This project has moved. For the latest updates, please go here.

An important suggestion about the Warrant Canary

Topics: Feature Requests
Dec 21, 2015 at 7:58 AM
Edited Dec 21, 2015 at 8:06 AM
Hi, first of all let me congratulate you for such an amazing piece of software. I wanted to tell you about this issue for quite some time now, and finally got around to it:

Would you consider adding the WC here?

Your tool is by far the best one out there in its category, so it can't hurt to have as many eyes and safeguards as possible...

These are some useful links:
And this one is mandatory reading: (I guess you already have, but better safe than sorry)
Warrant Canary Frequently Asked Questions | Electronic Frontier Foundation

Of course, I'm nos asking that you change the way you publish your wc, just that you consider if it would be better to add this resource to your software releases. I don't know, in my modest opinion, it would be a good strategy to leverage every resource at our disposal.

Ok, peace out and keep it up Mounir, you freaking rock man!

Edit: I forgot to add this link, just to add some perspective and prospect :[
Coordinator
Dec 25, 2015 at 1:50 PM
Hi,

Thank you for your kind words and for sharing these inputs on the warrant canary approach.

I have sent an email to canarywatch to request the addition of VeraCrypt warrant canary to their database. I'll let you know if I receive any response from them.

The AutoCanary tool is indeed helpful but I personally prefer the manual approach for such operation. As for the legal aspects, it has always been difficult to evaluate the risks linked to the use of warrant canaries but at least now on Australia it is no more a risk but a real problem!

Anyway, the main objective is to keep users informed about any potential pressures or intrusions but some entities that may jeopardize the integrity of the software, so if in the future such event happen and at the same time there is a law that forbids reporting it, then I would simply stop working on the project which always be legal! (forced labor doesn't exist any more...).
Dec 25, 2015 at 4:37 PM
idrassi wrote:
... then I would simply stop working on the project which always be legal! (forced labor doesn't exist any more...).
I would like to check the correctness of this statement in about 5 years :)
Dec 25, 2015 at 8:20 PM
Great news man, I'm confident that they will soon add it to the site. They know far better than I do that this is the best known alternative to persistent memory encryption. I'm not saying this to give you empty compliments: talking about Microsoft, Apple, et al., their track record (both in policy and software implementation) one should NOT trust their solutions, at all. Those of us that are paying close attention to the current state of affairs, closed sourced solutions are not an option any more.

Only ever evolving, open source, readily audit-able software is the only viable starting point when deploying this technology. Given the fact that Advanced Persistent Threats only get nastier and implementation bugs are legion and ever-present, the safest approach is to rule out everything that we can that conspires to good Cryptographic Theory and best practices.

If I may (and I hope you don't mind) I would implore you that you focus the most resources (which I know are really scarce and even more under-appreciated) in keeping up with security bugs and encryption/cryptanalysis developments. Eye candy, platform support, GUI, etc. are by far lesser concerns.

Anyway, just my two cents, Marry Christmas and a happy New Year to you and your loved ones, from Argentina!

Many around the world do not loose sight (and will never forget) that people like yourself are fighting the good fight, giving back some power to the people, to every day law abiding citizens who give a damn about their privacy, and you are doing everything out of the goodness of your heart and pouring your intellect to this daunting task. You are one of the few that give the overwhelming majority who can't afford expensive solutions, a fighting chance to reassert our inalienable human rights.

You are a democracy equalizer! I salute you for that and forever for your amazing work.
Dec 26, 2015 at 5:07 AM
GenghisKhan wrote:
........
Great news man, I'm confident that they will soon add it to the site. They know far better than I do that this is the best known alternative to persistent memory encryption. I'm not saying this to give you empty compliments: talking about Microsoft, Apple, et al., their track record (both in policy and software implementation) one should NOT trust their solutions, at all. Those of us that are paying close attention to the current state of affairs, closed sourced solutions are not an option any more.

Many around the world do not loose sight (and will never forget) that people like yourself are fighting the good fight, giving back some power to the people, to every day law abiding citizens who give a damn about their privacy, and you are doing everything out of the goodness of your heart and pouring your intellect to this daunting task. You are one of the few that give the overwhelming majority who can't afford expensive solutions, a fighting chance to reassert our inalienable human rights.

You are a democracy equalizer! I salute you for that and forever for your amazing work.
I support and agree with every single word from GenghisKhan.
I salute you, Mounir Idrassi, for your great and persistent work. Despite all the problems... and there are many... I know.

Marry Christmas and Happy New Year, Mounir.
With big respect from Russia,
algreider8.