Jason Donenfeld, the creator of the open-source WireGuard VPN, has been locked out of his Microsoft developer account, effectively preventing him from signing drivers or shipping critical software updates to Windows users. This abrupt termination of access, which occurred without prior notification, leaves one of the most widely used security tools in the world unable to push essential code deployments.
A Growing Trend of Developer Lockouts
WireGuard is not an isolated case. This incident marks the second high-profile open-source project to face such restrictions recently, following similar issues reported by the team behind the popular encryption software VeraCrypt. Mounir Idrassi, the developer of VeraCrypt, noted that the lockout puts his users at risk as he cannot issue updates before a crucial certificate authority expiry, potentially causing boot failures for hundreds of thousands of users.
Donenfeld highlighted the severity of the situation, stating that if a critical security vulnerability were discovered, WireGuard users would be left entirely exposed. “If there were a critical vulnerability to fix right now—there isn’t! I just mean hypothetically—then users would be totally exposed,” he explained.
The Impact of the Windows Hardware Program
The Windows Hardware Program is designed to ensure that only vetted developers can deploy drivers for Windows PCs. Because drivers operate with deep system-level access, Microsoft requires strict verification, including the submission of government-issued IDs, to prevent malicious actors from abusing the platform.
However, the process has proven problematic. Donenfeld discovered that Microsoft had implemented a mandatory verification deadline for all partners, which has now concluded. Despite attempting to verify his credentials, he was met with an “access restricted” error. He maintains that he never received any communication regarding this deadline, despite checking all mail logs and spam folders.
Industry-Wide Frustration
The issue appears to be systemic. Windscribe, a prominent VPN and privacy tool provider, also reported on X that it has been locked out of its Partner Center account for over a month. The company, which has maintained a verified status for eight years, expressed deep frustration with the lack of support, stating, “Support is non-existent.”
Current Status and Resolution Attempts
Donenfeld has been referred to Microsoft’s executive support team, though he was initially told that account reviews could take up to 60 days. By late Wednesday, there was progress, with Donenfeld confirming he had finally established contact with the company. Microsoft has not yet provided an official comment regarding the broader pattern of account lockouts affecting these major security projects.
As the situation develops, the broader open-source community remains on alert, as the inability to sign drivers threatens the security and functionality of essential privacy software relied upon by millions globally.