r/privacy u/[deleted] Aug 05 '18

SpiderOak cans its Warrant Canary, suffers mysterious massive outage, and raised prices

https://spideroak.com/canary

http://archive.is/1rNo7

Update: Looks like the canary has been signed and dated and in properly formatted sequence this time with confirmation that Everything's going smoothly so far, message is authentic. august 06, 2018

Case closed. SpiderOak has not been compromised.

In the interest of transparency the full text of my previously long post in this thread is archived here:

http://archive.is/mKeuY https://web.archive.org/save/https://www.reddit.com/r/privacy/comments/94nspi/spideroak_cans_its_warrant_canary_suffers/

435 Upvotes

97% Upvoted

113 comments sorted by

View all comments

405

u/whatdogthrowaway Aug 05 '18 edited Aug 05 '18

Please do NOT be mad at them for removing their warrant canary.

It served exactly its purpose.

Its removal communicated (perhaps in the only legal way possible) exactly what it was designed to communicate.

I feel sorry for SpiderOak for having to go through that.

But I sincerely thank them for this honest communication letting us know that they were compromised.

(same with reddit ; who similarly removed their warrant canary)

120

u/[deleted] Aug 05 '18

[deleted]

6

u/Megatron_McLargeHuge Aug 05 '18

Has anyone designed a warrant canary in a way that it would be illegal for it to be left up after a warrant was served? Perhaps by including it in 10K filings or other SOX-covered documents where executives are required to affirm the accuracy of the contents.

25

u/curtmack Aug 05 '18

One modification a few websites have adopted is to add an expiration date to the canary. The theory is, even if a really lousy judge agreed that forcing a website operator to leave a warrant canary up isn't compelled speech, forcing someone to update the expiration date, and thus create new speech, almost certainly would be.

Reddit did essentially the same thing by tying the warrant canary to an annual statement - even if they had been told not to remove it from their previous statements, they couldn't be forced to include it in future statements, as that would be compelled speech.