Access to the server gives you access to the encryption keys, unless the server is just storing end-to-end encrypted material for someone else and doesn't do anything with the data.
Fingerprinting is done by servers, not by browsers, and it is already illegal in the EU when it is done without explicit user consent and according to the GDPR data handling requirements. The GDPR covers all of this, it doesn't matter where the data comes from.
This is a normal reaction to ground breaking technology but these reactions never had any noteworthy effect in history. There used to be Maschinenstürmer during the 19th Century industrial revolution. There were also violent enemies of cars in the beginning of the 20th Century, some of them were even willing to kill drivers with lethal wire traps.
I see a vast financial sector bubble, a flood of broken software at work, users who have incorrect expectations because they believed LLM summmaries, and a vast increase in bullshit everywhere in the public sphere; I am not seeing see the "groundbreaking technology" here. "Cheap bullshit at scale" isn't an advance, it's a disaster.
Sure, LLMs are "revolutionary". So were the Chicxulub impactor and the Toba supervolcano.
When I said "groundbreaking" I only meant it as "being perceived as groundbreaking." If it isn't perceived as a disruptive technology, then it won't spark widespread protests. People protest against it because they believe it will take their jobs away, not because they believe it's a harmless fad or a financial bubble.
The comparison to cars is apt given how destructive this technology has been to cities, and how dangerous it is to drivers and non-drivers alike.
But otherwise you are wrong. There has been plenty of successful resistance to technology. For example a many cities, regions, and even entire countries are nuclear free zones, where a local population successfully resisted nuclear technology. Most countries have very strict cloning regulation, to the extent that human cloning is practically unheard of despite the technology existing. And even GMO food is very limited in most countries because people have successfully resisted the technology.
Neither do I think it is normal for people to resist ground breaking technology. The internet was not resisted, neither the digital computer, not calculators. There was some resistance against telephones in some countries, but that was usually around whether to prioritize infrastructure for a competing technology like wireless telegraph.
AI is different. People genuinely hate this technology, and they have a good reason to, and they may be successful in fighting it off.
I think you're plain wrong. I have never talked to anyone in my life about phones who didn't want replaceable batteries and wasn't annoyed by the throwaway culture. It's a top priority for the people I know, though by far not important enough for most of them to go for something like a Fairphone.
However, these preferences don't really matter anyway because nobody is forced to replace the battery and not buy a new phone when their phone has replaceable batteries.
> The National Security Agency is using Anthropic's most powerful model yet, Mythos Preview, despite top officials at the Department of Defense — which oversees the NSA — insisting the company is a "supply chain risk," two sources tell Axios.
I'm not one of those people but want to point out that there isn't much of a contradiction there. I don't know if hospitals, universities, train tracks, roads, and libraries technically speaking count as utilities but they overall don't seem to be profitable and at the same time are extremely desirable for a society and an economy to have. AI could turn out to be of the same sort.
It's not free at all. If you buy Windows through the official channels it's quite expensive. If you buy it on the grey market, it's dirt cheap, though.
As someone who is just planning to publish signed desktop software for Windows, this is deeply worrying. What reasons could there be for cancelling a certificate, especially when it has been used for years and the identity is already established?
Are there some ways to combat such decisions legally?
Perhaps not legally, but technically, you have an option: don't use the Microsoft Store. This isn't as wild a suggestion as it may seem to non-Windows users: the store is barely used by Windows users. You can get your own code signing certificate from a public CA, sign your own installer, and post it on your website. This is still the primary way that Windows software is distributed. Microsoft does not have a hand in any part of it; they can't cancel anything. Their only role is including the public CA in their root certificate store. If you're not shipping a kernel driver, you don't need Microsoft's permission for anything. You can still ship an .msix installer which is the same technology used by the Store.
I recently de-listed my app in the store and closed my Microsoft developer account. I was wrong for having bothered with it; just a waste of my time for no benefit. Stick to your own deployment.
It’s become neigh impossible to get your own code signing cert these days. The 2025 update from the CA forum required code signing certs to be short lived (no more three or five year certs) and stored exclusively on an HSM. As a result, most companies cross-signing these certs have moved to a subscription PaaS model where you are issued a cert but never receive custody of it, and perform signing via their APIs, and are at their mercy should they decide to block your account.
