Forums Community Unhappy with version 2 Reply To: Unhappy with version 2

#6085 Reply

Captain Quirk

With the utmost respect for you, Svante, and your team, I regret to say that I, too, am disappointed with the move to Version 2.   Unlike many people, I don’t have a problem with the single password approach – I think that has a lot of merit, as you have previously explained.  But the switchover has other shortcomings that have understandably upset a lot of people, including me.

Version 1 was a simple, basic tool that did what many people wanted – not only encrypt files on one’s computer, but also the ability to “shred” files and even allow files to be sent to another person who didn’t even have AxCrypt installed on their computer.  Genius!  And no need to set up and activate an account or enter your email address.

Version 2 requires me to set up and activate an account and enter my email address.  And it may be simple to use in practice (I don’t know; I haven’t actually tried it yet), but it sure seems complicated.  It leaves a lot of questions unanswered.  How does Version 2 work?  How does it do what it does?  What information gets sent to (and from) your servers, and why?  I’m not asking for a detailed explanation of all the underlying cryptography, which would be over my head anyway.  Just a basic explanation of the general structure of how Version 2 works.  I think the lack of that info is what makes many people (including me) feel uncomfortable.  I don’t like the patronizing “Let us handle everything – you don’t need to know how it works” attitude that seems to pervade Version 2.  I feel like I’m in the Matrix!  :-)

I think I read somewhere (it’s not in your main AxCrypt site – maybe it’s in one of the blog posts or forum posts or something – I’m not going to go searching for it now) that it isn’t even necessary to be connected to the internet to use Version 2.  (Which is as it should be.)  Apparently there’s a setting that can be invoked to do that.  But then, what do your servers do?  Why is Version 2, in its normal operating mode, connected to your servers?  Either it needs internet connectivity, or it doesn’t.  You can see why potential users would find this all very confusing.  Version 1 was simple, understandable software that basically just did a few things to files on your computer.  Version 2 seems to be this strange organism that’s connected in mysterious ways to the outside world, for reasons that are not explained.

As you can see from the previous two paragraphs, I think a big part of the problem is simply the lack of info, the lack of good explanations, on your website.

But there are other, more practical problems as well.  Version 1 had a convenient file shredder that you have deleted from the free version of Version 2.  Version 1 enabled a person to send an encrypted file as a self-extracting .exe that a recipient could open (with the password, of course) without even having to have AxCrypt installed on his or her computer.  You’ve deleted that as well.  Your “replacement” of that feature in Ver$ion 2 (which, to my mind, isn’t a replacement at all) requires that the sender have a paid $ubscription, and requires the recipient to set up and activate an AxCrypt account as well as download and install the Version 2 software.  That’s lot to ask of a recipient to whom you may only ever be sending one single encrypted file, and it’s a big step backwards from the simple functionality of Version 1.

And the very idea of having to pay an annual fee in perpetuity bothers many people (again, myself included).  Yes, I have read your justification for that business model, but I don’t find it convincing.  It’s great for you – what company wouldn’t want a guaranteed income, year after year after year?  But it’s equally (reciprocally) bad for your customers, who don’t want another constant drain on their limited income, year after year after year.   (Can you imagine going to IKEA to buy a table, and the salesman says “We won’t sell you a table, but we’ll rent one to you for a monthly fee for the rest of your life.”?)

Normally I would just go with Version 1, except that its hash algorithm, SHA-1, has been compromised and is no longer considered secure.  So it looks like I’m going to have to stick with 7-zip, which is free, does most of what AxCrypt Version 1 does (and in at least one respect, more*), and does it with the more modern and secure SHA-256 hash function.


“Captain Quirk”


*(7-zip allows filenames to be encrypted, which Version 1 couldn’t do.   Ver$ion 2 (pr€mium) allows this, but apparently only on a file-by-file basis, meaning that you have to individually decrypt each and every file whose real name you want to see, rather than just be able to decrypt one folder and see all the real filenames within.)