This is the same problem I'm currently facing with WireGuard. No warning at all, no notification. One day I sign in to publish an update, and yikes, account suspended. Currently undergoing some sort of 60 days appeals process, but who knows. That's kind of crazy: what if there were some critical RCE in WireGuard, being exploited in the wild, and I needed to update users immediately? (That's just hypothetical; don't freak out!) In that case, Microsoft would have my hands entirely tied.
If anybody within Microsoft is able to do something, please contact me -- jason at zx2c4 dot com.
It has been clear for a while that certain providers and services need to be regulated as utilities - Microsoft, Google, Apple, Visa, Mastercard, and soon Openai and Anthropic.
It should be illegal for these companies, just like utilities, to deny service to anyone or any entity in good standing for dues.
There is little hope for getting this through in the US where most politicians of any stripe hate the public, and the ones that don't have hardly any power. But it might be possible to do this in the EU.
Then, we non-EU folks need to apply for Estonian e-residency [1] which may get us EU regulatory coverage.
Now this is even more alarming! Wireguard's creator has their Microsoft account suspended...
Microsoft doesn't want to allow software that would allow the user to shield themselves, either by totally encrypting a drive, or by encrypting their network traffic!
They need to get some tech site like Arstechnica to write about it, like they did when neocities couldn't get ahold of bing. The only way to contact these tech companies to speak to a real human being and not a chatbot is if you know somebody who works there or if the media writes about it.
First I was surprised to read the Veracrypt maintainers could be in this situation, then read the top comment where Wireguard maintainers are too (unless I misunderstood). Is this some malicious new program inside Microsoft to try and shutdown open source projects so they can push Windows products and solutions more?
Honest question, did we ever get an answer what was the cause for the sudden change from the original Truecrypt developer?
Even if one doesn't want to maintain that project for purely private reasons, recommending Bitlocker as the drop-in-replacement always made it smell fishy to me.
prediction: they are testing the waters. If there is enough outcry they will go "oopsie whoopsie, hehe :3 your account is restored".
If there isn't enough outcry they will go forward and disable more signing keys related to things like torrent clients, VPN software, eject UBO from the edge store etc etc.
Atleast now I'm a bit more certain that VC is indeed safe.
What sucks about this, is due to implementation,Windows is the only way to achieve some stuff in Veracrypt. For example: doing full system partition encryption, and the Hidden OS install that only Veracrypt can do- requires Windows with the computer set to MBR rather than UEFU. I had hoped we'd see more of the plausible deniability tech at the OS level
We need a better way to sign and verify software. Clearly companies like Microsoft and Apple have not been good for the open source communities and are inhibiting innovation.
The newest frontier AI models can easily find 0-days in all major software stacks, while the two biggest open source security tools on Windows can’t even ship patches.
That's especially ridiculous because this whole security mechanism that Microsoft is forcing on Windows user doesn't even work. There are tons of leaked certificates and on forums dedicated to game hacking you can find guides on how to get your hands on one yourself. People there use them to write kernel drivers for cheating in games. Game developers often blacklist these in their anti-cheat software so that the game no longer launches on a computer using a driver with that certificate. Microsoft however does not do this and malware developers can then simply use the certificates for their own purposes.
So all this nonsense is basically just a restriction on regular users and honest developers while the “bad guys” can get around it.
Seeing this kind of friction makes me more confident in VeraCrypt. The tools that never seem to run into trouble with platform gatekeepers are the ones I'd worry about.
This is always a problem when big mega-corporations are involved, be it Google or Microsoft. They want to control the platform.
We really need viable solutions. I have been using Linux since +21 years or so, so it does not affect me personally, but I think Linux needs to become really a LOT more accessible to normal people. And it really has not (on the desktop); all the various "improvements" on GNOME3 or KDE are basically pointless, they have not solved the underlying problem. Ideally problems should be auto-resolvable. If someone wants to use the proprietary nvidia driver, that should be a single click - on ALL Linux distributions. Instead you see some distributions have their own ad-hoc solution and other distributions have no easy solution (for simple people).
> Mounir IDRASSI - 7 hours ago
> Thank you all for your feedback and your support in getting media attention through various social platforms.
>After posting this, other developers in the security fields (like WireGuard) came forward to announce that they have the exact same issue. I understand why nobody talked publicly about this before and I'm glad that by going public I pushed others to do the same.
>Positive aspect is that a Microsoft VP (Scott Hanselman) has announced on X that he will help address this issue affecting me and others. He also reached out to me and connected me with other Microsoft people to help address this issue.
I run a dual boot of windows and am currently dauly-driving CachyOS quite happily. I've been playing some Crimson desert and got some occasional crashes... But any other game I have has run smoothly.
Their GUI tools for package management are thin wrappers on CLI tools, but are enough hand-holding that most people should navigate it fine. More devices worked out of the box for my with Linux than Windows.
Just like if you haven't tried AI in a year and have mocked it, you need to try it again. Of you haven't tried Linux desktop in a few years, you need to try again. CachyOS really does seem to handle the driver installs and gaming compatibility well.
Why is there no simple workaround for this? Why is it dead in the water and why can't we use another mechanism to verify the update files with SHA1? It's all been done before [1]. This would be an improvement, as it enables the project to continue working without any handcuffed relationship to Microsoft.
If bitlocker wasn't crippled[1] on the home versions of Windows, this would be a non-issue. I hope a solution is found, even if it's 3rd party signing that works like the present solution.
