alt Hacker NewsVeracrypt project update
Comments
First I was surprised to read the Veracrypt maintainers could be in this situation, then read the top comment where Wireguard maintainers are too (unless I misunderstood). Is this some malicious new program inside Microsoft to try and shutdown open source projects so they can push Windows products and solutions more?
They need to get some tech site like Arstechnica to write about it, like they did when neocities couldn't get ahold of bing. The only way to contact these tech companies to speak to a real human being and not a chatbot is if you know somebody who works there or if the media writes about it.
It's like LibreOffice all over again: https://www.neowin.net/news/microsoft-bans-libreoffice-devel...
Honest question, did we ever get an answer what was the cause for the sudden change from the original Truecrypt developer?
Even if one doesn't want to maintain that project for purely private reasons, recommending Bitlocker as the drop-in-replacement always made it smell fishy to me.
Linux is the only hope at this point for the future of computing.
Windows and macOS are just too risky to do any business with. Waste of all resources.
What sucks about this, is due to implementation,Windows is the only way to achieve some stuff in Veracrypt. For example: doing full system partition encryption, and the Hidden OS install that only Veracrypt can do- requires Windows with the computer set to MBR rather than UEFU. I had hoped we'd see more of the plausible deniability tech at the OS level
But aside from one or two experimental attempts, also presented at BlackHat https://web.archive.org/web/20250914062843/https://portswigg...
- the consumer has nearly lost access to high end plausible deniability
Microsoft disabled the developer's certificate so no windows releases can be made.
prediction: they are testing the waters. If there is enough outcry they will go "oopsie whoopsie, hehe :3 your account is restored".
If there isn't enough outcry they will go forward and disable more signing keys related to things like torrent clients, VPN software, eject UBO from the edge store etc etc.
Atleast now I'm a bit more certain that VC is indeed safe.
I am somewhat also concerned that this software was still being distributed on SourceForge.
https://community.osr.com/t/locked-out-of-microsoft-partner-... Could be a related issue to this? Maybe Microsoft just doesn’t want driver developers for whatever reason.
Sorry to hear about this turn of events, but it was pretty much to be expected given the way the world is turning, and Microsoft being Microsoft.
Switch to Linux if you can, and come give Shufflecake a try ;)
Looks like Linux and some of the BSDs are the only remaining truly open OSes.
We need a better way to sign and verify software. Clearly companies like Microsoft and Apple have not been good for the open source communities and are inhibiting innovation.
Microsoft doing everything in their power to be assholes, as always
Besides Veracrypt, are there any real alternatives to Bitlocker for total drive encryption in Windows?
Seeing this kind of friction makes me more confident in VeraCrypt. The tools that never seem to run into trouble with platform gatekeepers are the ones I'd worry about.
That's especially ridiculous because this whole security mechanism that Microsoft is forcing on Windows user doesn't even work. There are tons of leaked certificates and on forums dedicated to game hacking you can find guides on how to get your hands on one yourself. People there use them to write kernel drivers for cheating in games. Game developers often blacklist these in their anti-cheat software so that the game no longer launches on a computer using a driver with that certificate. Microsoft however does not do this and malware developers can then simply use the certificates for their own purposes. So all this nonsense is basically just a restriction on regular users and honest developers while the “bad guys” can get around it.
Can someone please explain the implications for current Windows users of VeraCrypt?
Anyone here who could reach out to specific persons inside Microsoft who could fix this?
I would not be surprised if it was some sort of AI driven mistake.
Some guy somewhere deciding to delegate threat assessment to Copilot or some other automated tool.
For folks looking for a much simpler single binary alternative.
Reminds me of when users of TrueCrypt were urged to just install BitLocker instead. Sus AF.
Hope this is resolved. I guess I could run linux in a VM and mount volumes there, but this is getting a bit dicey. But Win 10 is my last windows anyway.
Microsoft continues to push for year of the Linux desktop
Any chance this is the issue?
https://techcommunity.microsoft.com/blog/windows-itpro-blog/...
Microsoft can't be trusted.
Never was, isn't and I guess won't be.
It's perhaps naive, but could he create a new organisation, like a "TotallyNotVeraCrypt" French loi 1901 association, at a different address, and create a new microsoft account by making sure it passes all the requirements.
I run a dual boot of windows and am currently dauly-driving CachyOS quite happily. I've been playing some Crimson desert and got some occasional crashes... But any other game I have has run smoothly.
Their GUI tools for package management are thin wrappers on CLI tools, but are enough hand-holding that most people should navigate it fine. More devices worked out of the box for my with Linux than Windows.
Just like if you haven't tried AI in a year and have mocked it, you need to try it again. Of you haven't tried Linux desktop in a few years, you need to try again. CachyOS really does seem to handle the driver installs and gaming compatibility well.
if michalesoft wants to take away our ability to sign drivers, they will find there is more than enough vulnerable easily exploited drivers we can use that are pre-signed online. Thank you micosawft!
If only there was a way to sign software and not depend on a centralized authority, something like a... web of trust?
(and yes I know, you'd need to have the option to have "your" (haha...) OS trust it of course)
very much sounds like microsoft
This is always a problem when big mega-corporations are involved, be it Google or Microsoft. They want to control the platform.
We really need viable solutions. I have been using Linux since +21 years or so, so it does not affect me personally, but I think Linux needs to become really a LOT more accessible to normal people. And it really has not (on the desktop); all the various "improvements" on GNOME3 or KDE are basically pointless, they have not solved the underlying problem. Ideally problems should be auto-resolvable. If someone wants to use the proprietary nvidia driver, that should be a single click - on ALL Linux distributions. Instead you see some distributions have their own ad-hoc solution and other distributions have no easy solution (for simple people).
I'm sorry, is this some sort of Windows joke that I'm too Linux to understand?
And yet another example of companies turning actively hostile against their users.
The burden of usage/access is now solely on the customers and the feeling is that regular customers are just a nuisance to be ignored.
[dead]
cool project
If you use Veracrypt on Windows then you have no idea what you are doing. Windows is not safe. Use Linux only.
maybe an old vulnerable signed driver can be used to load the new version :D. on a more seirous note, i think contact with a person at MS, likely via socials triggering that, might help here. It all depends on the reason for the ban/block/cancel.
if they had a reason other than 'oops mistake' its likely just going to remain in place. (sadly, that is how MS is. if you care for privacy maybe go to BSD)
This highlights the fact that not only is supporting Windows dangerous to your project, but using Windows is dangerous to your security.
This is the same problem I'm currently facing with WireGuard. No warning at all, no notification. One day I sign in to publish an update, and yikes, account suspended. Currently undergoing some sort of 60 days appeals process, but who knows. That's kind of crazy: what if there were some critical RCE in WireGuard, being exploited in the wild, and I needed to update users immediately? (That's just hypothetical; don't freak out!) In that case, Microsoft would have my hands entirely tied.
If anybody within Microsoft is able to do something, please contact me -- jason at zx2c4 dot com.