https://surfshark.com/warrant-canary
"As of January 20, 2022 Surfshark has received:
0 National Security letters;
0 Gag orders;
0 Warrants from a government organization."
At least it doesn't say "0 Confidential Agreements with Third-Parties"
Lots of people are grabbing VPNs this Black Friday / Cyber Monday. Many potential buyers flock to avenues such as StackSocial where they are served Lifetime VPN deals. VPN-Secure is one such VPN offering a lifetime deal: https://stacksocial.com/sales/vpn-secure-online-privacy-subscriptions
Be warned, DO NOT use this VPN service. Their warrant canary has tripped, meaning that they have been trying to warn their users that they are under a gag order. This is how their warrant canary looked when it was live: https://web.archive.org/web/20181212185629/https://www.vpnsecure.me/files/canary.txt
Notice how it states "If there is no statement, please proceed with caution". The link https://www.vpnsecure.me/files/canary.txt is now dead - meaning the canary has tripped and that VPN-Secure is compromised.
Kudos to the VPN-Secure team for having a warrant canary in place and doing everything in their power to alert their users!
From Wikipedia:
>AΒ warrant canaryΒ is a method by which aΒ communications service providerΒ aims to inform its users that the provider has been served with a governmentΒ subpoenaΒ despite legal prohibitions on revealing the existence of the subpoena. The warrant canary typically informs users that there hasΒ notΒ been a court-issued subpoena as of a particular date. If the canary is not updated for the period specified by the host or if the warning is removed, users are to assume that the host has been served with such a subpoena. The intention is for a provider to warn users of the existence of a subpoena passively while possibly "technically" not violating a court order not to do so.
https://en.wikipedia.org/wiki/Warrant_canary
The rigged system legally prevents Gamestop from being able to explicitly tell investors to direct register their shares but technically cannot stop them from telling investors how many shares are directly registered with ComputerShare.
Brilliant!
https://cock.li/transparency/warrant-canary.txt
>From 2017 to 29 October, 2021, cock.li has not received (...)
>
>This canary should be updated on the first of every month, but due to laziness could be delayed by up to a week. (...)
How about delayed by over a month? Just sayin...
For those who don't know, a warrant canary, in the simplest terms, is an attempted circumvention of a gag order by refusing to answer a question instead of just saying "no".
A gag order is a legal order that prevents someone from making a statement about a warrant or something similar.
Example:
Someone: Did you ever receive a gag order?
An honest person: β
or
A person who's too afraid of possible legal consequences: No.
Lbry is supposed to update the warrant canary page every 3 months and should Lbry receive a gag order, stop updating it forever. However, there are at least 4 problems that I can see, most of which I found on the Wikipedia page:
- A gag order could potentially force Lbry to keep updating the canary
- A law could already exist that makes warrant canaries illegal, as it does in some countries like Australia
- Say, Lbry stopped updating its canary. What then? Reddit stopped updating its canary in 2016 (Apple is another example) and we know what it means, yet we're here, on Reddit. What did it change? Did you even know about it?
- The warrant canary page doesn't say that, should the circumstances arise, it's safe for Lbry to stop updating it (by the way, the update is 20 days overdue)
Hello everyone.
I am trying to research the current WC's and all related news on what Tutanota is doing in handing over use data - sometimes en masse to various AGECNCIES before I continue referring people.
We all know there is always ongoing battles, requests, and policy changes on both sides, if anyone can update me, I would really appreciate it.
Barry
Baiscally the title.
Providers who also operates in the EU such as Protonvpn and IVPN do have both.
Today I tried to verify the VeraCrypt Warrant Canary (https://www.idrix.fr/VeraCrypt/canary.txt) using the VeraCrypt PGP Public Key (https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc) and Kleopatra said "The signature is invalid: Bad signature".
Have I done anything wrong or is there something going on?
If I remember correctly, a few years ago the website had one. Now it is nowhere to be found.
What is the reason for this?
Are warrant canaries still considered a reliable thing?
