Warrant Canary

[goekesmi]

Add a warrant canary to the website.

See rsync.net's version for an example of what I'd like to see in it: http://www.rsync.net/resources/notices/canary.txt

[timbray]

IANAL and let’s not play lawyer, but I have to ask, couldn’t the spooks get a warrant requiring you to lie?

[djr7m]

timbray: I'm also not a lawyer but you should look at what this is about... the whole 'warrant canary' concept is intended to circumvent the laws already in place which prohibit them from announcing the warrant was served.

[timbray]

I know exactly what this is about, and indeed, if it’s apt to have legal force it’s likely a good idea. I have an opinion but I’m not going to offer it because IANAL; it would be a good idea to ask one.

[zQueal]

I think the idea has its merits, especially considering the ability for keybase users to upload their private keys. I'm sure we're all familiar with the US Government's tactics and blanket subpoenas. I do feel it's our right as users to be informed of any possible breach, legal (by the Government) or not.

At the very least, this should be seriously discussed and considered.

[exabrial]

Definitely add this, thanks!

[orcmid]

I'm with Tim on this one.
I can see a threat model where Keybase were forced to do something that would reveal information about an account.

I don't think acquiring a private key will help much, to the extent that the private keys are encrypted in a manner that basically limits their use to the account owner. If that encryption is defective, that's an issue, since then the encrypted private key can be attacked.

If there is fear about that, the best prophylactic measure is to download the private key, remove it from keybase.io, and protect the secret yourself.

That does not mean there aren't other threats to consider.

[zQueal]

information about an account.

If we're all talking about what I think we're all talking about, then we all know the nefarious ways of the NSA and the US Government as a whole--they won't get a single subpoena and will instead get one for the entire user base or something very similar. We've seen it with just about every other high profile subpoena case.

[exabrial]

I'd like to point out, information about an individual account with a warrant I don't have a problem with keybase cooperating with law enforcement within ethical boundaries.

It's only if a government subpoenas keybase without a warrant, or subpoenas for mass surveillance, when I take issue. We the people are responsible for keeping our government in check, so fighting an illegal request (no warrant) is important, but you can't assume every keybase user will be use it for good.

Real life example: Lavabit was subpoenaed for their SSL key, which would be mass surveillance, in which case should have triggered a canary.

[kingmatusevich]

Even if one is (legally or not) forced to fake a warrant canary, in principle, having one is better than not having one. Plus, even if forced to lie, there's already a scheme in place for the canary, meaning a broken signature, a change in wording, or some other sutil detail in the faked warrant would be more easy to spot for the people interested (because it tells them exactly where to look). As opposed to the TrueCrypt incident, that lacking a formal warrant canary, has left us wondering whether (however unlikely it may be) it's whole meltdown of late is one. What happened there is anyone's guess.

[djr7m]

I agree that it is probably worth adding as a 'just in case' measure but reading more carefully through the details of the Keybase server side has boosted my confidence in the native deisgn... the client architecture doesn't trust the server AND the server keeps a signed tree / history. https://keybase.io/docs/server_security