Veracrypt Project Update
The "Veracrypt Project Update" ironically links to a Cloudflare block, but the real story here is Microsoft's alleged summary suspension of the Veracrypt developer's certificate, echoing similar issues faced by WireGuard's creator. This incident sparks heated debate on platform control, the precarious position of open-source projects, and the transparency—or lack thereof—from tech giants. It highlights a critical tension between corporate power and independent software development.
The Lowdown
The listed "Veracrypt Project Update" on SourceForge led to a Cloudflare block page, hinting at deeper issues than a simple update. The true nature of the problem, as revealed in the discussion, is that Microsoft has disabled the Veracrypt developer's certificate, effectively preventing the distribution of signed Windows releases for the popular encryption software.
- Certificate Revocation: Microsoft's action means Veracrypt's kernel driver can no longer be properly signed, forcing users to either disable Windows' driver signature enforcement or contend with a 'Test Mode' watermark.
- WireGuard Parallels: Jason Donenfeld (zx2c4), the creator of WireGuard, reported a similar experience: a sudden, unexplained suspension of his Microsoft account and an opaque 60-day appeals process, raising fears of a pattern targeting privacy and open-source projects.
- Monopoly Concerns: Commenters widely view this as an abuse of Microsoft's dominant position, limiting independent software distribution and raising questions about who truly controls users' operating systems and installed software.
- Transparency Void: A major point of contention is Microsoft's lack of communication regarding the reasons for these suspensions and revocations, leaving developers in the dark and without clear recourse.
This situation underscores the growing vulnerability of open-source and independent developers who rely on major platform vendors for critical distribution and signing infrastructure, fueling concerns about centralizing control and stifling innovation.
The Gossip
Microsoft's Monopolistic Mishaps
Many commenters expressed outrage and frustration at Microsoft's actions, viewing them as an abuse of their market dominance. They point to the critical dependency developers have on Microsoft for code signing, especially for kernel drivers, and the lack of transparency when certificates are revoked or accounts suspended. Some drew parallels to past incidents, like Microsoft banning the LibreOffice developer, and suggested that only significant media attention can prompt a response from such large corporations.
Trust, Tinfoil, and TrueCrypt
A significant portion of the discussion revolved around the motivations behind Microsoft's actions. While some attributed it to incompetence or automated systems, many leaned towards the idea of intentional targeting, speculating about influence from state actors aiming to cripple encryption and VPN software like Veracrypt and WireGuard. The mysterious shutdown of TrueCrypt, Veracrypt's predecessor, also resurfaced, with various theories—from developer arrest to avoiding government demands—being debated. Ironically, some users noted that this friction with platform gatekeepers paradoxically increases their trust in the resilience and importance of tools like Veracrypt.
Linux: The Last Bastion?
The predicament faced by Veracrypt and WireGuard developers prompted a strong call for switching to Linux and other truly open-source operating systems. Commenters argued that such issues highlight the fundamental dangers of proprietary platforms that control software distribution. However, some also acknowledged that Linux still faces accessibility challenges for average users and debated emerging threats to its openness, such as compulsory age verification measures. The broader desire for a better, decentralized software signing and verification system, possibly inspired by projects like Let's Encrypt for web certificates, was also a common sentiment.