Existing and proposed laws, especially as those related to the US Patriot Act, dictate the authority to issue secret warrants, searches and seizures of data from online users. These laws can cause criminal penalties for revealing the warrant, search or seizure, disallowing disclosure related to these events that would negatively affect both the users of a VPN service and Newsdemon.com. The principals and employees of Newsdemon must comply with such warrants and their provisions for secrecy.
Due to these circumstances, Newsdemon stands prepared and will make available, on a monthly basis, a “warrant canary” in the form of a cryptographically signed message containing the following:
A declaration that states, up to the stated point of time, no warrants have been served, nor have any searches or seizures taken place. This will also include a pasted headline from a selected major news source, establishing and as a verification on the true date of issue. Special note should be taken if these messages ever cease being updated or are unchanged for more than thirty (30) days, or are removed from this page.
—–BEGIN PGP SIGNED MESSAGE—–
As of December 1st, 2020, Newsdemon.com, Newsdemon Networks, Inc., Newsdemon Network, LTD., (“Newsdemon”) has not received any National Security Letters or FISA court orders, and we have not been subject to any gag order(s) by a FISA court, or any other similar court(s) of any government. Newsdemon has never placed any backdoors in our hardware or software and has not received any requests to do so. Newsdemon has never disclosed any user communications to any third party. No searches or seizures of any kind have ever been performed on Newsdemon assets.
Amazon, Apple stay away from new French initiative to set principles for Big Tech – https://www.reuters.com/article/us-france-tech/amazon-apple-stay-away-from-new-french-initiative-to-set-principles-for-big-tech-idUSKBN28A1JL
GM, Nikola announce reworked partnership on fuel-cell systems – https://www.reuters.com/article/us-gm-nikola/gm-nikola-announce-reworked-partnership-on-fuel-cell-systems-idUSKBN28A1R8
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.22 (GNU/Linux)
—–END PGP SIGNATURE—–
Warning: this process is pretty technical, it requires familiarity with OpenPGP and the command-line. It assumes you have the program gpg installed.
Import Newsdemon’s OpenPGP key
On the terminal, import Newsdemon’s public OpenPGP key from a keyserver:
$ gpg --keyserver keys.gnupg.net --recv-key BA1EAEB0 $ gpg2 --fingerprint BA1EAEB0
The first line will import the key into your keyring, but there is no guarantee that you actually imported the right key. The ” –fingerprint” command allows you to see the fingerprint of the key and actually confirm you imported the correct key. You should see an output that contains the following information:
Key fingerprint = 74FA 4FB8 3586 6246 6827 7F72 0738 ACDA BA1E AEB0
There is no particular reason that you should trust this key on its own. Instead, you can verify and authenticate the key by those who have confirmed and verified the key:
gpg --list-sigs BA1EAEB0
Verify Newsdemon’s Certificate
Now that you have imported Newsdemon’s public key, you can verify that the fingerprints listed on this page are really from Newsdemon.com.
Copy and paste the above statement and save it to a text file named: Newsdemon_Canary_message.asc
Then run this command in a terminal:
gpg --verify Newsdemon_Canary_message.asc
You should get output that says:
gpg: Good signature from "Newsdemon Team"
You should make sure that it says “Good signature” in the output! If this text has been altered, then this information should not be trusted. Unless you have taken explicit steps to build a trust path to the Newsdemon Collective key, you will see a warning message similar to:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
However, you still should see the “Good signature”.
Compare the fingerprints
Now that you verified that the above message contains the fingerprints for our certificate, you can compare this value to the value provided by your browser. In most browsers, to find the fingerprint of the certificate your browser sees you can click on the lock icon located in the location bar. This should bring up details about the certificate being used, including the fingerprint.
If the values match, and you trust the Newsdemon public OpenPGP key, then you can be confident you are really communicating with Newsdemon.com servers.