VLayer (my project) scans healthcare codebases for HIPAA compliance issues before they reach production. One thing I learned building it: developers rarely think about encryption until it's too late. Tools like VeraCrypt solve the "data at rest" problem, but the bigger issue in healthcare software is unencrypted data in logs and API responses — stuff that's much harder to audit manually.
Hope this is resolved. I guess I could run linux in a VM and mount volumes there, but this is getting a bit dicey. But Win 10 is my last windows anyway.
> Hey I love dumping on my company as much as the next guy, because Microsoft does some dumb stuff, but sometimes it's just check emails and verify your accounts.
Not every "WTF micro$oft" moment is a slam dunk. I've emailed VeraCrypt personally and we'll get him unblocked. I've already talked to Jason at WireGuard.
Not everything is a conspiracy, sometimes it's literally paperwork.
My only experience with Veracrypt is via a law firm I was consulting with, who used it to protect some files they were sharing with me. Law firm and their end client are both big, prestigious companies.
Gone are the days when one can be anonymous on the Internet. Now, in some places, we have to prove our age and identity. This is leading to a digital ID. This will end badly.
It's perhaps naive, but could he create a new organisation, like a "TotallyNotVeraCrypt" French loi 1901 association, at a different address, and create a new microsoft account by making sure it passes all the requirements.
if michalesoft wants to take away our ability to sign drivers, they will find there is more than enough vulnerable easily exploited drivers we can use that are pre-signed online. Thank you micosawft!
501 comments
If anybody within Microsoft is able to do something, please contact me -- jason at zx2c4 dot com.
It should be illegal for these companies, just like utilities, to deny service to anyone or any entity in good standing for dues.
There is little hope for getting this through in the US where most politicians of any stripe hate the public, and the ones that don't have hardly any power. But it might be possible to do this in the EU.
Then, we non-EU folks need to apply for Estonian e-residency [1] which may get us EU regulatory coverage.
[1] https://en.wikipedia.org/wiki/E-Residency_of_Estonia
Microsoft even supports Wireguard in Azure Kubernetes Service.
Even if one doesn't want to maintain that project for purely private reasons, recommending Bitlocker as the drop-in-replacement always made it smell fishy to me.
Windows and macOS are just too risky to do any business with. Waste of all resources.
If there isn't enough outcry they will go forward and disable more signing keys related to things like torrent clients, VPN software, eject UBO from the edge store etc etc.
Atleast now I'm a bit more certain that VC is indeed safe.
But aside from one or two experimental attempts, also presented at BlackHat https://web.archive.org/web/20250914062843/https://portswigg...
- the consumer has nearly lost access to high end plausible deniability
Switch to Linux if you can, and come give Shufflecake a try ;)
https://shufflecake.net/
The newest frontier AI models can easily find 0-days in all major software stacks, while the two biggest open source security tools on Windows can’t even ship patches.
We really need viable solutions. I have been using Linux since +21 years or so, so it does not affect me personally, but I think Linux needs to become really a LOT more accessible to normal people. And it really has not (on the desktop); all the various "improvements" on GNOME3 or KDE are basically pointless, they have not solved the underlying problem. Ideally problems should be auto-resolvable. If someone wants to use the proprietary nvidia driver, that should be a single click - on ALL Linux distributions. Instead you see some distributions have their own ad-hoc solution and other distributions have no easy solution (for simple people).
Some guy somewhere deciding to delegate threat assessment to Copilot or some other automated tool.
> Mounir IDRASSI - 7 hours ago > Thank you all for your feedback and your support in getting media attention through various social platforms.
>After posting this, other developers in the security fields (like WireGuard) came forward to announce that they have the exact same issue. I understand why nobody talked publicly about this before and I'm glad that by going public I pushed others to do the same.
>Positive aspect is that a Microsoft VP (Scott Hanselman) has announced on X that he will help address this issue affecting me and others. He also reached out to me and connected me with other Microsoft people to help address this issue.
>I will let you know how things go.
Their GUI tools for package management are thin wrappers on CLI tools, but are enough hand-holding that most people should navigate it fine. More devices worked out of the box for my with Linux than Windows.
Just like if you haven't tried AI in a year and have mocked it, you need to try it again. Of you haven't tried Linux desktop in a few years, you need to try again. CachyOS really does seem to handle the driver installs and gaming compatibility well.
[1] https://github.com/HyperSine/Windows10-CustomKernelSigners
[1] https://www.microsoft.com/en-us/windows/compare-windows-11-h...
> Hey I love dumping on my company as much as the next guy, because Microsoft does some dumb stuff, but sometimes it's just check emails and verify your accounts.
Not every "WTF micro$oft" moment is a slam dunk. I've emailed VeraCrypt personally and we'll get him unblocked. I've already talked to Jason at WireGuard.
Not everything is a conspiracy, sometimes it's literally paperwork.
(https://x.com/shanselman/status/2041977121686585396 https://xcancel.com/shanselman/status/2041977121686585396)
My only experience with Veracrypt is via a law firm I was consulting with, who used it to protect some files they were sharing with me. Law firm and their end client are both big, prestigious companies.
Never was, isn't and I guess won't be.
https://techcommunity.microsoft.com/blog/windows-itpro-blog/...
https://github.com/srv1n/kurpod
(and yes I know, you'd need to have the option to have "your" (haha...) OS trust it of course)