It's perhaps naive, but could he create a new organisation, like a "TotallyNotVeraCrypt" French loi 1901 association, at a different address, and create a new microsoft account by making sure it passes all the requirements.
Yeah but isn't the point of these certificates to express trust?
The point isn't (or: shouldn't be) to forcefully find your way through some back alley to make it look legit. It's to certify that the software is legit.
Trust goes both ways: we ought to trust Microsoft to act as a responsible CA. Obfuscating why they revoked trust (as is apparently the case) and leaving the phone ringing is hurting trust in MS as a CA and as an organization.
There are different types of trust, but at the very least with such a signature you can trust that the piece of software is really from Veracrypt and not from a malicious third party.
A signature is a signal, not an absolute. Although, to be fair, if Microsoft (or most other CAs) had done a better job, then that trust would have carried more weight than it does currently.
Trust isn't binary, it's a spectrum. A signature is a signal that should increase trustworthiness. Not the strongest signal, perhaps even a weak one, but it's not zero.
That's what VeraCrypt is, a fork of the original TrueCrypt after all drama, security doubts, and eventual discontinuation. It took a long time and two independent audits to establish trust in it.
I don’t like the AI writing style anymore. It’s very readable and it has great words, but it’s lacking imperfections. Like a raytraced 3D render of mathematically perfect shapes.
People forget that AI is trained on mediocre writing too, not everything a person writes is fire. Most of it is a mediocre, too long, and hard to understand; just like the outputs you get from LLMs.
It's ironically kinda less accessible in total, though. Because my browser lets me zoom in on a page almost infinitely, but I can only zoom out enough to make this text go from insanely-big to uncomfortably-large.
reply