WireGuard makes new Windows release following Microsoft signing resolution

Original Article ↗ Hacker News Discussion ↗

Incident recap and resolution

  • WireGuard’s Windows kernel driver signing account was locked as part of Microsoft’s Windows Hardware Program verification push; after a widely read HN thread, Microsoft quickly restored it.
  • The maintainer describes it as bureaucratic process run amok, not a targeted attack, and is “happy to have the Windows release train cooking again.”
  • Other projects (e.g., a filesystem driver, VeraCrypt, VPNs) report similar unexplained lockouts, sometimes for over a month.

Incompetence vs. malice

  • One camp argues this is classic organizational incompetence and bad process, not a deliberate anti-WireGuard conspiracy.
  • Another argues that “incompetence” at this scale, with no human recourse, is effectively malicious: reckless system design that predictably harms users and devs.
  • Some say for practical purposes the response should be the same whether the root cause is malice or negligence.

Impact on smaller developers

  • Many worry that only projects with large audiences can get attention via HN or social media; lesser-known developers may remain locked out indefinitely.
  • Reported error messages explicitly said there was no appeal process, leaving publicity or legal threats as the only recourse.
  • Some describe resolving similar Microsoft issues only by buying paid support and burning many hours on calls.

Code signing, platform control, and FOSS

  • Several see mandatory signing, hardware/driver gatekeeping, and SmartScreen warnings as a growing threat to FOSS and small software on Windows.
  • Comparisons are made to certificate authorities: some feel Microsoft has forfeited trust; others note CA programs distinguish carefully between malice and systemic failure.
  • There is concern that “collateral damage” from automated enforcement conveniently suppresses small competitors and raises risk for indie devs.

Microsoft processes, communication, and trust

  • Microsoft claims it warned partners via emails, banners, and reminders; many say such channels are noisy, easy to miss, and not sufficient for something this critical.
  • Lockouts were silent for at least some developers; no proactive, human review occurred despite obvious telemetry about driver usage.
  • Commenters emphasize fatigue with big-tech account lockouts, lack of due process, and the need for legal/organizational reforms and stronger advocacy (e.g., via digital-rights groups).

Technical / product side notes

  • The new WireGuard Windows release drops pre‑Windows 10 support and had to work around removal of x86 driver compilation in the latest SDK.
  • Some users ask about previous-version binaries, ReactOS compatibility, and minor behavior like reboots during update.