courtesy @voodooKobra...

Privacy Seppuku

Let's say that you are an American whom produce software that respects user's privacy. And one day, the FBI comes knocking armed with a National Security Letter (NSL) and demands your signing key so they can distribute malware to your users, pretending to be you. There is no legal defense you can mount, they covered their bases....

At first I thought this canary would be THE solution but while writing this post I realized it is not.

First let me tell you why canaries in transparency reports are useless.
I regularly hear people saying stuff like "They can force you to shut up but they can't force you to lie!". I think this assumption is false no matter what is actually written in those secret laws. I could get into lengthy detail why I think so but lets just face the more obvious fact that secret services never ever gave a rotten damn about laws anyways. If they want to force you to lie they will force you to lie. If necessary with simple blackmail.

This is why the most widely applied warrant canary is useless. Contrary to popular believe it is very easy for the NSA or any other agency to force you to keep your "We have to this date never been subjected to a National Security Latter blah blah" in your daily/weekly/monthly/yearly transparency report. There is no plausible way to get rid of it as they will make extra sure you won't just "forget" to add it. Removing the canary will thus always lead to you being punished with whatever they were threatening you. So you must be willing to face legal charges or even personally sacrifice yourself to make this canary work.


Now why is the new canary also flawed?
The above suggested canary seems to have a chance to solve this predicament if played out very carefully. They might punish you anyways (if they blackmailed you) but chances are they just shout at you for being "an idiot" letting those keys got stolen. Now you just throw the towel and everything is ok? Maybe... if you are lucky!

Depending on the size of your project/company, the service/product/software you offer, how cruelly they blackmail you, how important your business/project is to their operations and how much you rely on your own business/project yourself...

• ... what keeps them from forcing you to issue new keys and proceed as if nothing happend for the same reasons they initially forced you to shut up and lie? People like us wouldn't trust those keys but we all know that the other 90% of users would, especially if they paid for the product/service. If obvious security flaws would hurtle users away from a company/product/service Sony, WhatsApp, and tons of other stuff wouldn't be here anymore.
  
• ... what keeps them from booting you out and running the service by themselves. (Honeypot) This works especially well with stuff where the people running everything are known to the agents but anonymous to the crowd. (TrueCrypt anyone?)
  
• ... are you willing/able to give up your only source of income for the wellbeing of other? (If yes: You are a hero to me!)

So in conclusion this warrant canary is just an improvement to the old one but by far no "silver bullet" to National Security Letters and secret service blackmailing you. It makes things more complicated for them and often forces them to tread on "unlawful" terrain which is indeed good because it makes their operations more expensive and time consuming which results in them being forced to focus on fewer targets. But there are many factors that can lead to you just postponing the inevitable. So we still need to find workarounds that help people in the above described situations.

"So you must be willing to face legal charges or even personally sacrifice yourself to make this canary work."


That's the whole point.


The Canary, from our (users) point of view, is to say "We will throw ourselves on a grenade rather than give in." Activism. It's not a legal watermark, and nobody thought it was - as far as I know.

I seem to recall another post complaining in some regards about a competitor named FrootVPN "leaking"? their keys and then going on as if nothing happened..
One as ignorant as I might be willing to believe they were forced to continue operating and the LEA involved simply forced anyone threatening them with legal charges
to drop their case by privately taking the attorney involved aside and showing them the error of their ways... who then told their client off with a well-
polished excuse that revealed nothing. The court, in the meantime, never is served papers regarding the case, as the LEA intercepts them. Game Over.
Privacy Seppuku via Key Leakage doesn't work, in my opinion. Furthermore, as another user touched on..

Personally sacrificing your only source of revenue and opening yourself up to possible litigation when your company collapses beneath you,
is a big claim that few people, least of all you, who, as lately i have been told, include among your members some quite shady individuals,
can substantiate. It puts the responsibility to act or do not act squarely on the shoulders of your conscience, just like your bootstrapped
privacy claim, amounting to no real substantiated proof you can act as you claim you might. You are asking me to trust your humanity.

I trust it only as far as I can throw it. Citizens! Cryptostorm is not a replacement for managing your privacy and security with the assumption
that your traffic is being inspected and traced, all the way to your bathroom door, by scurrilous surreptitious agents of all kinds.
Practice Safe Computing at all times.Mitigate efforts to fingerprint your systems, keep a backup image on hand at all times, and
avoid using any one node consistently. Your privacy and security demand it.