First off I have no standing here, and I am nobody. I am a customer of Silent Circle though. (or so I claim)
I am sure that StavrosK is well known by the community and it is my fault that I dont know his connection with SilentCircle. His profile points to stavros at stochastic dot io.
But more importantly HackerNews is not a very secure platform.
We have no real way of knowing StavrosK is StavrosK, or if ThinkBeat is the same ThinkBeat as last week. Using Hackernews or any social media as a platform to "override" a warrant canary is ill advised. In fact I think it makes matters worse.
Properly signed messages through the announced channel is the way to go.
Yep, this is definitely true. The only way to get this resolved is to update the canary. I can prove I work there, but it's irrelevant.
I also want to note that I didn't try to override anything, dang helpfully tried to temporarily hide this post to avoid causing a panic while we get this resolved, but that doesn't change the fact that this is still a problem we need to resolve.
Lets say there was a good reason for the canary not being updated.
I the FBI or whichever law enforcement agency was involved in the process noticed that updates were missing, (or saw it because it was pointed out on a well trafficked website)
Could the law enforcement agency then compel the employees to post a note that it was just a mistake and it will be rectified soon? And then have them update it?
Since not updating it when asked would equal disclosing that the event had taken place, which under certain laws might be illegal?
Or, since Silent Circle partakes of extremely misleading marketing and claims you can make encrypted calls all over the world, LE can just go tap the VoIP providers they use. Legally, or, since almost all VoIP is unencrypted, just by tapping Ethernet. Seriously, go read the press release for the BlackPhone and tell me you'd trust their CEO at all. Even Mr Zimmerman admits the entire business relies on LE not coming into their office with guns.
The US security researcher Moxie Marlinspike states that "every lawyer we've spoken to has confirmed that [a warrant canary] would not work" for the TextSecure server.
The main worry for TextSecure is that Google upon receiving a NSL will send you a targeted update for the TS client and GAPPS framework that sends all your msgs to a three letter agency before being encrypted and sent as usual. So Google would need a canary for the play store
Reading this canary has me worried, it doesn't actually say that "no warrants have been served, nor have any searches or seizures taken place", it only says that a declaration stating that will be provided.
Compare this to rsync's (http://www.rsync.net/resources/notices/canary.txt), which this seems to have been based off of. It explicitly states "No warrants have ever been served to rsync.net, or rsync.net principals or employees. No searches or seizures of any kind have ever been performed on rsync.net assets, including:..."
The entire purpose of a canary is to get manually updated. Automating it would defeat the purpose. If the person (or people, but you'd want to keep them as few as possible) was sick, unavailable, etc, it obviously wouldn't get updated.
A canary also fails open by design. There's no way for the canary to fail on the side of getting your data compromised. If we forget to update it, you should just be more cautious, until we update it again (if we do).
That's pointless. It's like allowing an alarm to ring without cause. Next time it rings the canary won't be trusted until you personally vouch for the fact that it wasn't an accident, and if that's the new channel the canary has lost its value.
False alarms are lethal for something as important as this.
I'd like to see a cryptographically signed assertion on this forum that says that the company has not been compromised by a foreign government entity, that you have not been served by an NSL from the US or similar from another country, and that Silent Circle "simply" forgot to update.
I don't care for all this "I'm 99% sure" and "blah bah bah."
Make an affirmative assertion, and back it up, please.
Does the US Patriot Act even apply to them anymore? They moved to Switzerland this year. Still, they should probably look into doing the same kind of thing for Swiss laws.
If the warrant canary is out of date, though, I wonder if they moved to Switzerland because the US government tried to get to them, and it wasn't just a forward-thinking action.
The purpose of the canary is to provide the issuer with a way of saying "I am no longer trustworthy". Since the canary has not been updated, nothing that can be said in favor of Silent Circle should be trusted. When the canary is again updated, it will be Silent Circle saying "I can be trusted again" (subject to the limitations about coercion as described in the canary message).
