This project has moved and is read-only. For the latest updates, please go here.

Question about the hosting of the Veracrypt Project

Topics: Feature Requests, Users Discussion
Oct 19, 2016 at 4:23 AM
I'm not sure if this falls under a feature request, but upon downloading the installation files it seems to me there is a 800 lb. elephant in the room that I haven't seen discussed much. Being that Veracrypt is a huge target for nation states-"Five Eyes" countries, and given Microsoft's known cooperation with them in the past, it seems strange to me that something as valuable as the Veracrypt project is hosted by Microsoft. I would actually be shocked if Microsoft wasn't logging IP addresses/metadata of those who download for less that honorable purposes.

It also seems strange to me to see Microsoft scripts running in the browser that prevent downloading unless they are enabled. I understand that Windows users may need drivers signed by Microsoft, but even for a non windows user downloading a non-Windows version of Veracrypt the file won't download unless you completely disable almost every single security extension in your browser. This also doesn't leave a great impression on me and seems excessive for a simple file download. . Have the developers/maintainers of Veracrypt considered other hosting platforms that are more in the spirit of open-source and anti-surveillance ideologies? Please don't take this as trolling because they are legitimate questions I have and if the fears are unwarranted I'd be happy to hear why.
Oct 19, 2016 at 3:54 PM
VeraCrypt is also available on Sourceforge, Bitbucket and Github:

On Github:
On Sourceforge:
On Bitbucket:
You can read the developer's detailed answer at the link below.
Oct 21, 2016 at 7:55 AM
Thanks for the info. I haven't been familiar with veracrypt for long and honestly wasn't aware of that. Many thanks to the developers for what I'm sure is a monumental effort to maintain a great tool.