nitori wrote
I'm not sure about doing a warrant canary tbh. It's going to be another responsibility to keep up on a regular basis (Raddle updated their canary monthly before they've made it irregular, and other companies do it every 6 months). Updating the canary itself is not the hard part (until you get an actual gag order), but rather remembering to do it lol. If you forget, users might think jstpst got compromised when it's not
If you're going to do it anyway, it might be a good idea to have at least one admin who is outside of 14 Eyes doing the cryptographic signing, so that a government agency from those countries couldn't just force an admin here to update the canary
cute_spider wrote
that makes sense. I'll make sure to post all my compromising stuff on my raddle
twovests OP wrote
hmm, i think the admins and sysadmins are all in the united states lol
i can proudly say no govt agencies have asked me to do anything wrt jstpst, but i would also fold immediately if asked, so, fair warning
Viewing a single comment thread. View all comments