In a surprising turn of events, several prominent security and privacy developers have found their Microsoft developer accounts abruptly terminated, leaving them without access to crucial publishing and verification tools. Among the affected projects are well-known names such as VeraCrypt, WireGuard, and Windscribe, all of which play vital roles in providing Windows users with encryption, networking, and privacy solutions.
Microsoft’s Response
While Microsoft has acknowledged these terminations, the company has yet to provide a comprehensive explanation for the enforcement actions taken against these trusted developers. This incident underscores the ongoing friction between automated security measures and the realities faced by open-source developers. It also raises pertinent questions about Microsoft’s future strategies to mitigate similar disruptions.
Mounir Idrassi, the lead developer of VeraCrypt, expressed his frustration in a recent statement to PCMag, noting, “I cannot sign drivers, which means I cannot ship updates for WireGuard for Windows.” His attempts to reach Microsoft through various channels yielded little more than automated responses, leading him to lament, “I was unable to reach a human.”
Windscribe echoed these sentiments, revealing that their own Microsoft developer account had also been suspended. They shared their struggles, stating, “We’ve been trying to resolve this for over a month, and getting nowhere. Support is non-existent.” Their plea for assistance included a humorous yet desperate inquiry: “Anyone know a human with a brain that still works at Microsoft and can help?”
Fortunately, the situation gained traction on social media, aided by the unexpected support of Epic Games CEO Tim Sweeney. This attention prompted Pavan Davuluri, Microsoft’s EVP for Windows and Devices, to acknowledge the issue publicly, assuring that the company was actively working to resolve it. Davuluri indicated that Microsoft had reached out to both VeraCrypt and WireGuard, promising to reinstate their suspended accounts.
It appears that the terminations were not intentional acts of malice but rather the result of a new mandatory account verification process introduced in the Windows Hardware Program. This requirement, which took effect on October 16, 2025, mandated that partners verify their identities using government-issued IDs if they had not completed the process since April 2024. Davuluri emphasized the company’s efforts to communicate these changes effectively, stating, “We worked hard to make sure partners understood this was coming, from emails, banners, reminders. And we know that sometimes things still get missed. We’re taking this as an opportunity to review how we communicate changes like this and make sure we’re doing it better.”
Scott Hanselman, a VP at Microsoft, also addressed the issue on social media, sharing his perspective: “Hey, I love dumping on my company as much as the next guy, because Microsoft does some dumb stuff, but sometimes it’s just check emails and verify your accounts.” He further clarified that not every misstep is a conspiracy; sometimes, it simply boils down to paperwork. Hanselman assured that the matter would be resolved soon, stating, “Not every ‘WTF micro$oft’ moment is a slam dunk.”
As the dust settles, the question remains: Should Microsoft change how it verifies and enforces rules for open-source developers? This incident may serve as a catalyst for a broader discussion on the balance between security measures and the needs of the open-source community.
Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.
