WireGuard VPN developer can’t ship software updates after Microsoft locks account

WireGuard creator Jason Donenfeld has been locked out of his Microsoft developer account, preventing him from signing drivers or shipping software updates to Windows users. Microsoft suspended accounts of developers who did not complete a mandatory verification process for the Windows Hardware Program, without notifying them. The issue also affects VeraCrypt and Windscribe, raising concerns about open source projects' dependency on platform gatekeepers.

Key Points

• 1. WireGuard creator Jason Donenfeld was locked out of his Microsoft developer account after Microsoft concluded a mandatory verification program without notifying him.
• 2. The lockout prevents Donenfeld from signing drivers or shipping any WireGuard updates to Windows users, leaving them potentially exposed if a critical vulnerability were discovered.
• 3. VeraCrypt developer Mounir Idrassi faces a similar lockout, which may prevent some users from booting up due to a certificate authority expiry.
• 4. VPN provider Windscribe reported the same issue and said it has been trying to resolve it for over a month with no success.
• 5. Microsoft's Windows Hardware Program required developers to upload government-issued ID for verification, but closed the window without adequate notice.
• 6. Donenfeld was told his appeal could take up to 60 days for review, though by late Wednesday he reported being in contact with Microsoft.

Relevance

• This incident highlights the fragility of open source software ecosystems that depend on proprietary platform gatekeepers for distribution.
• The lockouts affect widely used security tools like WireGuard and VeraCrypt, putting millions of Windows users at risk of running outdated software.
• It raises questions about how major platforms handle developer relations and whether unilateral account suspensions are appropriate for critical infrastructure software.

The incident underscores the tension between open source software development and the closed platform ecosystems they must navigate to reach users.