Veracrypt Project Update

This is the same problem I'm currently facing with WireGuard. No warning at all, no notification. One day I sign in to publish an update, and yikes, account suspended. Currently undergoing some sort of 60 days appeals process, but who knows. That's kind of crazy: what if there were some critical RCE in WireGuard, being exploited in the wild, and I needed to update users immediately? (That's just hypothetical; don't freak out!) In that case, Microsoft would have my hands entirely tied.

If anybody within Microsoft is able to do something, please contact me -- jason at zx2c4 dot com.

They need to get some tech site like Arstechnica to write about it, like they did when neocities couldn't get ahold of bing. The only way to contact these tech companies to speak to a real human being and not a chatbot is if you know somebody who works there or if the media writes about it.

It's like LibreOffice all over again: https://www.neowin.net/news/microsoft-bans-libreoffice-devel...

Honest question, did we ever get an answer what was the cause for the sudden change from the original Truecrypt developer?

Even if one doesn't want to maintain that project for purely private reasons, recommending Bitlocker as the drop-in-replacement always made it smell fishy to me.

Microsoft disabled the developer's certificate so no windows releases can be made.

Sorry to hear about this turn of events, but it was pretty much to be expected given the way the world is turning, and Microsoft being Microsoft.

Switch to Linux if you can, and come give Shufflecake a try ;)

https://shufflecake.net/

I am somewhat also concerned that this software was still being distributed on SourceForge.

prediction: they are testing the waters. If there is enough outcry they will go "oopsie whoopsie, hehe :3 your account is restored".

If there isn't enough outcry they will go forward and disable more signing keys related to things like torrent clients, VPN software, eject UBO from the edge store etc etc.

Atleast now I'm a bit more certain that VC is indeed safe.

Looks like Linux and some of the BSDs are the only remaining truly open OSes.

Microsoft doing everything in their power to be assholes, as always

We need a better way to sign and verify software. Clearly companies like Microsoft and Apple have not been good for the open source communities and are inhibiting innovation.

That's especially ridiculous because this whole security mechanism that Microsoft is forcing on Windows user doesn't even work. There are tons of leaked certificates and on forums dedicated to game hacking you can find guides on how to get your hands on one yourself. People there use them to write kernel drivers for cheating in games. Game developers often blacklist these in their anti-cheat software so that the game no longer launches on a computer using a driver with that certificate. Microsoft however does not do this and malware developers can then simply use the certificates for their own purposes. So all this nonsense is basically just a restriction on regular users and honest developers while the “bad guys” can get around it.

Seeing this kind of friction makes me more confident in VeraCrypt. The tools that never seem to run into trouble with platform gatekeepers are the ones I'd worry about.

Forced software signing should be illegal.

It's perhaps naive, but could he create a new organisation, like a "TotallyNotVeraCrypt" French loi 1901 association, at a different address, and create a new microsoft account by making sure it passes all the requirements.

maybe an old vulnerable signed driver can be used to load the new version :D. on a more seirous note, i think contact with a person at MS, likely via socials triggering that, might help here. It all depends on the reason for the ban/block/cancel.

if they had a reason other than 'oops mistake' its likely just going to remain in place. (sadly, that is how MS is. if you care for privacy maybe go to BSD)

I'm sorry, is this some sort of Windows joke that I'm too Linux to understand?

This is always a problem when big mega-corporations are involved, be it Google or Microsoft. They want to control the platform.

We really need viable solutions. I have been using Linux since +21 years or so, so it does not affect me personally, but I think Linux needs to become really a LOT more accessible to normal people. And it really has not (on the desktop); all the various "improvements" on GNOME3 or KDE are basically pointless, they have not solved the underlying problem. Ideally problems should be auto-resolvable. If someone wants to use the proprietary nvidia driver, that should be a single click - on ALL Linux distributions. Instead you see some distributions have their own ad-hoc solution and other distributions have no easy solution (for simple people).

very much sounds like microsoft

cool project

And yet another example of companies turning actively hostile against their users.

The burden of usage/access is now solely on the customers and the feeling is that regular customers are just a nuisance to be ignored.

Jesus, sourceforge is still on the go?