Warrant Canary


Existing and proposed laws, especially as those related to the US Patriot Act, dictate the authority to issue secret warrants, searches and seizures of data from online users. These laws can cause criminal penalties for revealing the warrant, search or seizure, disallowing disclosure related to these events that would negatively affect both the users of a VPN service and Newsdemon.com. The principals and employees of Newsdemon must comply with such warrants and their provisions for secrecy.

Due to these circumstances, Newsdemon stands prepared and will make available, on a monthly basis, a “warrant canary” in the form of a cryptographically signed message containing the following:

A declaration that states, up to the stated point of time, no warrants have been served, nor have any searches or seizures taken place. This will also include a pasted headline from a selected major news source, establishing and as a verification on the true date of issue. Special note should be taken if these messages ever cease being updated or are unchanged for more than thirty (30) days, or are removed from this page.

Hash: SHA1

As of March 31st, 2018, Newsdemon.com, Newsdemon Networks, Inc., Newsdemon Network, LTD., (“Newsdemon”) has not received any National Security Letters or FISA court orders, and we have not been subject to any gag order(s) by a FISA court, or any other similar court(s) of any government. Newsdemon has never placed any backdoors in our hardware or software and has not received any requests to do so. Newsdemon has never disclosed any user communications to any third party. No searches or seizures of any kind have ever been performed on Newsdemon assets.

Recent headlines:

Russian spy: Yulia Skripal 'conscious and talking' - http://www.bbc.com/news/uk-43588450

Irish pubs lift Good Friday alcohol ban - http://www.bbc.com/news/world-europe-43592320

Version: GnuPG v2.0.22 (GNU/Linux)



Warning: this process is pretty technical, it requires familiarity with OpenPGP and the command-line. It assumes you have the program gpg installed.

Import Newsdemon’s OpenPGP key

On the terminal, import Newsdemon’s public OpenPGP key from a keyserver:

$ gpg --keyserver keys.gnupg.net --recv-key BA1EAEB0 $ gpg2 --fingerprint BA1EAEB0

The first line will import the key into your keyring, but there is no guarantee that you actually imported the right key. The ” –fingerprint” command allows you to see the fingerprint of the key and actually confirm you imported the correct key. You should see an output that contains the following information:

Key fingerprint = 74FA 4FB8 3586 6246 6827 7F72 0738 ACDA BA1E AEB0

There is no particular reason that you should trust this key on its own. Instead, you can verify and authenticate the key by those who have confirmed and verified the key:

gpg --list-sigs BA1EAEB0

Verify Newsdemon’s Certificate

Now that you have imported Newsdemon’s public key, you can verify that the fingerprints listed on this page are really from Newsdemon.com.

Copy and paste the above statement and save it to a text file named:  Newsdemon_Canary_message.asc

Then run this command in a terminal:

gpg --verify Newsdemon_Canary_message.asc


You should get output that says:

gpg: Good signature from "Newsdemon Team"

You should make sure that it says “Good signature” in the output! If this text has been altered, then this information should not be trusted. Unless you have taken explicit steps to build a trust path to the Newsdemon Collective key, you will see a warning message similar to:

gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

However, you still should see the “Good signature”.

Compare the fingerprints

Now that you verified that the above message contains the fingerprints for our certificate, you can compare this value to the value provided by your browser. In most browsers, to find the fingerprint of the certificate your browser sees you can click on the lock icon located in the location bar. This should bring up details about the certificate being used, including the fingerprint.

If the values match, and you trust the Newsdemon public OpenPGP key, then you can be confident you are really communicating with Newsdemon.com servers.