Edit: Here is the answer, thanks to nitrohorse:
"I think since last discussion around end of 2019 between core team members, the majority was not in favor of maintaining a warrant canary."
Introduced in 2017 the warrant canary was always published and updated on the About Us page.
Today my check has failed and seems like the text is gone from the About Us page, but still updated in the blog post.
Are there any updates / changes I possibly missed? The old blog posts still points to the About Us page.
edit: Canary was updated and pass certification:
I am the admin of dark.fail (@DarkDotFail).
I am in control of my PGP key.
I will update this canary within 14 days.
Today is 2020-09-21.
Latest bitcoin block hash:
0000000000000000000b2ce3527acf8ebb9f0f03131509699e1758dcada4f9e1
gpg: Signature made Mon Sep 21 03:08:33 2020 UTC
gpg: using RSA key 7D6D036C2ED1E8ECA3133B5D65C82325B01972C5
gpg: using pgp trust model
gpg: Good signature from "DarkDotFail <hello@dark.fail>" [full]
gpg: textmode signature, digest algorithm SHA256, key algorithm rsa4096
Dark.fail has not signed a new canary. The old canary is now past due for a renewal.
Should we be concerned?
https://dark.fail/canary.txt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I am the admin of dark.fail (@DarkDotFail).
I am in control of my PGP key.
I will update this canary within 14 days.
Today is 2020-09-04.
Latest bitcoin block hash:
00000000000000000004be7afc0c8a882dbe5b7920e0fd85eb279f354979fdf5
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfW0DbC7R6OyjEztdZcgjJbAZcsUFAl9SW6wACgkQZcgjJbAZ
csWPwxAAw+a2rKhCWaedLEyTnN4PA7HiK33CbTVNltwUm6lHLuJndqlPtkl4SdyH
rpq8hIpfwcKEm/wge9JC3B9DT96C0O9zAy5vJk0V4ywNm3pMmK9UlO8sRwEHLzQ5
hwRBP5nBARiVsAonTnVnERimrfGjSAPjEIxc5Iy8f+4O81SNoJ258O6maKWFgtmP
iuIfAbf9H29LPhWGjg22/RL+V+L7+nFXkED60dRh555BEXAsme6JuAygm78faNyL
1PsOB8iqaAsiW38NZRboWMN2tYzkWQrby+nOFDwYn9u3RsofPdb9lDiVQXBEgLc/
1A6xatLjd3vgbZ3rqhSS1XhwXeuc257DzS/s2IGe6UR2EWt2x0Hw/mceSv4MdQQh
C17v671cRwQRrfp/HXYsAHDwTjerfIu3kfsE875QHorMDe8Dh37lLhHIfkhJe2xm
3guBjyX4xLWFKTa4869QxTy0lgeyaTMAFUMvBLcAGZpnlDOTpLUKzwWGd84T5OhA
+Nv4p0pUZiJiKmn5slTHysn1UL8Do741m2AguRo6Cm64bmrvDGIdX3tNnCoiHxw2
mTtE1W5z7fnIrYuq0RIv+FqFEdHUk8Nue9RjaiN9a11Im+g29yJmEBPMiHv6sBw1
kNzmLvns+TlHehA5GJS89PNWlmEVVeWWWdeBLCb47yWtbudquDY=
=IcU6
-----END PGP SIGNATURE-----Suppose you have a sign in your business's window that says "we have not been served any warrants or subpoenas" (a 'warrant canary') and you take it down when you have. Apparently this can be taken as violating the terms of the subpoena, because it is a type of action- actively doing something to reveal the information. However, if you have a little sidebar in your weekly newsletter that says "as of X date we have not been served a subpoena" with a recent news headline to prove it couldn't have been printed before that date, then as long as you haven't been served a subpoena it's perfectly legal to print that, and once you have you can stop, as it's been ruled the government can't compel false speech. In particular because lying to your customers about not having received a warrant/subpoena might break other laws, so they'd have to not only compel false speech but compel illegal speech. Is this a correct understanding?
