WireGuard makes new Windows release following Microsoft signing resolution
by zx2c4 on 4/10/2026, 3:49:52 PM
Recent and related: <i>Microsoft terminated the account VeraCrypt used to sign Windows drivers</i> - <a href="https://news.ycombinator.com/item?id=47686549">https://news.ycombinator.com/item?id=47686549</a>
https://lists.zx2c4.com/pipermail/wireguard/2026-April/009561.html
Comments
by: zx2c4
As I mentioned in the mailing list post, the Microsoft paperwork shuffling matter got dealt with rather quickly, following all the attention the HN thread from the other day got. And now we're finally out with an update!<p>NT programming is a lot of fun, though this release was quite challenging, because of all of the toolchain updates. On the plus side, we got to remove pre-Win10 support -- <a href="https://lists.zx2c4.com/pipermail/wireguard/2026-March/009541.html" rel="nofollow">https://lists.zx2c4.com/pipermail/wireguard/2026-March/00954...</a> . But did you know that Microsoft removed support for compiling x86 drivers in their latest driver SDK? So that was interesting to work around. There was also a fun change to the Go runtime included in this release: <a href="https://github.com/golang/go/commit/341b5e2c0261cc059b157f1c7a2a2c4d1f417f0d" rel="nofollow">https://github.com/golang/go/commit/341b5e2c0261cc059b157f1c...</a><p>All and all, a fun release, and I'm happy to have the Windows release train cooking again.
4/10/2026, 4:09:04 PM
by: c0l0
As a wireguard user myself (even on the lone Windows machine that I still begrundingly have), I am happy that this problem could have been resolved. I am just wondering - if there <i>had not</i> been this kind of public outcry and outrage that Mr. Donenfeld discounts in his announcement message, would the issue have been fixed by now?<p>What are individual developers of "lesser" (less important, less visible, less used) software with a Windows presence to do? Wait and pray for Goliath to make the first benevolent move, like all the folks who got locked out forever from their Google accounts on a whim? Ha!<p>The fact of the matter is, the code signing requirements on Windows are a serious threat to Free and Open Source Software on the platform. Code signing requirements are a threat to FOSS on all platforms that support this technique, and infinitely more so where it's effectively mandatory. I firmly believe that these days, THIS is the preferred angle/vector for Microsoft to kill the software variety their C-levels once publicly bad-mouthed as "cancer", and zx2c4 is one of the poor frogs being slowly boiled alive. Just not this time - yet.
4/10/2026, 4:20:32 PM
by: Nevermark
Individual-level ethics and respect are being dispensed with en masse. The excuse being that these companies operate "at scale".<p>But last time I checked, they are taking money from individuals. Or otherwise encouraging individuals to use their services.<p>So this lack of respect for individuals by specific large companies, is predicated on their encouraging users to trust them, and depend on them, without taking on any of the implied responsibility to not capriciously ruin someone's day or year. And then hard or soft stone wall them.<p>As someone who nearly lost everything due to the automated bureaucracy of a financial firm, I cannot stress: We are not safe. And we will not be safe until these companies are legally required to treat customer investment and dependency on their services, as valuable and necessarily recoverable, via prompt recourse and response, in cases where the automated bureaucratic systems fail.<p>Otherwise, this is going to keep getting worse.<p>When I hear how Microsoft helps someone who got attention, what I hear is that it takes extraordinary circumstances for Microsoft to care about the significant harm that there systems are causing many other people, today, who did not have the luck of this person.<p>And that they are very very aware of this.<p>I think we need to start using the word evil for this. Because it is. It is gross irresponsibility. Gross abuse of a power situation, of a strong dependency, that the company quite knowingly creates.