Anyway, even if you could get your own cert it would be same thing: MS could revoke or blacklist your indicate cert (though usually the grounds for doing so are much less shaky than your account being suspended for vague “tos violations”)
I was afraid of the HSM at first but for an open source developer (rather than a big company) I found it wasn't a big deal. I can't sign in GitHub Actions and I have a USB stick that lights up when I sign releases, but it hasn't been a blocker. I got mine from Sectigo Store. This isn't hypothetical, I really did it, I've got the HSM, it works. It wasn't difficult. It just cost some money and a little bit of time. "Nigh impossible" is a tremendous exaggeration. I'll concede "annoying and expensive" perhaps. If you've got the money, you can get the HSM. You don't have to re-buy the HSM when you renew your certificate.
The Microsoft Store account was painful to set up, I'll note. My developer account had also been cancelled by Microsoft for unknown reasons, and I ultimately had to set up a brand new one. New email, new name. My new account has my middle initial because I couldn't clash with the existing, closed account. My first and last name alone are banished forever from the store.
The "same thing", as you concede, isn't the same thing. Quantity has a quality of its own: one happens all the time and we're reading an article about it happening right now. In the comments there's another prominent maintainer who it happened to, and it happened to me personally! That's three right here! The other happens so infrequently that people in this same HN thread are complaining that it isn't happening enough. Can you find an example that's like Veracrypt and WireGuard? In practice, it seems they rarely do this, even when they should. You can actually view the list under "Manage computer certificates" > "Untrusted Certificates." On my computer the entire list is 20 certificates.
I'm standing by my suggestion, 100%. These aren't equivalent risks at all.
Thanks for sharing your experience. I have been code signing releases for over a decade as an indie publisher myself, until I found myself effectively iced out by the HSM requirement, the increased cost, and the shortened cert lifetimes, which, as someone with certain executive order dysfunctions, I already had a hard time being on top of with the old (multi-year) lifetimes.
I just migrated to MS artifact signing and, thank the lord, had an actually easier time getting verified than I did with the Sectigo and Comodo in the past. I’m sure I’m not representative of anyone else’s experience but having already had a developer account (with a different email and without an Azure account!) that I had already been using for the Microsoft Store might have helped, as well as the fact that I had a well-established business history (I’ve heard businesses younger than 3 years can’t get verified??), but reading all the comments here makes me very uneasy about the future.
It’s good to know the HSM route isn’t a complete non-starter. The main reason I panned it is that when I started looking into this I found that a number of companies that had previously offered the HSM route had done a bait and switch and were now keeping custody unless you were big enterprise (meaning willing to put up with 10k/yr fees). I did find a few that would allow OSS devs to sign their work, but read horror stories on Reddit and elsewhere about their freezing the account and issuing no refunds if you ask them to issue the cert in the name of your LLC or corporation instead of with your personal name (which I expressly did not want). Also, they actually were more expensive than Azure artifact signing even after the HSM cost was taken out.
I believe you. I also found that many CAs will not deal with a solo developer; that's real. But Sectigo continues to offer HSMs to solo developers. The link I used is [1], you buy the HSM along with your first certificate and they ship it to you. $300/year for the cert, $90 one-time for the HSM. That's not cheap but I think for specific developers looking for an escape from the store, it's a good price for freedom. The HSM is a USB stick with an LED on the back. The software is called "SafeNet Authentication Client" and it sets up the certificate access in your Windows Certificate Store so that signtool can use it. Prompts for the password every time (annoying).
For comparison, my code signing cert via Azure (no Microsoft store account required, can be used to self-publish binaries/installers the old fashion way) is $10/month, or about a third of the price Sectigo is charging you. I figured it was worth trying this route first, though I had to write my own basic tooling around it.
I must say your experience is interesting. I am using https://signmycode.com/sectigo-code-signing, but I have chosen Install on Existing Token (Google Cloud KMS), and it's quite easy for me to handle the stuff. I am not scared of key storage or security issue nor password protection or forget issue.
It doesn't require it, and neither does windows store. It centralizes control over apps. Apple leverage's its OS to create friction for installing apps from the web.
Microsoft and Apple uses their OS store to slowing take away control and ownership from device owners.
