Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

...which is why you should be using VeraCrypt (https://veracrypt.codeplex.com/, the actively-developed fork of Truecrypt)



Hm, how did they fork and change the license? Or are they just hoping the TrueCrypt authors never attempt to enforce their license?


According to https://en.wikipedia.org/wiki/VeraCrypt#License_and_source_m...:

They didn't.

> VeraCrypt has been licensed under the Apache License 2.0 since 28 June 2015.

> VeraCrypt inherited a substantial amount of code from its TrueCrypt predecessor and thus is also subject to the terms of version 3.0 of the "TrueCrypt License" which is unique to the TrueCrypt software.


Oh, their CodePlex site makes it look like a license change with no mention of the original license, which they might be violating, as the original license had numerous problems:

http://lists.freedesktop.org/archives/distributions/2008-Oct...


If TrueCrypt authors are anonymous, can they even claim that they own that codebase?


In theory? Sure.

In actual legal practice? Probably not if they want to retain anonymity.


False. See below. Even if they wanted to enforce copyright, they can register as a pseudonym. They can also enforce in court under a pseudonym, as long as they can prove it's the same person with the registration.

Which may be tricky.


In the US Legal System, an accuser has to face the defendent. Not sure how they can do that and remain anonymous.


That's criminal, and something afforded to defendants.

In the civil system, which is where copyright resides, you can simply be represented by counsel and never appear at all :)

This happens all the time.


touche!


I don't think so without losing their anonymity. I'm kinda curious though? Any lawyers want to take a stab at answering?


IAAL: In the US, Copyright can be registered under a pseudonym, and you do not have to give your real name, ever.

On the forms they have, there is a space you can fill out for claimant name, and one for author name. There is also a pseudonym checkbox.

They will happily let you register it only in the name of the pseudonym.

See: http://www.copyright.gov/fls/fl101.pdf

For more interesting fun, read the last sentence of that PDF, where it goes on to explain that you get different years of protection for distributing under a pseudonym vs if your identity is revealed.


Yes, definitely. Anonymity is like pseudonimity, you don't lose any rights only because you choose to put a different name on your work of art.


Sure, Mark Twain was able to ascertain copyright.


Agreed. The TrueCrypt anonymous authors themselves said to stop using it when they quit maintaining it.


VeraCrypt is also vulnerable to this. Granted they've patched it, but they still share a very large code base.


I wonder, does VeraCrypt plan to eventually do a major LibreSSL-style clean-up of their codebase, after most people have "converted" to their tool?


why the heck is chrome telling me codeplex isn't a secure site




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: