What Is a Warrant Canary, and Does It Really Work?


    A canary in a cage.
    Hermansyah28/Shutterstock.com

    When shopping for a VPN, you may have run into a feature called a warrant canary. Touted as extra protection against government surveillance, you may have wondered what it is and whether it’s useful.

    What Is a Warrant Canary?

    Some providers of privacy-focused services like VPNs have a warrant canary on their websites. A warranty canary is a way for a service to quietly send a signal that it has been served with a warrant for information about its users. For example, if people are using a VPN for torrenting and it shows the signal, that’s a sign the VPN may have been forced to report information about their users’ peer-to-peer activity.

    The name comes from the canary British coal miners used to bring with them into the pits to detect carbon monoxide. As birds are a lot more susceptible to the gas than humans are, if the canary showed signs of distress—or the poor creature died—the miners knew they had to get out of the mine before they themselves would succumb to the odorless gas. Smithsonian Magazine has a full history of the phenomenon.

    The term “canary in a coalmine” has become synonymous with warning systems and the term is widely used in all kinds of situations. Digital services like secure cloud storage provider SpiderOak have one, for example, and Cloudflare states that one was used in a public library in Vermont. In the case of VPNs, the now-defunct VikingVPN seems to have been the first service to have offered it, though it seems a little hard to pin down for sure.

    How a Warrant Canary Works

    There are multiple variants of the warrant canary. At its most basic, it’s a sign—digital or otherwise—that states something along the lines of “we’ve not been served any warrants.” If the sign is there, you know the coast is clear. If, however, the sign has been removed, you know a warrant or some other kind of information request has been served—like a gag order or national security letter.

    You’ll probably note that the warrant canary isn’t specific in who got served or why: You just know the canary died, not what killed it. Just like in the mines, you’re supposed to simply run. This is because most of these types of orders make it very clear that you’re not supposed to tell the subject of the warrant that it’s been served. A more general warning like removing a sign skirts that rule.

    Informing the subject of a warrant usually means stiff penalties for the service in question and apparently some orders come with the added instruction not to trip a warrant canary or anything similar. Australia even went so far as to outlaw them completely.

    Warrant Canaries and Transparency Reports

    That’s how warrant canaries work. However, you’ll rarely see an old-fashioned warrant canary anymore. Most VPNs and other services will usually have some kind of report on their website that states whether they have been served or not. They’re often still called a warrant canary, though the term “transparency report” is popping up more and more often.

    One good example of a page like that is Surfshark, which comes right out and tells you how many warrants and the like it has received. Perfect Privacy does much the same. In each case, the page is regularly updated so you know when the company has been served and whether you need to rethink what you’ve been doing while using the VPN.

    How Useful Is a Warrant Canary?

    As useful as a warrant canary may seem, though, especially for people using a VPN to cover activities that may be illegal in some jurisdictions (like torrenting,) there are some questions to raise about how useful they really are. The old-fashioned kind of warrant canary, which simply tells you something may have happened but you don’t know what, seems mainly a great way to cause anxiety attacks.

    The new versions don’t seem that much better. Sure, it’s good to know a company has been served and with what, but as long as you don’t know what it is, it just causes more anxiety. Are they after evidence that proves people have been torrenting some TV show, chasing down a Snowden-type whistleblower, or just trying to find some dude who has been harassing women online? You don’t know, and you’ll likely never find out.

    Added to that is another issue: if you’ve been using a no-log VPN, there should be precious little to hand over in the first place. In a way, it shouldn’t matter that a warrant was served. As long as the VPN is doing its job, a warrant shouldn’t provide any useful information—or at least not too much of it.

    A final issue is that transparency reports aren’t always updated every time a warrant is served. Perfect Privacy only updates once a month, for example. Also, there’s also the simple fact that some of these orders expressly don’t allow warrant canaries to be tripped.

    Though it’s a good sign that authorities don’t like warrant canaries and other forms of transparency—they wouldn’t bother with shutting them down if they didn’t do anything—what they really add for users is doubtful. As an extra safeguard they may come in handy, but we wouldn’t let our choice of the best VPN depend on whether or not they offer a warrant canary.





    Source link

    Previous articleGood luck getting a Raspberry Pi any time soon, unless you’re buying in bulk
    Next articleBest CPU coolers for Intel Core i5-12600K in 2022