The time has come for us to enhance the integrity of our blogs and increase transparency through digital signatures.
A Signed Statement Warrant Canary
While we have felt in the past that having a "dead man's switch" style warrant canary was sufficient to allay people's concerns about transparency, we have come to realize that the best solution is to both make digitally signed statements and in conjunction use the dead man's switch canary. This gives our user's the option of checking either for reassurance that our services have not been tampered with by any state-level actor.
My concerns in the past have been that I will forget to post one of our warrant canary signed statements and cause a needless panic. Upon reflection I have realized that the dead man's switch canary has the same shortcomings, and that I should simply commit to the maximum amount of transparency possible.
Digitally Signed Transparency Statements
When we post important developments to the Transparency blog, we will now digitally sign them with my customercare public PGP key. This is to enhance the validity of important statements that we make, and show that the statements are genuine, and not a forgery.
About Digitally Signed Statements
Here is a guide to PGP created by authors at the University of Pittsburgh: http://www.pitt.edu/~poole/PGP.htm
Below is what our digitally signed statements will look like on the site.
Typical posts will have a line at the end that looks like this:
Canary statements will have the full PGP text contained in them, and therefore won't need to link to other pages.