
Canary Watch, One Year Later - dwaxe
https://www.eff.org/deeplinks/2016/05/canary-watch-one-year-later
======
abraae
I speculate that the real reason they are canning the canary program is that
it was headed for extinction all by itself anyway.

Reddit's canary is gone, and they made it as clear as they legally can that it
was due to a National Security Letter.

Effectively the canary program lost one of its best assets and few people gave
a damn.

The flaw at the heart of the canary program is that it relied on public uproar
when a canary disappeared. In the absence of that, they will disappear one by
one - death by a thousand cuts - and then the program itself is dead.

EFF have seen the writing on the wall and pulled the plug before the program
was seen to be doomed anyway.

~~~
hammock
How hard is it to run a "canary watch" though? The overhead has to be pretty
low. Doesn't make a whole lot of sense to pull the plug.

~~~
Terribledactyl
I think the missing part is the public uproar. I remember the public reaction
to reddit's lost canary as, "ehh?"

~~~
tommyman
What was to be expected?

It makes reddit unusable for a lot of things (free & open communication being
one of them). If you have something important to say then you don't say it on
Reddit.

If you have cat pictures or want to talk about train sets then reddit.

------
joemi
I'm wondering if anyone's written a warrant canary best practices? I was
hoping the EFF post would have or link to such when it started mentioning that
"almost every canary is unique" and that makes it harder to track them.

~~~
rsync
EFF folks at canary watch have told me that they consider the rsync.net
warrant canary to be a best practice:

[https://www.rsync.net/resources/notices/canary.txt](https://www.rsync.net/resources/notices/canary.txt)

Plain text, easily parseable, cryptographically signed and dated, and date-
verifiable with news headlines.

Related: The rsync.net warrant canary is 10 years old in 2016.

------
kecks
I'm proposing we write a simple canary spec, for canaries that are both human
and machine readable. A format could be, for instance:

* canary.txt in the root of the site.

* Optional text introduction, describing the canary's purpose, the way rsync.com does.

* PGP signed message with expiration date; content optional.

* Replaced by either a 404 or a 451, the 451 for those who want to be more explicit and like to live dangerously.

You probably shouldn't state you're compliant with the spec if you implement
it.

.

I'm personally very willing to run a replacement canary watch, I'll see what I
can set up over the weekend. I'm thinking of writing it in PHP, so it's easy
to copy for others.

I'm thinking it'd be nice to couple it with a spider that automatically
indexes these canaries, and to also have captcha'd "add your own" option.

Could anyone point me to a guide to setting up a HN-proof PHP server?

~~~
retox
Replying to bookmark. Good idea I like it.

------
e12e
Reminds me of:

"She drove my computer, pulling the information she had into various
spreadsheets. She translated my muttered, vague ideas into charts.

“This is called data mining.” She said the last words in English.

“Which of us is the canary?” I said."

\-- the city and the city, China Mieville

As _hammock2_ mentions, it's hard to believe this requires much effort to keep
running -- if the lack of standardization is the issue, couldn't they rather
transition to supporting rsync-style (as mentioned by _rsync_ ) canaries only?
(Yes, that would reset a lot of canaries)

Third party monitoring does seem to add value to to canaries. One could
perhaps argue that it's a job for archive.org -- but seeing as this is all set
up, it seems like a shame to shuttle it.

------
nxzero
To me, it's still not clear if there is any legal basis for canaries via laws,
case laws, etc.

Anyone able to provide info on this?

~~~
fucking_tragedy
I'd love to see the same. I'm having a hard time understanding why signaling
that a gag order exists with the removal of a canary wouldn't violate the gag
order.

~~~
mirimir
Well, you could signal that by failing to _renew_ the canary on schedule. Once
there's a gag order, no signaling takes place. There's no "removal".

~~~
nxzero
Right, another name for a canary is a heartbeat, which are used in systems to
know if a system is still up:

[https://en.m.wikipedia.org/wiki/Heartbeat_(computing)](https://en.m.wikipedia.org/wiki/Heartbeat_\(computing\))

~~~
mirimir
Right, exactly. A heartbeat. And further, the signing key could be deleted
securely, so coercion or spoofing would be impossible. That, however, would be
an argumentally illegal action taken after the gag order. One could have an
anonymous third party responsible for that. But then they have much power. And
the signal to them would also be an argumentally illegal action taken after
the gag order.

------
barkbro
What I found interesting is that Pinterest likeley got one (or more) NSLs.
Correct me if I'm wrong, but I thought pinterest was a place where people
posted pictures of their food and house, not terror plans and execution
videos. I wonder if it was (mis)used for a different type of investigation or
if it was a matter of national security, assuming they got an NSL in the first
place.

------
syngrog66
does this standard exist? if not perhaps it could:

[http://foo.com/canary.txt](http://foo.com/canary.txt)

if becomes empty or 404, etc., then the viewer can assume canary is withdrawn

