[Tox Support] Tox data inquiry

Gregory Mullen greg at grayhatter.com
Tue Feb 9 07:23:40 UTC 2016

Replies inline below

On Mon, Feb 8, 2016 at 1:55 AM, <ghostlands at autistici.org> wrote:

> With all due respect (which is a lot btw), a "warrant canary" is different
> than a "canary". Canaries in general are useful and can flag for just about
> anything.
> Just because even the most comprehensive and vigourous search of Tox
> development resources would reveal no user information, doesn't mean the
> team has not been contacted by intelligence agencies with *other* requests
> or offers that might come replete with an NDL.

Such as?

> Requests or offers that in no way feature a warrant for searches.

> The broader use of the canary device today is an NDL canary. This [non]
> notification "notifies" the public that the project has been served an NDL,
> which may have included anything from a search warrant

For information or data. The tox project keeps no data (to my knowledge)
that any TLA might be interested in.

> to a demand for that one or more team members insert a backdoor or
> generally compromise integrity.

That's one of the MANY reasons, we use git, it'd be seen by anyone and
everyone, if anyone tried this. The resources that would be needed to make
this anything but blatantly obvious, would also be the same that would be
able to do something like this without a warrant.

And, even if I was worried, you have to show me anything to make me believe
that this is a real thing that happens.

> Not that a whole lot could be done about this if it happened, but it is
> some small deterrent to gratuitous use of NDLs and a contributor to public
> awareness of their scale.

I don't think so, no one who could get a warrant is going to say; You know,
I was going to serve them a warrant, but they have a warrant canary, so
maybe I shouldn't.

All a warrant canary does when you don't have data that's
worth subpoenaing, is create a lot of extra work, and provide a worthless
sense of security. I really believe that nothing is better than something
in this case. But I'm willing to be convinced otherwise.

Finally, if anyone at this point would be willing to write a warrant with
non-disclosure language. IMO, they'd also be willing to write language that
would require the warrant canary to continue to be maintained. Again,
citation needed if you think this wouldn't be the case.

> gl
> On 2016-02-06 17:11, Gregory Mullen wrote:
>> The warrant canary was started by one person who didn't really understand
>> the point of a warrant canary.
>> Once he left the project the canary came down automatically, and no one
>> else wanted to put it back up simply because Tox doesn't have any of your
>> data. None.
>> If someone serves us a warrant, we get to laugh about it because there's
>> nothing we could give anyone.
>> That was one of the main goals of Tox, to make sure no one could compel
>> anyone to give away your data.
>> On Feb 6, 2016 2:15 AM, "Dominic Cammarota" <dom.camma at gmail.com> wrote:
>> Hello,
>>> Love the website, and the service is most exceptionally presented and
>>> branded. I am to download and begin my experience, and I intent to share
>>> it
>>> with many.
>>> I noticed this <https://twitter.com/ProjectTox/status/549238897172299777>
>>> on
>>> your Twitter account, that PSA regarding the removal of the warrant
>>> canary.
>>> It would be most appreciated and encouraging if you can share as to why
>>> the
>>> warrant canary was removed? And what is being done with the users data
>>> currently and who is interested in it? I hope to learn more as to why the
>>> canary was removed.
>>> Thank you for your time.
>>> - Dom
>>> _______________________________________________
>>> Support mailing list
>>> Support at lists.tox.chat
>>> https://lists.tox.chat/listinfo/support
>> _______________________________________________
>> Support mailing list
>> Support at lists.tox.chat
>> https://lists.tox.chat/listinfo/support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tox.chat/pipermail/support/attachments/20160208/04eeab50/attachment.html>

More information about the Support mailing list