For now, do not trust that Silent Circle has not been compromised despite anything you may read in this thread. When the canary is updated, then you may return to the state that you had before: you can speculate that they are being coerced into lying about the canary, or that they are trustworthy. That choice is an has always been yours to make.
I disagree that the state post a future update of the canary is equal to the state before it failed. New canary, same as the old does not apply, the alarm has rung, it can't be 'un-rung'.
It seems to me that a warrant canary being updated after public notice is the most definitive proof we have that Silent Circle hasn't been served with an NSL.
If the NSL had the ability to force an update, the canary would have been updated before anyone noticed it was a problem. If the NSL didn't have the ability to force an update, the canary would still remain un-updated.
As long as it's a false alarm, we'll demote this story.
Edit: Ok, we restored it with a question mark. That's a more balanced way to handle these; I just forgot about it.
Edit 2: Now that I think about it, there's no need for a question mark on a factual statement. Sorry—I'm a little distracted right now! (We can change "is" to "was" if they update it, but someone will have to let us know.)
I'm going to detach this subthread now so it can go to the bottom as off-topic.
I'm pretty tired of sensationalist NSA stories here on HN, as well, but I think you're really wrong here.
First of all, it is a factual post, nothing sensationalist.
Second, it is obviously on topic (warrant canaries and their failure modes have been discussed here several times, and usually very civilly).
Third, just because "some guy" tells you "hey, everything is fine" doesn't make it true. You just declared that you're satisfied with the explanation, which I can understand, but demoting the story means that you don't believe that someone can rationally think otherwise. That's unfair, IMO.
Fourth, if you're posting a warrant canary and fail to update it, you deserve the suspicion and discussion. That's kind of the whole point. So: working as designed. :-)
Maybe I'm paranoid. But if is an NSL he obviously couldn't say anything.
If really nothing happened the answer should have been shit i'll update it straight away.
Everything else would completely defeat the purpose of the canary.
Edit: the only thing i'll accept here is an explanation signed with the same PGP key
As long as that hasn't happened something happened. Period.
[+] [-] ThinkBeat|11 years ago|reply
I am sure that StavrosK is well known by the community and it is my fault that I dont know his connection with SilentCircle. His profile points to stavros at stochastic dot io.
But more importantly HackerNews is not a very secure platform.
We have no real way of knowing StavrosK is StavrosK, or if ThinkBeat is the same ThinkBeat as last week. Using Hackernews or any social media as a platform to "override" a warrant canary is ill advised. In fact I think it makes matters worse.
Properly signed messages through the announced channel is the way to go.
[+] [-] StavrosK|11 years ago|reply
I also want to note that I didn't try to override anything, dang helpfully tried to temporarily hide this post to avoid causing a panic while we get this resolved, but that doesn't change the fact that this is still a problem we need to resolve.
[+] [-] ThinkBeat|11 years ago|reply
Lets say there was a good reason for the canary not being updated.
I the FBI or whichever law enforcement agency was involved in the process noticed that updates were missing, (or saw it because it was pointed out on a well trafficked website)
Could the law enforcement agency then compel the employees to post a note that it was just a mistake and it will be rectified soon? And then have them update it?
Since not updating it when asked would equal disclosing that the event had taken place, which under certain laws might be illegal?
This hurts my head.
[+] [-] MichaelGG|11 years ago|reply
[+] [-] late2part|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] read|11 years ago|reply
From http://en.wikipedia.org/wiki/Warrant_canary
The US security researcher Moxie Marlinspike states that "every lawyer we've spoken to has confirmed that [a warrant canary] would not work" for the TextSecure server.
Direct link: https://github.com/WhisperSystems/whispersystems.org/issues/...
[+] [-] pakled_engineer|11 years ago|reply
[+] [-] wnevets|11 years ago|reply
[+] [-] gpm|11 years ago|reply
Compare this to rsync's (http://www.rsync.net/resources/notices/canary.txt), which this seems to have been based off of. It explicitly states "No warrants have ever been served to rsync.net, or rsync.net principals or employees. No searches or seizures of any kind have ever been performed on rsync.net assets, including:..."
