Warrant canaries don't seem to work very well :(

Discussion in 'privacy technology' started by mirimir, Sep 5, 2018.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I've been researching warrant canaries. And overall, they don't seem all that useful. The EFF ended its Canary Watch in May 2016, after a year, because "there is no way to know for certain whether a canary change is a true indicator". By the end, they knew of ~100 warrant canaries (followed or submitted). But let's look at the evidence.

    There have been warrant canary lapses for both BolehVPN and VikingVPN. BolehVPN blamed database problems, and VikingVPN blamed circumstances. But whatever, both were restored.

    Reddit, Silent Circle and SpiderOak switched from warrant canary to transparency report. But of course, gag orders would prevent mentioning investigations in transparency reports. So perhaps these examples demonstrate that warrant canaries can work. Or maybe the changes were proactive business decisions.

    ProtonVPN has a "Transparency Report & Warrant Canary" which is defined rather backwards: "This warrant canary is updated whenever a new legally binding request is received, or about to be received if we have advanced warning." That's silly, because gag orders would prevent mentioning covered investigations.

    After a two month lapse, Riseup updated its warrant canary, but changed the definition to exclude "minor things" like targeted investigations, and only "major thing" that affect all users. I see the point, but it's sad that investigations with gag orders are too common for broad warrant canaries to be useful.

    Anyway, please share comments and other examples.
     
    Last edited: Sep 5, 2018
  2. The Radius Kid

    The Radius Kid Registered Member

    Joined:
    Feb 27, 2018
    Posts:
    25
    Location:
    Canada
    You sometimes wonder who's running some of these VPN's?
    I get the feeling that some of them are run by three letter agencies.
    Call it a hunch.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Well, there are lots of VPNs. So I wouldn't be at all surprised if some were run by TLAs.

    But that's one reason why I recommend using nested VPN chains :)
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    There is rational skepticism and irrational paranoia. I have to facepalm every time I read this sort of nonsense, and it's used for basically "every company I don't like".

    You had massive leaks with Snowden showcasing exactly how powerful the NSA is in regards to exploits, backdoors, wipe taps, etc. Not once did you hear about them "being behind a company". I wonder why? Maybe because they have no use for such a massive expense when they have a treasure trove of exploits to take advantage of?

    Step outside for a while.
     
  5. The Radius Kid

    The Radius Kid Registered Member

    Joined:
    Feb 27, 2018
    Posts:
    25
    Location:
    Canada
    Uh,what are you rambling on about?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.