I have found that MS still blocks my signed and timestamped .msi files for at least a few days. From saving the downloads in Edge and then via Smartscreen once you get it downloaded.
If I submit it manually for every update it tends to go better. If more people download and install it whitelists faster. But that is highly annoying, orwellian bullshit. Might even be anti-competitive or downright illegal.
I see the same behavior with my MSIs. I've had better luck with my MSIXs. As much as I like being Store-free, I have a June 2025 release of an MSI-based app that still gets dinged by Edge and again by SmartScreen. A different MSIX-based app, with almost no users, gets dinged by Edge but not by SmartScreen. It's the same certificate. I can never be sure what other users are seeing, though.
tbh, I thought that I had built enough reputation on this particular MSI release, until testing it just now. Hate to see it :(
Thank you for that. Although it may be unlikely, I'd love to see a mass exodus away from their failed attempt to emulate all the worst aspects of appstores popularized in other platforms.
I grew up being able to download software and install it, and actually prefer that model (relying on reputational trust of the party publishing it, my own verification from other signals researched, or sandboxing techniques where appropriate).
Most users may not be aware, but a rare gem of a version of Windows that refreshingly doesn't even come with the store (or a bunch of the other unwanted bloat) is IoT Enterprise LTSC.
As a lifelong Windows user, the premise of Microsoft controlling what goes on my PC is revolting. I'm buying a tool from them, not a set of handcuffs. If it was some non-profit, open-source group running the store I might be more inclined to trust it. But ultimately the only gatekeeper on a product I own should be me. Otherwise I don't really own it, which leads to problems like this one.
Realistically speaking - anything could be a reason. A shakedown or blocking based on some "nudge" (this might come across as tin-foiled though). Some flag/trip-wires going wrong, more worryingly due to a bug/false alarm - and this is more worrying because in this case semi-incompetent large orgs like MSFT find it really hard to accept it, fix, and move on. Some change in OP's account that either they don't see or haven't realised - some edge case, you never know.
And of course, it doesn't affect their earnings and there are no consequence, or significant, so they won't care and won't respond or tell what went wrong.
Can one move legally? Sure. But then it effectively is a combo of who blinks first and who can hold their breath longer.
This is a concern and risk that has realised itself multiple times over the past decades. There have been multiple stories linked to multiple developers in the past.
If you publish to any closed platform including ios, mac, win, android, this is the risk you run and a condition of operating you will need to accept.
For open source user space programs, another option is to just not sign your software. Will annoy your users, some of which will annoy you in turn, but many are already trained to ignore the scary warnings Windows shows in that case and more will continue to be trained until more reasonable options exist.
There's more to it. Signed desktop software can be signed by any CA.
Veracrypt has kernel drivers. Microsoft's ability to control what you can sign is specific to kernel drivers, and Microsoft's trigger finger around bans exists in the world where bad drivers BSOD machines.
Speculation as well and highly unlikely. Microsoft drivers can very well BSOD your machine as well, not a significant or convincing threat scenario and certainly not something that lead to certificate revocation of driver developers. There is zero quality control or review by Microsoft here. Not for their own products and not for third party ones.
That's not entirely true. Certain classes of signing keys require driver developers to put their driver through a test battery and submit the results to Microsoft.
I wish Microsoft expanded and built on that model, instead of moves like firing swarthes of their QA staff.
It could have grown into a massive, self-service testing playground where any developer could submit their product and put it through an arsenal of basic, automated evaluations (e. does uninstall leave tidbits behind?), with paid upgrades to more tailored services. They could even publish scores to help consumers coarsely compare workmanship across different vendors, and encourage an emphasis on quality across the whole ecosystem.
Instead they decided to just become overpaid bouncers who take your money, check your ID, and don't even bother about what you bring through the door.
You just have to start living like they do in Russia and comply in advance. Don't do anything "interesting", no encryption, or if you do, make sure you leave breadcrumbs, scratch that, a bread trail for them to easily get access to customer data. An Oracle or Sharepoint integration maybe?
> ...it seems like they instituted an identity verification policy, didn't notify me about it, and then I guess they suspended accounts who didn't do the verification.
So, make sure you verify your account? Check spam folder regularly? Log in via web interface at least once a year?
reply