I noticed the new warrant canary on the SRA website is missing the usual beginning/end/list item about the PGP key. It always says "Special note should be taken ... if this list of statements changes without plausible explanation", so I found this somewhat concerning. I don't know much about PGP signingβis this any cause for alarm?
Did a search and the only post is from a year ago. Would it make sense for WSB to put together a warrant canary page? When the shit finally hits the fan anyone deposed will be gag ordered as a matter of strategy...
Thanks for all of the great questions, Reddit! We're signing off for now (5:53pm ET), but please keep the conversation going.
Last week, a so-called βwarrant canaryβ in Redditβs 2014 transparency report -- affirming that the company had never received a national securityβrelated request for user information -- disappeared from its 2015 report. What might have happened? What does it mean? And what can we do now?
A bit about us: More than a decade ago, Nick Merrill, who ran a small Internet-access and consulting business, received a secretive demand for customer information from the FBI. Nick came to the ACLU for help, and together we fought in court to strike down parts of the NSL statute as unconstitutional β twice. Nick was the first person to challenge an NSL and the first person to be fully released from the NSL's gag order.
Click here for background and some analysis of the case of Redditβs warrant canary.
Click here for a discussion of the Nick Merrill case.
Proof that we are who we say we are:
ACLU: https://twitter.com/ACLU/status/717045384103780355
Nick Merrill: https://twitter.com/nickcalyx/status/717050088401584133
Brett Max Kaufman: https://twitter.com/brettmaxkaufman
Alex Abdo: https://twitter.com/AlexanderAbdo/status/717048658924019712
Neema Singh Guliani: https://twitter.com/neemaguliani
Patrick Toomey: https://twitter.com/PatrickCToomey/status/717067564443115521
What do you think the legal position on something like these would be in the UK?
https://en.wikipedia.org/wiki/Warrant_canary
It's basically used as a way for service providers to alert users about the existence of a secret court order even if there are gagged from telling people about it. It's never been tested in court but the idea comes from the assumption there is a fundmanetal difference between preventing speech, and legally compelling someone to make a speech. Basically the provider will routinely issue a statement that they have not received any court orders. If they suddenly stop making that statement, users can infer they have received an order without the provider explicitly telling anyone. The provider would argue that they are complying with the order not to say anything, but they cannot be compelled by law to issue a false statement. However some legal experts say it would still count as revealing the existence of the secret order. What do people think?
Purism offers one (granted they're in the US) but it would be good to have more transparency from ProtonMail about how many court orders they receive and what percent they comply with.
I spose the new website is pretty minimal, so was just wondering if anyone knew if the canary being gone was intentional or not?
Last I knew, it was unsigned, unverifiable, and only updated quarterly. Has there been any progress with this?
Addendum: Whatever personal conflicts the leadership of SRA Inc. feel that I may be mired in aside, this post was legitimately made out of concern for the continued safety and security of those involved with the SRA. I hope this issue can be addressed promptly.
Addendum Redux: The issue does not appear to be fully resolved, but it seems it is being looked into.
https://www.reddit.com/r/Buttcoin/comments/7k3wwj/worker_at_bitfinex_removed_warrant_canaries_from/
Kindly check the logo of their website.
https://en.m.wikipedia.org/wiki/Warrant_canary
A warrant canary is a method by which a communications service provider aims to inform its users that the provider has been served with a government subpoena despite legal prohibitions on revealing the existence of the subpoena.
The warrant canary typically informs users that there has not been a court-issued subpoena as of a particular date. If the canary is not updated for the period specified by the host or if the warning is removed, users are to assume that the host has been served with such a subpoena. The intention is for a provider to warn users of the existence of a subpoena passively while possibly "technically" not violating a court order not to do so.
If there is any sort of actual investigation with gag orders, this would be a good way for the mods to stay protected while still informing users.
Reddit as a website used to have one. While there is the good probability any investigation will go over the mods and straight to Reddit admin, hopefully they would let WSS know.
https://www.reuters.com/article/us-usa-cyber-reddit/reddit-deletes-surveillance-warrant-canary-in-transparency-report-idUSKCN0WX2YF
Are any of you using and regularly updating a warrant canary?
