Updates to Transparency - Digital Signatures - Dual Warrant Canaries

The time has come for us to enhance the integrity of our blogs and increase transparency through digital signatures.

A Signed Statement Warrant Canary

While we have felt in the past that having a "dead man's switch" style warrant canary was sufficient to allay people's concerns about transparency, we have come to realize that the best solution is to both make digitally signed statements and in conjunction use the dead man's switch canary. This gives our user's the option of checking either for reassurance that our services have not been tampered with by any state-level actor.

My concerns in the past have been that I will forget to post one of our warrant canary signed statements and cause a needless panic. Upon reflection I have realized that the dead man's switch canary has the same shortcomings, and that I should simply commit to the maximum amount of transparency possible.

Digitally Signed Transparency Statements

When we post important developments to the Transparency blog, we will now digitally sign them with my customercare public PGP key. This is to enhance the validity of important statements that we make, and show that the statements are genuine, and not a forgery.

About Digitally Signed Statements

Here is a guide to PGP created by authors at the University of Pittsburgh: http://www.pitt.edu/~poole/PGP.htm

Below is what our digitally signed statements will look like on the site.

Typical posts will have a line at the end that looks like this:

This post is digitally signed, you can see the full text and signature here. You can get the customercare public key here or on the MIT PGP Key Server.

Canary statements will have the full PGP text contained in them, and therefore won't need to link to other pages.

< last
next >