4/11/2026, 3:30:21 AM
by: golem14
Since the impact of the account is presumably known to Microsoft (through telemetry etc), they probably know when these accounts get turned off, and can mark them in case the owner comes back and tries recovery.<p>Microsoft would not have to automatically and 100% correctly reinstate the account. The goal would be to get high level cases like this one in front of a knowledgable human <i>before</i> the locked account posts angry owner posts complaints in public (If Joe Bloe's defragmentation utility noone has ever heard of and only having 10 installs goes bad, noone would care.)<p>Here, they don't have to be perfect - you just need to have enough signal-to-voice ratio that employing a very small number of people outweighs the cost to PR and execs to deal with these cases, and to not let accounts get hacked through recovery.<p>The response from Microsoft [1] is not great, or makes me hopeful.<p>``` Pavan Davuluri, Microsoft's President of Windows and Devices, said both Idrassi and Donenfeld should have their accounts restored "soon."<p>"We've seen these reports and are actively working to resolve this as quickly as possible," Davuluri Xeeted. "We've reached out to VeraCrypt and have spoken to Jason at WireGuard, they should be back up and running soon."<p>He explained that both deactivations were executed as part of the Windows Hardware Program's account verification procedures.<p>The company published a blog in October, giving devs a two-week warning that if their accounts had not been verified since April 2024, Microsoft would issue mandatory account verification notifications.<p>"We worked hard to make sure partners understood this was coming, from emails, banners, reminders," said Davuluri.<p>"And we know that sometimes things still get missed. We're taking this as an opportunity to review how we communicate changes like this and make sure we're doing it better."<p>```<p>[1] <a href="https://www.theregister.com/2026/04/09/microsoft_dev_account_deactivations/" rel="nofollow">https://www.theregister.com/2026/04/09/microsoft_dev_account...</a>
4/10/2026, 9:06:07 PM
by: looneysquash
But what would have happened if they weren't able to get Microsoft's attention through an outside channel (this site) and had to go through the normal process?<p>I'm glad it was resolved quickly for WireGuard, but I'm concerned the results won't generalize.<p>Also, thanks for WireGuard!
4/10/2026, 6:34:59 PM
by: everdrive
An interesting point I don't think I've seen someone make -- people compare the LLM revolution to other technical revolutions. You don't need to worry about skill decay in the same way that you don't know how to bake bread from unprocessed wheat, or you don't know how to build a loom, etc.<p>But local models aside (which no matter the protests from HN, will only be available to the technically savvy few) all of these LLMs are a service, so, the company could degrade the service, they could charge more than you're willing or able to pay, they could ban you. They could disable your account with no meaningful way appeal or seek support. LLMs could look at lot more like the scenario in this thread than something like not knowing how to make your own shoes.
4/10/2026, 7:59:02 PM
by: maltris
LibreOffice, VeraCrypt, WireGuard. 2 questions:<p>Whats next?<p>Is that a pattern?
4/10/2026, 4:26:25 PM
by: kuzivaai
The "minimum supported Windows version" ratchet is underrated as a maintenance strategy. I've watched codebases drown in compatibility shims that nobody remembers why they exist. Curious how much of the driver size reduction came from dropping pre-Win10 support versus the toolchain updates.
4/11/2026, 5:49:54 AM
by: swisniewski
How big is the Wire Guard user base on Windows?<p>How often do they ship new versions?<p>My understanding is that:<p>1. Windows drivers are Attested by Microsoft<p>2. Windows collects driver telemetry<p>Which means a really good question to ask is:<p>Why are they canceling driver signing accounts without looking at metrics?
4/11/2026, 5:19:11 AM
by: Aurornis
There was a lot of speculation about this issue because readers assumed that WireGuard's was <i>the only</i> account that got locked. There was actually a wave of account locks that happened at the same time. If you only saw one of the headlines you might assume it was targeted or the result of some directed conspiracy, not the result of a widespread process.<p>Microsoft did a (very!) bad job of communicating what was happening, but The Register has more information:<p>> He explained that both deactivations were executed as part of the Windows Hardware Program's account verification procedures.<p>> The company published a blog in October, giving devs a two-week warning that if their accounts had not been verified since April 2024, Microsoft would issue mandatory account verification notifications.<p>> "We worked hard to make sure partners understood this was coming, from emails, banners, reminders," said Davuluri.