[+] [-] StavrosK|11 years ago|reply
[+] [-] spacefight|11 years ago|reply
If they failed their own canary - how could you believe them in terms of their warant canaray setup ever again? Not so much at all, I'd say.
[+] [-] StavrosK|11 years ago|reply
A canary also fails open by design. There's no way for the canary to fail on the side of getting your data compromised. If we forget to update it, you should just be more cautious, until we update it again (if we do).
[+] [-] spacefight|11 years ago|reply
https://canary.silentcircle.com/
[+] [-] StavrosK|11 years ago|reply
[+] [-] jacquesm|11 years ago|reply
False alarms are lethal for something as important as this.
Sorry...
[+] [-] late2part|11 years ago|reply
I don't care for all this "I'm 99% sure" and "blah bah bah."
Make an affirmative assertion, and back it up, please.
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] higherpurpose|11 years ago|reply
https://blog.silentcircle.com/our-move-to-switzerland/
If the warrant canary is out of date, though, I wonder if they moved to Switzerland because the US government tried to get to them, and it wasn't just a forward-thinking action.
[+] [-] toyg|11 years ago|reply
[+] [-] CGamesPlay|11 years ago|reply
For now, do not trust that Silent Circle has not been compromised despite anything you may read in this thread. When the canary is updated, then you may return to the state that you had before: you can speculate that they are being coerced into lying about the canary, or that they are trustworthy. That choice is an has always been yours to make.
[+] [-] jacquesm|11 years ago|reply
[+] [-] StavrosK|11 years ago|reply
[+] [-] subleq|11 years ago|reply
[+] [-] shalmanese|11 years ago|reply
If the NSL had the ability to force an update, the canary would have been updated before anyone noticed it was a problem. If the NSL didn't have the ability to force an update, the canary would still remain un-updated.
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] raverbashing|11 years ago|reply
So it's up again?
[+] [-] tedivm|11 years ago|reply
That or they were forced to by law enforcement due to all of the attention this was getting. Turns out warrant canaries are mostly useless.
[+] [-] astrojams|11 years ago|reply
[+] [-] CSMastermind|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] sarciszewski|11 years ago|reply
[+] [-] spacefight|11 years ago|reply
$> whois 199.217.106.243
http://myip.ms/view/ip_addresses/3352914432/199.217.106.0_19...
Edit: Typo law enforcement.
[+] [-] StavrosK|11 years ago|reply
[+] [-] dang|11 years ago|reply
Edit: Ok, we restored it with a question mark. That's a more balanced way to handle these; I just forgot about it.
Edit 2: Now that I think about it, there's no need for a question mark on a factual statement. Sorry—I'm a little distracted right now! (We can change "is" to "was" if they update it, but someone will have to let us know.)
I'm going to detach this subthread now so it can go to the bottom as off-topic.
[+] [-] Tomte|11 years ago|reply
First of all, it is a factual post, nothing sensationalist.
Second, it is obviously on topic (warrant canaries and their failure modes have been discussed here several times, and usually very civilly).
Third, just because "some guy" tells you "hey, everything is fine" doesn't make it true. You just declared that you're satisfied with the explanation, which I can understand, but demoting the story means that you don't believe that someone can rationally think otherwise. That's unfair, IMO.
Fourth, if you're posting a warrant canary and fail to update it, you deserve the suspicion and discussion. That's kind of the whole point. So: working as designed. :-)
[+] [-] jacquesm|11 years ago|reply
[+] [-] spacefight|11 years ago|reply
The sole issue of a warrant canary is to either feed it weekly (their own decision) or retire it.
Not feeding the updates weekly means something... telling everyone false alarm doesn't make me happy.
[+] [-] lawl|11 years ago|reply
Everything else would completely defeat the purpose of the canary.
Edit: the only thing i'll accept here is an explanation signed with the same PGP key As long as that hasn't happened something happened. Period.
[+] [-] unknown|11 years ago|reply
[deleted]