privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

🆕 Software Removal | Warrant canary section #1567

New Issue
Closed
opened 2019-12-04 21:08:30 +00:00 by Mikaela · 6 comments
Mikaela commented 2019-12-04 21:08:30 +00:00 (Migrated from github.com)
Copy Link

Description

Please refer to https://github.com/privacytoolsIO/privacytools.io/issues/74 for the previous discussion.

## Description Please refer to https://github.com/privacytoolsIO/privacytools.io/issues/74 for the previous discussion.
Mikaela commented 2019-12-04 21:35:46 +00:00 (Migrated from github.com)
Copy Link

Nameless comments from the team.

I dont want a warrant canary as making even a single fuck up ONCE will mean you will lose trust for ever

also I am not certain of this, because RiseUp did https://riseup.net/en/about-us/press/canary-statement and people are still trusting them and asking us why we don't list them

People who didnt hear about them trust them
Most who did hear about it dont

And once you start a warrant canary, you have to have 100% certainty that there is always someone willing to keep it updated
Look at spideroak for example
They stopped publishing warrant canaries because they claimed it was to much hassle
But as a affecr, everyone saw it as there warrant canary being triggered and that they we compromised by the feds
Considering how small our services are, i really believe the potentional shit hurricane ( not storm. But hurricane) is not worth it
if the FBI could compel you to publish a statement about why you are no longer hosting a warrant canary, they could also compel you to publish a warrant canary
both would be compelled speech
But yh, its not worth the risk
and if you were actually compromised you'd do neither, hence either they weren't compromised or warrant canaries are ineffective either way

Warrant canaries arent really battle tested though

Simultaneously we say:

A warrant canary is a posted document stating that an organization has not received any secret subpoenas during a specific period of time. If this document fails to be updated during the specified time then the user is to assume that the service has received such a subpoena and should stop using the service.

Thus the only solution I see is removing the section. The examples are also listing VPN providers that as far as I am aware of we aren't listing.

Nameless comments from the team. > I dont want a warrant canary as making even a single fuck up ONCE will mean you will lose trust for ever >> also I am not certain of this, because RiseUp did https://riseup.net/en/about-us/press/canary-statement and people are still trusting them and asking us why we don't list them >>> People who didnt hear about them trust them >>> Most who did hear about it dont > And once you start a warrant canary, you have to have 100% certainty that there is always someone willing to keep it updated > Look at spideroak for example > They stopped publishing warrant canaries because they claimed it was to much hassle > But as a affecr, everyone saw it as there warrant canary being triggered and that they we compromised by the feds > Considering how small our services are, i really believe the potentional shit hurricane ( not storm. But hurricane) is not worth it > if the FBI could compel you to publish a statement about why you are no longer hosting a warrant canary, they could also compel you to publish a warrant canary > both would be compelled speech > But yh, its not worth the risk > and if you were actually compromised you'd do neither, hence either they weren't compromised or warrant canaries are ineffective either way >> Warrant canaries arent really battle tested though * * * * * Simultaneously we say: > A warrant canary is a posted document stating that an organization has not received any secret subpoenas during a specific period of time. If this document fails to be updated during the specified time then the user is to assume that the service has received such a subpoena and should ***stop using the service.*** * https://www.privacytools.io/providers/#wc - emphasis mine ***Thus the only solution I see is removing the section.*** The examples are also listing VPN providers that as far as I am aware of we aren't listing.
Mikaela commented 2019-12-05 09:22:39 +00:00 (Migrated from github.com)
Copy Link

In 2016 the EFF announced it would no longer accept submissions of new canaries, nor monitor existing canaries. They explained that the project had run its course, that ample attention had been brought to canaries, and detailed warrant canary strengths and weaknesses they observed.[26] As of Q3 2019 canarywatch.org no longer exists.[27]

Was added to the team chat, however @blacklight447-ptio said something about wishing to expand the section instead soo I will leave that for them.

