I am not a lawyer but I know it is a legal gray zone. If the government wants information they can drain the financial resources of a non profit or individual very fast. Governments are operating on nearly limitless monetary resources. It also does not stop seizures of equipment or documents. That means the canary could be displayed on a site and the owners / operators might not be able to take it down especially if they are being held in contempt. To be taken seriously a canary would have to be updated frequently or it is nearly meaningless.
Canaries also require trust and transparency. Automation is quite common amongst developers. A canary being updated could be automation. Signing can be automated. They might assume that if something is wrong they will be able to stop the automation. This may not be the case. It may be worth noting a judge in the USA can hold someone in contempt for a civil case indefinitely and up to 6 months for a criminal case. That is plenty of time for end-users of a site to be monitored, investigated and prosecuted.
If I were trying to manage such a thing then I would have to create a highly distributed site with signals a government could not easily tamper with and people around the world associated with the non profile could update such as Tor .onion sites, i2p links and the like. This would require friends of the site stay in continuous contact. This could potentially cause more problems for the people not operating from the shadows. The site owner would have to be able to deny any knowledge of the people updating or removing the Tor/I2P links. This also assumes interested parties are even monitoring these links. This would require incredible discipline and opsec, something most people just do not have time for. Yes I am arguing against my own idea.
Bender|2 days ago
Canaries also require trust and transparency. Automation is quite common amongst developers. A canary being updated could be automation. Signing can be automated. They might assume that if something is wrong they will be able to stop the automation. This may not be the case. It may be worth noting a judge in the USA can hold someone in contempt for a civil case indefinitely and up to 6 months for a criminal case. That is plenty of time for end-users of a site to be monitored, investigated and prosecuted.
If I were trying to manage such a thing then I would have to create a highly distributed site with signals a government could not easily tamper with and people around the world associated with the non profile could update such as Tor .onion sites, i2p links and the like. This would require friends of the site stay in continuous contact. This could potentially cause more problems for the people not operating from the shadows. The site owner would have to be able to deny any knowledge of the people updating or removing the Tor/I2P links. This also assumes interested parties are even monitoring these links. This would require incredible discipline and opsec, something most people just do not have time for. Yes I am arguing against my own idea.
Jerrrrrrrry|2 days ago
Continuity, watchdogs, canaries, spook alarms, Deadman PGP switches, even offensive counter-LEO apparatuses.
Jerrrrrrrry|2 days ago
You can not be compelled to work for free, but you can if you have ever received meaningful compensation.