It would not surprise me if these actions are coming at the requests of governments. Strong encryption is one of the few things that challenges their monopoly on information; they have a very strong incentive to apply political pressure to the maintainers of these projects to, well, stop maintaining the projects. We've seen this in overt actions that the EU takes; in more covert actions that the U.S. government is suspected of taking; and in the news headlines about third-world dictatorships that just shut off the Internet. Tech companies are perhaps the most convenient leverage point for these actions.
More regulation won't help here, because the regulation-maker is itself the hostile party.
What would help is full control over the supply chain. Hardware that you own, free and open-source operating systems where no single person is the bottleneck to distribution, and free software that again has no single person who is a failure point and no way to control its distribution.
VLayer (my project) scans healthcare codebases for HIPAA compliance issues before they reach production. One thing I learned building it: developers rarely think about encryption until it's too late. Tools like VeraCrypt solve the "data at rest" problem, but the bigger issue in healthcare software is unencrypted data in logs and API responses — stuff that's much harder to audit manually.
So like, TSMC, but syndicalist?
>More regulation won't help here, because the regulation-maker is itself the hostile party.
It's easy to paint the big gov as bad, but this is a case where unfortunately the populace seems to be in agreement with the big bad gov. While most US citizens support encryption, 76% or so, the vast majority 63% also favor government "backdoor" access for national security reasons.
I guess either we believe in democracy or we don't. It could be said that if Veracrypt isn't/can't be backdoor'd, perhaps the gov is simply implementing the will of the people :( via Microsoft.
Tyranny of majority is a thing. It's something mature democracies are aware of and have the ability to defend against.
We're in an interesting spot here and the tension is tangible.
What does democracy have to do with electronic encryption? Democracy existed before computers.
There are legitimate reasons for governments to intercept information, with the correct oversight -- enforced legally in an "checks and balances" manner. The fact that there is a breakdown of trust between government and people won't be solved with more encryption.
A core tenet of Truecrypt + Veracrypt (developer guarantee) has always been no backdoors, even if requested by government.
If in a democratic society, the majority agrees that government should have backdoors (with the correct oversight). Then it follows that Veracrypt should be illegal as its use is not in alignment with the will of the majority.
I personally don't agree with the majority here but can you fault the logic?