Category: Security , Software

A shockwave rolled through the Internet’s cryptographic community on May 28. TrueCrypt, a highly respected, open-source, on-the-fly encryption program, was abruptly abandoned by its developers. It’s not unusual for programmers to give up on their free software. What shocked everyone is the going-away present that TrueCrypt’s parents gave to the world.

Is TrueCrypt Insecure?

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” says the first line on the TrueCrypt.org site now. Development was ended on May 20, shortly after Microsoft’s end of all support for Windows XP. The authors of TrueCrypt are urging users to migrate their data from TrueCrypt to Microsoft’s Bitlocker or another on-the-fly encryption platform.

Furthermore, the last version of TrueCrypt available to download (v7.2) will only read files and disks encrypted with TrueCrypt. You cannot use it to create or modify encrypted versions of files. It’s intended only to be a tool for migrating files from TrueCrypt to a new encrypted storage site, say the authors.

TrueCrypt: Dead or Alive?

Not so fast, say the folks at Gibson Research Corp. TrueCrypt v7.1a is still safe to use, and it is fully functional! So what are TrueCrypt’s authors doing with these discouraging, scary words?

Apparently, TrueCrypt’s authors are trying to “take back” their contribution to the Internet community by crippling its final release and spreading Fear, Uncertainty and Doubt about its reliability. They want to kill their own child out of spite. After ten years of writing, improving, and supporting some truly outstanding code, they are sick and tired of being taken for granted. Translation: not enough donations to justify the cost.

Gibson counters that a gift, once given, no longer belongs to the giver. TrueCrypt belongs to the Internet now under the terms of the open-source license it bears, he believes. But there are some legalities in the TrueCrypt license that Gibson is glossing over. But it's likely thtat other open-source code warriors will step up to keep TrueCrypt updated and supported. The copyright on the name “TrueCrypt” belongs to the program’s authors, so a new name will be found for this venerable program. But it’s not going away.

Legalities of property rights aside, this extraordinary event highlights a long-simmering injustice: the people who produce all of the free software are not getting the financial support they deserve from the millions upon millions of – there is no other word – freeloaders, and they’re increasingly complaining about it.

Support Your Local Freeware Developer

Matt Kruse, a corporate programmer by day and social media maven by night, has the gratitude of over a million users of his awesome Social Fixer browser add-on. It fixes a myriad of things that are wrong, idiotic, and irritating about Facebook. So why does he have to beg for donations in a two-inch sidebar that runs the full height of my screen?

I’ve given my highest kudos to Privazer, the privacy protecting and system optimizing program. Hundreds of thousands of people have taken advantage of Privazer, but donations amount to less than $30,000 in two years. I bet that, collectively, all of those people have tipped baristas more for much less benefit.

Comedian Danny Thomas supposedly told his daughter Marlo, “If it’s worth doing, someone will pay you to do it. Otherwise, you should find something more useful to do with your time.”

Thomas assumes that people are fair and pay for the benefits they get; so I guess he wasn’t such a wise man, after all. Most people take whatever freebies they can get away with taking, and do not consider the long-term consequences of doing so.

Filthy Lucre, Clean Conscience, or Both?

TrueCrypt’s developers have issued a loud and clear wake-up call. If you're using and depending upon free software, a small donation to support the developers is incumbent upon you. Unless you're truly a pauper, you can afford to drop $5 or $10 in a tip jar to encourage the developers of your cherished software to continue the work of providing, supporting and enhancing it. Failing that, it may disappear one fine day.

It does have to be said, though, that there are plenty of software developers who provide free software, and find sustainable and profitable ways to do it. Red Hat Software's business is based on providing services related to free software (Linux) and they had revenues of $1.5 billion last year. Other such as AVG, Avast, Avira, MalwareBytes, Piriform (CCleaner and Speccy) provide popular freebies, but also offer a premium version or subscriptions to generate revenue.

Matt Kruse, the developers who created TrueCrypt, and others providing free software may have philosophical (or other) objections to "selling" a product or service. But it's not up to us to judge their motives. Here's a question I'll leave you with: Is it theft if you use software that's offered on a "free, but please pay or donate if you like it" basis, and you never do so?

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 3 Jun 2014


For Fun: Buy Bob a Snickers.

Prev Article:
Internet Trends and Predictions for 2014

The Top Twenty
Next Article:
Geekly Update - 04 June 2014

Most recent comments on "TrueCrypt Is Dead -- Long Live TrueCrypt!"

(See all 38 comments for this article.)