4/10/2026, 6:52:17 PM
by: manbash
Happy to see it resolved and I hope the other developers are able to have the same experience.<p>By the way, was it only for the Windows application, or was wireguard-go was also affected?
4/10/2026, 4:09:51 PM
by: john_strinlai
><i>The comments that followed were a bit off the rails. There's no conspiracy here from Microsoft. But the Internet discussion wound up catching the attention of Microsoft, and a day later, the account was unblocked, and all was well. I think this is just a case of bureaucratic processes getting a bit out of hand, which Microsoft was able to easily remedy. I don't think there's been any malice or conspiracy or anything weird.</i><p>it <i>was</i> a bit crazy how quickly people got conspiracy-minded about it.<p>microsoft fucked up, and as per typical big-tech, only fixed it when noise got made on social media. but not everything is a grand conspiracy orchestrated by microsoft or the government or whatever. incompetence is always more likely than malice.<p>any news from the veracrypt maintainers? i would imagine whatever microsoft employee got tasked with resolving this issue would have also seen that one.<p>---<p>edit: well, i certainly underestimated the response to this comment. my mistake for using a common saying rather than being extremely explicit when it comes to something as emotionally charged as microsoft. i dont think i have seen a comment of mine go up and down points so many times before.<p>what i <i>intended</i> to get across was: "this was not a deliberate, coordinated, purposeful attack on the wireguard project, at the behest of some microsoft executive, to accomplish some goal of making encrypted communication impossible or whatever. instead, this was the result of a stupid system, with a stupid resolution process (social media), that is <i>still awful</i>, but different in important ways from a deliberate attack. this is the typical scenario (stupid system, stupid resolution). the non-typical scenario would be a deliberate choice made and executed by microsoft employees to suddenly destroy a popular project".<p>i shortened the above paragraph to the common saying "incompetence is always more likely than malice". i shouldnt have. my bad.
4/10/2026, 4:07:06 PM
by: ekjhgkejhgk
Could someone clarify, why do you need signing whatever to write software on Windows? Why can't you just write the software and run it? And when has this changed?
4/11/2026, 8:30:21 AM
by: incompatible
"The comments that followed were a bit off the rails. There's no conspiracy here from Microsoft. But the Internet discussion wound up catching the attention of Microsoft, and a day later, the account was unblocked, and all was well. I think this is just a case of bureaucratic processes getting a bit out of hand, which Microsoft was able to easily remedy. I don't think there's been any malice or conspiracy or anything weird."<p>Hopefully, this isn't just something Microsoft made them say as part of an agreement to get their account back.
4/11/2026, 2:44:07 AM
by: IshKebab
I don't think you can let them off that easily, given that the only effective support channel was "get to the front page of hacker news", which isn't usually an option.
4/10/2026, 5:06:49 PM
by: globular-toast
Why do people put so much effort into supporting a hostile platform? I really don't get it.
4/10/2026, 8:00:36 PM
by: tamimio
> I don't think there's been any malice or conspiracy or anything weird<p>Wink if there’s someone else in the room :)
4/10/2026, 7:21:27 PM
by: redeeman
and imagine for those guys that dont have the reach wireguard/veracrypt does.<p>NEVER trust microsoft, NEVER trust any mechanism people dont 100% control themselves. having to rely on microsoft to sign stuff is an abomination and something nobody should do
4/10/2026, 7:28:37 PM
by: jiusanzhou
[dead]
4/11/2026, 7:01:21 AM
by: rajptech
[dead]
4/10/2026, 8:20:58 PM
by: Ms-J
Could you give us an update on how everything was resolved?<p>I believe the transparency would be a huge plus.<p>This happened to Wireguard, Veracrypt, Windscribe, and possibly others. Certainly not isolated and very unnerving.<p>There are still many unanswered questions...
4/11/2026, 12:32:25 AM
by: volume_tech
[dead]
4/10/2026, 6:26:27 PM
by: shevy-java
What's going on at Microsoft? Why did they suddenly declare war on VPN and related software projects?
4/10/2026, 7:00:55 PM