March 17, 2019 at 20:39 #13410
OK, I’ve been using AxCrypt 1.x for quite some time. I don’t remember when I first stumbled onto it, but it was a very simple, very little and non-intrusive program. I liked how it asks a password for each file I encrypt, the “Shred and Delete” option on the context menu, everything about the program was intuitive from the get-go.
After formatting my PC I looked for AxCrypt again, and it was interesting to see version 2.0. Not that 1.x was lacking in anything (at least for me) but I thought if it’s newer, it’d be better. I was wrong. Before it gets any longer, let me do a short list of features I don’t like.
- The new UI design
- Creating account means a connection exists between your “encryption password” and “something not mandatory for encryption”
- Need to be logged on (yes you can be OFFLINE and LOGGED ON at the same time, I’m aware of that)
- Automatic decryption if you are logged on (good luck to you if you forget to log off after encrypting something)
- Secure deleting became a paid option
- Able to use different passwords for different files became a paid option (Not sure actually, but I think password manager allows you to do that. At least I hope?)
Also, I read this on your blog “If you change your password on our server, we’ll re-encrypt your private key there with the new password and this means that all your already encrypted files will now be decryptable with the new password!” which alone could raise some caution flags but I can’t describe how horrified I am when the program itself did not ask me my old password when I clicked on “password change”. It simply asked for a new password, and confirmation of password again. Which means, if, by any chance, someone gets 20 seconds of access to your PC, not only you lose access to newly encrypted files, but you lose access to all your encrypted files, on all devices in sync. Before you give me “Oh if someone can access your PC, he/she can do anything to it, it’s not safe anymore” bs, let me remind you: If I were to use old AxCrypt 1.x and left my PC alone for 20 seconds, the damage would be less even if I were to forget “automatic decryption with the last password used” checkbox filled. I’d lose 2-3 files that my PC could decrypt in 20 seconds time, and be done with it.
I know you’d like to earn something from a software you’ve developed, but if you’re going to monetize features that were free on previous versions, and add no new features (at least no new features that do not provide us with additional security threats and/or backdoors) then I’m not gonna buy it or use it.March 18, 2019 at 07:56 #13411
Thanks for the feedback. Some of it is are your personal opinions, they must remain so. It is meaningless to discuss the fact you don’t like the new UI design without some concrete ideas from you to improve it for example.
However, there are some technical misunderstandings that should be corrected, and some basis for changes that you may not be aware of.
“Automatic decryption” – this was always an option with AxCrypt 1.x (“Remember this key for decryption”).
“Need to be logged on” – this was also in essence an option with AxCrypt 1.x (“Remember this key for encryption”).
The basic reason for making these non-optional defaults was because of usage errors of users causing data loss, as well as increased convenience. It’s simply more convenient not to need to enter your password all the time, and the “log on” metaphor is to reduce and avoid the risk of a user using different or mistyped passwords and then being unable to decrypt. This is based on real world experience of millions of users. The new model has essentially stopped data loss caused by these mistakes.
“if, by any chance, someone gets 20 seconds of access to your PC, not only you lose access to newly encrypted files, but you lose access to all your encrypted files, on all devices in sync” – This is simply incorrect. The way it’s designed you can always open the files with the password used initially to encrypt them. So you do not lose access. Also, you just can’t dismiss the fact that if you leave your PC unattended it’s not safe anymore. It’s not! You just can’t leave your PC without a screen saver or anything! If you do, it makes no sense to consider security at all.
That we changed some previously free options into paid options is of course unfortunate for you as a free user – but the alternative to getting some revenue was to simply abandon the whole thing. As it is, you can still use 1.x for as long as you like, and you get the same and in some cases better functionality for nothing with version 2.x
Thanks again for your feedback!