Ah, that makes a lot of sense, then. The canary itself seems to contain three sets of signer sigs (Dawin, OpenBSD, and v1). That also explains the headline change.
Nice. On Thu, Oct 22, 2015 at 9:17 AM, Evan Pettrey <jepett...@gmail.com> wrote: > The article here has a fair explanation: > http://techcrunch.com/2014/08/14/spideroak-implements-a-warrant-canary/ > > "SpiderOak should have a full breakdown of their new canary setup on > their blog shortly <https://blog.spideroak.com/>, but here’s the gist: > every 6 months, they’ll re-publish this page > <https://spideroak.com/canary> with an “All clear!” message. Three PGP > signatures will sign the page for authenticity — so if someone wanted to > force SpiderOak to update the page, they’d have to get all three (remotely > located) signers to help." > > Based on the above information and the last post being August 2, 2015, > well within the 6-month time window, I'd say it's business as usual at > SpiderOak. > > On Thu, Oct 22, 2015 at 12:10 PM, Edward Ned Harvey (lopser) < > lop...@nedharvey.com> wrote: > >> For anyone who doesn't know, a warrant canary is when a company like >> Dropbox, etc, publishes their Transparency Report, indicating the number of >> times they've been subpoenaed for users' private information, and the >> number of times they've handed it over. If you publish statistics >> periodically saying "Zero national security letters" and then you stop >> saying that one day, people may infer what they will. It is based on the >> (untested) belief that while the government may demand you say nothing >> about a particular request, they cannot compel you to lie about it. >> >> >> >> There are lots of ways for it to break down - most notably - If the >> consequence of admitting you handed over information to the government were >> the destruction of your reputation as a security company and destruction of >> your business... How many business owners could find it in their hearts to >> just tell one eensy weensy little lie? Probably a lot. >> >> >> >> But that's not what I'm here to ask you all about. >> >> >> >> Supposedly, this is SpiderOak's canary: >> >> https://spideroak.com/canary >> >> >> >> Unlike everyone else' canary, which explicitly give you statistics >> >> https://www.dropbox.com/transparency >> >> https://blog.protonmail.ch/transparency-report/ >> >> https://canary.silentcircle.com/ >> >> >> >> Spideroak's canary doesn't seem to say anything. This what I'm asking you >> about: Are you able to read/interpret this differently from me? Am I >> missing something? >> >> >> >> I see "Everything's going smoothly so far" and I see a headline from New >> York Times, to validate the date, and PGP signatures. But "Everything's >> going smoothly so far" is meaningless. This is not a canary - or it's a >> dead canary. >> >> _______________________________________________ >> Tech mailing list >> Tech@lists.lopsa.org >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> >> > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > >
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
