On Fri, 2015-10-23 at 11:16 +0000, Edward Ned Harvey (lopser) wrote: > > From: Ryan DeShone [mailto:[email protected]] > > > > As someone else has mentioned, the (untested) hypothesis behind the > > warrant canary is that while the government can prevent you from > > disclosing something, they cannot force you to lie. If the canary > > ever > > disappears (or isn't updated) it is supposed to be taken as a > > signal > > that they got a request and cannot disclose it. > > Yes, that's the point. The canary that just says "Everything's fine" > does *not* say that they haven't gotten a national security letter > (NSL) and would not change over time, even if they did. If you come > from the base assumption that they handed over Snowden data at the > same time LavaBit was imploding, the "Everything's fine" canary > doesn't even attempt to dispel that belief. >
The point isn't the message, it's the cryptographic signatures. The idea is, if those go away, or aren't updated, that is the signal that something has happened (like they got an NSL). This is the problem with the government having the power to compel a company to turn over information without being able to fight it or disclose it even to their lawyers, there isn't much the company can do about it, at least not legally. The real strength in SpiderOak is the fact that, unlike other services (such as Dropbox), they have no ability to access anything except your encrypted data. As long as you never use their web interface, they simply don't have the technical ability to turn over anything but encrypted blocks. If I'm going to use a cloud service, I'll take that over a company that can recover the unencrypted data any day. _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
