Removed by mod

Removed by mod

Thanks. Fixed it :)

I’ll add this to the top next time, thanks.

What is a Warrant Canary?

The BusKill team publishes cryptographically signed warrant canaries on a biannual basis.

Although security is one of our top priorities, we might not be able to inform you of of a breach if served with a State-issued, secret subpoena (gag order).

The purpose of publishing these canary statements is to indicate to our users the integrity of our systems.

For more information about BusKill canaries, see:

• https://buskill.in/canary

You might want to include a short explanation for community members who aren’t familiar with warrant canaries

Thank you for the feedback. The second line of this post contains the text:

For more information about BusKill canaries, see:

• https://buskill.in/canary

That link explains everything. Are you suggesting that we copy and paste the contents of that link into the post directly? Or maybe just the first 3 sentences?

It was asking whether some change has taken place; some cause for alarm.

If you want a very, very quick way to glance at the canary and determine this, see the Status on the first line of the signed message. In this case, it says

Status: All good

And I think #3 and #4 below that explain the canary clearly. We took this format from best-practice standards of other warrant canaries to be both human- and machine-readable.

3. We positively confirm, to the best of our knowledge, that the integrity of our systems are sound: all our infrastructure is in our control, we have not been compromised or suffered a data breach, we have not disclosed any private keys, we have not introduced any backdoors, and we have not been forced to modify our system to allow access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the Expiry date listed above. Special note should be taken if no new canary is published by that time or if the list of statements changes without plausible explanation.

Is there any other changes that you recommend we make to the signed message to make it clearer that this is a “good” canary?

Sorry, I don’t agree with this.

Warrant canaries are most noteworthy when they’re not published. The only way to know that it’s not published is to – publish it. Widely. And routinely. We publish our warrant canaries twice per year.

This canary expires 2025-06-30. If you don’t see a new canary published by that date, then you should be concerned.

You do a diff of this canary and our last canaries here:

• https://www.buskill.in/category/Canary/

The signature proves that the message has the property of authenticity – that is, anyone with our public key (which is published publicly) can prove (with math) that only someone with the private key (which is kept very well-protected and only I have access-to) was able to sign the enclosed message.

How can you prove that I’m not lying? That’s a social problem. It’s not solved by technology; it’s solved with reputation.

I think I’ve demonstrated my commitment to my community, but ultimately you have to decide if you trust me.

1. Sorry, I don’t understand your question. It’s a warrant canary. Can you please be more specific?
2. This one has a magnetic breakaway in the middle. We sell it for convenience – to make this tool more accessible to folks with little time or technical literacy (eg journalists, whistleblowers, etc)

Yes, you can make your own cable. We have instructions for this in our documentation:

https://docs.buskill.in/buskill-app/en/stable/hardware_dev/bom.html

It means we can authentically say that we have not been served an NSL to install backdoors into our software or hardware. Here’s two historical examples of this happening:

1. https://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_order
2. https://en.wikipedia.org/wiki/Doe_v._Gonzales

A warrant canary is a mechanism to let our users know that we may have been served an NSL and forced to install backdoors into our software or hardware.