> In 2016 the EFF announced it would no longer accept submissions of new canaries, nor monitor existing canaries. They explained that the project had run its course, that ample attention had been brought to canaries, and detailed warrant canary strengths and weaknesses they observed.[26] As of Q3 2019 canarywatch.org no longer exists.[27] * https://en.wikipedia.org/wiki/Warrant_canary#Canary_Watch Was added to the team chat, however @blacklight447-ptio said something about wishing to expand the section instead soo I will leave that for them.
Mikaela commented 2019-12-25 08:49:41 +00:00 (Migrated from github.com)
Copy Link

Cloudflare appears to view this as their warrant canary, which has no update time, isn't PGP signed or anything.

kuva

Cloudflare appears to view this as their warrant canary, which has no update time, isn't PGP signed or anything. ![kuva](https://user-images.githubusercontent.com/831184/71439939-34f44e80-2704-11ea-9927-1bfd5bee0066.png) * https://www.cloudflare.com/transparency/
blacklight447 commented 2020-02-03 13:49:25 +00:00 (Migrated from github.com)
Copy Link

I think this issue can now be closed.

I think this issue can now be closed.
Mikaela commented 2020-02-04 13:31:29 +00:00 (Migrated from github.com)
Copy Link

@blacklight447-ptio so what is the final conclusion on the warrant canaries?

@blacklight447-ptio so what is the final conclusion on the warrant canaries?
blacklight447 commented 2020-02-04 16:17:09 +00:00 (Migrated from github.com)
Copy Link

That we won't be getting a warrant canary.

That we won't be getting a warrant canary.
👍 1
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
master
dependabot/bundler/nokogiri-1.13.6
dependabot/bundler/addressable-2.8.0
freddy-m-patch-3
pr-add_RemoveMyPhone_sponsor
pr-browser_cleanup_1257_1328_1430
freddy-m-patch-2
freddy-m-patch-1
pr-vpn_hated_one_video
cdn
update-nitrohorse-image
promote-metager-to-card
hardware
pr-add_azirevpn
pr-add_mailfence
shop
1673
pr/1658
i18n-simple
sponsorship-edits-nov2019
i18n
ipfs
blacklight447-ptio-patch-3
blog
remove-windows-icons
pr/1147
i18n-testing
add-beautify
Labels
Clear labels   
🔍🤖 Search Engines

   
approved

approved, waiting for a PR

  
dependencies

Pull requests that update a dependency file

  
duplicate

   
feedback wanted

   
high priority

   
I2P

The Invisible Internet Project (I2P)

  
iOS

   
low priority

   
OS

Operating Systems

  
Self-contained networks

   
Social media

   
stale

A label for stalebot if it gets added

  
streaming

Anything related to media streaming.

  
todo

   
Tor

Anything covering the Tor network

  
WIP

active work in progress, do not merge or PR (yet)!

  
wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

  
XMPP

Extensible Messaging and Presence Protocol

  
[m]

Matrix protocol

  
₿ cryptocurrency

   
ℹ️ help wanted

   
↔️ file sharing

   
⚙️ web extensions

Browser Extension related issues

  
enhancement

   
software removal

   
💬 discussion

   
🤖 Android

   
🐛 bug

   
💢 conflicting

   
📝 correction

Correction of content on the website

  
🆘 critical

   
📧 email

   
🔒 file encryption

   
📁 file storage

   
🦊 Firefox

Firefox & forks, about:config etc.

  
💻 hardware

   
🌐 hosting

   
🏠 housekeeping

Anything primarily related to site cleanup.

  
🔐 password managers

   
🧰 productivity tools

   
🔎 research required

   
🌐 Social News Aggregators

   
🆕 software suggestion

   
👥 team chat

   
🔒 VPN

Virtual Private Network

  
🌐 website issue

*Technical* issues with the website.

  
🚫 Windows

   
👁️ browsers

   
🖊️ digital notebooks

   
🗄️ DNS

Domain Name System

  
🗨️ instant messaging (im)

   
🇦🇶 translations

Anything covering a translated version of the site

No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
enhancement
software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#1567
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?