I would like to mention a few other facts about Truecrypt which raise eyebrows.
If we look at the "company structure" of Truecrypt, we discover an international operation based within the Czech Republic as well as within the USA. Also, we find that there is a "non-profit" element as well as a "profit" element involved.
It is a fact that Truecrypt has filed trademarks in the Czech Republic as well as in the United States.
USA (federal trademark):
From the application in the Czech Republic we can see that the name "David Tesařík" is connected with it.
If we look at the company structure, we find that there are two entities, both registered in Nevada, via an "anonymous" registration company.
There is first the "Truecrypt Foundation" which is a "Domestic non-profit corporation":
Then there is the "Truecrypt Developers Association, LC" which actually is a "Domestic Limited-Liability Company":
The company details at the website of the Nevada Secretary of State reveal another name, which I haven't seen mentioned anywhere else yet: "Ondrej Tesarik", and this person heads both entities.
From these facts alone, a number of questions should be raised - unless of course one prefers not to ask any questions, as this could diminish the trust in this wonderful and versatile product, which is being offered for free.
I would raise for example the following questions, and there are certainly many more:
1. Why do citizens from the Czech Republic feel the need to create a non-profit as well as a for-profit organization in the USA, which as a consequence also means that they have abide to the US laws? After all, the USA is not exactly a "crypto-friendly" place, and this was already known in 2003/2004, when Truecrypt started to appear on the "market."
2. What exactly is their "profit" here? After all, they are developing an incredibly complex program for free. Is has been mentioned in various discussion about Truecrypt in the past that other companies employ large teams to develop similar products.
3. The people behind Truecrypt need administrative backup to maintain companies and to file trademarks (which of course also costs money). Where does the "backup" and the money come from?
4. Is the Truecrypt story simply too good to be true?
In discussions, you often find fervent defenders of Truecrypt. However, I think those people also need to ask themselves the following question:
Would the US-government leave a US-company <b>(yes, it's a US-company!)</b> like Truecrypt in "peace" and do nothing while they develop "uncrackable" encryption?
Would they really...?