GoKawiilWireGuard, the major software project and VPN that underpins popular security software including Mullvad and others, has found itself locked out of a key part of its Microsoft developer’s account and unable to ship software updates to Windows users.
Jason Donenfeld, the creator of the open source WireGuard VPN software, told TechCrunch that he has been locked out of his Microsoft developer account, and as a result cannot sign drivers or ship updates for WireGuard for Windows users, which are critical for its software to run. Donenfeld said in a post on X on Wednesday that the account termination stopped a WireGuard update from shipping.
It’s the second such incident of a high-profile and widely used open source project being shut out from its customers due to a seemingly abrupt account termination from Microsoft, with popular encryption software VeraCrypt facing a similar circumstance. Both developers said Microsoft locked them out of their accounts without first alerting them.
In the case of VeraCrypt, which is used by hundreds of thousands of users to encrypt files and operating systems, its developer Mounir Idrassi told TechCrunch that being locked out of his account means he is unable to update the software in time for a crucial certificate authority expiry, which he said may prevent some users from booting up.
Donenfeld, the WireGuard developer, told TechCrunch in an email: “If there were a critical vulnerability to fix right now — there isn’t! I just mean hypothetically — then users would be totally exposed.”
WireGuard is an open-source VPN software used around the world to connect devices over the internet. WireGuard’s code is highly popular for its simplicity and security, as it serves as the foundation of many VPN implementations and commercial services that rely on its code, like Proton and Tailscale.
Donenfeld told TechCrunch in an email that he has spent the past few weeks modernizing WireGuard’s Windows code and was ready to send a copy update to Microsoft for checks before it can ship out to users, but was met with an “access restricted” error when logging into the developer portion of his Microsoft account.
Despite going through the process to verify his driver’s license or passport with Microsoft (the third party Microsoft uses for verification said he was “verified”), Donenfeld said his access was still suspended.
Donenfeld told TechCrunch that he found a page on Microsoft’s website saying that the company had been carrying out “mandatory account verification for all partners in the Windows Hardware Program who have not completed account verification since April 2024,” but that the verification program had since closed.
Microsoft’s Windows Hardware Program allows developers like Donenfeld and VeraCrypt’s Idrassi to “deploy hardware and device drivers for Windows PCs and other devices.” The ability to develop and release drivers for Windows users is restricted to known and vetted developers, as drivers can grant vast access to an operating system and its data and are known to be abused by hackers for that reason.
... continue reading