32·
3 days agoRemoved by mod
BusKill
- 41 Posts
- 8 Comments
Joined 10 months ago
Cake day: May 6th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
3·3 days agoThanks. Fixed it :)
Thanks bot, but PeerTube is better ;)
I’ll add this to the top next time, thanks.
What is a Warrant Canary?
The BusKill team publishes cryptographically signed warrant canaries on a biannual basis.
Although security is one of our top priorities, we might not be able to inform you of of a breach if served with a State-issued, secret subpoena (gag order).
The purpose of publishing these canary statements is to indicate to our users the integrity of our systems.
For more information about BusKill canaries, see:
You might want to include a short explanation for community members who aren’t familiar with warrant canaries
Thank you for the feedback. The second line of this post contains the text:
For more information about BusKill canaries, see:
That link explains everything. Are you suggesting that we copy and paste the contents of that link into the post directly? Or maybe just the first 3 sentences?
It was asking whether some change has taken place; some cause for alarm.
If you want a very, very quick way to glance at the canary and determine this, see the
Statuson the first line of the signed message. In this case, it saysStatus: All good
And I think #3 and #4 below that explain the canary clearly. We took this format from best-practice standards of other warrant canaries to be both human- and machine-readable.
-
We positively confirm, to the best of our knowledge, that the integrity of our systems are sound: all our infrastructure is in our control, we have not been compromised or suffered a data breach, we have not disclosed any private keys, we have not introduced any backdoors, and we have not been forced to modify our system to allow access or information leakage to a third party in any way.
-
We plan to publish the next of these canary statements before the Expiry date listed above. Special note should be taken if no new canary is published by that time or if the list of statements changes without plausible explanation.
Is there any other changes that you recommend we make to the signed message to make it clearer that this is a “good” canary?
-
Sorry, I don’t agree with this.
Warrant canaries are most noteworthy when they’re not published. The only way to know that it’s not published is to – publish it. Widely. And routinely. We publish our warrant canaries twice per year.
This canary expires 2025-06-30. If you don’t see a new canary published by that date, then you should be concerned.
You do a diff of this canary and our last canaries here:
21·2 months agoThe signature proves that the message has the property of authenticity – that is, anyone with our public key (which is published publicly) can prove (with math) that only someone with the private key (which is kept very well-protected and only I have access-to) was able to sign the enclosed message.
How can you prove that I’m not lying? That’s a social problem. It’s not solved by technology; it’s solved with reputation.
I think I’ve demonstrated my commitment to my community, but ultimately you have to decide if you trust me.
- Sorry, I don’t understand your question. It’s a warrant canary. Can you please be more specific?
- This one has a magnetic breakaway in the middle. We sell it for convenience – to make this tool more accessible to folks with little time or technical literacy (eg journalists, whistleblowers, etc)
Yes, you can make your own cable. We have instructions for this in our documentation:
https://docs.buskill.in/buskill-app/en/stable/hardware_dev/bom.html
It means we can authentically say that we have not been served an NSL to install backdoors into our software or hardware. Here’s two historical examples of this happening:
- https://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_order
- https://en.wikipedia.org/wiki/Doe_v._Gonzales
A warrant canary is a mechanism to let our users know that we may have been served an NSL and forced to install backdoors into our software or hardware.
Removed by mod