On Thu, Oct 22, 2015 at 1:32 PM, Edward Ned Harvey (lopser) < lop...@nedharvey.com> wrote:
> > From: Evan Pettrey [mailto:jepett...@gmail.com] > > > > "SpiderOak should have a full breakdown of their new canary setup on > their > > blog shortly, but here’s the gist: every 6 months, they’ll > re-publish this > > page with an “All clear!” message. Three PGP signatures will sign the > page for > > authenticity — so if someone wanted to force SpiderOak to update the > page, > > they’d have to get all three (remotely located) signers to help." > > So, yes, they're posting "Everything's going smoothly so far." every six > months. But that's my point - that's not enough. > > If the government were forcing you to hand over zillions of documents, you > would still say "Everything's going smoothly." The way a warrant canary is > supposed to be setup is exactly like protonmail. > > Ahh, here's a little more information. Look at both pages: > https://canarywatch.org/protonmail > https://canarywatch.org/spideroak > > Protonmail's canary page type is described as "Transparency, Govt. > requests" while Spideroak's is described as "Standalone." > > By saying "5 requests to access user data, 0 requests were granted" people > know what that means. It's not just "Everything's going smoothly. > I have no knowledge of their situation but perhaps their line of thinking was that by being intentionally vague they would be able to better position themselves to stop chirping if there was an issue by being able to deny what the message means? I really have no idea, just throwing it out there. Are you raising this concern for any specific reason or something you just came across and wanted to offer your two cents about?
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
