1. 9
  1.  

  2. 15

    Warrant canaries seem to be useless:

    • they’re built on a legally questionable premise

    • there’s no way to monitor them in bulk because no standard format exists

    • providers update them with meaningless frequency and discontinue them without any acknowledgement

    and the worst point: all those things train us to ignore them. If you accept the premise we’d be treating Talos as compromised, right now. That’s what a warrant canary expiring means. It doesn’t mean “ask (the federal agent) on Twitter if they’re going to sign a new canary”, it means “you now must assume this entity has been compromised because they took the time to build a system to tell you that and look they’re now using it”.

    Sadly it seems warrant canaries are a fail open system.

    1. 6

      They’re still somewhat useful. When riseup “forgot” to update theirs, everyone knew it was the FBI and bailed ship.

      1. 3

        Why isn’t everyone assuming the same thing is happening here?

        1. 1

          Occam’s Razor, I suppose (without having any knowledge on the matter).

          1. 7

            When Riseup’s canary expired HN was saying the same things:

            https://news.ycombinator.com/item?id=13007234

            The top comments from a techno wonk audience that would be likely to understand canaries were dismissive of the situation, even when Riseup posted suggestive tweets and stalled when asked about the canary.

            If Occam’s Razor points you to thinking that the expiry of a canary is anything other than signal, the channel is nothing but noise.

            1. 3

              Anybody who knows the state of infosec understands that they ought to be paranoid.

              Actually being paranoid is exhausting, so when it comes to the brass tacks, few people actually go to the hassle of being truly paranoid.

              1. 2

                Yeah. If someone goes through the effort of having a canary and it expires there’s no reason not to believe something happened without evidence.

          2. 1

            Agree. What good alternatives are there for riseup?

          3. 3

            Yes, it’s only my best guess about the company that says they aren’t. I can’t prove they’re not until they update it, which they haven’t so far.

            1. 3

              A machine-readable format would be pretty easy to create since there’s hardly any bikeshedding fodder (a true/false flag and a signature). I guess the real limiting factors are the other ones, and the first one is the biggest.

              1. 2

                You also have to include a not-created-before proof (not just a timestamp). This is canonically done by mentioning a newspaper headline, although you could also use lottery numbers and sports scores. Or hey, most recent Bitcoin hash, why not.

                1. 2

                  https://opentimestamps.org is good for this I believe.

            2. 1

              How implausible is it to assume that in the heady days when canaries where in vogue, a responsible person at a company set one up, and maybe went the extra mile to document how to renew it, and added processes for the renewal… and then either left the company or forgot or something else? That sounds like a good explanation for this particular case (maybe not for Riseup, who knows what happened there).

              This goes back to the fact that a warrant canary is a marketing tool, not a legal requirement. Companies have to perform audits etc, there are processes for that. A warrant canary is something to appease (a very small subset of) consumers. No-one will enforce it externally.