This project has moved. For the latest updates, please go here.

Feature Request: When clicking "help" button, warn user before launching web browser.

Topics: Feature Requests
Mar 17, 2016 at 3:40 AM
Edited Mar 17, 2016 at 3:42 AM
Firstly: Thanks for your fork of TC... VeraCrypt is great, and getting better with every release.

Consider the following:

Someone wishes to use VC without others (hostile government, NSA, employer, partner, etc) being aware. However, the user needs help at some point while using the program. From the main window, then choosing "Help", there are two options: Online help and the User's Guide. As one would expect, selecting the "online" option launches the user's web browser and loads the VC help page, whereas the "User Guide" option opens the local PDF that came with the program.

However, it isn't made clear to a user that by clicking on any of the other "Help" buttons within VC's various pop-up windows, the program will launch the user's web browser and connect to the VC website.

For most programs, connecting to the outside world is (unfortunately) done quite a bit- new version checking an the like. However I think you left that "feature" out for obvious reasons. But I believe that allowing VC to launch a user's web browser without warning is a security threat. Perhaps not a huge threat, but a threat none-the-less. For example, one of these connections could inadvertently expose someone if they live/work in an area where using VeraCrypt is unlawful.

My suggestion: Warn the user with a small pop-up before VeraCrypt makes any outside contact. Perhaps with a "Don't warn me again" check-box?

Thanks for your consideration.
Mar 18, 2016 at 10:53 AM
While I sort of agree with there needing to be a confirmation with regards to opening the browser, or alternatively (better) not use the web at all for the purposes of documentation. (though that will increase size, but really would an extra 10-20 megs really matter?)

The reasoning that you've provided is fairly weak really. If you run a program, on most operating systems, especially windows. There is a definitive record of that program being ran. There is no getting around that. Even if you run it completely portable it will still record it. Any advanced "attacker" will be able to retrieve this information and there is absolutely nothing you can do to stop that. Not opening the browser isn't going to protect your usage of VeraCrypt.

Furthermore, the very fact that you are using it in the environment means you should know how the program works. If you don't already have that knowledge then YOU are more of a potential leak/vulnerability than anything the program itself does. I don't mean that as an attack or insult or anything either, it's just the hard truth that the user is the most likely point of attack/exploitation. Not the program. I agree with you that having the web browser open without user confirmation is never ideal in any program where security is important. It does not however make you more vulnerable than simply running the program itself. At least not from the attackers you've described. Remember that for VeraCrypt (Windows) to do its thing it has to install its driver, you cannot install a driver in Windows and not leave traces.

So I'd suggest that anyone who uses encryption of any nature seriously against attackers such as the ones you've described study up and become as informed as possible on the system before they put it into practice. There are too many avenues for user fail that will come up before the browser issue would come up. The browser thing is kind of an obvious aspect in that novices would be able to work out that you're using it, but a simple browser/history clear would solve that against a novice. Against the NSA? Hostile Government? Even most experts in Veracrypt would be able to remove all traces that they'd used the program.

Now this doesn't apply for system encryption until the hardware leaves your possession. But as I said, a hostile government/NSA would either clone your hdd or simply take it. They'll work out very quick whether it was encrypted and what it was encrypted with. That doesn't mean they'll be able to get into it, but they'll know it was encrypted. Sadly in this day and age the very fact that it was encrypted in many "states" would give them legal recourse to force you to hand over keys or imprison you.

But anyway, I've gotten sidetracked. I agree with you that ideally the documentation should be in offline form. No browser links should exist in the program unless they offer it as an OPTION whether or not it opens a browser.
Mar 18, 2016 at 1:01 PM
I 100% agree with the OP!
Not only launching the webbrowser and connecting to internet is a security thread, but also the online documentation could be tampered with. Imagine a scenario where someone hacks the server where the help files are located and replaces them with bogus requests to perform irregular actions that will compromise the security model or the password directly? I bet that at least 20% of those accessing the online help files will email their credentials if they are nicely and politely requested (from reliable source, such as the help files) to do so :)