Posted by:

jimeee
03 Jun 2014

You said it better than any other commenter on here Jack. If it's free then it is free. If other than that say it up front period...

There are choices: Free, Donationware, 30 day Trialware and etc. But say it up front and don't try to shame people into paying for freeware after the fact.

FREE IS FREE!!!


Posted by:

Taelor
03 Jun 2014

Wow, you're right Bob. There have been a number of freeware products I've donated to, but not near as many as I have used over the years. Thanks for the reminder that these people who code these products do so because they see a need, and are willing to share with the community, but that doesn't mean that they should not be compensated. I don't think they will ever get what they would if their product was sold commercially; however, a small financial token of appreciation would probably go a long way. I'm going to go through and search for freeware I haven't donated to, and do so asap! Thanks again for this timely article.


Posted by:

Jason
03 Jun 2014

If a product is offered completely free of charge it is in no way theft to accept that offer. If the developer of a particular application requests donations, then it is just that - a request. There is no obligation, either explicit or implicit, in such a request. If you like a product and use it regularly, of course you should be courteous and make a donation. But for someone to offer something for free and then get angry because people take them up on that offer is evidence of a serious character flaw. If the desire is to be compensated for the product, then that needs to be part of the offer itself. This is what trial periods are for.


Posted by:

Lin
03 Jun 2014

TrueCrypt is to be used to hide information. There are methods listed for how to hide the fact you're trying to hide information. Lots of information on how to keep from being "forced to disclose" the unlock key. Lots of information on how secure the encryption is. Lots of information that leads *me* to believe they really mean keeping who I am and what I'm doing private.

"And you want me to break that security by sending them money? Traceable money? Are you nuts?" I've dealt with people who want to be 'secure', 'untraceable', and 'off the grid'. They don't send money over the internet. Not to anybody, not for any reason. Snail mail? Sure, postal money order paid with cash. That's got to be *some* software to get someone to do that.

TrueCrypt's stated purpose was keeping information secure. It just turned out that keeping information secure also meant very few people were willing to risk exposure and send them money.


Posted by:

Buffet
03 Jun 2014

I'm so enamored with PrivaZer I "tipped" 'em sixty bucks!
After MalwareBytes free version saved my ass a few years ago, I immediately purchased the Pro version.


Posted by:

Randi
03 Jun 2014

Your point is taken and I agree; therefore, the software that I use are the upgraded versions of the "Free-ware." However, my income is less than halfway to the 'poverty level.' I was blasted out of the "working world" back in 1988 with the diagnosis of Multiple sclerosis(The #1 crippler of young adults.). I had a good start to a career in wildlife science. Was even accepted into the Peace Corp and headed for Kenya Africa. So I appreciate "Freeware."


Posted by:

Chris
03 Jun 2014

There's a lot of wrong headed thinking in these answers and the actual article. I can't see how anyone gets to the point where they think there is a "moral obligation" to pay these fellows. What does the word free mean? No payment required. They are offering you an option. Where is the immorality in taking one of the options that they offer? If they actually demanded a payment and you used their wares without payment then that would be theft. If programmers want payment then offer their wares as trials that time out after a certain time. If they're too scared to compete in the market place on that basis then please spare us the moral intimidation of "Please donate...."


Posted by:

Herb Klug
03 Jun 2014

It is not stealing if you use something which was offered free of charge, and never donate, even if the author(s) said, 'Please'. I find nothing wrong with developing a program and offering it free, then - if the user base warrants it - start charging for future versions: upgrades, if you will. If the people who use the program really like it, they'll pay for the improved versions. If they don't want to pay - c'est la vie!


Posted by:

Don
03 Jun 2014

First of all, if something is designated as freeware I don't believe anyone is under obligation to pay for it. That being said, I have wondered for years how people who offer freeware make enough money to do the work. It sounds like the answer is: they don't.
But here's the problem. For some reason there is a great gulf between freeware and the prices typically charged for "pay-ware". There are many programs I would like to have but would only use rarely. And I simply won't pay 40 or 50 dollars or more to have them! If people who create the "freeware" would simply ask a reasonable price for what it's value to the customer is - and I'm thinking 5 or 10 bux - I bet they would get a lot more than they apparently do now. Of course, it would work best if they offered a free trial period so you could see if you actually liked and would use the program.
And I apply the same theory to commercial software. Charge a reasonable price for good software and offer a trial and you will sell far more than you do by jacking up the price sky high. And the result will probably be that for many programs you will make far more than you do now. Unlike a physical product, the cost of creation and production of software is exactly the same whether you sell 100 copies or 100,000 or more.


Posted by:

John
04 Jun 2014

I haven't read all the posts and no doubt others have expressed the same sentiment. Your call to be supportive financially of good software that we use frequently is heard. But what of those, including myself, who HAVE supported these developers only to be left in the lurch. It tends to make one reluctant to support developers who will often quit their project. I suppose it's damned if you're the developer; damned if you're the supporter!


Posted by:

Dayna D
04 Jun 2014

Funny you should write this article just now...I made a donation to Matt Kuse within the last week (generous by your "$5 or $10" suggestion). And it wasn't my first donation to Matt--as well as other developers who use this model. Thank you for bringing attention to this situation. We all need to support products we want to continue to be available to us.


Posted by:

MmeMoxie
04 Jun 2014

Bob ... I am going to take a completely different take on the "Freeware" issue.

Yes, I have "donated" here and there, but, over all, when a developer makes the statement, that their product is Free, than to me ... It is Free! Plain and simple. If, they want to "earn money" to continue on with their development, than do what many others do ... Offer the previous version, as the "Free" version and only those who pay for Pro or Premium get the latest versions.

If, they are developers for an Open Source Core project, than that project is Free, period. Does anything created by Mozilla, cost you anything? Firefox is an Open Source Code project. Yes, Firefox does have Ads, so do you Bob, but, you haven't started charging for your newsletters. Should you ever feel the need to charge, I would be first in line to pay you!!!

Now, I did for Privazer. I knew right away, it was an excellent software. I didn't pay for CCleaner, until last year, I always used the "Free"version. As I did for all the years, I used either AVG or Avast! programs, until last year, when I decided I wanted to have the capability of more automation, in my scheduling and other areas.

The stupidest thing these developers could ever do, is to "complain" about an issue, they could have solved for themselves, by doing what many, many others have done ... Charge for services rendered. Offer the Free version, for a short length of time, before they would have to pay for the privilege of paying for the Full version. Or offer a Free version and a Pro/Premium version. To simple bitch and complain is so childish like.

I use Matt Kruse Social Fixer, on Facebook. Lately, he has not be updating, due to Facebook changing their codes so often, that he can't keep up. Plus, Matt's Facebook page was "taken down" for awhile, while he "gave in" to Facebook's demands. Please, tell me why I should pay Matt, under the circumstances? As someone else said, Matt only excepts "donations" through PayPal, BitCoin and Snail Mail. He doesn't want to pay for the use of either Credit Cards or Debit Cards, which is what I use. He easily could use a Payment Service, like some of the others do. I have purchased software, where Digital River and other payment sites, handle all of the financial issues and there I have always been able to use my Credit/Debit Card. Likewise, for the True Crypt developers.

Now, I do have a PayPal account and have NOT used it, in ages!!! Too many problems with PayPal and eBay, so, for my protection ... I don't use either, any more. From what I read, BitCoin is not doing well, either. As for Snail Mail, nope, haven't in a long, long time.

Bottom line, IF, you want your program to be your full time job ... Then charge, accordingly. If, you simply love to develop and use others, for feedback, then give it away, until it has become a good, solid program.

Sorry, Bob ... That is my take, on this issue.


Posted by:

Boneman
04 Jun 2014

To me FREE means FREE. As I age, and experience grows, I feel sick and tired of people who 'give' a 'gift', with strings attached. When somebody gives something for free they should understand the meaning of their actions, and not expect something in return.
If the motive is to 'throw' something out there for Free, in the hope/expectation of obtaining money from it, was it ever Free? Would feel like I was being baited, much like bait used in many slick Commercial Market strategies.
Hey people, look up the (real) definition of Free. I wont be changing what Free means to me just because somebody wants to redefine it to benefit themselves. Soon No could mean Yes.
Software asking for donations should be classed as Donourware, or turned into Trialware, perhaps.
Developers, if you are offering Freeware labelled software, have a hard think of the what and why you are doing so, and what you should expect in return from 'giving freely'!
All that said, Kudos and MUCH thanks to the developers of Freeware (and Donourware), you provide great help to MANY people, and keep at bay the appalling Financial Noose that I can imagine of a World of paid-only Software!
Much Thanks, always I hope!


Posted by:

John L Brown
04 Jun 2014

It seems to me that many software/program developers emphasize the free use of their product, to induce a potential user to try it, and perhaps assist, inadvertently or directly, in the improvement and development of the product. I think that is fair, and generally understood; and sometime clearly stated with the launching of so-called beta versions, or the like. I didn’t fully understand the tenuous nature of some developers to stay afloat with regard to denotations. It seems to me, that fairly recently, more developers have shown the actual amount of donations received, and the target necessary to stay viable; or at the least, I believe this strategy, and others, are worthy of consideration. IMHO, this is a tricky business because a company or developer can provide false information as to the exact amounts of their current donations. If a kind of ‘clearing house’ for donations is established, that is trusted by all concerned, this issue can be certainly improved.

