Microsoft suspends dev accounts for high-profile open source projects

Original Article ↗ Hacker News Discussion ↗

Account suspensions and verification process

  • Multiple high‑profile Windows driver–signing accounts (e.g., VPNs, disk encryption, memtest, anti‑cheat) were deactivated after a “mandatory account verification” push in the Windows Hardware Program.
  • Verification reportedly required uploading government ID. Some affected devs say they never received notice; others say they complied months earlier yet were still locked out.
  • Commenters dispute whether this is “suspension” (reversible) or effectively “termination,” given loss of access and slow remediation.
  • Some report that at least one project has since shipped an update again, but others warn against blindly trusting new updates until identities and keys are clearly confirmed.

Security, signing, and centralization concerns

  • Strong criticism of OS‑vendor control over code signing: one party can unilaterally stop distribution of critical software.
  • Several see this as an example of “security theater” used to justify gatekeeping and vendor power.
  • Others argue platform security and signed drivers are necessary but agree Big Tech now wields excessive control.
  • Discussion extends to passkeys and authenticators as another locus of vendor lock‑in.

VPNs, surveillance, and government pressure

  • Some suspect targeting of VPNs and encryption tools, possibly aligned with growing government efforts (e.g., age‑verification mandates, UK online‑safety regulation) and surveillance interests.
  • Others point out non‑VPN tools were also affected and think this looks more like a broad, clumsy policy rollout than deliberate censorship.
  • There is debate over whether governments “have to” regulate online nastiness versus overreaching into general communication control.

Impact on users, developers, and ecosystems

  • Many see this as a warning about dependence on proprietary ecosystems for open‑source distribution, even when the software itself is open.
  • Comparisons are made to Apple’s notarization and App Store rules; some say the real problem is exclusive app stores and centralized “off switches” across all major platforms.

Microsoft’s communication & bureaucracy

  • Numerous anecdotes about vague, overused “Action required” emails that train recipients to ignore them.
  • Some argue vendors and partners share responsibility for monitoring such communications; others say Microsoft should have used higher‑touch channels for such critical accounts.
  • Overall sentiment: likely a bureaucratic, poorly communicated security policy with serious collateral damage, not clearly malicious but still harmful.