I wonder what event triggered them to add this. The mention of US Patriot Act is intriguing considering they're a French company (I thought the app was maintained by one Frenchman, but following the LinkedIn link on their website shows it's a company in Nancy, France). But I guess it's a copy-paste Warrant Canary.
«We have introduced a publicly signed warrant canary for Joplin.
A warrant canary is a regularly updated statement confirming that, as of the stated date, the project has not received secret legal orders, gag orders, or demands requiring the introduction of backdoors into the software or its infrastructure».
I never really understood warrant canaries. Wouldn't they be still vulnerable to rubber-hose cryptanalysis? An attacker could coerce you to continue updating your canary as if nothing had happened.
Yes, but usually something like that leaves other signs. If men with guns take away a lot of people in your company in theory other people will notice.
Assuming US, I think that the gov't can't actually compel speech from an entity e.g. force to keep signing the canary.
Warrant canaries are the way entities can circumvent the narrow case where the gov't actually can restrict your free speech, by creating a case where your lack of speak is telling. By this framework we can then come around again to the first point.
In the US you can legally be compelled to keep certain warrants a secret. They can not legally compel you to make a statement, even if the lack of a statement reveals a warrant's existence.
I wonder what event triggered them to add this. The mention of US Patriot Act is intriguing considering they're a French company (I thought the app was maintained by one Frenchman, but following the LinkedIn link on their website shows it's a company in Nancy, France). But I guess it's a copy-paste Warrant Canary.
«We have introduced a publicly signed warrant canary for Joplin.
A warrant canary is a regularly updated statement confirming that, as of the stated date, the project has not received secret legal orders, gag orders, or demands requiring the introduction of backdoors into the software or its infrastructure».
I never really understood warrant canaries. Wouldn't they be still vulnerable to rubber-hose cryptanalysis? An attacker could coerce you to continue updating your canary as if nothing had happened.
Yes, but usually something like that leaves other signs. If men with guns take away a lot of people in your company in theory other people will notice.
Assuming US, I think that the gov't can't actually compel speech from an entity e.g. force to keep signing the canary. Warrant canaries are the way entities can circumvent the narrow case where the gov't actually can restrict your free speech, by creating a case where your lack of speak is telling. By this framework we can then come around again to the first point.
The trick is they can just take over maintaining the canary themselves after black-bagging you.
But in general the idea works - in theory.
In the US you can legally be compelled to keep certain warrants a secret. They can not legally compel you to make a statement, even if the lack of a statement reveals a warrant's existence.