Obviously developers/companies have failed to come up with a business plan that provides more disclosure, relative to the financial needs necessary to sustain their ‘free’ product/s. Offering and presenting a free program, and at the same time asking for donations requires special marketing skills, as well as clarity, and honesty. I read Bob’s informed article and thought; who knew. Perhaps, and much earlier; and better integrated into their business practices, if TrueCrypt’s developers had better marketing skills, and articulated their needs with language that displayed the fairness, and benefit of supporting a great product that would otherwise discontinue, we would not be reading this article; at least not for the present focus. Bob’s article is crucial in its own right.

Bob, you seem to imply; if TrueCrypt had offered a paid version of their software, that this option alone might have been sufficient to sustain them financially. Do you think that is a better option than efforts to seek, and secure donations? I offer these thoughts for your consideration. Thank you.


Posted by:

Tom
04 Jun 2014

No, it is not theft by any definition of the word. The term "FREE" means exactly that .. free. If there are any conditions such as "free with a purchase of #100 of other product", "free with a donation" or anything else "free with xyz..." it is not in any sense of the word .. free. Free means gift, no charge, gratis, no tip, no conditions, just a straight forward "Here, I made this for you, please enjoy". Now should you donate?? If you want to and you CAN (even $5 donations have to be made judiciously by some with little means) then yes you should donate if you find that the product has value and you want to support a creative and talented coder.

But FREE MEANS FREE ... and there are no gradations of free, it is or it isn't,


Posted by:

RandiO
04 Jun 2014

I am going to let the great keepass.info site be my mouthpiece on this one:

"Is it really free?
Yes, KeePass is really free, and more than that: it is open source (OSI certified). You can have a look at its full source and check whether the encryption algorithms are implemented correctly.

As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It's true for cryptographic algorithms, security protocols, and security source code. For us, open source isn't just a business model; it's smart engineering practice.
Bruce Schneier, Crypto-Gram 1999/09/15"
Pasted from


Posted by:

old gobbo
04 Jun 2014

Good article, Bob, needed saying. The comment from someone that e.g. radio stations shouldn't have to rely on donations is a) irrelevant (as different kind of product, ergo different user benefits and therefore probably different demand-supply-payment structure) and b) ignores question of what they should rely on.

AS small effort to catch up with missed donations, have sent 2 granola bars - happy munching


Posted by:

Nigel
04 Jun 2014

I am surprised that nobody in this discussion has mentioned Heartbleed. Heartbleed is the media's name for a small coding error in a piece of freeware called OpenSSL. Businesses large and small relied on OpenSSL for security, but contributed nothing to support its development.

I encourage all to read this eloquent eWeek story on the subject:

http://www.eweek.com/security/heartbleed-openssl-bug-reveals-the-true-cost-of-open-source-software.html


Posted by:

Lucy
05 Jun 2014

So true. It is like trying to shop locally, not going to the next city's mall, or when you want to buy something fast you find the local store has closed down due to slow business.

I appreciate Bob also. Anyone who does so has the opportunity to show their appreciation and buy Bob a Snickers Bar or even an Audi TT Coupe :-) via his Buy Bob a Snickers link above these posts.

Please keep up the great work Bob, you are my "go to" guy on internet questions.


Posted by:

Justin
06 Feb 2015

Free is free, however, if I like the free program and a paid version with enhanced features is offered, I will pay for the enhanced version. Truecrypt's script kiddies could have done the same.

I was deeply offended by the actions of the Truecrypt parents. I still run 7.1.a, however, I now encrypt the 7.1.a encryption results with Axcrypt. That's right, a double encryption process rolled into a script file. Then the encrypted files are stored on a virtual drive that can be shared on line with a public/private hash component. The weak link? Bob knows.

There are numerous free encryption programs as good as Truecrypt. If you are truely paranoid, multilevel encryption will enhance your perceived security. I doubt however that the NSA is really interested in my Home depot shopping lists.


There's more reader feedback... See all 38 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- TrueCrypt Is Dead -- Long Live TrueCrypt! (Posted: 3 Jun 2014)
Source: https://askbobrankin.com/truecrypt_is_dead_long_live_truecrypt.html
Copyright © 2005 - Bob Rankin - All Rights Reserved