Microsoft’s Automated Suspensions Almost Silenced VeraCrypt and WireGuard

Previously, it was noted that the developer account for the renowned encryption software VeraCrypt was summarily suspended by Microsoft. This specific account is indispensable for obtaining Microsoft’s verification and the requisite code signatures for VeraCrypt’s drivers and bootloaders; without such authorization, these critical components are rendered incapable of functioning on Windows 10 or 11.

Unexpectedly, the developer of WireGuard revealed that they have fallen victim to an identical sanction. According to a discourse on Hacker News, the developer stated that the suspension arrived without prior warning or notification, leaving them abruptly disenfranchised.

Following extensive media coverage and fervent debate across social media platforms, the predicament finally caught the attention of Microsoft executives. Scott Hanselman, Vice President of Developer Community, announced that he had reached out to both affected parties via email. Hanselman posited that these incidents are not necessarily born of a grand conspiracy—countering claims that Microsoft is systematically stifling third-party developers—but are often merely the result of administrative or “clerical” entanglements.

Such reassurances, however, do little to assuage the anxieties of the developer community. The crux of the frustration lies in the perceived impossibility of reaching a human representative; both the VeraCrypt and WireGuard developers found themselves trapped in an automated loop, where robotic interactions proved futile in resolving account suspensions.

Had these grievances not ignited a digital firestorm, these developers might still be languishing in bureaucratic limbo, as reclaiming a suspended account without human intervention is a Herculean task. “This is precisely the ordeal I am currently enduring with WireGuard,” the developer remarked. “No warning at all, no notification. One day I sign in to publish an update, and yikes, account suspended. Currently undergoing some sort of 60 days appeals process, but who knows.”

The implications of such a stalemate are profoundly unsettling: should a critical remote code execution vulnerability emerge in WireGuard, being exploited in the wild and requiring an immediate patch, the developer would find their hands effectively tied by Microsoft’s restrictions.

“If anybody within Microsoft is able to do something, please contact me,” the developer urged. For his part, Hanselman admitted that while Microsoft is prone to occasional lapses in judgment, many issues are resolved through simple verification. He emphasized that “Not every “WTF micro$oft” moment is a slam dunk”. Having already initiated contact with the leads of both VeraCrypt and WireGuard, he pledged to facilitate the swift restoration of their accounts, maintaining that such friction is often a byproduct of flawed protocols rather than institutional malice.