888 sats \ 6 replies \ @anon 8 Mar \ on: Stacker Saloon
@k00b @ek have you thought of adding a warrant canary of some kind to the site that you could use if you were ever approached by who knows in some capacity about something that the users might want to know about but you were gagged, that you could then not renew as a signaling mechanism?
You could bury it in the Legal page as a paragraph and then not update should something transpire?
reply
reply
reply
Like a warrant tamagotchi.
reply
reply
Mhh, maybe we can regularly sign something that expires fast enough (a certificate basically) and link to it in the legal page? And when we're approached, it automatically expires and is not renewed. The additional benefit is that only the holder of the private key can renew it.
But that would mean we rely on users being able to verify signatures. Key rotation is simply the first thing that came into my mind when thinking about warrant canaries. But I would think anyone who cares about warrant canaries can be expected to know how to use
gpg --verify
?Turns out the first commercial use of a warrant canary also used a digital signature:
The first commercial use of a warrant canary was by the US cloud storage provider rsync.net, which began publishing its canary in 2006. In addition to a digital signature, it provides a recent news headline as proof that the warrant canary was recently posted as well as mirroring the posting internationally.