The developer of WireGuard VPN cannot send software updates after locking the Microsoft account
WireGuard, a major software project and VPN that supports popular security software including Mullvad and others, has found itself locked out of a key part of its developer account by Microsoft and unable to send software updates to Windows users.
Jason Donenfeld, the open source creator of the WireGuard VPN software, told TechCrunch that he has been locked out of his Microsoft developer account, and therefore cannot sign drivers or send updates for WireGuard to Windows users, which are essential for its software to work. Donenfeld said in a post on X on Wednesday that the termination of the account stopped the WireGuard update from being sent.
It is the second such incident of a high-profile and widely used open source project being locked out of its customers due to an apparently sudden account termination at Microsoft, with popular encryption software VeraCrypt facing a similar situation. Both developers say Microsoft locked them out of their accounts without warning them first.
In the case of VeraCrypt, which is used by hundreds of thousands of users to encrypt files and applications, its developer Mounir Idrassi told TechCrunch that being locked out of his account means he can’t update the software in time for a key certificate authority to expire, which he said could prevent other users from getting started.
Donenfeld, an engineer at WireGuard, told TechCrunch in an email: “If there was a major risk to fix right now – there isn’t!
WireGuard is an open source VPN software used worldwide to connect devices over the Internet. The WireGuard code is very popular due to its simplicity and security, as it serves as the basis for many VPN implementations and commercial services that rely on its code, such as Proton and Tailscale.
Donenfeld told TechCrunch via email that he had spent the past few weeks modernizing WireGuard’s Windows code and was ready to send a copy of the update to Microsoft for testing before it was sent to users, but was met with an “access restriction” error when he logged into the developer section of his Microsoft account.
Despite the process of verifying his driver’s license or passport with Microsoft (the third-party company Microsoft uses for verification said he was “verified”), Donenfeld said his access has been suspended.
Donenfeld told TechCrunch that he found a page on Microsoft’s website that said the company had been making “account verification mandatory for all partners in the Windows Hardware Program who have not completed account verification starting in April 2024,” but the verification program has been shut down.
The Microsoft Windows Hardware Program allows developers like Donenfeld and VeraCrypt’s Idrassi to “install hardware drivers and utilities for Windows PCs and other devices.” The ability to develop and release drivers for Windows users is limited to known and tested developers, as drivers can provide extensive access to the operating system and its data and are known to be exploited by hackers for that reason.
That account verification process meant that developers had to upload their government-issued ID before they were allowed to publish potentially sensitive code to the Windows user base.
“Microsoft never sent me a notification about this at all. I looked in every inbox in every spam folder in every mail log, and zero, nothing, zilch,” Donenfeld said.
The Windows Hardware Program’s verification process has “now ended” and developers who haven’t uploaded their documentation have their accounts “suspended,” the page reads, meaning these accounts can no longer post updates.
Donenfeld said he was referred to Microsoft’s senior support team, which handles customer service and executive account requests, which confirmed his request had been received but had to wait 60 days for it to be reviewed.
By late Wednesday, there was a glimmer of hope in Donenfeld’s case. He told TechCrunch that he is finally in touch with Microsoft and hopefully the issue will be resolved soon.
Microsoft did not immediately comment when reached by TechCrunch.
Donenfeld and Idrassi are not alone, and account closure problems affect others as well.
Windscribe, a maker of VPN and other consumer privacy tools, said in a post on X that it was also locked out of the Partner Center account. The company said it has a verified account for more than eight years to sign up its drivers.
“We’ve been trying to resolve this for over a month, and we’re getting nowhere. No support,” Windscribe said in his post. “Does anyone know someone with a brain who still works at Microsoft and can help?”
