Warrant canary।
एक वक्तव्य जिसकी अनुपस्थिति बोलती है। जब कुछ नहीं हुआ हो तब प्रकाशित, और जब ऑपरेटर ऐसा अब नहीं कह सकता तो हटा दिया जाता है।
एक नियमित रूप से प्रकाशित वक्तव्य जो यह दावा करता है कि प्रकाशक को उस तारीख तक कोई गुप्त कानूनी मांग — gag orders, National Security Letters, sealed warrants — प्राप्त नहीं हुई है। जब यह वक्तव्य गायब हो जाता है या अपडेट होना बंद हो जाता है, तो उसकी अनुपस्थिति ही संकेत है: अधिकांश न्यायक्षेत्रों में जबरन झूठ बोलना अवैध है, लेकिन जबरन चुप रहना नहीं।
The signal we publish until we can't.
एक privacy-first होस्ट जो आपसे अपनी बात पर यकीन करने को कहे, वह पहले ही बहस हार चुका है। एक निश्चित पैमाने से ऊपर हर infrastructure ऑपरेटर को, जल्दी या देर से, किसी न किसी रूप में compelled-disclosure अनुरोध मिलेगा — एक subpoena, एक preservation order, एक national-security letter — और गैग के तहत ऑपरेटर, परिभाषा के अनुसार, आपको बताने में असमर्थ है। warrant canary इसका समाधान है: हम एक निश्चित कार्यक्रम पर एक सकारात्मक बयान प्रकाशित करते हैं जिसमें कहते हैं कि ऐसा कुछ नहीं हुआ, और हम इसे तब तक प्रकाशित करते रहते हैं जब तक हम नहीं कर सकते।
NordBastion's canary lives at /warrant-canary/ and is reissued on the first business day of every month, co-signed by two named directors of NordBastion OÜ with their personal PGP keys. The signed text embeds the most recent Bitcoin block hash, which forecloses the trivial pre-signing attack — the statement provably could not have been signed before that block was mined. Past months are kept on the page indefinitely; nothing is ever silently rotated out.
If the canary fails to appear within seven days of its scheduled date, or if the PGP signature stops validating, the appropriate response depends on your threat model. We will not explain a missing canary — that is the whole point. We will, however, never publish a false one.
Follow the canary across NordBastion.
- · /warrant-canary/ — the canary itself, with all previous months and PGP signatures.
- · /transparency/ — rolling 12-month transparency report with the aggregate counts the canary would not.
- · /doctrine/ — the operating principles that put the canary on the publication schedule in the first place.
- · /pgp/ — the two director PGP fingerprints used to sign each canary, plus instructions for verifying locally.
- · / — the homepage links into the latest canary from the transparency strip.
Questions about the canary, answered.
Is a missing canary legally meaningful?
In most common-law jurisdictions, yes — though the meaning is indirect. A gag order can compel an operator to stay silent about a specific demand, but it generally cannot compel them to actively lie by publishing a false denial. So an operator who stops publishing — or removes the previously-published canary — is not violating the gag, but the audience is free to draw the obvious inference. Some jurisdictions (notably France for certain national-security demands) have ambiguous case law; NordBastion publishes from Estonia precisely to avoid those grey zones.
Who signs the canary?
Two named directors of NordBastion OÜ co-sign the monthly canary with their personal PGP keys. The fingerprints are pinned in /pgp/, and the signed statement is mirrored to a third-party Git repository so anyone can verify that the file was not silently edited after publication. Verifying it locally is two commands: gpg --verify and a sha256sum compare against the Git tag.
How often is it updated?
Once a month, on the first business day, with a reference to the previous Bitcoin block hash inside the signed text. The block-hash inclusion proves the statement could not have been pre-signed in advance — it must have been signed after that block was mined, so the date is cryptographically anchored. Past canaries stay on /warrant-canary/ indefinitely; nothing is ever silently rotated out.
What does silence mean in practice?
If the monthly canary fails to appear within seven days of its scheduled date, or if the page is removed, or if the PGP signature stops validating, treat it as a signal that something material has changed — most likely a legal demand the directors are gagged from describing. The appropriate response depends on your threat model: rotate to a new host, migrate keys, or simply note the date for the public record. NordBastion will never explain a missing canary, by design.