VeraCrypt could check for new releases and prompt the user to update, by clicking on a button. This would be easier than downloading and installing the new version manually, since many users would not bother.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If this feature is implemented, I would request that the feature be configurable in the preferences and default to off for people that reside in very dictatorial countries which monitor for network traffic to restricted sites like VeraCrypt.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Except that would put you at greater risk of State surveillance since the State will be interested in you since you are hiding from the State your internet activity.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
True. The user would need to check they are running the latest version of VeraCrypt for security reasons. Users may forget to check for newer releases. Is there any solution? Reminder messages perhaps?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
VeraCrypt FAQ (I'm quoting the relevant paragraphs):
I live in a country that violates basic human rights of its people. Is it possible to use VeraCrypt without leaving any 'traces' on unencrypted Windows?
Note: If the adversary can intercept data you send or receive over the Internet and you need to prevent the adversary from knowing you downloaded VeraCrypt, consider downloading it via I2P, Tor, or a similar anonymizing network.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Also consider that the VeraCrypt documentation advises that, when running the hidden operating system, the user should not connect to any network or the internet. If the user has forgotten to disconnect from the internet when running the hidden operating system, VeraCrypt should never check for updates when it knows the hidden operating system is running.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
A reminder every 6 months to check for updates may be useful instead of using the internet to check. The reminder could include a warning message on how to access the VeraCrypt site if you believe an adversary could analyse your internet traffic, e.g. in a country that violates human rights. Also warn the user to only download from veracrypt.fr, as other sites hosting VeraCrypt could contain malware or keyloggers etc!
If VeraCrypt detects the hidden operating system is in use, the reminder must not appear (because any network/internet connection will affect plausible deniability; the documentation explains why).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
VeraCrypt could check for new releases and prompt the user to update, by clicking on a button. This would be easier than downloading and installing the new version manually, since many users would not bother.
If this feature is implemented, I would request that the feature be configurable in the preferences and default to off for people that reside in very dictatorial countries which monitor for network traffic to restricted sites like VeraCrypt.
I agree. The update could communicate to the server via an encrypted network (Tor etc)?
Except that would put you at greater risk of State surveillance since the State will be interested in you since you are hiding from the State your internet activity.
True. The user would need to check they are running the latest version of VeraCrypt for security reasons. Users may forget to check for newer releases. Is there any solution? Reminder messages perhaps?
VeraCrypt FAQ (I'm quoting the relevant paragraphs):
I live in a country that violates basic human rights of its people. Is it possible to use VeraCrypt without leaving any 'traces' on unencrypted Windows?
Note: If the adversary can intercept data you send or receive over the Internet and you need to prevent the adversary from knowing you downloaded VeraCrypt, consider downloading it via I2P, Tor, or a similar anonymizing network.
Also consider that the VeraCrypt documentation advises that, when running the hidden operating system, the user should not connect to any network or the internet. If the user has forgotten to disconnect from the internet when running the hidden operating system, VeraCrypt should never check for updates when it knows the hidden operating system is running.
A reminder every 6 months to check for updates may be useful instead of using the internet to check. The reminder could include a warning message on how to access the VeraCrypt site if you believe an adversary could analyse your internet traffic, e.g. in a country that violates human rights. Also warn the user to only download from veracrypt.fr, as other sites hosting VeraCrypt could contain malware or keyloggers etc!
If VeraCrypt detects the hidden operating system is in use, the reminder must not appear (because any network/internet connection will affect plausible deniability; the documentation explains why).