Comment by tsujamin
7 hours ago
For what it’s worth, Trusted Signing verification has been a moving target over the last 12 months. It was open for individuals, then it was closed to anyone except (iirc) US businesses with DUNS numbers, then it opened again to US based individuals (and a few other countries perhaps).
My completely uninformed guess was that someone had done something naughty with Trusted Signing-issued code signing certificates.
Anyway, when I first saw the VeraCrypt thing this morning my initial reaction was “I wonder if this is them pushing developers onto trusted signing the hard way?”
I don't know anything about Trusted Signing verification, but I do know from reports on 'mini umbrella company fraud' that if you're a fraudster, there are people in the Philippines who will happily sign their name to western countries' official paperwork in exchange for $2000 or so. Understandably, as that's more than the country's median annual income.
So I can see why offering trusted signing for individuals worldwide would come with certain challenges.
I'm in Europe and ended up creating an organization since I have my own company, but they messed up the verification of one of the legitimate documents, and there was no way to reach them once they made that mistake. Frustrating, and definitely a lost customer for them.