Your disk encryption just became a supply chain casualty. VeraCrypt, the open-source tool protecting millions of Windows machines worldwide, can’t deliver security updates anymore—thanks to Microsoft abruptly terminating its developer’s account without warning or explanation.
Mounir Idrassi, who maintains VeraCrypt as the successor to the legendary TrueCrypt, discovered his Microsoft account was dead when he tried signing Windows drivers in January. “I was surprised to discover that I could no longer use my account,” Idrassi posted in March after months of silence. Microsoft’s response delivered a bureaucratic gut punch: his company “does not currently meet the requirements to pass verification” with zero specifics and “no appeals available.”
The technical reality hits hard if you’re running VeraCrypt on Windows. Without Microsoft’s digital signature, new builds can’t install drivers or bootloaders—the kernel-level access that makes full-disk encryption possible. Linux and macOS updates continue flowing, but Windows users represent VeraCrypt’s majority. You’re essentially frozen in time, missing security patches and improvements while potential vulnerabilities remain unpatched.
This isn’t a one-off corporate hiccup targeting obscure software. Jason Donenfeld, creator of WireGuard VPN software, faced identical treatment from Microsoft’s termination machinery. “No warning at all, no notification. One day I sign in to publish an update, and yikes, account suspended,” he reported. Two major security tools serving millions of users, both suddenly excommunicated from Windows without explanation.
The communication breakdown reveals Microsoft’s increasingly automated approach to developer relations.
Idrassi’s attempts to reach human support yielded only responses containing “AI-generated text.” He called the experience “frustrating” and highlighted the “inhuman aspect” of automated decisions affecting critical security infrastructure. When your encryption software depends on Redmond’s blessing, apparently algorithms make the final call on global security tool availability.
This supply chain vulnerability exposes the fragile reality behind “decentralized” open-source software. Your security tools live at the mercy of corporate gatekeepers who can flip switches without accountability or transparency. Think SolarWinds-style dependencies, but instead of malicious code insertion, it’s legitimate developers getting ghosted by the platforms their users depend on.
The broader implications stretch beyond VeraCrypt users stuck without updates. Every open-source security project now faces uncomfortable questions about infrastructure dependencies and sudden disruption risks. Microsoft’s silence on specific verification requirements creates uncertainty that could push developers toward alternative ecosystems—assuming viable alternatives exist outside corporate control.
