There are a few things to consider before deciding whether or not to use a warrant canary. The first is whether or not you believe that the police will actually search your home if they receive a warrant. If they do, then the canary will sound an alarm and you will be able to take steps to protect yourself. However, it is always important to weigh the risks and benefits of using a warrant canary before making any decisions. The second consideration is whether or not you trust the person who issued the warrant. Many people do not because they have had negative experiences with law enforcement in the past. If you do not feel confident in their ability to issue warrants correctly, then it may be better not to use a warrant canary at all. Finally, make sure that you have enough evidence to support your case against the police officer who issued the warrant. This could include screenshots of text messages, videos, or other evidence that proves that the officer was wrong about what they were looking for when issuing the warrant.
What Is a Warrant Canary?
Some providers of privacy-focused services like VPNs have a warrant canary on their websites. A warranty canary is a way for a service to quietly send a signal that it has been served with a warrant for information about its users. For example, if people are using a VPN for torrenting and it shows the signal, that’s a sign the VPN may have been forced to report information about their users’ peer-to-peer activity.
The name comes from the canary British coal miners used to bring with them into the pits to detect carbon monoxide. As birds are a lot more susceptible to the gas than humans are, if the canary showed signs of distress—or the poor creature died—the miners knew they had to get out of the mine before they themselves would succumb to the odorless gas. Smithsonian Magazine has a full history of the phenomenon.
The term “canary in a coalmine” has become synonymous with warning systems and the term is widely used in all kinds of situations. Digital services like secure cloud storage provider SpiderOak have one, for example, and Cloudflare states that one was used in a public library in Vermont. In the case of VPNs, the now-defunct VikingVPN seems to have been the first service to have offered it, though it seems a little hard to pin down for sure.
How a Warrant Canary Works
There are multiple variants of the warrant canary. At its most basic, it’s a sign—digital or otherwise—that states something along the lines of “we’ve not been served any warrants.” If the sign is there, you know the coast is clear. If, however, the sign has been removed, you know a warrant or some other kind of information request has been served—like a gag order or national security letter.
You’ll probably note that the warrant canary isn’t specific in who got served or why: You just know the canary died, not what killed it. Just like in the mines, you’re supposed to simply run. This is because most of these types of orders make it very clear that you’re not supposed to tell the subject of the warrant that it’s been served. A more general warning like removing a sign skirts that rule.
Informing the subject of a warrant usually means stiff penalties for the service in question and apparently some orders come with the added instruction not to trip a warrant canary or anything similar. Australia even went so far as to outlaw them completely.
Warrant Canaries and Transparency Reports
That’s how warrant canaries work. However, you’ll rarely see an old-fashioned warrant canary anymore. Most VPNs and other services will usually have some kind of report on their website that states whether they have been served or not. They’re often still called a warrant canary, though the term “transparency report” is popping up more and more often.
One good example of a page like that is Surfshark, which comes right out and tells you how many warrants and the like it has received. Perfect Privacy does much the same. In each case, the page is regularly updated so you know when the company has been served and whether you need to rethink what you’ve been doing while using the VPN.
How Useful Is a Warrant Canary?
As useful as a warrant canary may seem, though, especially for people using a VPN to cover activities that may be illegal in some jurisdictions (like torrenting,) there are some questions to raise about how useful they really are. The old-fashioned kind of warrant canary, which simply tells you something may have happened but you don’t know what, seems mainly a great way to cause anxiety attacks.
The new versions don’t seem that much better. Sure, it’s good to know a company has been served and with what, but as long as you don’t know what it is, it just causes more anxiety. Are they after evidence that proves people have been torrenting some TV show, chasing down a Snowden-type whistleblower, or just trying to find some dude who has been harassing women online? You don’t know, and you’ll likely never find out.
Added to that is another issue: if you’ve been using a no-log VPN, there should be precious little to hand over in the first place. In a way, it shouldn’t matter that a warrant was served. As long as the VPN is doing its job, a warrant shouldn’t provide any useful information—or at least not too much of it.
A final issue is that transparency reports aren’t always updated every time a warrant is served. Perfect Privacy only updates once a month, for example. Also, there’s also the simple fact that some of these orders expressly don’t allow warrant canaries to be tripped.
Though it’s a good sign that authorities don’t like warrant canaries and other forms of transparency—they wouldn’t bother with shutting them down if they didn’t do anything—what they really add for users is doubtful. As an extra safeguard they may come in handy, but we wouldn’t let our choice of the best VPN depend on whether or not they offer a warrant canary.