

Rsync.net Warrant Canary - jcsalterego
http://www.rsync.net/resources/notices/canary.txt

======
callahad
Rsync.net is a fantastically awesome service. Check out their FAQ:

 _Will you support my use of X ?_

 _Yes. If you are using X with an rsync.net filesystem, we will support and
troubleshoot your use of it, regardless of how complex or esoteric that usage
or application is. All such support will be handled by a real live Unix
engineer, and will never be dealt with by a ticket system, autoresponder, or
first level / junior "technician"._

 _Really ?!_

 _Yes. We are not just providing offsite filesystems, we are providing
complete, end to end, personal customer support._

I can't even get that level of support ("real live Unix engineer") at my
current workplace when things go pear-shaped.

~~~
boundlessdreamz
How well will this scale? Isn't this setting the expectations too high and if
the company grows well this promise might be difficult to adhere to.

~~~
icey
I used to host with johncompanies.com (started by the same group or person),
and support was always excellent with them as well. I didn't have to use it
often, but whenever I did it was a fantastic experience.

It seems like they've got a pretty good idea about what things cost them and
can scale by charging the right price for their business. I think they'll do
fine.

------
dexen
Looks like a pretty decent law hack to me; they are going to comply with the
warrant and just not update a particular file anymore.

Still, I assume a skilled lawyer would be able to convince a judge that the
net effect is that users _effectively_ obtain information about rsync.net
being served a warrant quite closely around some specific date, and thus the
service broke the law anyway (assuming secret warrants are lawful in the first
place).

~~~
sachinag
This is no different than libraries having a sign up that says "The FBI has
not been here" and taking it down after they have (second sign):
<http://www.librarian.net/technicality.html>

My understanding is that most observers believe that the sign is legal.

~~~
edfgtyhuj
It was used almost a century ago in England to warn drivers about speed traps.

"It originated at the start of the last century as drivers started to run foul
of police speed traps in which officers used a stopwatch to calculate whether
or not a car was going too fast. Even then it was illegal to warn motorists
about speed traps, but the AA advised its members to stop if a patrolman
failed to salute, and the driver would then be given information about "road
conditions" ahead."

------
melito
When I saw this on the front page I assumed a warrant had been served.

~~~
jcsalterego
Guess they should have called it a warrant-free canary, huh.

------
iigs
While I admire the spirit of this, unfortunately I believe it's of limited
use: Once word gets out that these guys are LEA "unfriendly", it will start to
attract the kinds of people that get LEA attention, and then they'll have to
respond to a court order / subpoena / warrant / lawful intercept, and it's all
over.

Large ISPs routinely get subpoena requests all the time (i.e. they have teams
that do only that). I think rsync.net is setting themselves up for a lot of
undesired press when they finally have to do it.

~~~
lsc
/Large ISPs routinely get subpoena requests all the time/

sure, but I don't think they are secret very often.

------
alain94040
Funny...

But it probably wouldn't work anyway. If a judge agrees that there is a need
for a secret warrant, it's serious enough (aka national security) that the
judge will tell you to continue doing business as usual, including posting
your weekly canary.

There is no harm to you of posting an incorrect warrant canary and if that's
the only objection you have, the judge will be happy to give you immunity on
that point.

If you refuse to do so, expect to be held in contempt or similar coercion
technique.

Bottom line: it doesn't work. Too bad.

------
bcl
Looks good.

gpg: Signature made Mon Jul 13 08:44:56 2009 PDT using DSA key ID 7D6F806C
gpg: Good signature from "rsync.net <info@rsync.net>"

~~~
mjgoins
You realize that unless you have a trust path via keys that you've signed
(preferably by meeting the people holding them) that that verification isn't
verifying much, right?

It's pretty easy to create a key that has that key id (since it's only the
last few hex digits of the full 40 digit fingerprint) and the user id is
freeform.

If you don't believe it's easy to pick your own key id, check the keyservers
for the number of keys with DEADBEEF as their key id ;)

~~~
bcl
yes. And if I were a customer of theirs I'd work to obtain a more trusted copy
of their key. But, FYI, I've had this copy of their key in my keyring for
several years, I didn't just pull it off their website today.

------
pronoiac
Heh. This is likely based on similar technically legal signs:
<http://www.librarian.net/technicality.html>

This has been around around a year:
[http://www.reddit.com/r/programming/comments/2ygi6/warrant_c...](http://www.reddit.com/r/programming/comments/2ygi6/warrant_canary_circumventing_secret_isp_warrants)

Edit: HTML. Another edit: reddit.

------
lanaer
Kind of amusing, but dubious legality.

This is better: <http://rsync.net/products/encrypted.html>

------
luckyland
Here's where the warrant will first be served:

[http://maps.google.com/maps?f=q&source=s_q&hl=en&...](http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=255+G+Street+%23597+San+Diego,+CA&sll=37.0625,-95.677068&sspn=64.153332,69.960938&ie=UTF8&ll=32.712534,-117.162334&spn=0.008495,0.00854&t=h&z=17&iwloc=A&layer=c&cbll=32.712533,-117.162448&panoid=9yxfjRw3Wvkozp89sj1Rhg&cbp=12,182.07,,0,10.65)

------
reconbot
Couldn't the fbi just use their upstream provider?

~~~
pert
<http://www.rsync.net/resources/faq.html#2>

------
forsaken
Nobody has pointed out how easily the "news story" of today could be faked and
updated. It's a simple script that would be able to read google news, pick out
a random story, and throw it in the PGP signed message. How can that not be
automated?

~~~
enneff
If the signing can be done without a human providing the key/passphrase, then
the whole thing is worth nothing anyway.

------
defen
> In opening remarks, a Democratic senator emphasized Judge Sonia Sotomayor's
> upbringing, while a Republican senator expressed concerns about activism on
> the bench.

I don't know, that probably could have been written a week ago. Should we be
worried?

:-P

~~~
jsteele
> I don't know, that probably could have been written a > week ago.

No, it couldn't have, unless you have a time machine and a friend on the NYT's
national desk, because it was in the Times today, not last week:
[http://lmgtfy.com/?q=In+opening+remarks%2C+a+Democratic+sena...](http://lmgtfy.com/?q=In+opening+remarks%2C+a+Democratic+senator+emphasized+Judge+Sonia+Sotomayor%27s+upbringing%2C+while+a+Republican+senator+expressed+concerns+about+activism+on+the+bench).

~~~
defen
It was a joke - my point was that anyone who pays attention to politics would
have known that the Democrats would emphasize her upbringing, and Republicans
would express concerns about judicial activism.

~~~
benatkin
That reminds me of a podcast by The Economist called "The Week Ahead", where
each Friday they try to guess what the major news stories in the next week
will be.

I agree with you that they could have found a story that would have been
harder to guess.

[http://video.economist.com/index.jsp?fr_chl=157a3251a697e23e...](http://video.economist.com/index.jsp?fr_chl=157a3251a697e23eab5b3766efed94162aedc245&rf=podcast)

~~~
jsteele
I hate to belabor the point, and I'm pretty sure you get it anyway, but it's
not the general subject or tone of the story that matters, it's the exact
wording, which would be very hard to guess, especially for longer excerpts.
It's not a matter of finding a "story" that's hard to guess, it's a matter of
finding exact wording. I'll guess there's going to be some kind of trouble
with the space shuttle next week, but that doesn't help defeat rsync.net's
scheme.

~~~
benatkin
Now that I've read your reply and took another look at the article, I wonder
what I was thinking when I suggested it could be guessed!

Putting an actual quote in there makes it very secure.

