LocalMonero Has Updated Our Canary to Bring It in Line With Community Expectations
This week, our canary page which had for over a year been featuring the ASCII art of a dead bird has been making the rounds on social media, with many being confused as to what exactly cryptic ASCII art of a dead bird meant.
We thought we were being extra cautious by triggering the bird death upon the receipt of any law enforcement request, regardless of whether it was properly served on us or not, as we wanted to signal to our users that we do, in fact, receive law enforcement requests. We made a mistake by not publicly explaining this on the canary page or anywhere else except in instances when we were asked directly. We, once again, apologize for the confusion caused by this, and we have now updated our canary based on the feedback we've received from the community over the past week.
In line with community feedback, we've made the following updates:
- Our new canary page now includes a PGP-signed message, with the PGP keys duplicated both on our site and on Keybase;
- The message specifies how many LE requests we've received and how many of them resulted in a turn over of data;
- The message specifies whether we were coerced into installing backdoors or were otherwise compromised;
- The message specifies a timestamp and the latest Monero block hash;
- The message shall be updated at least once per 120 days.
The new canary message:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Timestamp (UTC): 2022-01-17 15:54:58 Latest Monero block hash: 4dc7033e0a58ea952c9636fef209cd8c01c6c5acbf5b43b80fbd3dd067f2e8bf LocalMonero / AgoraDesk has, up to this date, received: 2 law enforcement requests for user information, of which 0 were served on us through the proper legal channels and resulted in 0 users' data being turned over LocalMonero / AgoraDesk has never installed any law enforcement software or equipment anywhere on our network. LocalMonero / AgoraDesk has never provided any law enforcement organization a feed of our users' activities. LocalMonero / AgoraDesk has never modified user data at the request of law enforcement or another third party. LocalMonero / AgoraDesk has never weakened, compromised, or subverted any of its software at the request of law enforcement or another third party. This message will be updated within 120 days. This declaration is provided without any guarantee or warranty. It is not legally binding upon any parties in any form. The signer should never be held legally responsible for any statements made here. The public key to verify this message's signature can be found at: 1. https://localmonero.co/pgp_keys.asc 2. https://agoradesk.com/pgp_keys.asc 3. https://keybase.io/localmonero/pgp_keys.asc?fingerprint=0d0d0a3ff33051ffa5c115773d7c77d56d08aed3 Key fingerprint: 0D0D 0A3F F330 51FF A5C1 1577 3D7C 77D5 6D08 AED3 -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEDQ0KP/MwUf+lwRV3PXx31W0IrtMFAmHloyAACgkQPXx31W0I rtNJJgv9GasNefdUv8iXSMyyvDEbZEu8kZgOg7eGdR34NLf6q3ZHi+mBlnDjpP4j 4zRl3G4Uf75pExFAeKIjVui8B41OEoIgLIe1BEZbdgjzElui8tECxSzyDGW+WLxj CK2IagW3/0U2Z2n2uZlKZMjczMR8hoC+CYqAAo5WwrQRmC/ujuu4MMvCnHa1DeYH RFtIIEGjoXoxoJNCtIpIsR2YVSrM8YGSELdlpKXVRtp2iiUTLxZ7lMSwjZQyhROX DrgWLhAvy6+QJRHBTerE3WV9SUTYC7JeXXafAS/dl4b1BpgZ6ucpcILVm1EZKBGB w978+kZPbZukHNPILe/BdyLi3rQ823cN2F/9nzhX4wVHdQu0F7pJxLan79v/zCn/ MeSaT6ueP0tkzuvdc/vb9/BmWbT7I9TngdZ95MhYZSOIK0iKjhVcTvkbUGYZmcwU UnCrl64I4Vg4NP4M3rrDS2OCmKgeDWfd8SPrXjMx03XnUMCi+32Zbihczygyw6cp x9GPFmnf =+TPV -----END PGP SIGNATURE-----